@ganakailabs/cloudeval-cli 0.28.0 → 0.29.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js CHANGED
@@ -24,7 +24,7 @@ import {
24
24
  searchSessions,
25
25
  unsetCliConfigValue,
26
26
  writeCliConfigValue
27
- } from "./chunk-QSBGUI25.js";
27
+ } from "./chunk-CS4NE336.js";
28
28
  import {
29
29
  clearActiveCLITraceContext,
30
30
  createCLITraceContext,
@@ -36,10 +36,10 @@ import {
36
36
  redactSensitiveSecrets,
37
37
  redactSensitiveText,
38
38
  setActiveCLITraceContext
39
- } from "./chunk-USSCB2ZU.js";
39
+ } from "./chunk-Z3REBOP5.js";
40
40
  import {
41
41
  CLI_VERSION
42
- } from "./chunk-JFJQZGZH.js";
42
+ } from "./chunk-SLZ2XYAT.js";
43
43
 
44
44
  // src/runtime/prepareInk.ts
45
45
  import fs from "fs";
@@ -609,6 +609,7 @@ var cliCommands = [
609
609
  "--wait",
610
610
  "--poll-interval",
611
611
  "--wait-timeout",
612
+ "--progress",
612
613
  "--location",
613
614
  ...outputOptions,
614
615
  ...authOptions,
@@ -680,6 +681,33 @@ var cliCommands = [
680
681
  ],
681
682
  workflows: ["connections list", "connections get", "connections open"]
682
683
  },
684
+ {
685
+ name: "actions",
686
+ description: "Cross-project action center inventory",
687
+ domain: "reports",
688
+ options: [
689
+ "list",
690
+ "get",
691
+ "open",
692
+ "--project",
693
+ "--type",
694
+ "--severity",
695
+ "--pillar",
696
+ "--category",
697
+ "--resource-type",
698
+ "--q",
699
+ "--min-monthly-savings",
700
+ "--sort",
701
+ "--limit",
702
+ "--offset",
703
+ "--allow-full-scan",
704
+ ...outputOptions,
705
+ ...authOptions,
706
+ "--profile",
707
+ "--help"
708
+ ],
709
+ workflows: ["actions list", "actions get", "actions open"]
710
+ },
683
711
  {
684
712
  name: "billing",
685
713
  description: "Billing and usage utilities",
@@ -1652,7 +1680,7 @@ var resolveReportProjectId = async ({
1652
1680
  if (!token) {
1653
1681
  throw new Error("No project specified. Use --project <id> for report access.");
1654
1682
  }
1655
- const resolvedWorkspace = workspace ?? await import("./dist-PEYJDO7A.js").then((core) => ({
1683
+ const resolvedWorkspace = workspace ?? await import("./dist-V2L4CPTU.js").then((core) => ({
1656
1684
  checkUserStatus: core.checkUserStatus,
1657
1685
  getProjects: core.getProjects
1658
1686
  }));
@@ -1681,7 +1709,7 @@ var warnIfAccessKeyFromCliOption = (options, command) => {
1681
1709
  };
1682
1710
  var resolveAuthContext = async (options, command, deps) => {
1683
1711
  const baseUrl = await deps.resolveBaseUrl(options, command);
1684
- const core = await import("./dist-PEYJDO7A.js");
1712
+ const core = await import("./dist-V2L4CPTU.js");
1685
1713
  core.assertSecureBaseUrl(baseUrl);
1686
1714
  warnIfAccessKeyFromCliOption(options, command);
1687
1715
  let accessKey = options.accessKey;
@@ -1767,7 +1795,7 @@ var resolveToken = async (options, baseUrl, deps, command) => {
1767
1795
  if (options.accessKey) {
1768
1796
  return options.accessKey;
1769
1797
  }
1770
- const { getAuthToken } = await import("./dist-PEYJDO7A.js");
1798
+ const { getAuthToken } = await import("./dist-V2L4CPTU.js");
1771
1799
  try {
1772
1800
  return await getAuthToken({
1773
1801
  accessKey: options.accessKey,
@@ -1778,7 +1806,7 @@ var resolveToken = async (options, baseUrl, deps, command) => {
1778
1806
  if (!canLogin) {
1779
1807
  throw error;
1780
1808
  }
1781
- const { login } = await import("./dist-PEYJDO7A.js");
1809
+ const { login } = await import("./dist-V2L4CPTU.js");
1782
1810
  process.stderr.write("Authentication required. Starting login flow...\n");
1783
1811
  const token = await login(baseUrl, {
1784
1812
  headless: Boolean(process.env.SSH_TTY || process.env.CLOUDEVAL_HEADLESS_LOGIN)
@@ -1944,7 +1972,7 @@ var registerReportsCommand = (program2, deps) => {
1944
1972
  token,
1945
1973
  requestedProjectId: options.project
1946
1974
  });
1947
- const core = await import("./dist-PEYJDO7A.js");
1975
+ const core = await import("./dist-V2L4CPTU.js");
1948
1976
  const status = token ? await core.checkUserStatus(baseUrl, token) : void 0;
1949
1977
  const reports2 = await core.listReports({
1950
1978
  baseUrl,
@@ -1966,7 +1994,7 @@ var registerReportsCommand = (program2, deps) => {
1966
1994
  try {
1967
1995
  const baseUrl = await deps.resolveBaseUrl(options, command);
1968
1996
  const token = await resolveToken(options, baseUrl, deps, command);
1969
- const core = await import("./dist-PEYJDO7A.js");
1997
+ const core = await import("./dist-V2L4CPTU.js");
1970
1998
  const status = token ? await core.checkUserStatus(baseUrl, token) : void 0;
1971
1999
  const projectId = await resolveReportProjectId({
1972
2000
  baseUrl,
@@ -2069,7 +2097,7 @@ var registerReportsCommand = (program2, deps) => {
2069
2097
  try {
2070
2098
  const baseUrl = await deps.resolveBaseUrl(options, command);
2071
2099
  const token = await resolveToken(options, baseUrl, deps, command);
2072
- const core = await import("./dist-PEYJDO7A.js");
2100
+ const core = await import("./dist-V2L4CPTU.js");
2073
2101
  const status = token ? await core.checkUserStatus(baseUrl, token) : void 0;
2074
2102
  const projectId = await resolveReportProjectId({
2075
2103
  baseUrl,
@@ -2139,7 +2167,7 @@ var registerReportsCommand = (program2, deps) => {
2139
2167
  token,
2140
2168
  requestedProjectId: options.project
2141
2169
  });
2142
- const core = await import("./dist-PEYJDO7A.js");
2170
+ const core = await import("./dist-V2L4CPTU.js");
2143
2171
  const status = token ? await core.checkUserStatus(baseUrl, token) : void 0;
2144
2172
  const report = await core.getWafReport({
2145
2173
  baseUrl,
@@ -2178,7 +2206,7 @@ var registerReportsCommand = (program2, deps) => {
2178
2206
  token,
2179
2207
  requestedProjectId: options.project
2180
2208
  });
2181
- const core = await import("./dist-PEYJDO7A.js");
2209
+ const core = await import("./dist-V2L4CPTU.js");
2182
2210
  const status = token ? await core.checkUserStatus(baseUrl, token) : void 0;
2183
2211
  const report = await core.getReport({
2184
2212
  baseUrl,
@@ -2206,7 +2234,7 @@ var registerReportsCommand = (program2, deps) => {
2206
2234
  token,
2207
2235
  requestedProjectId: options.project
2208
2236
  });
2209
- const core = await import("./dist-PEYJDO7A.js");
2237
+ const core = await import("./dist-V2L4CPTU.js");
2210
2238
  const status = token ? await core.checkUserStatus(baseUrl, token) : void 0;
2211
2239
  const report = await core.getCostReport({
2212
2240
  baseUrl,
@@ -2235,7 +2263,7 @@ var registerReportsCommand = (program2, deps) => {
2235
2263
  token,
2236
2264
  requestedProjectId: options.project
2237
2265
  });
2238
- const core = await import("./dist-PEYJDO7A.js");
2266
+ const core = await import("./dist-V2L4CPTU.js");
2239
2267
  const status = token ? await core.checkUserStatus(baseUrl, token) : void 0;
2240
2268
  const report = await core.getWafReport({
2241
2269
  baseUrl,
@@ -2270,14 +2298,14 @@ var responseErrorMessage = async (response) => {
2270
2298
  const payload = JSON.parse(text);
2271
2299
  const detail = payload?.detail ?? payload?.message ?? payload?.error;
2272
2300
  if (typeof detail === "string") {
2273
- return detail;
2301
+ return redactSensitiveText(detail);
2274
2302
  }
2275
2303
  if (detail) {
2276
- return JSON.stringify(detail);
2304
+ return redactSensitiveText(JSON.stringify(detail));
2277
2305
  }
2278
2306
  } catch {
2279
2307
  }
2280
- return text;
2308
+ return redactSensitiveText(text);
2281
2309
  };
2282
2310
  var fetchCloudEvalJson = async ({
2283
2311
  baseUrl,
@@ -3883,12 +3911,13 @@ var registerReviewCommand = (program2, deps) => {
3883
3911
  filesWritten
3884
3912
  });
3885
3913
  if (data.gate.status === "fail") {
3886
- process.exit(1);
3914
+ process.exitCode = 1;
3915
+ return;
3887
3916
  }
3888
- process.exit(0);
3917
+ process.exitCode = 0;
3889
3918
  } catch (error) {
3890
3919
  console.error(error?.message ?? "Review failed");
3891
- process.exit(1);
3920
+ process.exitCode = 1;
3892
3921
  }
3893
3922
  });
3894
3923
  };
@@ -5215,7 +5244,7 @@ var runChatRecipe = async (recipe, prompt2, options, command, deps) => {
5215
5244
  });
5216
5245
  progressWriter.write({ type: "auth", step: "auth", message: "Resolving authentication" });
5217
5246
  const context = await resolveAuthContext(options, command, deps);
5218
- const core = await import("./dist-PEYJDO7A.js");
5247
+ const core = await import("./dist-V2L4CPTU.js");
5219
5248
  progressWriter.write({
5220
5249
  type: "request",
5221
5250
  step: "project",
@@ -5936,6 +5965,36 @@ var registerOpenCommand = (program2, deps) => {
5936
5965
  });
5937
5966
  await emitOrOpen(url, options);
5938
5967
  });
5968
+ addOpenOptions(
5969
+ open.command("issues").description("Open issues inventory"),
5970
+ deps.defaultBaseUrl
5971
+ ).option("--project <id>", "Project id").option("--type <types>", "Item types").option("--severity <levels>", "Severity filters").option("--q <query>", "Search query").option("--sort <sort>", "Sort order").action(async (options, command) => {
5972
+ const url = buildFrontendUrl({
5973
+ baseUrl: await base(options, command, deps),
5974
+ target: "issues",
5975
+ projectId: options.project,
5976
+ type: options.type,
5977
+ severity: options.severity,
5978
+ q: options.q,
5979
+ sort: options.sort
5980
+ });
5981
+ await emitOrOpen(url, options);
5982
+ });
5983
+ addOpenOptions(
5984
+ open.command("action-center").description("Open issues inventory (alias)"),
5985
+ deps.defaultBaseUrl
5986
+ ).option("--project <id>", "Project id").option("--type <types>", "Item types").option("--severity <levels>", "Severity filters").option("--q <query>", "Search query").option("--sort <sort>", "Sort order").action(async (options, command) => {
5987
+ const url = buildFrontendUrl({
5988
+ baseUrl: await base(options, command, deps),
5989
+ target: "issues",
5990
+ projectId: options.project,
5991
+ type: options.type,
5992
+ severity: options.severity,
5993
+ q: options.q,
5994
+ sort: options.sort
5995
+ });
5996
+ await emitOrOpen(url, options);
5997
+ });
5939
5998
  addOpenOptions(
5940
5999
  open.command("billing").description("Open billing"),
5941
6000
  deps.defaultBaseUrl
@@ -6285,6 +6344,28 @@ var fileBlob = async (filePath) => {
6285
6344
  };
6286
6345
  };
6287
6346
  var normalizeWorkspacePath = (value) => value.replace(/\\/g, "/").replace(/^\/+/, "").replace(/^\.\//, "").split("/").filter((part) => part && part !== ".").join("/");
6347
+ var SENSITIVE_WORKSPACE_DIR_NAMES = /* @__PURE__ */ new Set([
6348
+ ".aws",
6349
+ ".azure",
6350
+ ".kube",
6351
+ ".terraform"
6352
+ ]);
6353
+ var SENSITIVE_WORKSPACE_FILENAMES = /* @__PURE__ */ new Set([
6354
+ ".env",
6355
+ "credentials",
6356
+ "id_rsa",
6357
+ "id_ed25519",
6358
+ "kubeconfig"
6359
+ ]);
6360
+ var isSensitiveWorkspacePath = (relativePath) => {
6361
+ const normalized = normalizeWorkspacePath(relativePath);
6362
+ const parts = normalized.split("/");
6363
+ if (parts.some((part) => SENSITIVE_WORKSPACE_DIR_NAMES.has(part))) {
6364
+ return true;
6365
+ }
6366
+ const basename = parts.at(-1) ?? "";
6367
+ return SENSITIVE_WORKSPACE_FILENAMES.has(basename) || /^\.env\./i.test(basename) || /\.(?:pem|key|pfx|p12)$/i.test(basename) || /\.tfstate(?:\..*)?$/i.test(basename);
6368
+ };
6288
6369
  var isIgnoredWorkspacePath = (relativePath) => {
6289
6370
  const normalized = normalizeWorkspacePath(relativePath);
6290
6371
  return normalized === ".DS_Store" || normalized.endsWith("/.DS_Store") || normalized.startsWith(".git/") || normalized.startsWith("node_modules/") || normalized.startsWith(".cloudeval/bundles/") || normalized.startsWith(".cloudeval/connections/") || normalized.startsWith(".cloudeval/reports/") || normalized.startsWith(".cloudeval/share/") || normalized.startsWith(".cloudeval/shares/") || normalized.startsWith(".cloudeval/snapshots/") || normalized.startsWith(".cloudeval/template-cache/") || normalized === ".cloudeval/ps-rule.yaml";
@@ -6396,14 +6477,14 @@ var compileBicepEntry = async (root, entry) => {
6396
6477
  await fs6.rm(tempDir, { recursive: true, force: true });
6397
6478
  }
6398
6479
  };
6399
- var collectWorkspacePaths = async (root) => {
6480
+ var collectWorkspacePaths = async (root, allowedSensitivePaths = /* @__PURE__ */ new Set()) => {
6400
6481
  const paths = [];
6401
6482
  const visit = async (directory) => {
6402
6483
  const entries = await fs6.readdir(directory, { withFileTypes: true });
6403
6484
  for (const entry of entries) {
6404
6485
  const absolute = path4.join(directory, entry.name);
6405
6486
  const relative = normalizeWorkspacePath(path4.relative(root, absolute));
6406
- if (!relative || isIgnoredWorkspacePath(relative)) {
6487
+ if (!relative || isIgnoredWorkspacePath(relative) || isSensitiveWorkspacePath(relative) && !allowedSensitivePaths.has(relative)) {
6407
6488
  continue;
6408
6489
  }
6409
6490
  if (entry.isDirectory()) {
@@ -6474,11 +6555,21 @@ var collectWorkspaceFiles = async (workspaceDir, options) => {
6474
6555
  if (!stat?.isDirectory()) {
6475
6556
  throw new Error(`--workspace-dir '${workspaceDir}' is not a directory.`);
6476
6557
  }
6477
- const paths = await collectWorkspacePaths(root);
6558
+ const allowedSensitivePaths = new Set(
6559
+ [options.workspaceEntry, options.workspaceParameters].filter((value) => Boolean(value)).map((value) => normalizeWorkspacePath(value))
6560
+ );
6561
+ const paths = await collectWorkspacePaths(root, allowedSensitivePaths);
6478
6562
  const existingConfigPath = paths.find(
6479
6563
  (filePath) => filePath.toLowerCase() === ".cloudeval/config.yaml"
6480
6564
  );
6481
6565
  const config = existingConfigPath ? readWorkspaceConfig(await fs6.readFile(path4.join(root, existingConfigPath), "utf8")) : void 0;
6566
+ if (config?.parameters && isSensitiveWorkspacePath(config.parameters) && !paths.includes(config.parameters)) {
6567
+ const parameterStat = await fs6.stat(path4.join(root, config.parameters)).catch(() => void 0);
6568
+ if (parameterStat?.isFile()) {
6569
+ paths.push(config.parameters);
6570
+ paths.sort((left, right) => left.localeCompare(right));
6571
+ }
6572
+ }
6482
6573
  const entry = detectWorkspaceEntry(paths, options.workspaceEntry, config);
6483
6574
  const parameters = resolveWorkspaceParameters(paths, options.workspaceParameters, config);
6484
6575
  const compiledEntry = isBicepPath(entry) ? await compileBicepEntry(root, entry) : void 0;
@@ -6515,13 +6606,31 @@ var collectResourceGroups = (options) => {
6515
6606
  const commaSeparated = options.resourceGroups ? options.resourceGroups.split(",").map((value) => value.trim()) : [];
6516
6607
  return [...repeated, ...commaSeparated].map((value) => value.trim()).filter(Boolean);
6517
6608
  };
6518
- var resolveAzureCloudSyncInput = (options) => {
6609
+ var readSecretFromStdin = async () => {
6610
+ const chunks = [];
6611
+ for await (const chunk of process.stdin) {
6612
+ chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk)));
6613
+ }
6614
+ return Buffer.concat(chunks).toString("utf8").replace(/\r?\n$/, "");
6615
+ };
6616
+ var resolveAzureCloudSyncInput = async (options) => {
6519
6617
  if (!options.cloudSync) {
6520
6618
  return void 0;
6521
6619
  }
6522
6620
  const tenantId = options.azureTenantId || process.env.AZURE_TENANT_ID;
6523
6621
  const clientId = options.azureClientId || process.env.AZURE_CLIENT_ID;
6524
- const clientSecret = options.azureClientSecret || process.env.AZURE_CLIENT_SECRET;
6622
+ if (options.azureClientSecret && options.azureClientSecretStdin) {
6623
+ throw new Error("Use either --azure-client-secret or --azure-client-secret-stdin, not both.");
6624
+ }
6625
+ let clientSecret = process.env.AZURE_CLIENT_SECRET;
6626
+ if (options.azureClientSecretStdin) {
6627
+ clientSecret = await readSecretFromStdin();
6628
+ } else if (options.azureClientSecret) {
6629
+ process.stderr.write(
6630
+ "Warning: --azure-client-secret can be exposed in shell history. Prefer AZURE_CLIENT_SECRET or --azure-client-secret-stdin.\n"
6631
+ );
6632
+ clientSecret = options.azureClientSecret;
6633
+ }
6525
6634
  const subscriptionId = options.azureSubscriptionId || process.env.AZURE_SUBSCRIPTION_ID;
6526
6635
  const missing = [
6527
6636
  ["--azure-tenant-id or AZURE_TENANT_ID", tenantId],
@@ -6699,7 +6808,7 @@ var configureDiagramExportCommand = (command, deps) => addAuthOptions(command, d
6699
6808
  const context = requireAuthUser(
6700
6809
  await resolveAuthContext(options, actionCommand, deps)
6701
6810
  );
6702
- const core = await import("./dist-PEYJDO7A.js");
6811
+ const core = await import("./dist-V2L4CPTU.js");
6703
6812
  const projects = await core.getProjects(
6704
6813
  context.baseUrl,
6705
6814
  context.token,
@@ -6776,7 +6885,7 @@ var registerProjectsCommand = (program2, deps) => {
6776
6885
  addCommon(addAuthOptions(projects.command("list").description("List projects"), deps.defaultBaseUrl)).action(async (options, command) => {
6777
6886
  try {
6778
6887
  const context = await resolveAuthContext(options, command, deps);
6779
- const core = await import("./dist-PEYJDO7A.js");
6888
+ const core = await import("./dist-V2L4CPTU.js");
6780
6889
  const data = await listProjectsForContext(core, context);
6781
6890
  const url = buildFrontendUrl({ baseUrl: frontendBase(context, options), target: "projects" });
6782
6891
  await writeProjectListOutput({ data, options, frontendUrl: url });
@@ -6794,7 +6903,7 @@ var registerProjectsCommand = (program2, deps) => {
6794
6903
  ).action(async (id, options, command) => {
6795
6904
  try {
6796
6905
  const context = await resolveAuthContext(options, command, deps);
6797
- const core = await import("./dist-PEYJDO7A.js");
6906
+ const core = await import("./dist-V2L4CPTU.js");
6798
6907
  const list = await listProjectsForContext(core, context);
6799
6908
  const data = list.find((project) => project.id === id);
6800
6909
  if (!data) {
@@ -6855,15 +6964,19 @@ var registerProjectsCommand = (program2, deps) => {
6855
6964
  deps
6856
6965
  );
6857
6966
  configureGraphCommands(projects, deps);
6858
- addCommon(addAuthOptions(projects.command("create").description("Create a CloudEval project"), deps.defaultBaseUrl)).option("--template-url <url>", "Template URL").option("--template-file <path>", "Local JSON template file").option("--parameters-file <path>", "Local JSON parameters file").option("--parameters-url <url>", "Parameters file URL").option("--workspace-dir <path>", "Upload an Infrastructure as code folder").option("--workspace-entry <path>", "Workspace visualization entry file").option("--workspace-parameters <path>", "Workspace parameters file").option("--cloud-sync", "Create a Cloud sync project from Azure credentials", false).option("--azure-tenant-id <id>", "Azure tenant id for Cloud sync").option("--azure-client-id <id>", "Azure service principal client id for Cloud sync").option("--azure-client-secret <secret>", "Azure service principal client secret for Cloud sync").option("--azure-subscription-id <id>", "Azure subscription id for Cloud sync").option("--resource-group <name>", "Azure resource group scope for Cloud sync", appendOptionValue, []).option("--resource-groups <list>", "Comma-separated Azure resource group scopes for Cloud sync").option("--name <name>", "Project name").option("--description <text>", "Project description").option("--provider <provider>", "Cloud provider: azure, aws, gcp").action(async (options, command) => {
6967
+ addCommon(addAuthOptions(projects.command("create").description("Create a CloudEval project"), deps.defaultBaseUrl)).option("--template-url <url>", "Template URL").option("--template-file <path>", "Local JSON template file").option("--parameters-file <path>", "Local JSON parameters file").option("--parameters-url <url>", "Parameters file URL").option("--workspace-dir <path>", "Upload an Infrastructure as code folder").option("--workspace-entry <path>", "Workspace visualization entry file").option("--workspace-parameters <path>", "Workspace parameters file").option("--cloud-sync", "Create a Cloud sync project from Azure credentials", false).option("--azure-tenant-id <id>", "Azure tenant id for Cloud sync").option("--azure-client-id <id>", "Azure service principal client id for Cloud sync").option("--azure-client-secret <secret>", "Azure service principal client secret for Cloud sync").option(
6968
+ "--azure-client-secret-stdin",
6969
+ "Read Azure service principal client secret for Cloud sync from stdin",
6970
+ false
6971
+ ).option("--azure-subscription-id <id>", "Azure subscription id for Cloud sync").option("--resource-group <name>", "Azure resource group scope for Cloud sync", appendOptionValue, []).option("--resource-groups <list>", "Comma-separated Azure resource group scopes for Cloud sync").option("--name <name>", "Project name").option("--description <text>", "Project description").option("--provider <provider>", "Cloud provider: azure, aws, gcp").action(async (options, command) => {
6859
6972
  try {
6860
6973
  assertSingleProjectSource(options);
6861
6974
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
6862
- const core = await import("./dist-PEYJDO7A.js");
6975
+ const core = await import("./dist-V2L4CPTU.js");
6863
6976
  const template = await fileBlob(options.templateFile);
6864
6977
  const parameters = await fileBlob(options.parametersFile);
6865
6978
  const workspace = options.workspaceDir ? await collectWorkspaceFiles(options.workspaceDir, options) : void 0;
6866
- const cloudSync = resolveAzureCloudSyncInput(options);
6979
+ const cloudSync = await resolveAzureCloudSyncInput(options);
6867
6980
  const inferredName = options.name || (options.workspaceDir ? path4.basename(path4.resolve(options.workspaceDir)) : void 0) || (cloudSync ? "Cloud sync" : void 0) || (options.templateFile ? path4.basename(options.templateFile, path4.extname(options.templateFile)) : void 0);
6868
6981
  const result = await core.createQuickProject({
6869
6982
  baseUrl: context.baseUrl,
@@ -6910,7 +7023,7 @@ var registerProjectsCommand = (program2, deps) => {
6910
7023
  });
6911
7024
  };
6912
7025
 
6913
- // src/connectionsCommand.ts
7026
+ // src/actionsCommand.ts
6914
7027
  var addCommon2 = (command) => command.option("--format <format>", "Output format: text, json, ndjson, markdown", "text").option("--output <file>", "Output file").option("--open", "Open the matching frontend page", false).option("--print-url", "Print the matching frontend URL", false).option("--no-open", "Do not launch the browser when a URL is printed").option("--frontend-url <url>", "Frontend base URL");
6915
7028
  var frontendBase2 = (context, options) => resolveFrontendBaseUrl({
6916
7029
  frontendUrl: options.frontendUrl,
@@ -6925,6 +7038,13 @@ var maybeOpen2 = async (url, options) => {
6925
7038
  await openExternalUrl(url);
6926
7039
  }
6927
7040
  };
7041
+ var splitCsv = (value) => {
7042
+ if (!value) {
7043
+ return void 0;
7044
+ }
7045
+ const parts = value.split(",").map((entry) => entry.trim()).filter(Boolean);
7046
+ return parts.length > 0 ? parts : void 0;
7047
+ };
6928
7048
  var scalar = (value, fallback = "-") => {
6929
7049
  if (value === null || value === void 0 || value === "") {
6930
7050
  return fallback;
@@ -6934,19 +7054,177 @@ var scalar = (value, fallback = "-") => {
6934
7054
  }
6935
7055
  return fallback;
6936
7056
  };
6937
- var syncStatus = (connection) => scalar(
7057
+ var renderActionsListText = (payload) => {
7058
+ const items = Array.isArray(payload.items) ? payload.items : [];
7059
+ return formatTextTable(
7060
+ items.map((item) => {
7061
+ const record = item && typeof item === "object" && !Array.isArray(item) ? item : {};
7062
+ return {
7063
+ id: scalar(record.id),
7064
+ type: scalar(record.type),
7065
+ severity: scalar(record.severity),
7066
+ project: scalar(record.project_name),
7067
+ title: scalar(record.title),
7068
+ resource: scalar(record.resource_name ?? record.resource_id),
7069
+ savings: scalar(record.monthly_savings)
7070
+ };
7071
+ }),
7072
+ [
7073
+ { key: "id", header: "ID", width: 12 },
7074
+ { key: "type", header: "Type", width: 12 },
7075
+ { key: "severity", header: "Severity", width: 10 },
7076
+ { key: "project", header: "Project", maxWidth: 18 },
7077
+ { key: "title", header: "Title", maxWidth: 32 },
7078
+ { key: "resource", header: "Resource", maxWidth: 20 },
7079
+ { key: "savings", header: "Savings", width: 10 }
7080
+ ],
7081
+ { emptyMessage: "No issues inventory items found." }
7082
+ );
7083
+ };
7084
+ var buildIssuesFrontendUrl = (context, options) => buildFrontendUrl({
7085
+ baseUrl: frontendBase2(context, options),
7086
+ target: "issues",
7087
+ projectId: options.project,
7088
+ severity: options.severity,
7089
+ type: options.type,
7090
+ q: options.q,
7091
+ sort: options.sort
7092
+ });
7093
+ var registerIssuesInventoryCommand = (program2, deps) => {
7094
+ const commandName = deps.commandName || "issues";
7095
+ const commandDescription = deps.commandDescription || (commandName === "actions" ? "Cross-project action center inventory (deprecated; use issues)" : "Cross-project issues inventory");
7096
+ const inventory = program2.command(commandName).description(commandDescription);
7097
+ addCommon2(addAuthOptions(inventory.command("list").description("List issues inventory items"), deps.defaultBaseUrl)).option("--project <id>", "Filter by project id").option("--type <types>", "Filter by type: architecture,cost,unit-tests").option("--severity <levels>", "Filter by severity: critical,high,medium,low").option("--pillar <pillars>", "Filter by pillar").option("--category <categories>", "Filter by category").option("--resource-type <types>", "Filter by resource type").option("--q <query>", "Search query").option("--min-monthly-savings <amount>", "Minimum monthly savings for cost items").option("--sort <sort>", "Sort: priority, severity, savings, project", "priority").option("--limit <n>", "Page size (1-500)", "50").option("--offset <n>", "Page offset", "0").option("--allow-full-scan", "Allow scanning large portfolios without project filter", true).option("--no-allow-full-scan", "Require project scoping for large portfolios").action(async (options, command) => {
7098
+ try {
7099
+ const context = requireAuthUser(await resolveAuthContext(options, command, deps));
7100
+ const core = await import("./dist-V2L4CPTU.js");
7101
+ const data = await core.listIssuesItems({
7102
+ baseUrl: context.baseUrl,
7103
+ authToken: context.token,
7104
+ userId: context.user.id,
7105
+ projectIds: splitCsv(options.project),
7106
+ types: splitCsv(options.type),
7107
+ severities: splitCsv(options.severity),
7108
+ pillars: splitCsv(options.pillar),
7109
+ categories: splitCsv(options.category),
7110
+ resourceTypes: splitCsv(options.resourceType),
7111
+ q: options.q,
7112
+ minMonthlySavings: options.minMonthlySavings !== void 0 ? Number(options.minMonthlySavings) : void 0,
7113
+ sort: options.sort || "priority",
7114
+ limit: Number(options.limit || 50),
7115
+ offset: Number(options.offset || 0),
7116
+ allowFullScan: options.allowFullScan !== false
7117
+ });
7118
+ const url = buildIssuesFrontendUrl(context, options);
7119
+ const format = options.format ?? "text";
7120
+ if (format === "text") {
7121
+ const text = renderActionsListText(
7122
+ data && typeof data === "object" ? data : {}
7123
+ );
7124
+ if (options.output) {
7125
+ const fs14 = await import("fs/promises");
7126
+ await fs14.writeFile(options.output, text, "utf8");
7127
+ } else {
7128
+ process.stdout.write(text);
7129
+ }
7130
+ } else {
7131
+ await writeFormattedOutput({
7132
+ command: `${commandName} list`,
7133
+ data,
7134
+ format,
7135
+ output: options.output,
7136
+ frontendUrl: url
7137
+ });
7138
+ }
7139
+ await maybeOpen2(url, options);
7140
+ } catch (error) {
7141
+ console.error(`Failed to list issues inventory: ${error?.message ?? "Unknown error"}`);
7142
+ process.exit(1);
7143
+ }
7144
+ });
7145
+ addCommon2(addAuthOptions(inventory.command("get <item-id>").description("Get one issues inventory item"), deps.defaultBaseUrl)).option("--project <id>", "Optional project scope").option("--allow-full-scan", "Allow scanning large portfolios", true).option("--no-allow-full-scan", "Require project scoping for large portfolios").action(async (itemId, options, command) => {
7146
+ try {
7147
+ const context = requireAuthUser(await resolveAuthContext(options, command, deps));
7148
+ const core = await import("./dist-V2L4CPTU.js");
7149
+ const data = await core.getIssuesItem({
7150
+ baseUrl: context.baseUrl,
7151
+ authToken: context.token,
7152
+ userId: context.user.id,
7153
+ itemId,
7154
+ projectIds: splitCsv(options.project),
7155
+ allowFullScan: options.allowFullScan !== false
7156
+ });
7157
+ const payload = data && typeof data === "object" ? data : {};
7158
+ const items = Array.isArray(payload.items) ? payload.items : [];
7159
+ if (items.length === 0) {
7160
+ console.error(`Issues item not found: ${itemId}`);
7161
+ process.exit(5);
7162
+ }
7163
+ await writeFormattedOutput({
7164
+ command: `${commandName} get`,
7165
+ data: items[0],
7166
+ format: options.format ?? "json",
7167
+ output: options.output
7168
+ });
7169
+ } catch (error) {
7170
+ console.error(`Failed to get issues item: ${error?.message ?? "Unknown error"}`);
7171
+ process.exit(1);
7172
+ }
7173
+ });
7174
+ addCommon2(addAuthOptions(inventory.command("open").description("Open the issues inventory in the browser"), deps.defaultBaseUrl)).option("--project <id>", "Filter by project id").option("--type <types>", "Filter by type").option("--severity <levels>", "Filter by severity").option("--q <query>", "Search query").option("--sort <sort>", "Sort order", "priority").action(async (options, command) => {
7175
+ try {
7176
+ const context = requireAuthUser(await resolveAuthContext(options, command, deps));
7177
+ const url = buildIssuesFrontendUrl(context, options);
7178
+ await maybeOpen2(url, { ...options, open: true, printUrl: true });
7179
+ } catch (error) {
7180
+ console.error(`Failed to open issues inventory: ${error?.message ?? "Unknown error"}`);
7181
+ process.exit(1);
7182
+ }
7183
+ });
7184
+ };
7185
+ var registerActionsCommand = (program2, deps) => registerIssuesInventoryCommand(program2, {
7186
+ ...deps,
7187
+ commandName: "actions",
7188
+ commandDescription: "Cross-project action center inventory (deprecated; use issues)"
7189
+ });
7190
+
7191
+ // src/connectionsCommand.ts
7192
+ var addCommon3 = (command) => command.option("--format <format>", "Output format: text, json, ndjson, markdown", "text").option("--output <file>", "Output file").option("--open", "Open the matching frontend page", false).option("--print-url", "Print the matching frontend URL", false).option("--no-open", "Do not launch the browser when a URL is printed").option("--frontend-url <url>", "Frontend base URL");
7193
+ var frontendBase3 = (context, options) => resolveFrontendBaseUrl({
7194
+ frontendUrl: options.frontendUrl,
7195
+ apiBaseUrl: context.baseUrl
7196
+ });
7197
+ var maybeOpen3 = async (url, options) => {
7198
+ if (options.printUrl) {
7199
+ process.stdout.write(`${url}
7200
+ `);
7201
+ }
7202
+ if (options.open !== false && (options.open || options.printUrl)) {
7203
+ await openExternalUrl(url);
7204
+ }
7205
+ };
7206
+ var scalar2 = (value, fallback = "-") => {
7207
+ if (value === null || value === void 0 || value === "") {
7208
+ return fallback;
7209
+ }
7210
+ if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
7211
+ return String(value);
7212
+ }
7213
+ return fallback;
7214
+ };
7215
+ var syncStatus = (connection) => scalar2(
6938
7216
  connection.last_sync_status ?? connection.sync_status?.status ?? connection.status
6939
7217
  );
6940
7218
  var renderConnectionsListText = (connections) => formatTextTable(
6941
7219
  connections.map((connection) => {
6942
7220
  const record = connection && typeof connection === "object" && !Array.isArray(connection) ? connection : {};
6943
7221
  return {
6944
- id: scalar(record.id),
6945
- name: scalar(record.name),
6946
- provider: scalar(record.cloud_provider),
6947
- type: scalar(record.type),
7222
+ id: scalar2(record.id),
7223
+ name: scalar2(record.name),
7224
+ provider: scalar2(record.cloud_provider),
7225
+ type: scalar2(record.type),
6948
7226
  sync: syncStatus(record),
6949
- updated: scalar(record.last_synced ?? record.updated_at ?? record.created_at)
7227
+ updated: scalar2(record.last_synced ?? record.updated_at ?? record.created_at)
6950
7228
  };
6951
7229
  }),
6952
7230
  [
@@ -6985,27 +7263,27 @@ var writeConnectionsListOutput = async ({
6985
7263
  };
6986
7264
  var registerConnectionsCommand = (program2, deps) => {
6987
7265
  const connections = program2.command("connections").description("Connection utilities");
6988
- addCommon2(addAuthOptions(connections.command("list").description("List connections"), deps.defaultBaseUrl)).action(async (options, command) => {
7266
+ addCommon3(addAuthOptions(connections.command("list").description("List connections"), deps.defaultBaseUrl)).action(async (options, command) => {
6989
7267
  try {
6990
7268
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
6991
- const core = await import("./dist-PEYJDO7A.js");
7269
+ const core = await import("./dist-V2L4CPTU.js");
6992
7270
  const data = await core.listConnections({
6993
7271
  baseUrl: context.baseUrl,
6994
7272
  authToken: context.token,
6995
7273
  userId: context.user.id
6996
7274
  });
6997
7275
  const url = buildFrontendUrl({
6998
- baseUrl: frontendBase2(context, options),
7276
+ baseUrl: frontendBase3(context, options),
6999
7277
  target: "connections"
7000
7278
  });
7001
7279
  await writeConnectionsListOutput({ data, options, frontendUrl: url });
7002
- await maybeOpen2(url, options);
7280
+ await maybeOpen3(url, options);
7003
7281
  } catch (error) {
7004
7282
  console.error(`Failed to list connections: ${error?.message ?? "Unknown error"}`);
7005
7283
  process.exit(1);
7006
7284
  }
7007
7285
  });
7008
- addCommon2(
7286
+ addCommon3(
7009
7287
  addAuthOptions(
7010
7288
  connections.command("get").description("Show a connection").argument("<id>", "Connection id"),
7011
7289
  deps.defaultBaseUrl
@@ -7013,7 +7291,7 @@ var registerConnectionsCommand = (program2, deps) => {
7013
7291
  ).action(async (id, options, command) => {
7014
7292
  try {
7015
7293
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
7016
- const core = await import("./dist-PEYJDO7A.js");
7294
+ const core = await import("./dist-V2L4CPTU.js");
7017
7295
  const data = await core.getConnection({
7018
7296
  baseUrl: context.baseUrl,
7019
7297
  authToken: context.token,
@@ -7024,7 +7302,7 @@ var registerConnectionsCommand = (program2, deps) => {
7024
7302
  throw new Error(`Connection ${id} was not found.`);
7025
7303
  }
7026
7304
  const url = buildFrontendUrl({
7027
- baseUrl: frontendBase2(context, options),
7305
+ baseUrl: frontendBase3(context, options),
7028
7306
  target: "connection",
7029
7307
  connectionId: id
7030
7308
  });
@@ -7035,13 +7313,13 @@ var registerConnectionsCommand = (program2, deps) => {
7035
7313
  output: options.output,
7036
7314
  frontendUrl: url
7037
7315
  });
7038
- await maybeOpen2(url, options);
7316
+ await maybeOpen3(url, options);
7039
7317
  } catch (error) {
7040
7318
  console.error(`Failed to show connection: ${error?.message ?? "Unknown error"}`);
7041
7319
  process.exit(1);
7042
7320
  }
7043
7321
  });
7044
- addCommon2(
7322
+ addCommon3(
7045
7323
  addAuthOptions(
7046
7324
  connections.command("open").description("Open a connection").argument("<id>", "Connection id"),
7047
7325
  deps.defaultBaseUrl
@@ -7050,7 +7328,7 @@ var registerConnectionsCommand = (program2, deps) => {
7050
7328
  try {
7051
7329
  const context = await resolveAuthContext(options, command, deps);
7052
7330
  const url = buildFrontendUrl({
7053
- baseUrl: frontendBase2(context, options),
7331
+ baseUrl: frontendBase3(context, options),
7054
7332
  target: "connection",
7055
7333
  connectionId: id
7056
7334
  });
@@ -7061,7 +7339,7 @@ var registerConnectionsCommand = (program2, deps) => {
7061
7339
  output: options.output,
7062
7340
  frontendUrl: url
7063
7341
  });
7064
- await maybeOpen2(url, { ...options, open: options.open || true });
7342
+ await maybeOpen3(url, { ...options, open: options.open || true });
7065
7343
  } catch (error) {
7066
7344
  console.error(`Failed to open connection: ${error?.message ?? "Unknown error"}`);
7067
7345
  process.exit(1);
@@ -7070,7 +7348,7 @@ var registerConnectionsCommand = (program2, deps) => {
7070
7348
  };
7071
7349
 
7072
7350
  // src/billingCommand.ts
7073
- var addCommon3 = (command) => command.option("--format <format>", "Output format: text, json, ndjson, markdown", "text").option("--output <file>", "Output file").option("--open", "Open the matching frontend page", false).option("--print-url", "Print the matching frontend URL", false).option("--no-open", "Do not launch the browser when a URL is printed").option("--frontend-url <url>", "Frontend base URL");
7351
+ var addCommon4 = (command) => command.option("--format <format>", "Output format: text, json, ndjson, markdown", "text").option("--output <file>", "Output file").option("--open", "Open the matching frontend page", false).option("--print-url", "Print the matching frontend URL", false).option("--no-open", "Do not launch the browser when a URL is printed").option("--frontend-url <url>", "Frontend base URL");
7074
7352
  var billingUrl = (context, options) => buildFrontendUrl({
7075
7353
  baseUrl: resolveFrontendBaseUrl({
7076
7354
  frontendUrl: options.frontendUrl,
@@ -7079,7 +7357,7 @@ var billingUrl = (context, options) => buildFrontendUrl({
7079
7357
  target: "billing",
7080
7358
  tab: options.tab
7081
7359
  });
7082
- var maybeOpen3 = async (url, options) => {
7360
+ var maybeOpen4 = async (url, options) => {
7083
7361
  if (options.printUrl) {
7084
7362
  const isMachineReadable = options.format === "json" || options.format === "ndjson";
7085
7363
  (isMachineReadable ? process.stderr : process.stdout).write(`${url}
@@ -7303,8 +7581,7 @@ var write = async (command, data, options, frontendUrl) => {
7303
7581
  const text = renderBillingText(command, data);
7304
7582
  if (text) {
7305
7583
  if (options.output) {
7306
- const fs14 = await import("fs/promises");
7307
- await fs14.writeFile(options.output, text, "utf8");
7584
+ await writePrivateOutputFile(options.output, text);
7308
7585
  return;
7309
7586
  }
7310
7587
  process.stdout.write(text);
@@ -7351,7 +7628,7 @@ var checkoutReturnUrl = (context, options) => options.returnTo || billingUrl(con
7351
7628
  var runTopUpCheckout = async (commandName, packId, options, command, deps) => {
7352
7629
  try {
7353
7630
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
7354
- const core = await import("./dist-PEYJDO7A.js");
7631
+ const core = await import("./dist-V2L4CPTU.js");
7355
7632
  const returnTo = checkoutReturnUrl(context, options);
7356
7633
  const session = await core.createTopUpCheckoutSession({
7357
7634
  baseUrl: context.baseUrl,
@@ -7376,14 +7653,14 @@ var runTopUpCheckout = async (commandName, packId, options, command, deps) => {
7376
7653
  checkoutUrl
7377
7654
  );
7378
7655
  if (checkoutUrl) {
7379
- await maybeOpen3(checkoutUrl, options);
7656
+ await maybeOpen4(checkoutUrl, options);
7380
7657
  }
7381
7658
  } catch (error) {
7382
7659
  failBillingCommand(commandName, "Failed to start top-up checkout", error, options);
7383
7660
  }
7384
7661
  };
7385
7662
  var registerBillingCommands = (program2, deps) => {
7386
- addCommon3(
7663
+ addCommon4(
7387
7664
  addAuthOptions(
7388
7665
  program2.command("credits").description("Show current credit stats"),
7389
7666
  deps.defaultBaseUrl
@@ -7391,7 +7668,7 @@ var registerBillingCommands = (program2, deps) => {
7391
7668
  ).action(async (options, command) => {
7392
7669
  try {
7393
7670
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
7394
- const core = await import("./dist-PEYJDO7A.js");
7671
+ const core = await import("./dist-V2L4CPTU.js");
7395
7672
  const range = rangeToDates("30d");
7396
7673
  const [entitlement, usageSummary] = await Promise.all([
7397
7674
  core.getBillingEntitlement({
@@ -7412,16 +7689,16 @@ var registerBillingCommands = (program2, deps) => {
7412
7689
  });
7413
7690
  const url = billingUrl(context, { ...options, tab: "usage" });
7414
7691
  await write("credits", { status, entitlement, usageCreditsUsed }, options, url);
7415
- await maybeOpen3(url, options);
7692
+ await maybeOpen4(url, options);
7416
7693
  } catch (error) {
7417
7694
  failBillingCommand("credits", "Failed to show credits", error, options);
7418
7695
  }
7419
7696
  });
7420
7697
  const billing = program2.command("billing").description("Billing and usage utilities");
7421
- addCommon3(addAuthOptions(billing.command("summary").description("Show billing summary"), deps.defaultBaseUrl)).action(async (options, command) => {
7698
+ addCommon4(addAuthOptions(billing.command("summary").description("Show billing summary"), deps.defaultBaseUrl)).action(async (options, command) => {
7422
7699
  try {
7423
7700
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
7424
- const core = await import("./dist-PEYJDO7A.js");
7701
+ const core = await import("./dist-V2L4CPTU.js");
7425
7702
  const range = rangeToDates("30d");
7426
7703
  const [entitlement, subscriptionStatus, usageSummary] = await Promise.all([
7427
7704
  core.getBillingEntitlement({ baseUrl: context.baseUrl, authToken: context.token }),
@@ -7449,27 +7726,27 @@ var registerBillingCommands = (program2, deps) => {
7449
7726
  options,
7450
7727
  url
7451
7728
  );
7452
- await maybeOpen3(url, options);
7729
+ await maybeOpen4(url, options);
7453
7730
  } catch (error) {
7454
7731
  failBillingCommand("billing summary", "Failed to show billing summary", error, options);
7455
7732
  }
7456
7733
  });
7457
- addCommon3(addAuthOptions(billing.command("plans").description("Show billing plans"), deps.defaultBaseUrl)).action(async (options, command) => {
7734
+ addCommon4(addAuthOptions(billing.command("plans").description("Show billing plans"), deps.defaultBaseUrl)).action(async (options, command) => {
7458
7735
  try {
7459
7736
  const context = await resolveAuthContext(options, command, deps);
7460
- const core = await import("./dist-PEYJDO7A.js");
7737
+ const core = await import("./dist-V2L4CPTU.js");
7461
7738
  const data = await core.getBillingConfig({ baseUrl: context.baseUrl, authToken: context.token });
7462
7739
  const url = billingUrl(context, { ...options, tab: "plans" });
7463
7740
  await write("billing plans", data, options, url);
7464
- await maybeOpen3(url, options);
7741
+ await maybeOpen4(url, options);
7465
7742
  } catch (error) {
7466
7743
  failBillingCommand("billing plans", "Failed to show billing plans", error, options);
7467
7744
  }
7468
7745
  });
7469
- addCommon3(addAuthOptions(billing.command("usage").description("Show billing usage summary"), deps.defaultBaseUrl)).option("--range <range>", "Usage range: 7d, 30d, 90d, all", "30d").option("--start-at <iso>", "Start timestamp").option("--end-at <iso>", "End timestamp").option("--granularity <value>", "Granularity: hour, day, month", "day").option("--action-type <type>", "Action type filter").option("--model <name>", "Model filter").option("--outcome <outcome>", "Outcome filter").option("--charge-status <status>", "Charge status filter").action(async (options, command) => {
7746
+ addCommon4(addAuthOptions(billing.command("usage").description("Show billing usage summary"), deps.defaultBaseUrl)).option("--range <range>", "Usage range: 7d, 30d, 90d, all", "30d").option("--start-at <iso>", "Start timestamp").option("--end-at <iso>", "End timestamp").option("--granularity <value>", "Granularity: hour, day, month", "day").option("--action-type <type>", "Action type filter").option("--model <name>", "Model filter").option("--outcome <outcome>", "Outcome filter").option("--charge-status <status>", "Charge status filter").action(async (options, command) => {
7470
7747
  try {
7471
7748
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
7472
- const core = await import("./dist-PEYJDO7A.js");
7749
+ const core = await import("./dist-V2L4CPTU.js");
7473
7750
  const range = rangeToDates(options.range);
7474
7751
  const data = await core.getBillingUsageSummary({
7475
7752
  baseUrl: context.baseUrl,
@@ -7484,15 +7761,15 @@ var registerBillingCommands = (program2, deps) => {
7484
7761
  });
7485
7762
  const url = billingUrl(context, { ...options, tab: "usage" });
7486
7763
  await write("billing usage", data, options, url);
7487
- await maybeOpen3(url, options);
7764
+ await maybeOpen4(url, options);
7488
7765
  } catch (error) {
7489
7766
  failBillingCommand("billing usage", "Failed to show billing usage", error, options);
7490
7767
  }
7491
7768
  });
7492
- addCommon3(addAuthOptions(billing.command("ledger").description("Show billing ledger"), deps.defaultBaseUrl)).option("--range <range>", "Usage range: 7d, 30d, 90d, all", "30d").option("--start-at <iso>", "Start timestamp").option("--end-at <iso>", "End timestamp").option("--action-type <type>", "Action type filter").option("--model <name>", "Model filter").option("--outcome <outcome>", "Outcome filter").option("--charge-status <status>", "Charge status filter").option("--limit <n>", "Page size", "25").option("--cursor <cursor>", "Pagination cursor").action(async (options, command) => {
7769
+ addCommon4(addAuthOptions(billing.command("ledger").description("Show billing ledger"), deps.defaultBaseUrl)).option("--range <range>", "Usage range: 7d, 30d, 90d, all", "30d").option("--start-at <iso>", "Start timestamp").option("--end-at <iso>", "End timestamp").option("--action-type <type>", "Action type filter").option("--model <name>", "Model filter").option("--outcome <outcome>", "Outcome filter").option("--charge-status <status>", "Charge status filter").option("--limit <n>", "Page size", "25").option("--cursor <cursor>", "Pagination cursor").action(async (options, command) => {
7493
7770
  try {
7494
7771
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
7495
- const core = await import("./dist-PEYJDO7A.js");
7772
+ const core = await import("./dist-V2L4CPTU.js");
7496
7773
  const range = rangeToDates(options.range);
7497
7774
  const data = await core.getBillingUsageLedger({
7498
7775
  baseUrl: context.baseUrl,
@@ -7508,7 +7785,7 @@ var registerBillingCommands = (program2, deps) => {
7508
7785
  });
7509
7786
  const url = billingUrl(context, { ...options, tab: "usage" });
7510
7787
  await write("billing ledger", data, options, url);
7511
- await maybeOpen3(url, options);
7788
+ await maybeOpen4(url, options);
7512
7789
  } catch (error) {
7513
7790
  failBillingCommand("billing ledger", "Failed to show billing ledger", error, options);
7514
7791
  }
@@ -7517,10 +7794,10 @@ var registerBillingCommands = (program2, deps) => {
7517
7794
  ["invoices", "getSubscriptionBillingInfo", "billing"],
7518
7795
  ["notifications", "getBillingNotifications", "billing"]
7519
7796
  ]) {
7520
- addCommon3(addAuthOptions(billing.command(name).description(`Show billing ${name}`), deps.defaultBaseUrl)).option("--limit <n>", "Result limit", "25").action(async (options, command) => {
7797
+ addCommon4(addAuthOptions(billing.command(name).description(`Show billing ${name}`), deps.defaultBaseUrl)).option("--limit <n>", "Result limit", "25").action(async (options, command) => {
7521
7798
  try {
7522
7799
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
7523
- const core = await import("./dist-PEYJDO7A.js");
7800
+ const core = await import("./dist-V2L4CPTU.js");
7524
7801
  const data = await core[getter]({
7525
7802
  baseUrl: context.baseUrl,
7526
7803
  authToken: context.token,
@@ -7528,30 +7805,30 @@ var registerBillingCommands = (program2, deps) => {
7528
7805
  });
7529
7806
  const url = billingUrl(context, { ...options, tab });
7530
7807
  await write(`billing ${name}`, data, options, url);
7531
- await maybeOpen3(url, options);
7808
+ await maybeOpen4(url, options);
7532
7809
  } catch (error) {
7533
7810
  failBillingCommand(`billing ${name}`, `Failed to show billing ${name}`, error, options);
7534
7811
  }
7535
7812
  });
7536
7813
  }
7537
7814
  const topups = billing.command("topups").description("Show billing top-ups");
7538
- addCommon3(addAuthOptions(topups, deps.defaultBaseUrl)).option("--limit <n>", "Result limit", "25").action(async (options, command) => {
7815
+ addCommon4(addAuthOptions(topups, deps.defaultBaseUrl)).option("--limit <n>", "Result limit", "25").action(async (options, command) => {
7539
7816
  try {
7540
7817
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
7541
- const core = await import("./dist-PEYJDO7A.js");
7818
+ const core = await import("./dist-V2L4CPTU.js");
7542
7819
  const data = await core.getTopUpPacks({
7543
7820
  baseUrl: context.baseUrl,
7544
7821
  authToken: context.token
7545
7822
  });
7546
7823
  const url = billingUrl(context, { ...options, tab: "billing" });
7547
7824
  await write("billing topups", data, options, url);
7548
- await maybeOpen3(url, options);
7825
+ await maybeOpen4(url, options);
7549
7826
  } catch (error) {
7550
7827
  failBillingCommand("billing topups", "Failed to show billing topups", error, options);
7551
7828
  }
7552
7829
  });
7553
7830
  addTopUpCheckoutOptions(
7554
- addCommon3(
7831
+ addCommon4(
7555
7832
  addAuthOptions(
7556
7833
  topups.command("buy <pack-id>").description("Buy a credit top-up pack"),
7557
7834
  deps.defaultBaseUrl
@@ -7561,7 +7838,7 @@ var registerBillingCommands = (program2, deps) => {
7561
7838
  (packId, options, command) => runTopUpCheckout("billing topups buy", packId, options, command, deps)
7562
7839
  );
7563
7840
  addTopUpCheckoutOptions(
7564
- addCommon3(
7841
+ addCommon4(
7565
7842
  addAuthOptions(
7566
7843
  billing.command("topup <pack-id>").description("Buy a credit top-up pack"),
7567
7844
  deps.defaultBaseUrl
@@ -7598,7 +7875,7 @@ var normalizeMcpSetupClient = (value) => {
7598
7875
  throw new Error(`MCP setup client must be one of: ${MCP_SETUP_CLIENTS.join(", ")}.`);
7599
7876
  };
7600
7877
  var normalizeMcpSetupToolset = (value) => {
7601
- const normalized = (value ?? "all").toLowerCase();
7878
+ const normalized = (value ?? "readonly").toLowerCase();
7602
7879
  if (TOOLSETS.has(normalized)) {
7603
7880
  return normalized;
7604
7881
  }
@@ -7637,7 +7914,7 @@ var writtenSetupNextStep = (client) => client === "claude" ? "Restart Claude Des
7637
7914
  var buildMcpClientSetup = ({
7638
7915
  client,
7639
7916
  command = "cloudeval",
7640
- toolset = "all",
7917
+ toolset = "readonly",
7641
7918
  configPath
7642
7919
  }) => {
7643
7920
  const normalizedClient = normalizeMcpSetupClient(client);
@@ -7837,6 +8114,51 @@ var isSuccessfulJobStatus = (value) => ["completed", "succeeded"].includes(norma
7837
8114
  var compactRecord = (value) => Object.fromEntries(
7838
8115
  Object.entries(value).filter(([, item]) => item !== void 0)
7839
8116
  );
8117
+ var basenameFromPath = (value) => {
8118
+ const trimmed = value?.trim();
8119
+ if (!trimmed) {
8120
+ return void 0;
8121
+ }
8122
+ const normalized = trimmed.replace(/\\/g, "/");
8123
+ return normalized.split("/").filter(Boolean).pop() ?? trimmed;
8124
+ };
8125
+ var isBackendTempLocation = (value) => {
8126
+ const trimmed = value?.trim();
8127
+ if (!trimmed) {
8128
+ return false;
8129
+ }
8130
+ const normalized = trimmed.replace(/\\/g, "/").toLowerCase();
8131
+ const basename = basenameFromPath(trimmed) ?? "";
8132
+ return normalized.startsWith("/tmp/") || normalized.startsWith("/private/tmp/") || normalized.includes("/var/folders/") || normalized.includes("/appdata/local/temp/") || normalized.includes("/windows/temp/") || /^tmp[\w.-]*\.json$/i.test(basename);
8133
+ };
8134
+ var displayTemplateLocation = (rawLocation, context) => {
8135
+ const trimmed = rawLocation?.trim();
8136
+ if (!trimmed) {
8137
+ return void 0;
8138
+ }
8139
+ if (isBackendTempLocation(trimmed)) {
8140
+ return basenameFromPath(context?.templatePath);
8141
+ }
8142
+ return trimmed;
8143
+ };
8144
+ var sanitizeTemplateLocationFields = (value, context) => {
8145
+ if (Array.isArray(value)) {
8146
+ return value.map((item) => sanitizeTemplateLocationFields(item, context));
8147
+ }
8148
+ const record = recordValue(value);
8149
+ if (!record) {
8150
+ return value;
8151
+ }
8152
+ return Object.fromEntries(
8153
+ Object.entries(record).flatMap(([key, item]) => {
8154
+ if (["file_path", "filePath", "location"].includes(key) && typeof item === "string") {
8155
+ const publicLocation = displayTemplateLocation(item, context);
8156
+ return publicLocation === void 0 ? [] : [[key, publicLocation]];
8157
+ }
8158
+ return [[key, sanitizeTemplateLocationFields(item, context)]];
8159
+ })
8160
+ );
8161
+ };
7840
8162
  var arrayValue = (value) => Array.isArray(value) ? value : [];
7841
8163
  var firstString = (record, fields) => {
7842
8164
  for (const field of fields) {
@@ -7847,6 +8169,283 @@ var firstString = (record, fields) => {
7847
8169
  }
7848
8170
  return void 0;
7849
8171
  };
8172
+ var publicValidationText = (value) => value?.replace(/\bPSRule(?:\s+for\s+Azure)?\b/gi, "validation rules").replace(/\bARM\s+TTK\b/gi, "template validation");
8173
+ var sanitizeTemplateOperationText = (value) => {
8174
+ if (typeof value === "string") {
8175
+ return publicValidationText(value) ?? value;
8176
+ }
8177
+ if (Array.isArray(value)) {
8178
+ return value.map(sanitizeTemplateOperationText);
8179
+ }
8180
+ const record = recordValue(value);
8181
+ if (record) {
8182
+ return Object.fromEntries(
8183
+ Object.entries(record).map(([key, item]) => [
8184
+ key,
8185
+ sanitizeTemplateOperationText(item)
8186
+ ])
8187
+ );
8188
+ }
8189
+ return value;
8190
+ };
8191
+ var firstNumber = (record, fields) => {
8192
+ for (const field of fields) {
8193
+ const value = record?.[field];
8194
+ if (typeof value === "number" && Number.isFinite(value)) {
8195
+ return value;
8196
+ }
8197
+ if (typeof value === "string" && value.trim()) {
8198
+ const parsed = Number(value);
8199
+ if (Number.isFinite(parsed)) {
8200
+ return parsed;
8201
+ }
8202
+ }
8203
+ }
8204
+ return void 0;
8205
+ };
8206
+ var firstArray2 = (record, fields) => {
8207
+ for (const field of fields) {
8208
+ const value = record?.[field];
8209
+ if (Array.isArray(value)) {
8210
+ return value;
8211
+ }
8212
+ }
8213
+ return [];
8214
+ };
8215
+ var normalizeProgressItem = (value, context) => {
8216
+ const record = recordValue(value) ?? {};
8217
+ const passed = typeof record.passed === "boolean" ? record.passed : void 0;
8218
+ return compactRecord({
8219
+ name: firstString(record, [
8220
+ "name",
8221
+ "test_name",
8222
+ "testName",
8223
+ "rule_name",
8224
+ "ruleName",
8225
+ "item",
8226
+ "current_item",
8227
+ "display_name",
8228
+ "displayName"
8229
+ ]),
8230
+ status: firstString(record, ["status", "outcome", "result"]) ?? (passed === void 0 ? void 0 : passed ? "Pass" : "Fail"),
8231
+ passed,
8232
+ category: firstString(record, ["category", "test_category", "testCategory"]),
8233
+ severity: firstString(record, ["severity", "level"]),
8234
+ message: publicValidationText(firstString(record, ["message", "description"])),
8235
+ recommendation: publicValidationText(
8236
+ firstString(record, ["recommendation", "remediation"])
8237
+ ),
8238
+ location: displayTemplateLocation(
8239
+ firstString(record, ["file_path", "filePath", "location"]),
8240
+ context
8241
+ ),
8242
+ durationMs: firstNumber(record, ["duration_ms", "durationMs"]),
8243
+ documentationUrl: firstString(record, [
8244
+ "documentation_url",
8245
+ "documentationUrl",
8246
+ "help_url",
8247
+ "helpUrl"
8248
+ ])
8249
+ });
8250
+ };
8251
+ var operationFromResult = (result) => {
8252
+ const record = recordValue(result);
8253
+ if (!record) {
8254
+ return void 0;
8255
+ }
8256
+ if ("test_results" in record || "total_tests" in record) {
8257
+ return "template_test";
8258
+ }
8259
+ if ("filtered_results" in record || "results" in record || "summary" in record) {
8260
+ return "template_validate";
8261
+ }
8262
+ return void 0;
8263
+ };
8264
+ var progressEventFromStatus = (input) => {
8265
+ const statusRecord = recordValue(input.status);
8266
+ return compactRecord({
8267
+ phase: input.phase,
8268
+ jobId: input.jobId,
8269
+ operation: firstString(statusRecord, ["operation", "operation_type", "operationType"]),
8270
+ status: firstString(statusRecord, ["status", "state"]),
8271
+ progress: firstNumber(statusRecord, [
8272
+ "progress",
8273
+ "progress_percent",
8274
+ "progressPercent",
8275
+ "percentage",
8276
+ "percent"
8277
+ ]),
8278
+ completed: firstNumber(statusRecord, [
8279
+ "completed_items",
8280
+ "completedItems",
8281
+ "completed_tests",
8282
+ "completedTests",
8283
+ "completed_rules",
8284
+ "completedRules"
8285
+ ]),
8286
+ total: firstNumber(statusRecord, [
8287
+ "total_items",
8288
+ "totalItems",
8289
+ "total_tests",
8290
+ "totalTests",
8291
+ "total_rules",
8292
+ "totalRules"
8293
+ ]),
8294
+ currentItem: firstString(statusRecord, [
8295
+ "current_item",
8296
+ "currentItem",
8297
+ "current_test",
8298
+ "currentTest",
8299
+ "current_rule",
8300
+ "currentRule"
8301
+ ]),
8302
+ message: publicValidationText(
8303
+ firstString(statusRecord, ["message", "detail", "description"])
8304
+ ),
8305
+ items: firstArray2(statusRecord, [
8306
+ "recent_events",
8307
+ "recentEvents",
8308
+ "events",
8309
+ "progress_events",
8310
+ "progressEvents"
8311
+ ]).map((item) => normalizeProgressItem(item, input.context)).filter((item) => item.name || item.message),
8312
+ elapsedMs: input.elapsedMs
8313
+ });
8314
+ };
8315
+ var failedStatus = (status) => ["fail", "failed", "error"].includes(String(status ?? "").trim().toLowerCase());
8316
+ var passedStatus = (status) => ["pass", "passed", "success", "succeeded"].includes(
8317
+ String(status ?? "").trim().toLowerCase()
8318
+ );
8319
+ var progressItemsFromDetails = (details, nameFields, context) => {
8320
+ const targetLocation = (target) => {
8321
+ const name = firstString(target, ["name", "id"]);
8322
+ const type = firstString(target, ["type"]);
8323
+ if (name && type) {
8324
+ return `${name} (${type})`;
8325
+ }
8326
+ return name ?? type;
8327
+ };
8328
+ return details.filter((detail) => failedStatus(firstString(detail, ["status", "outcome", "result"]))).map((detail) => {
8329
+ const evidence = recordValue(detail.evidence);
8330
+ return compactRecord({
8331
+ name: firstString(detail, nameFields),
8332
+ status: firstString(detail, ["status", "outcome", "result"]),
8333
+ category: firstString(detail, ["category", "test_category", "testCategory"]),
8334
+ severity: firstString(detail, ["severity", "level"]),
8335
+ message: publicValidationText(
8336
+ firstString(detail, ["message", "description"]) ?? firstString(evidence, ["description", "synopsis"])
8337
+ ),
8338
+ recommendation: publicValidationText(
8339
+ firstString(detail, ["recommendation", "remediation"]) ?? firstString(evidence, ["recommendation", "remediation"])
8340
+ ),
8341
+ location: displayTemplateLocation(
8342
+ firstString(detail, ["file_path", "filePath", "location"]),
8343
+ context
8344
+ ) ?? targetLocation(recordValue(detail.target)),
8345
+ durationMs: firstNumber(detail, ["duration_ms", "durationMs"]),
8346
+ documentationUrl: firstString(detail, [
8347
+ "documentation_url",
8348
+ "documentationUrl",
8349
+ "help_url",
8350
+ "helpUrl"
8351
+ ]) ?? firstString(evidence, [
8352
+ "documentation_url",
8353
+ "documentationUrl",
8354
+ "help_url",
8355
+ "helpUrl"
8356
+ ])
8357
+ });
8358
+ }).filter((item) => item.name || item.message);
8359
+ };
8360
+ var resultProgressSummary = (result, operation, context) => {
8361
+ const resultRecord = recordValue(result) ?? {};
8362
+ const summary = recordValue(resultRecord.summary) ?? {};
8363
+ const detectedOperation = operationFromResult(result);
8364
+ const resolvedOperation = detectedOperation ?? operation;
8365
+ const operationText = String(resolvedOperation ?? "").toLowerCase();
8366
+ if (detectedOperation === "template_test" || operationText.includes("test")) {
8367
+ const details2 = normalizeTemplateTestDetails(result, context);
8368
+ const passed2 = firstNumber(resultRecord, ["passed_tests", "passedTests"]) ?? details2.filter((detail) => detail.passed === true || passedStatus(firstString(detail, ["status"]))).length;
8369
+ const failed2 = firstNumber(resultRecord, ["failed_tests", "failedTests"]) ?? details2.filter((detail) => detail.passed === false || failedStatus(firstString(detail, ["status"]))).length;
8370
+ const skipped = firstNumber(resultRecord, ["skipped_tests", "skippedTests"]) ?? 0;
8371
+ return {
8372
+ operation: resolvedOperation,
8373
+ progress: 100,
8374
+ message: `Template tests complete: ${passed2} passed, ${failed2} failed, ${skipped} skipped`,
8375
+ items: progressItemsFromDetails(details2, ["test_name", "testName", "name"], context)
8376
+ };
8377
+ }
8378
+ const details = normalizeTemplateValidationDetails(result);
8379
+ const passed = firstNumber(summary, ["passed_rules", "passedRules"]) ?? details.filter((detail) => passedStatus(firstString(detail, ["status"]))).length;
8380
+ const failed = firstNumber(summary, ["failed_rules", "failedRules"]) ?? details.filter((detail) => failedStatus(firstString(detail, ["status"]))).length;
8381
+ const total = firstNumber(summary, ["total_rules", "totalRules"]) ?? details.length;
8382
+ return {
8383
+ operation: resolvedOperation ?? "template_validate",
8384
+ progress: 100,
8385
+ message: `Validation complete: ${passed} passed, ${failed} failed across ${total} checks`,
8386
+ items: progressItemsFromDetails(details, ["rule_id", "rule_name", "ruleName", "name"], context)
8387
+ };
8388
+ };
8389
+ var formatTemplateProgressEvent = (event, command) => {
8390
+ const appendItemDetails = (lines2, item) => {
8391
+ const metadata = [
8392
+ item.category ? `category: ${item.category}` : void 0,
8393
+ item.severity ? `severity: ${item.severity}` : void 0,
8394
+ item.location ? `location: ${item.location}` : void 0,
8395
+ typeof item.durationMs === "number" ? `duration: ${item.durationMs}ms` : void 0
8396
+ ].filter(Boolean);
8397
+ if (metadata.length) {
8398
+ lines2.push(` ${metadata.join(" | ")}`);
8399
+ }
8400
+ if (item.name && item.message) {
8401
+ lines2.push(` message: ${item.message}`);
8402
+ }
8403
+ if (item.recommendation) {
8404
+ lines2.push(` recommendation: ${item.recommendation}`);
8405
+ }
8406
+ if (item.documentationUrl) {
8407
+ lines2.push(` docs: ${item.documentationUrl}`);
8408
+ }
8409
+ };
8410
+ if (event.phase === "submitted") {
8411
+ return [`${command} job ${event.jobId} submitted`];
8412
+ }
8413
+ if (event.phase === "result") {
8414
+ const lines2 = event.message ? [event.message] : [`${command} job ${event.jobId} complete`];
8415
+ for (const item of event.items ?? []) {
8416
+ const status2 = item.status ? `${item.status} ` : "";
8417
+ lines2.push(` - ${status2}${item.name ?? item.message ?? "item"}`);
8418
+ appendItemDetails(lines2, item);
8419
+ }
8420
+ return lines2;
8421
+ }
8422
+ const status = event.status ? event.status.toUpperCase() : "RUNNING";
8423
+ const progress = typeof event.progress === "number" ? ` ${Math.round(event.progress)}%` : "";
8424
+ const completed = typeof event.completed === "number" && typeof event.total === "number" ? ` (${event.completed}/${event.total})` : "";
8425
+ const current = event.currentItem ? ` current: ${event.currentItem}` : "";
8426
+ const message = event.message ? ` ${event.message}` : "";
8427
+ const lines = [
8428
+ `${command} job ${event.jobId}: ${status}${progress}${completed}${current}${message}`
8429
+ ];
8430
+ for (const item of event.items ?? []) {
8431
+ const statusText = item.status ? `${item.status} ` : "";
8432
+ const passedText = item.status || item.passed === void 0 ? "" : item.passed ? "Pass " : "Fail ";
8433
+ lines.push(` - ${statusText}${passedText}${item.name ?? item.message ?? "item"}`);
8434
+ appendItemDetails(lines, item);
8435
+ }
8436
+ return lines;
8437
+ };
8438
+ var templateProgressEventKey = (event) => JSON.stringify({
8439
+ phase: event.phase,
8440
+ operation: event.operation,
8441
+ status: event.status,
8442
+ progress: event.progress,
8443
+ completed: event.completed,
8444
+ total: event.total,
8445
+ currentItem: event.currentItem,
8446
+ message: event.message,
8447
+ items: event.items
8448
+ });
7850
8449
  var unwrapTemplateOperationResult = (value) => {
7851
8450
  const record = recordValue(value);
7852
8451
  if (!record) {
@@ -7858,9 +8457,9 @@ var unwrapTemplateOperationResult = (value) => {
7858
8457
  }
7859
8458
  const nestedResult = recordValue(result.result);
7860
8459
  if (nestedResult) {
7861
- return nestedResult;
8460
+ return sanitizeTemplateOperationText(nestedResult);
7862
8461
  }
7863
- return result;
8462
+ return sanitizeTemplateOperationText(result);
7864
8463
  };
7865
8464
  var resolvedOperationResult = (value) => recordValue(unwrapTemplateOperationResult(value));
7866
8465
  var validationResults = (result) => {
@@ -7892,9 +8491,15 @@ var normalizeTemplateValidationDetails = (result) => validationResults(recordVal
7892
8491
  pillar: firstString(row, ["pillar"]),
7893
8492
  ...Object.keys(target).length ? { target } : {},
7894
8493
  evidence: compactRecord({
7895
- description: firstString(row, ["description", "message"]) ?? firstString(info, ["description"]),
7896
- synopsis: firstString(row, ["synopsis"]) ?? firstString(info, ["synopsis"]),
7897
- recommendation: firstString(row, ["recommendation", "remediation"]),
8494
+ description: publicValidationText(
8495
+ firstString(row, ["description", "message"]) ?? firstString(info, ["description"])
8496
+ ),
8497
+ synopsis: publicValidationText(
8498
+ firstString(row, ["synopsis"]) ?? firstString(info, ["synopsis"])
8499
+ ),
8500
+ recommendation: publicValidationText(
8501
+ firstString(row, ["recommendation", "remediation"])
8502
+ ),
7898
8503
  documentation_url: firstString(row, [
7899
8504
  "documentation_url",
7900
8505
  "documentationUrl",
@@ -7921,7 +8526,7 @@ var withTemplateValidationDetails = (value) => {
7921
8526
  details: normalizeTemplateValidationDetails(result)
7922
8527
  });
7923
8528
  };
7924
- var normalizeTemplateTestDetails = (result) => arrayValue(recordValue(result)?.test_results).map((item) => {
8529
+ var normalizeTemplateTestDetails = (result, context) => arrayValue(recordValue(result)?.test_results).map((item) => {
7925
8530
  const row = recordValue(item) ?? {};
7926
8531
  const passed = typeof row.passed === "boolean" ? row.passed : void 0;
7927
8532
  return compactRecord({
@@ -7931,17 +8536,23 @@ var normalizeTemplateTestDetails = (result) => arrayValue(recordValue(result)?.t
7931
8536
  status: passed === void 0 ? firstString(row, ["status"]) : passed ? "Pass" : "Fail",
7932
8537
  passed,
7933
8538
  severity: firstString(row, ["severity", "level"]),
7934
- message: firstString(row, ["message", "description"]),
7935
- recommendation: firstString(row, ["recommendation", "remediation"]),
8539
+ message: publicValidationText(firstString(row, ["message", "description"])),
8540
+ recommendation: publicValidationText(
8541
+ firstString(row, ["recommendation", "remediation"])
8542
+ ),
7936
8543
  duration_ms: typeof row.duration_ms === "number" ? row.duration_ms : typeof row.durationMs === "number" ? row.durationMs : void 0,
7937
- file_path: firstString(row, ["file_path", "filePath"])
8544
+ file_path: displayTemplateLocation(
8545
+ firstString(row, ["file_path", "filePath"]),
8546
+ context
8547
+ )
7938
8548
  });
7939
8549
  });
7940
- var withTemplateTestDetails = (value) => {
7941
- const result = resolvedOperationResult(value);
7942
- if (!result) {
8550
+ var withTemplateTestDetails = (value, context) => {
8551
+ const rawResult = resolvedOperationResult(value);
8552
+ if (!rawResult) {
7943
8553
  return value;
7944
8554
  }
8555
+ const result = recordValue(sanitizeTemplateLocationFields(rawResult, context)) ?? rawResult;
7945
8556
  const original = recordValue(value);
7946
8557
  const jobFields = original && ("jobId" in original || "status" in original) ? compactRecord({
7947
8558
  submitted: original.submitted,
@@ -7957,7 +8568,7 @@ var withTemplateTestDetails = (value) => {
7957
8568
  failed_tests: result.failed_tests,
7958
8569
  skipped_tests: result.skipped_tests
7959
8570
  }),
7960
- details: normalizeTemplateTestDetails(result)
8571
+ details: normalizeTemplateTestDetails(result, context)
7961
8572
  });
7962
8573
  };
7963
8574
  var getTemplateValidationJobStatus = async (input) => fetchCloudEvalJson({
@@ -7979,10 +8590,34 @@ var waitForTemplateValidationResult = async (input) => {
7979
8590
  }
7980
8591
  const waitTimeoutMs = Math.max(1, input.waitTimeoutMs ?? 6e5);
7981
8592
  const pollIntervalMs = Math.max(500, input.pollIntervalMs ?? 2500);
8593
+ const progressContext = {
8594
+ templatePath: input.templatePath,
8595
+ parametersPath: input.parametersPath
8596
+ };
7982
8597
  const deadline = Date.now() + waitTimeoutMs;
8598
+ const startedAt = Date.now();
8599
+ const elapsedMs = () => Date.now() - startedAt;
8600
+ await input.onProgress?.(
8601
+ progressEventFromStatus({
8602
+ phase: "submitted",
8603
+ jobId,
8604
+ status: input.submitted,
8605
+ elapsedMs: elapsedMs(),
8606
+ context: progressContext
8607
+ })
8608
+ );
7983
8609
  let status;
7984
8610
  for (; ; ) {
7985
8611
  status = await getTemplateValidationJobStatus({ ...input, jobId });
8612
+ await input.onProgress?.(
8613
+ progressEventFromStatus({
8614
+ phase: "status",
8615
+ jobId,
8616
+ status,
8617
+ elapsedMs: elapsedMs(),
8618
+ context: progressContext
8619
+ })
8620
+ );
7986
8621
  if (isTerminalJobStatus3(status)) {
7987
8622
  break;
7988
8623
  }
@@ -7998,13 +8633,32 @@ var waitForTemplateValidationResult = async (input) => {
7998
8633
  `Template validation job ${jobId} ended with status ${normalizedStatus(status) || "unknown"}.`
7999
8634
  );
8000
8635
  }
8636
+ const result = sanitizeTemplateLocationFields(
8637
+ unwrapTemplateOperationResult(
8638
+ await getTemplateValidationJobResult({ ...input, jobId })
8639
+ ),
8640
+ progressContext
8641
+ );
8642
+ const statusEvent = progressEventFromStatus({
8643
+ phase: "status",
8644
+ jobId,
8645
+ status,
8646
+ elapsedMs: elapsedMs(),
8647
+ context: progressContext
8648
+ });
8649
+ await input.onProgress?.(
8650
+ compactRecord({
8651
+ ...statusEvent,
8652
+ phase: "result",
8653
+ ...resultProgressSummary(result, statusEvent.operation, progressContext),
8654
+ elapsedMs: elapsedMs()
8655
+ })
8656
+ );
8001
8657
  return {
8002
8658
  submitted: input.submitted,
8003
8659
  jobId,
8004
8660
  status,
8005
- result: unwrapTemplateOperationResult(
8006
- await getTemplateValidationJobResult({ ...input, jobId })
8007
- )
8661
+ result
8008
8662
  };
8009
8663
  };
8010
8664
  var templateTestRequestBody = async (files, options) => {
@@ -9379,7 +10033,7 @@ var mcpToolDefinitions = [
9379
10033
  },
9380
10034
  wait: {
9381
10035
  type: "boolean",
9382
- description: "Poll an async validation job until results are ready.",
10036
+ description: "Poll an async validation job until results are ready. When the MCP call includes _meta.progressToken, wait progress is emitted as notifications/progress.",
9383
10037
  default: false
9384
10038
  },
9385
10039
  pollIntervalMs: {
@@ -9436,7 +10090,7 @@ var mcpToolDefinitions = [
9436
10090
  verbose: { type: "boolean", default: false },
9437
10091
  wait: {
9438
10092
  type: "boolean",
9439
- description: "Poll an async template test job until results are ready.",
10093
+ description: "Poll an async template test job until results are ready. When the MCP call includes _meta.progressToken, wait progress is emitted as notifications/progress.",
9440
10094
  default: false
9441
10095
  },
9442
10096
  pollIntervalMs: {
@@ -9953,7 +10607,7 @@ var MCP_TOOLSETS = {
9953
10607
  };
9954
10608
  var MCP_TOOLSET_NAMES = Object.keys(MCP_TOOLSETS);
9955
10609
  var normalizeMcpToolset = (value) => {
9956
- const normalized = (value ?? "all").toLowerCase();
10610
+ const normalized = (value ?? "readonly").toLowerCase();
9957
10611
  if (MCP_TOOLSET_NAMES.includes(normalized)) {
9958
10612
  return normalized;
9959
10613
  }
@@ -10201,12 +10855,12 @@ var resolveInvocationConfig = async (serverOptions, args) => {
10201
10855
  accessKey: serverOptions.accessKey
10202
10856
  };
10203
10857
  };
10204
- var frontendBase3 = (config) => resolveFrontendBaseUrl({
10858
+ var frontendBase4 = (config) => resolveFrontendBaseUrl({
10205
10859
  frontendUrl: config.frontendUrl,
10206
10860
  apiBaseUrl: config.baseUrl
10207
10861
  });
10208
10862
  var reportsFrontendUrl = (config, input) => buildFrontendUrl({
10209
- baseUrl: frontendBase3(config),
10863
+ baseUrl: frontendBase4(config),
10210
10864
  target: "reports",
10211
10865
  projectId: input.projectId,
10212
10866
  tab: input.tab ?? (input.type === "cost" ? "cost" : input.type === "waf" || input.type === "architecture" ? "architecture" : "overview"),
@@ -10216,7 +10870,7 @@ var reportsFrontendUrl = (config, input) => buildFrontendUrl({
10216
10870
  reportVerbosity: input.reportVerbosity
10217
10871
  });
10218
10872
  var resolveAuth = async (config, options = {}) => {
10219
- const core = await import("./dist-PEYJDO7A.js");
10873
+ const core = await import("./dist-V2L4CPTU.js");
10220
10874
  core.assertSecureBaseUrl(config.baseUrl);
10221
10875
  let token;
10222
10876
  try {
@@ -10312,7 +10966,7 @@ var assertModelAvailable = async (config, token) => {
10312
10966
  if (!config.model) {
10313
10967
  return;
10314
10968
  }
10315
- const core = await import("./dist-PEYJDO7A.js");
10969
+ const core = await import("./dist-V2L4CPTU.js");
10316
10970
  try {
10317
10971
  const response = await fetch(
10318
10972
  `${core.normalizeApiBase(config.baseUrl)}/models`,
@@ -10569,7 +11223,7 @@ var buildToolHandlers = (serverOptions) => {
10569
11223
  });
10570
11224
  handlers.set("agent_profiles_list", async (args) => {
10571
11225
  const config = await resolveInvocationConfig(serverOptions, args);
10572
- const core = await import("./dist-PEYJDO7A.js");
11226
+ const core = await import("./dist-V2L4CPTU.js");
10573
11227
  const data = await listProfilesForDiscovery(core, config.baseUrl);
10574
11228
  return withEnvelope({
10575
11229
  command: "agents list",
@@ -10582,7 +11236,7 @@ var buildToolHandlers = (serverOptions) => {
10582
11236
  throw new Error("profileId is required.");
10583
11237
  }
10584
11238
  const config = await resolveInvocationConfig(serverOptions, args);
10585
- const core = await import("./dist-PEYJDO7A.js");
11239
+ const core = await import("./dist-V2L4CPTU.js");
10586
11240
  const data = await getProfileForDiscovery(core, config.baseUrl, profileId);
10587
11241
  return withEnvelope({
10588
11242
  command: "agents show",
@@ -10646,7 +11300,7 @@ var buildToolHandlers = (serverOptions) => {
10646
11300
  }
10647
11301
  const finalMessage = [...chatState.messages].reverse().find((message) => message.role === "assistant");
10648
11302
  const frontendUrl = buildFrontendUrl({
10649
- baseUrl: frontendBase3(config),
11303
+ baseUrl: frontendBase4(config),
10650
11304
  target: "chat",
10651
11305
  threadId
10652
11306
  });
@@ -10671,7 +11325,7 @@ var buildToolHandlers = (serverOptions) => {
10671
11325
  auth.user.id
10672
11326
  );
10673
11327
  const frontendUrl = buildFrontendUrl({
10674
- baseUrl: frontendBase3(config),
11328
+ baseUrl: frontendBase4(config),
10675
11329
  target: "projects"
10676
11330
  });
10677
11331
  return withEnvelope({
@@ -10697,7 +11351,7 @@ var buildToolHandlers = (serverOptions) => {
10697
11351
  throw new Error(`Project ${projectId} was not found.`);
10698
11352
  }
10699
11353
  const frontendUrl = buildFrontendUrl({
10700
- baseUrl: frontendBase3(config),
11354
+ baseUrl: frontendBase4(config),
10701
11355
  target: "project",
10702
11356
  projectId
10703
11357
  });
@@ -10716,7 +11370,7 @@ var buildToolHandlers = (serverOptions) => {
10716
11370
  userId: auth.user.id
10717
11371
  });
10718
11372
  const frontendUrl = buildFrontendUrl({
10719
- baseUrl: frontendBase3(config),
11373
+ baseUrl: frontendBase4(config),
10720
11374
  target: "connections"
10721
11375
  });
10722
11376
  return withEnvelope({
@@ -10742,7 +11396,7 @@ var buildToolHandlers = (serverOptions) => {
10742
11396
  throw new Error(`Connection ${connectionId} was not found.`);
10743
11397
  }
10744
11398
  const frontendUrl = buildFrontendUrl({
10745
- baseUrl: frontendBase3(config),
11399
+ baseUrl: frontendBase4(config),
10746
11400
  target: "connection",
10747
11401
  connectionId
10748
11402
  });
@@ -10898,7 +11552,7 @@ var buildToolHandlers = (serverOptions) => {
10898
11552
  });
10899
11553
  return withEnvelope({ command: "projects graph sync-runs", data });
10900
11554
  });
10901
- handlers.set("template_validate", async (args) => {
11555
+ handlers.set("template_validate", async (args, context) => {
10902
11556
  const config = await resolveInvocationConfig(serverOptions, args);
10903
11557
  const auth = await resolveAuth(config, { requireUser: true });
10904
11558
  const templatePath = stringValue(args.templatePath);
@@ -10931,14 +11585,17 @@ var buildToolHandlers = (serverOptions) => {
10931
11585
  userId: auth.user.id,
10932
11586
  submitted,
10933
11587
  pollIntervalMs: numberValue(args.pollIntervalMs),
10934
- waitTimeoutMs: numberValue(args.waitTimeoutMs)
11588
+ waitTimeoutMs: numberValue(args.waitTimeoutMs),
11589
+ templatePath,
11590
+ parametersPath: stringValue(args.parametersPath),
11591
+ onProgress: context?.sendProgress ? (event) => context.sendProgress(event, "validate template") : void 0
10935
11592
  }) : submitted;
10936
11593
  return withEnvelope({
10937
11594
  command: "validate template",
10938
11595
  data: booleanValue(args.details) ? withTemplateValidationDetails(data) : data
10939
11596
  });
10940
11597
  });
10941
- handlers.set("template_test", async (args) => {
11598
+ handlers.set("template_test", async (args, context) => {
10942
11599
  const config = await resolveInvocationConfig(serverOptions, args);
10943
11600
  const auth = await resolveAuth(config, { requireUser: true });
10944
11601
  const templatePath = stringValue(args.templatePath);
@@ -10963,11 +11620,17 @@ var buildToolHandlers = (serverOptions) => {
10963
11620
  userId: auth.user.id,
10964
11621
  submitted,
10965
11622
  pollIntervalMs: numberValue(args.pollIntervalMs),
10966
- waitTimeoutMs: numberValue(args.waitTimeoutMs)
11623
+ waitTimeoutMs: numberValue(args.waitTimeoutMs),
11624
+ templatePath,
11625
+ parametersPath: stringValue(args.parametersPath),
11626
+ onProgress: context?.sendProgress ? (event) => context.sendProgress(event, "validate tests") : void 0
10967
11627
  }) : submitted;
10968
11628
  return withEnvelope({
10969
11629
  command: "validate tests",
10970
- data: withTemplateTestDetails(data)
11630
+ data: withTemplateTestDetails(data, {
11631
+ templatePath,
11632
+ parametersPath: stringValue(args.parametersPath)
11633
+ })
10971
11634
  });
10972
11635
  });
10973
11636
  handlers.set("template_parse", async (args) => {
@@ -11078,7 +11741,7 @@ var buildToolHandlers = (serverOptions) => {
11078
11741
  finalMessage?.content || responseText || ""
11079
11742
  );
11080
11743
  const frontendUrl = buildFrontendUrl({
11081
- baseUrl: frontendBase3(config),
11744
+ baseUrl: frontendBase4(config),
11082
11745
  target: "chat",
11083
11746
  threadId: chatState.threadId
11084
11747
  });
@@ -11219,7 +11882,7 @@ var buildToolHandlers = (serverOptions) => {
11219
11882
  });
11220
11883
  handlers.set("auth_status", async (args) => {
11221
11884
  const config = await resolveInvocationConfig(serverOptions, args);
11222
- const core = await import("./dist-PEYJDO7A.js");
11885
+ const core = await import("./dist-V2L4CPTU.js");
11223
11886
  const data = await core.getAuthStatus(config.baseUrl, { validate: true });
11224
11887
  return withEnvelope({
11225
11888
  command: "auth status",
@@ -11228,7 +11891,7 @@ var buildToolHandlers = (serverOptions) => {
11228
11891
  });
11229
11892
  handlers.set("status", async (args) => {
11230
11893
  const config = await resolveInvocationConfig(serverOptions, args);
11231
- const core = await import("./dist-PEYJDO7A.js");
11894
+ const core = await import("./dist-V2L4CPTU.js");
11232
11895
  const auth = await core.getAuthStatus(config.baseUrl, { validate: true });
11233
11896
  return withEnvelope({
11234
11897
  command: "status",
@@ -11259,7 +11922,7 @@ var buildToolHandlers = (serverOptions) => {
11259
11922
  }
11260
11923
  ];
11261
11924
  try {
11262
- const core = await import("./dist-PEYJDO7A.js");
11925
+ const core = await import("./dist-V2L4CPTU.js");
11263
11926
  core.assertSecureBaseUrl(config.baseUrl);
11264
11927
  checks.push({
11265
11928
  id: "base-url-secure",
@@ -11692,7 +12355,7 @@ var buildToolHandlers = (serverOptions) => {
11692
12355
  }).catch(() => null)
11693
12356
  ]);
11694
12357
  const frontendUrl = buildFrontendUrl({
11695
- baseUrl: frontendBase3(config),
12358
+ baseUrl: frontendBase4(config),
11696
12359
  target: "billing",
11697
12360
  tab: "plans"
11698
12361
  });
@@ -11730,7 +12393,7 @@ var buildToolHandlers = (serverOptions) => {
11730
12393
  chargeStatus: stringValue(args.chargeStatus)
11731
12394
  });
11732
12395
  const frontendUrl = buildFrontendUrl({
11733
- baseUrl: frontendBase3(config),
12396
+ baseUrl: frontendBase4(config),
11734
12397
  target: "billing",
11735
12398
  tab: "usage"
11736
12399
  });
@@ -11760,7 +12423,7 @@ var buildToolHandlers = (serverOptions) => {
11760
12423
  cursor: stringValue(args.cursor)
11761
12424
  });
11762
12425
  const frontendUrl = buildFrontendUrl({
11763
- baseUrl: frontendBase3(config),
12426
+ baseUrl: frontendBase4(config),
11764
12427
  target: "billing",
11765
12428
  tab: "usage"
11766
12429
  });
@@ -11779,13 +12442,13 @@ var buildToolHandlers = (serverOptions) => {
11779
12442
  } catch {
11780
12443
  token = config.accessKey;
11781
12444
  }
11782
- const core = await import("./dist-PEYJDO7A.js");
12445
+ const core = await import("./dist-V2L4CPTU.js");
11783
12446
  const data = await core.getBillingConfig({
11784
12447
  baseUrl: config.baseUrl,
11785
12448
  authToken: token
11786
12449
  });
11787
12450
  const frontendUrl = buildFrontendUrl({
11788
- baseUrl: frontendBase3(config),
12451
+ baseUrl: frontendBase4(config),
11789
12452
  target: "billing",
11790
12453
  tab: "plans"
11791
12454
  });
@@ -11803,7 +12466,7 @@ var buildToolHandlers = (serverOptions) => {
11803
12466
  authToken: auth.token
11804
12467
  });
11805
12468
  const frontendUrl = buildFrontendUrl({
11806
- baseUrl: frontendBase3(config),
12469
+ baseUrl: frontendBase4(config),
11807
12470
  target: "billing",
11808
12471
  tab: "billing"
11809
12472
  });
@@ -11822,7 +12485,7 @@ var buildToolHandlers = (serverOptions) => {
11822
12485
  limit: boundedLimit(args.limit, 25, 50)
11823
12486
  });
11824
12487
  const frontendUrl = buildFrontendUrl({
11825
- baseUrl: frontendBase3(config),
12488
+ baseUrl: frontendBase4(config),
11826
12489
  target: "billing",
11827
12490
  tab: "billing"
11828
12491
  });
@@ -11841,7 +12504,7 @@ var buildToolHandlers = (serverOptions) => {
11841
12504
  limit: boundedLimit(args.limit, 25, 100)
11842
12505
  });
11843
12506
  const frontendUrl = buildFrontendUrl({
11844
- baseUrl: frontendBase3(config),
12507
+ baseUrl: frontendBase4(config),
11845
12508
  target: "billing",
11846
12509
  tab: "billing"
11847
12510
  });
@@ -11859,7 +12522,7 @@ var buildToolHandlers = (serverOptions) => {
11859
12522
  const config = await resolveInvocationConfig(serverOptions, args);
11860
12523
  const auth = await resolveAuth(config, { requireUser: true });
11861
12524
  const returnTo = stringValue(args.returnTo) ?? buildFrontendUrl({
11862
- baseUrl: frontendBase3(config),
12525
+ baseUrl: frontendBase4(config),
11863
12526
  target: "billing",
11864
12527
  tab: "billing"
11865
12528
  });
@@ -11890,7 +12553,7 @@ var buildToolHandlers = (serverOptions) => {
11890
12553
  }
11891
12554
  const config = await resolveInvocationConfig(serverOptions, args);
11892
12555
  const url = buildFrontendUrl({
11893
- baseUrl: frontendBase3(config),
12556
+ baseUrl: frontendBase4(config),
11894
12557
  target,
11895
12558
  threadId: stringValue(args.threadId),
11896
12559
  projectId: stringValue(args.projectId),
@@ -12158,6 +12821,34 @@ var serveMcpServer = async (options) => {
12158
12821
  transport: outputTransport
12159
12822
  });
12160
12823
  };
12824
+ const progressTokenFromParams = (params) => {
12825
+ const meta = isObject(params?._meta) ? params?._meta : void 0;
12826
+ const token = meta?.progressToken;
12827
+ if (typeof token === "string") {
12828
+ return token;
12829
+ }
12830
+ if (typeof token === "number" && Number.isFinite(token)) {
12831
+ return token;
12832
+ }
12833
+ return void 0;
12834
+ };
12835
+ const sendTemplateProgress = (progressToken, event, command) => {
12836
+ if (progressToken === void 0) {
12837
+ return;
12838
+ }
12839
+ const progress = typeof event.progress === "number" ? event.progress : typeof event.completed === "number" ? event.completed : event.phase === "result" ? 100 : 0;
12840
+ const total = typeof event.progress === "number" ? 100 : typeof event.total === "number" ? event.total : event.phase === "result" ? 100 : void 0;
12841
+ send({
12842
+ jsonrpc: "2.0",
12843
+ method: "notifications/progress",
12844
+ params: {
12845
+ progressToken,
12846
+ progress,
12847
+ ...total === void 0 ? {} : { total },
12848
+ message: formatTemplateProgressEvent(event, command).join("\n")
12849
+ }
12850
+ });
12851
+ };
12161
12852
  const handleRequest = async (request) => {
12162
12853
  debug("request received", {
12163
12854
  id: request.id,
@@ -12241,9 +12932,23 @@ var serveMcpServer = async (options) => {
12241
12932
  `Tool has no handler: ${name}`
12242
12933
  );
12243
12934
  }
12935
+ const progressToken = progressTokenFromParams(request.params);
12936
+ let lastProgressKey;
12244
12937
  const startedAt = Date.now();
12245
12938
  try {
12246
- const envelope = await handler(args);
12939
+ const envelope = await handler(args, {
12940
+ progressToken,
12941
+ sendProgress: (event, command) => {
12942
+ if (event.phase === "status") {
12943
+ const key = templateProgressEventKey(event);
12944
+ if (key === lastProgressKey) {
12945
+ return;
12946
+ }
12947
+ lastProgressKey = key;
12948
+ }
12949
+ sendTemplateProgress(progressToken, event, command);
12950
+ }
12951
+ });
12247
12952
  debug("tool call completed", { tool: name, ok: envelope.ok });
12248
12953
  await options.telemetry?.track("cli.mcp.tool", {
12249
12954
  command: "mcp",
@@ -12484,7 +13189,7 @@ var registerMcpCommand = (program2, deps) => {
12484
13189
  ).option(
12485
13190
  "--toolset <name>",
12486
13191
  "Toolset to expose: all, readonly, projects, reports, billing",
12487
- "all"
13192
+ "readonly"
12488
13193
  ).option("--config-path <path>", "Override MCP client config path").option(
12489
13194
  "--format <format>",
12490
13195
  "Output format: text, json, ndjson, markdown",
@@ -12533,7 +13238,7 @@ var registerMcpCommand = (program2, deps) => {
12533
13238
  ).option(
12534
13239
  "--toolset <name>",
12535
13240
  `Expose a focused MCP toolset: ${MCP_TOOLSET_NAMES.join(", ")}`,
12536
- "all"
13241
+ "readonly"
12537
13242
  ).option(
12538
13243
  "-v, --verbose",
12539
13244
  "Write detailed MCP server diagnostics to stderr",
@@ -12633,7 +13338,7 @@ var registerCapabilitiesCommand = (program2, deps) => {
12633
13338
  warnIfAccessKeyFromCliOption(options, command);
12634
13339
  let data = capabilities;
12635
13340
  if (options.live) {
12636
- const core = await import("./dist-PEYJDO7A.js");
13341
+ const core = await import("./dist-V2L4CPTU.js");
12637
13342
  const baseUrl = await deps.resolveBaseUrl(options, command);
12638
13343
  const accessKey = options.accessKeyStdin ? await deps.readStdinValue() : options.accessKey;
12639
13344
  const token = await core.getAuthToken({ accessKey, baseUrl });
@@ -12766,19 +13471,19 @@ var writeCredentialOutput = async (input) => {
12766
13471
  data: input.data,
12767
13472
  format: input.format,
12768
13473
  output: input.output,
12769
- redactSensitiveSecrets: input.command !== "credentials create"
13474
+ redactSensitiveSecrets: !(input.command === "credentials create" && input.showSecret === true)
12770
13475
  });
12771
13476
  };
12772
13477
  var resolveCoreAuth = async (options, command, deps) => {
12773
13478
  const context = await resolveAuthContext(options, command, deps);
12774
- const core = await import("./dist-PEYJDO7A.js");
13479
+ const core = await import("./dist-V2L4CPTU.js");
12775
13480
  return { ...context, core };
12776
13481
  };
12777
13482
  var parseCapabilities = (value) => value?.split(",").map((item) => item.trim()).filter(Boolean);
12778
- var addCommon4 = (command, deps) => addAuthOptions(command, deps.defaultBaseUrl).option("--format <format>", "Output format: text, json, ndjson, markdown", "text").option("--output <file>", "Output file");
13483
+ var addCommon5 = (command, deps) => addAuthOptions(command, deps.defaultBaseUrl).option("--format <format>", "Output format: text, json, ndjson, markdown", "text").option("--output <file>", "Output file");
12779
13484
  var registerCredentialsCommand = (program2, deps) => {
12780
13485
  const credentials = program2.command("credentials").description("Manage CloudEval access-key credentials");
12781
- addCommon4(credentials.command("templates").description("List credential templates"), deps).action(async (options, command) => {
13486
+ addCommon5(credentials.command("templates").description("List credential templates"), deps).action(async (options, command) => {
12782
13487
  const auth = await resolveCoreAuth(options, command, deps);
12783
13488
  const data = await auth.core.getCredentialTemplates({
12784
13489
  baseUrl: auth.baseUrl,
@@ -12791,7 +13496,7 @@ var registerCredentialsCommand = (program2, deps) => {
12791
13496
  output: options.output
12792
13497
  });
12793
13498
  });
12794
- addCommon4(credentials.command("list").description("List credentials"), deps).option("--project <id>", "Filter by project id").action(async (options, command) => {
13499
+ addCommon5(credentials.command("list").description("List credentials"), deps).option("--project <id>", "Filter by project id").action(async (options, command) => {
12795
13500
  const auth = await resolveCoreAuth(options, command, deps);
12796
13501
  const data = await auth.core.listCredentials({
12797
13502
  baseUrl: auth.baseUrl,
@@ -12805,7 +13510,7 @@ var registerCredentialsCommand = (program2, deps) => {
12805
13510
  output: options.output
12806
13511
  });
12807
13512
  });
12808
- addCommon4(credentials.command("inspect").description("Inspect a credential").argument("<credential_id>"), deps).action(async (credentialId, options, command) => {
13513
+ addCommon5(credentials.command("inspect").description("Inspect a credential").argument("<credential_id>"), deps).action(async (credentialId, options, command) => {
12809
13514
  const auth = await resolveCoreAuth(options, command, deps);
12810
13515
  const data = await auth.core.getCredential({
12811
13516
  baseUrl: auth.baseUrl,
@@ -12819,7 +13524,11 @@ var registerCredentialsCommand = (program2, deps) => {
12819
13524
  output: options.output
12820
13525
  });
12821
13526
  });
12822
- addAuthOptions(credentials.command("create").description("Create an access-key credential"), deps.defaultBaseUrl).requiredOption("--template <id>", "Credential template id").requiredOption("--name <name>", "Credential name").requiredOption("--project <id>", "Project scope").option("--expires <duration>", "Expiration duration, for example 90d").option("--capabilities <list>", "Comma-separated capability override").option("--idempotency-key <key>", "Idempotency key for safe retries").option("--format <format>", "Output format: text, json, ndjson, markdown, github-actions", "text").option("--output <file>", "Output file").action(async (options, command) => {
13527
+ addAuthOptions(credentials.command("create").description("Create an access-key credential"), deps.defaultBaseUrl).requiredOption("--template <id>", "Credential template id").requiredOption("--name <name>", "Credential name").requiredOption("--project <id>", "Project scope").option("--expires <duration>", "Expiration duration, for example 90d").option("--capabilities <list>", "Comma-separated capability override").option("--idempotency-key <key>", "Idempotency key for safe retries").option("--format <format>", "Output format: text, json, ndjson, markdown, github-actions", "text").option("--output <file>", "Output file").option(
13528
+ "--show-secret",
13529
+ "Include the one-time access key in machine-readable create output",
13530
+ false
13531
+ ).action(async (options, command) => {
12823
13532
  const auth = await resolveCoreAuth(options, command, deps);
12824
13533
  const data = await auth.core.createCredential({
12825
13534
  baseUrl: auth.baseUrl,
@@ -12836,10 +13545,11 @@ var registerCredentialsCommand = (program2, deps) => {
12836
13545
  data,
12837
13546
  format: options.format,
12838
13547
  output: options.output,
12839
- projectId: options.project
13548
+ projectId: options.project,
13549
+ showSecret: options.showSecret
12840
13550
  });
12841
13551
  });
12842
- addCommon4(credentials.command("revoke").description("Revoke a credential").argument("<credential_id>"), deps).option("--reason <reason>", "Revocation reason").option("--idempotency-key <key>", "Idempotency key for safe retries").action(async (credentialId, options, command) => {
13552
+ addCommon5(credentials.command("revoke").description("Revoke a credential").argument("<credential_id>"), deps).option("--reason <reason>", "Revocation reason").option("--idempotency-key <key>", "Idempotency key for safe retries").action(async (credentialId, options, command) => {
12843
13553
  const auth = await resolveCoreAuth(options, command, deps);
12844
13554
  const data = await auth.core.revokeCredential({
12845
13555
  baseUrl: auth.baseUrl,
@@ -12857,7 +13567,7 @@ var registerCredentialsCommand = (program2, deps) => {
12857
13567
  });
12858
13568
  };
12859
13569
  var registerIdentityCommand = (program2, deps) => {
12860
- addCommon4(program2.command("identity").description("Show the current CloudEval identity"), deps).action(async (options, command) => {
13570
+ addCommon5(program2.command("identity").description("Show the current CloudEval identity"), deps).action(async (options, command) => {
12861
13571
  const auth = await resolveCoreAuth(options, command, deps);
12862
13572
  const data = await auth.core.getIdentity({
12863
13573
  baseUrl: auth.baseUrl,
@@ -12890,6 +13600,17 @@ var normalizeHooks = (config, event) => {
12890
13600
  (hook) => hook && typeof hook.id === "string" && typeof hook.command === "string" && hook.id.trim() && hook.command.trim()
12891
13601
  ) : [];
12892
13602
  };
13603
+ var HOOK_SECRET_ENV_KEY_PATTERN = /(?:TOKEN|SECRET|PASSWORD|CREDENTIAL|ACCESS_KEY|API_KEY|PRIVATE_KEY|SESSION|COOKIE|AUTH|AZURE_CLIENT_SECRET|CLOUDEVAL_ACCESS_KEY)/i;
13604
+ var buildLocalHookBaseEnv = (source = process.env) => {
13605
+ const env = {};
13606
+ for (const [key, value] of Object.entries(source)) {
13607
+ if (value === void 0 || HOOK_SECRET_ENV_KEY_PATTERN.test(key)) {
13608
+ continue;
13609
+ }
13610
+ env[key] = value;
13611
+ }
13612
+ return env;
13613
+ };
12893
13614
  var writeHookPayload = async (input, hook) => {
12894
13615
  const filePath = path7.join(
12895
13616
  os4.tmpdir(),
@@ -12924,7 +13645,7 @@ var runShellHook = async (hook, input, payloadPath) => {
12924
13645
  cwd: hook.cwd || process.cwd(),
12925
13646
  timeout: timeoutSeconds * 1e3,
12926
13647
  env: {
12927
- ...process.env,
13648
+ ...buildLocalHookBaseEnv(),
12928
13649
  CLOUDEVAL_HOOK_EVENT: input.event,
12929
13650
  CLOUDEVAL_HOOK_EVENT_FILE: payloadPath,
12930
13651
  CLOUDEVAL_PROFILE: input.profile,
@@ -13088,7 +13809,7 @@ var registerAgentsCommand = (program2, deps) => {
13088
13809
  const agents = program2.command("agents").description("CloudEval Agent Profile utilities");
13089
13810
  addAgentOutputOptions(agents.command("list").description("List Agent Profiles"), deps).action(async (options, command) => {
13090
13811
  const baseUrl = await deps.resolveBaseUrl(options, command);
13091
- const core = await import("./dist-PEYJDO7A.js");
13812
+ const core = await import("./dist-V2L4CPTU.js");
13092
13813
  core.assertSecureBaseUrl(baseUrl);
13093
13814
  const data = await listProfilesForDiscovery2(core, baseUrl);
13094
13815
  await writeProfiles({
@@ -13104,7 +13825,7 @@ var registerAgentsCommand = (program2, deps) => {
13104
13825
  deps
13105
13826
  ).action(async (profileId, options, command) => {
13106
13827
  const baseUrl = await deps.resolveBaseUrl(options, command);
13107
- const core = await import("./dist-PEYJDO7A.js");
13828
+ const core = await import("./dist-V2L4CPTU.js");
13108
13829
  core.assertSecureBaseUrl(baseUrl);
13109
13830
  const data = await getProfileForDiscovery2(core, baseUrl, profileId);
13110
13831
  await writeProfiles({
@@ -13123,7 +13844,7 @@ var registerAgentsCommand = (program2, deps) => {
13123
13844
  const cliProfile = getActiveConfigProfile(command);
13124
13845
  const cliConfig = await loadCliConfig(cliProfile);
13125
13846
  const auth = await resolveAuthContext(options, command, deps);
13126
- const core = await import("./dist-PEYJDO7A.js");
13847
+ const core = await import("./dist-V2L4CPTU.js");
13127
13848
  const profileResponse = await core.getAgentProfile({
13128
13849
  baseUrl: auth.baseUrl,
13129
13850
  authToken: auth.token,
@@ -13282,7 +14003,48 @@ var registerAgentsCommand = (program2, deps) => {
13282
14003
  };
13283
14004
 
13284
14005
  // src/validateCommand.ts
13285
- var addCommon5 = (command, deps) => addAuthOptions(command, deps.defaultBaseUrl).requiredOption("--template-file <path>", "Cloud template JSON file").option("--parameters-file <path>", "Optional parameters JSON file").option("--format <format>", "Output format: text, json, ndjson, markdown", "text").option("--output <file>", "Output file");
14006
+ var normalizeTemplateProgressMode = (value) => {
14007
+ if (value === true) {
14008
+ return "stderr";
14009
+ }
14010
+ if (value === void 0 || value === false || value === null) {
14011
+ return "none";
14012
+ }
14013
+ const mode = String(value).trim().toLowerCase();
14014
+ if (mode === "auto" || mode === "stderr" || mode === "ndjson" || mode === "none") {
14015
+ return mode;
14016
+ }
14017
+ throw new Error("--progress must be one of: auto, stderr, ndjson, none");
14018
+ };
14019
+ var createTemplateProgressReporter = (command, progress) => {
14020
+ const requestedMode = normalizeTemplateProgressMode(progress);
14021
+ const mode = requestedMode === "auto" ? process.stderr.isTTY ? "stderr" : "none" : requestedMode;
14022
+ if (mode === "none") {
14023
+ return void 0;
14024
+ }
14025
+ let lastStatusKey;
14026
+ return (event) => {
14027
+ if (event.phase === "status") {
14028
+ const key = templateProgressEventKey(event);
14029
+ if (key === lastStatusKey) {
14030
+ return;
14031
+ }
14032
+ lastStatusKey = key;
14033
+ }
14034
+ if (mode === "ndjson") {
14035
+ process.stderr.write(
14036
+ `${JSON.stringify({ type: "template_progress", command, ...event })}
14037
+ `
14038
+ );
14039
+ return;
14040
+ }
14041
+ for (const line of formatTemplateProgressEvent(event, command)) {
14042
+ process.stderr.write(`${line}
14043
+ `);
14044
+ }
14045
+ };
14046
+ };
14047
+ var addCommon6 = (command, deps) => addAuthOptions(command, deps.defaultBaseUrl).requiredOption("--template-file <path>", "Cloud template JSON file").option("--parameters-file <path>", "Optional parameters JSON file").option("--format <format>", "Output format: text, json, ndjson, markdown", "text").option("--output <file>", "Output file");
13286
14048
  var parsePositiveInteger2 = (value, optionName = "--max-results") => {
13287
14049
  if (!value) {
13288
14050
  return void 0;
@@ -13299,11 +14061,15 @@ var collectRule = (value, previous = []) => [
13299
14061
  ];
13300
14062
  var registerValidateCommand = (program2, deps) => {
13301
14063
  const validate = program2.command("validate").description("Validate and parse cloud templates");
13302
- addCommon5(validate.command("template").description("Validate a cloud template"), deps).option("--failed-only", "Return failed validation checks only", false).option(
14064
+ addCommon6(validate.command("template").description("Validate a cloud template"), deps).option("--failed-only", "Return failed validation checks only", false).option(
13303
14065
  "--rule <id>",
13304
14066
  "Run a specific validation check id; repeat for multiple checks",
13305
14067
  collectRule
13306
- ).option("--category <name>", "Validation category filter").option("--pillar <name>", "Architecture pillar filter").option("--min-severity <level>", "Minimum severity level").option("--max-results <count>", "Maximum validation results").option("--project <id>", "Project id for saved validation results").option("--save-report", "Persist validation results when a project is provided", false).option("--details", "Include frontend-style per-check evidence details", false).option("--wait", "Poll an async validation job until results are ready", false).option("--poll-interval <ms>", "Polling interval when --wait is set", "2500").option("--wait-timeout <ms>", "Maximum time to wait when --wait is set", "600000").action(async (options, command) => {
14068
+ ).option("--category <name>", "Validation category filter").option("--pillar <name>", "Architecture pillar filter").option("--min-severity <level>", "Minimum severity level").option("--max-results <count>", "Maximum validation results").option("--project <id>", "Project id for saved validation results").option("--save-report", "Persist validation results when a project is provided", false).option("--details", "Include frontend-style per-check evidence details", false).option("--wait", "Poll an async validation job until results are ready", false).option("--poll-interval <ms>", "Polling interval when --wait is set", "2500").option("--wait-timeout <ms>", "Maximum time to wait when --wait is set", "600000").option(
14069
+ "--progress [mode]",
14070
+ "Progress events while waiting: auto, stderr, ndjson, none",
14071
+ "none"
14072
+ ).action(async (options, command) => {
13307
14073
  try {
13308
14074
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
13309
14075
  const submitted = await validateTemplate({
@@ -13333,6 +14099,12 @@ var registerValidateCommand = (program2, deps) => {
13333
14099
  waitTimeoutMs: parsePositiveInteger2(
13334
14100
  options.waitTimeout,
13335
14101
  "--wait-timeout"
14102
+ ),
14103
+ templatePath: options.templateFile,
14104
+ parametersPath: options.parametersFile,
14105
+ onProgress: createTemplateProgressReporter(
14106
+ "validate template",
14107
+ options.progress
13336
14108
  )
13337
14109
  }) : submitted;
13338
14110
  const outputData = options.details ? withTemplateValidationDetails(data) : data;
@@ -13347,7 +14119,7 @@ var registerValidateCommand = (program2, deps) => {
13347
14119
  process.exit(1);
13348
14120
  }
13349
14121
  });
13350
- addCommon5(validate.command("parse").description("Parse a cloud template"), deps).option("--location <region>", "Default location for resolved resources").action(async (options, command) => {
14122
+ addCommon6(validate.command("parse").description("Parse a cloud template"), deps).option("--location <region>", "Default location for resolved resources").action(async (options, command) => {
13351
14123
  try {
13352
14124
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
13353
14125
  const data = await parseTemplate({
@@ -13370,7 +14142,11 @@ var registerValidateCommand = (program2, deps) => {
13370
14142
  process.exit(1);
13371
14143
  }
13372
14144
  });
13373
- addCommon5(validate.command("tests").description("Run cloud template test checks"), deps).option("--test <name>", "Run a specific template test; repeat for multiple tests", collectRule).option("--skip-test <name>", "Skip a specific template test; repeat for multiple tests", collectRule).option("--category <name>", "Template test category").option("--group <name>", "Template test group; repeat for multiple groups", collectRule).option("--verbose", "Request verbose template test output", false).option("--wait", "Poll an async template test job until results are ready", false).option("--poll-interval <ms>", "Polling interval when --wait is set", "2500").option("--wait-timeout <ms>", "Maximum time to wait when --wait is set", "600000").action(async (options, command) => {
14145
+ addCommon6(validate.command("tests").description("Run cloud template test checks"), deps).option("--test <name>", "Run a specific template test; repeat for multiple tests", collectRule).option("--skip-test <name>", "Skip a specific template test; repeat for multiple tests", collectRule).option("--category <name>", "Template test category").option("--group <name>", "Template test group; repeat for multiple groups", collectRule).option("--verbose", "Request verbose template test output", false).option("--wait", "Poll an async template test job until results are ready", false).option("--poll-interval <ms>", "Polling interval when --wait is set", "2500").option("--wait-timeout <ms>", "Maximum time to wait when --wait is set", "600000").option(
14146
+ "--progress [mode]",
14147
+ "Progress events while waiting: auto, stderr, ndjson, none",
14148
+ "none"
14149
+ ).action(async (options, command) => {
13374
14150
  try {
13375
14151
  const context = requireAuthUser(await resolveAuthContext(options, command, deps));
13376
14152
  const submitted = await testTemplate({
@@ -13397,11 +14173,20 @@ var registerValidateCommand = (program2, deps) => {
13397
14173
  waitTimeoutMs: parsePositiveInteger2(
13398
14174
  options.waitTimeout,
13399
14175
  "--wait-timeout"
14176
+ ),
14177
+ templatePath: options.templateFile,
14178
+ parametersPath: options.parametersFile,
14179
+ onProgress: createTemplateProgressReporter(
14180
+ "validate tests",
14181
+ options.progress
13400
14182
  )
13401
14183
  }) : submitted;
13402
14184
  await writeFormattedOutput({
13403
14185
  command: "validate tests",
13404
- data: withTemplateTestDetails(data),
14186
+ data: withTemplateTestDetails(data, {
14187
+ templatePath: options.templateFile,
14188
+ parametersPath: options.parametersFile
14189
+ }),
13405
14190
  format: options.format,
13406
14191
  output: options.output
13407
14192
  });
@@ -13413,10 +14198,10 @@ var registerValidateCommand = (program2, deps) => {
13413
14198
  };
13414
14199
 
13415
14200
  // src/rulesCommand.ts
13416
- var addCommon6 = (command, deps) => addAuthOptions(command, deps.defaultBaseUrl).option("--format <format>", "Output format: text, json, ndjson, markdown", "text").option("--output <file>", "Output file");
14201
+ var addCommon7 = (command, deps) => addAuthOptions(command, deps.defaultBaseUrl).option("--format <format>", "Output format: text, json, ndjson, markdown", "text").option("--output <file>", "Output file");
13417
14202
  var registerRulesCommand = (program2, deps) => {
13418
14203
  const rules = program2.command("rules").description("Browse cloud validation checks");
13419
- addCommon6(rules.command("categories").description("List validation check categories"), deps).action(async (options, command) => {
14204
+ addCommon7(rules.command("categories").description("List validation check categories"), deps).action(async (options, command) => {
13420
14205
  try {
13421
14206
  const context = await resolveAuthContext(options, command, deps);
13422
14207
  const data = await getRuleCategories({
@@ -13434,7 +14219,7 @@ var registerRulesCommand = (program2, deps) => {
13434
14219
  process.exit(1);
13435
14220
  }
13436
14221
  });
13437
- addCommon6(
14222
+ addCommon7(
13438
14223
  rules.command("search").description("Search validation checks").argument("<query>", "Search query"),
13439
14224
  deps
13440
14225
  ).option("--category <name>", "Category filter").option("--pillar <name>", "Architecture pillar filter").action(async (query, options, command) => {
@@ -13458,7 +14243,7 @@ var registerRulesCommand = (program2, deps) => {
13458
14243
  process.exit(1);
13459
14244
  }
13460
14245
  });
13461
- addCommon6(
14246
+ addCommon7(
13462
14247
  rules.command("show").description("Show a validation check").argument("<rule_id>", "Rule id"),
13463
14248
  deps
13464
14249
  ).action(async (ruleId, options, command) => {
@@ -13621,7 +14406,7 @@ var registerDiagnosticsCommands = (program2, deps) => {
13621
14406
  const baseUrl = await deps.resolveBaseUrl(options, command);
13622
14407
  const profile = getActiveConfigProfile(command);
13623
14408
  const config = await loadCliConfig(profile);
13624
- const core = await import("./dist-PEYJDO7A.js");
14409
+ const core = await import("./dist-V2L4CPTU.js");
13625
14410
  const auth = await core.getAuthStatus(baseUrl, { validate: true });
13626
14411
  if (options.format === "text" || !options.format) {
13627
14412
  process.stdout.write(
@@ -13671,7 +14456,7 @@ var registerDiagnosticsCommands = (program2, deps) => {
13671
14456
  detail: getCliConfigPath(profile)
13672
14457
  });
13673
14458
  try {
13674
- const core = await import("./dist-PEYJDO7A.js");
14459
+ const core = await import("./dist-V2L4CPTU.js");
13675
14460
  core.assertSecureBaseUrl(baseUrl);
13676
14461
  checks.push({
13677
14462
  id: "base-url-secure",
@@ -13771,7 +14556,7 @@ var resolveToken2 = async (options, deps, baseUrl, command) => {
13771
14556
  return options.accessKey;
13772
14557
  }
13773
14558
  try {
13774
- const core = await import("./dist-PEYJDO7A.js");
14559
+ const core = await import("./dist-V2L4CPTU.js");
13775
14560
  return await core.getAuthToken({
13776
14561
  baseUrl
13777
14562
  });
@@ -13855,7 +14640,7 @@ var registerModelsCommand = (program2, deps) => {
13855
14640
  let source = "fallback";
13856
14641
  let modelList = fallbackModels;
13857
14642
  try {
13858
- const core = await import("./dist-PEYJDO7A.js");
14643
+ const core = await import("./dist-V2L4CPTU.js");
13859
14644
  const response = await fetch(`${core.normalizeApiBase(baseUrl)}/models`, {
13860
14645
  headers: {
13861
14646
  Accept: "application/json",
@@ -15034,7 +15819,7 @@ var uninstallCompletionScript = async (shell) => {
15034
15819
  var runInteractiveLoginOnboarding = async (baseUrl, token) => {
15035
15820
  const [{ render }, { Onboarding }] = await Promise.all([
15036
15821
  import("ink"),
15037
- import("./Onboarding-GAN3Q5TS.js")
15822
+ import("./Onboarding-AFBWD2CE.js")
15038
15823
  ]);
15039
15824
  await new Promise((resolve) => {
15040
15825
  let app;
@@ -15368,7 +16153,7 @@ var resolveBaseUrl = async (options, command) => {
15368
16153
  });
15369
16154
  }
15370
16155
  try {
15371
- const { getAuthStatus } = await import("./dist-PEYJDO7A.js");
16156
+ const { getAuthStatus } = await import("./dist-V2L4CPTU.js");
15372
16157
  const status = await getAuthStatus();
15373
16158
  const storedBaseUrl = status.baseUrl;
15374
16159
  if (storedBaseUrl && shouldUseStoredBaseUrl(storedBaseUrl)) {
@@ -15442,7 +16227,7 @@ program.command("login").description("Authenticate with Cloudeval").option(
15442
16227
  checkUserStatus,
15443
16228
  ensurePlaygroundProject,
15444
16229
  login
15445
- } = await import("./dist-PEYJDO7A.js");
16230
+ } = await import("./dist-V2L4CPTU.js");
15446
16231
  assertSecureBaseUrl(options.baseUrl);
15447
16232
  const headlessEnvironment = isHeadlessEnvironment();
15448
16233
  const headlessLogin = options.headless || headlessEnvironment;
@@ -15517,7 +16302,7 @@ program.command("logout").description("Log out and clear stored authentication s
15517
16302
  DEFAULT_BASE_URL
15518
16303
  ).option("--all-devices", "Revoke sessions on all devices", false).action(async (options) => {
15519
16304
  try {
15520
- const { assertSecureBaseUrl, logout } = await import("./dist-PEYJDO7A.js");
16305
+ const { assertSecureBaseUrl, logout } = await import("./dist-V2L4CPTU.js");
15521
16306
  assertSecureBaseUrl(options.baseUrl);
15522
16307
  const result = await logout({
15523
16308
  baseUrl: options.baseUrl,
@@ -15551,7 +16336,7 @@ authCommand.command("status").description("Show current authentication status").
15551
16336
  DEFAULT_BASE_URL
15552
16337
  ).option("--format <format>", "Output format: text, json, ndjson, markdown", "text").option("--show-sensitive-ids", "Show full account/session identifiers in command output", false).option("-v, --verbose", "Enable verbose logging and show full non-token identifiers", false).action(async (options, command) => {
15553
16338
  try {
15554
- const { assertSecureBaseUrl, getAuthStatus } = await import("./dist-PEYJDO7A.js");
16339
+ const { assertSecureBaseUrl, getAuthStatus } = await import("./dist-V2L4CPTU.js");
15555
16340
  const effectiveBaseUrl = await resolveBaseUrl(options, command);
15556
16341
  assertSecureBaseUrl(effectiveBaseUrl);
15557
16342
  const status = await getAuthStatus(effectiveBaseUrl, { validate: true });
@@ -15638,6 +16423,18 @@ registerConnectionsCommand(program, {
15638
16423
  readStdinValue,
15639
16424
  isHeadlessEnvironment
15640
16425
  });
16426
+ registerIssuesInventoryCommand(program, {
16427
+ defaultBaseUrl: DEFAULT_BASE_URL,
16428
+ resolveBaseUrl,
16429
+ readStdinValue,
16430
+ isHeadlessEnvironment
16431
+ });
16432
+ registerActionsCommand(program, {
16433
+ defaultBaseUrl: DEFAULT_BASE_URL,
16434
+ resolveBaseUrl,
16435
+ readStdinValue,
16436
+ isHeadlessEnvironment
16437
+ });
15641
16438
  registerValidateCommand(program, {
15642
16439
  defaultBaseUrl: DEFAULT_BASE_URL,
15643
16440
  resolveBaseUrl,
@@ -15768,10 +16565,10 @@ program.command("tui").description("Open the CloudEval Terminal UI").option(
15768
16565
  "Access key for automation",
15769
16566
  process.env.CLOUDEVAL_ACCESS_KEY
15770
16567
  ).option("--access-key-stdin", "Read access key from stdin (recommended for automation)", false).option("--model <name>", "Model name").option("--debug", "Log raw chunks", false).option("--health-check", "Enable health check (disabled by default)").option("--no-banner", "Disable ASCII banner").option("--animate", "Enable TUI animations (default)").option("--no-anim", "Disable TUI animations").option("-v, --verbose", "Enable verbose logging", false).action(async (options, command) => {
15771
- const { assertSecureBaseUrl } = await import("./dist-PEYJDO7A.js");
16568
+ const { assertSecureBaseUrl } = await import("./dist-V2L4CPTU.js");
15772
16569
  const [{ render }, { App }] = await Promise.all([
15773
16570
  import("ink"),
15774
- import("./App-3RDW53BW.js")
16571
+ import("./App-DHWSFME3.js")
15775
16572
  ]);
15776
16573
  const baseUrl = await resolveBaseUrl(options, command);
15777
16574
  assertSecureBaseUrl(baseUrl);
@@ -15826,10 +16623,10 @@ program.command("chat").description("Start an interactive chat session").option(
15826
16623
  "Access key for automation",
15827
16624
  process.env.CLOUDEVAL_ACCESS_KEY
15828
16625
  ).option("--access-key-stdin", "Read access key from stdin (recommended for automation)", false).option("--conversation <id>", "Conversation/thread id to resume").option("--continue", "Resume the most recent local chat session", false).option("--resume <id-or-title>", "Resume a local chat session by thread id or title").option("--model <name>", "Model name").option("--mode <mode>", "Initial chat mode: ask, agent").option("--debug", "Log raw chunks", false).option("--health-check", "Enable health check (disabled by default)").option("--no-banner", "Disable ASCII banner").option("--animate", "Enable TUI animations (default)").option("--no-anim", "Disable TUI animations").option("-v, --verbose", "Enable verbose logging", false).action(async (options, command) => {
15829
- const { assertSecureBaseUrl } = await import("./dist-PEYJDO7A.js");
16626
+ const { assertSecureBaseUrl } = await import("./dist-V2L4CPTU.js");
15830
16627
  const [{ render }, { App }] = await Promise.all([
15831
16628
  import("ink"),
15832
- import("./App-3RDW53BW.js")
16629
+ import("./App-DHWSFME3.js")
15833
16630
  ]);
15834
16631
  const baseUrl = await resolveBaseUrl(options, command);
15835
16632
  assertSecureBaseUrl(baseUrl);
@@ -15904,7 +16701,7 @@ program.command("ask").alias("agent").description("Ask a single question or run
15904
16701
  const question = Array.isArray(questionParts) ? questionParts.join(" ") : String(questionParts);
15905
16702
  const commandName = command.parent?.args?.[0] === "agent" ? "agent" : "ask";
15906
16703
  const selectedMode = commandName === "agent" ? "agent" : "ask";
15907
- const { assertSecureBaseUrl } = await import("./dist-PEYJDO7A.js");
16704
+ const { assertSecureBaseUrl } = await import("./dist-V2L4CPTU.js");
15908
16705
  const baseUrl = await resolveBaseUrl(options, command);
15909
16706
  assertSecureBaseUrl(baseUrl);
15910
16707
  const selectedProfile = getActiveConfigProfile(command);
@@ -15945,7 +16742,7 @@ program.command("ask").alias("agent").description("Ask a single question or run
15945
16742
  const fs14 = await import("fs");
15946
16743
  const fsPromises = await import("fs/promises");
15947
16744
  const { randomUUID: randomUUID5 } = await import("crypto");
15948
- const core = await import("./dist-PEYJDO7A.js");
16745
+ const core = await import("./dist-V2L4CPTU.js");
15949
16746
  const {
15950
16747
  streamChat,
15951
16748
  reduceChunk,
@@ -16001,7 +16798,7 @@ program.command("ask").alias("agent").description("Ask a single question or run
16001
16798
  console.error("Authentication required. Starting login process...\n");
16002
16799
  }
16003
16800
  try {
16004
- const { login } = await import("./dist-PEYJDO7A.js");
16801
+ const { login } = await import("./dist-V2L4CPTU.js");
16005
16802
  verboseLog("Calling interactive login", { baseUrl });
16006
16803
  token = await login(baseUrl, {
16007
16804
  headless: isHeadlessEnvironment()
@@ -16065,7 +16862,7 @@ program.command("ask").alias("agent").description("Ask a single question or run
16065
16862
  message: error.message
16066
16863
  });
16067
16864
  }
16068
- const { resolveAskProject } = await import("./resolveAskProject-DQJXPS5G.js");
16865
+ const { resolveAskProject } = await import("./resolveAskProject-FUNKDV4V.js");
16069
16866
  let project;
16070
16867
  try {
16071
16868
  project = await resolveAskProject({
@@ -16583,7 +17380,7 @@ Error: ${errorMsg}
16583
17380
  program.command("banner").description("Preview the startup banner and terminal capabilities").action(async () => {
16584
17381
  const { render } = await import("ink");
16585
17382
  const BannerPreview = React.lazy(async () => ({
16586
- default: (await import("./Banner-HGG5NHXF.js")).Banner
17383
+ default: (await import("./Banner-774ZEOGC.js")).Banner
16587
17384
  }));
16588
17385
  render(
16589
17386
  /* @__PURE__ */ jsx(React.Suspense, { fallback: null, children: /* @__PURE__ */ jsx(BannerPreview, { disable: false }) })