@general-input/cli 0.1.0

package/dist/cli.js

@@ -0,0 +1,2999 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import { Command } from "commander";
+
+// src/lib/output.ts
+import chalk from "chalk";
+function printSuccess(message) {
+  process.stdout.write(`${chalk.green("\u2713")} ${message}
+`);
+}
+function printInfo(message) {
+  process.stdout.write(`${chalk.dim("\xB7")} ${message}
+`);
+}
+function printWarning(message) {
+  process.stderr.write(`${chalk.yellow("!")} ${message}
+`);
+}
+function printError(message) {
+  process.stderr.write(`${chalk.red("\u2717")} ${message}
+`);
+}
+function printJson(value) {
+  process.stdout.write(JSON.stringify(value, null, 2) + "\n");
+}
+
+// src/lib/banner.ts
+import chalk2 from "chalk";
+function printBanner(args) {
+  if (args.json) return;
+  if (process.env.NO_GENI_BANNER === "1") return;
+  if (!process.stdout.isTTY) return;
+  if (!args.session) return;
+  const ws = args.session.workspace;
+  const parts = [
+    chalk2.dim("geni"),
+    chalk2.dim("\xB7"),
+    chalk2.dim("workspace:"),
+    chalk2.cyan(ws.slug)
+  ];
+  if (args.workflowId) {
+    parts.push(
+      chalk2.dim("\xB7"),
+      chalk2.dim("workflow:"),
+      chalk2.cyan(args.workflowId)
+    );
+    if (args.workflowName) {
+      parts.push(chalk2.dim(`(${args.workflowName})`));
+    }
+  }
+  process.stderr.write(parts.join(" ") + "\n");
+  const titleParts = [`geni \xB7 ${ws.slug}`];
+  if (args.workflowId) titleParts.push(args.workflowId);
+  process.stderr.write(`\x1B]0;${titleParts.join(" \xB7 ")}\x07`);
+}
+
+// src/lib/exitCodes.ts
+var ExitCode = {
+  Ok: 0,
+  GenericError: 1,
+  InvalidArgs: 2,
+  NotFound: 4,
+  Forbidden: 5,
+  ValidationFailed: 9,
+  CredentialResolveFailed: 77,
+  SessionMissingOrExpired: 78,
+  UpgradeRequired: 79,
+  Timeout: 124,
+  InternalError: 125
+};
+function exit(code) {
+  process.exit(code);
+}
+
+// src/services/SessionContextService.ts
+var SessionContextService = class {
+  constructor(sessionStore2, apiClientFactory2) {
+    this.sessionStore = sessionStore2;
+    this.apiClientFactory = apiClientFactory2;
+  }
+  sessionStore;
+  apiClientFactory;
+  /** Read the session file, returning `null` if no session exists. */
+  load() {
+    return this.sessionStore.load();
+  }
+  /**
+   * Load the session and build an authed API-client bundle. Exits
+   * with code 78 + a "run `geni login`" hint when no session exists.
+   *
+   * Also prints the workspace banner on stderr (via `printBanner`,
+   * which TTY-suppresses + has the `NO_GENI_BANNER` escape hatch),
+   * so the operator always sees which workspace the command is
+   * targeting before any output appears.
+   */
+  async requireAuthed() {
+    const session = await this.sessionStore.load();
+    if (!session) {
+      printError(
+        "No runner session on disk. Run `geni login` to authenticate, then retry."
+      );
+      exit(ExitCode.SessionMissingOrExpired);
+    }
+    printBanner({ session });
+    return {
+      session,
+      client: this.apiClientFactory.build({
+        server: session.server,
+        token: session.token
+      })
+    };
+  }
+};
+
+// src/services/AuthService.ts
+import { hostname } from "os";
+import chalk3 from "chalk";
+var AuthService = class {
+  constructor(apiClientFactory2, sessionStore2, browserOpener2, configService2) {
+    this.apiClientFactory = apiClientFactory2;
+    this.sessionStore = sessionStore2;
+    this.browserOpener = browserOpener2;
+    this.configService = configService2;
+  }
+  apiClientFactory;
+  sessionStore;
+  browserOpener;
+  configService;
+  /**
+   * Run the device-code login flow end-to-end. Mints a runner-session
+   * token, saves it locally, and (when `--workspace <slug>` was
+   * passed) re-binds the session to a different workspace than the
+   * one the dashboard's approval picker chose.
+   */
+  async login(args) {
+    const server = this.configService.resolveApiUrl(args.server);
+    const client = this.apiClientFactory.build({ server, token: null });
+    const start = await client.auth.startDeviceCode(buildClientLabel());
+    printInfo(`Opening ${chalk3.cyan(start.verificationUri)}`);
+    printInfo("Approve in your browser to continue.");
+    this.browserOpener.open(start.verificationUri);
+    const result = await this.pollUntilResolved(client, start);
+    if (result.status === "denied") {
+      printError(
+        'Login was declined in the browser. Run `geni login` again and click "Authorize" on the device-code page.'
+      );
+      exit(ExitCode.Forbidden);
+    }
+    if (result.status === "expired") {
+      printError(
+        "Device code expired before the browser approved it (codes live ~10 minutes). Run `geni login` to start a fresh code."
+      );
+      exit(ExitCode.GenericError);
+    }
+    if ("tokenAlreadyConsumed" in result) {
+      printError(
+        "Login approved but a parallel `geni login` already consumed the device code (race). Run `geni login` again to mint a new session."
+      );
+      exit(ExitCode.GenericError);
+    }
+    await this.sessionStore.save({
+      version: 1,
+      server,
+      token: result.sessionToken,
+      user: {
+        id: result.me.user.id,
+        email: result.me.user.email ?? null,
+        name: result.me.user.name ?? null
+      },
+      workspace: {
+        membershipId: result.me.workspace.membershipId,
+        organizationId: result.me.workspace.organizationId,
+        slug: result.me.workspace.slug,
+        name: result.me.workspace.name,
+        role: result.me.workspace.role
+      },
+      savedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    if (args.workspace) {
+      await this.maybeRebindWorkspace({
+        server,
+        requestedSlug: args.workspace
+      });
+    }
+    const final = await this.sessionStore.load();
+    if (!final) {
+      printError(
+        "Session was written to ~/.config/geni/runner-session.json but the file could not be re-read immediately. Check filesystem permissions on ~/.config/geni and re-run `geni login`."
+      );
+      exit(ExitCode.InternalError);
+    }
+    printSuccess(`Authenticated as ${final.user.email ?? final.user.id}`);
+    printSuccess(
+      `Active workspace: ${final.workspace.slug} (${final.workspace.name})`
+    );
+    printInfo("Session saved to ~/.config/geni/runner-session.json");
+  }
+  /**
+   * Revoke the runner session server-side and delete the local file.
+   * The local file is removed even if the server-side revoke fails:
+   * the operator running `geni logout` should never be left with a
+   * token they think is gone but is still on disk.
+   */
+  async logout() {
+    const session = await this.sessionStore.load();
+    if (!session) {
+      printInfo("No active session.");
+      return;
+    }
+    try {
+      const client = this.apiClientFactory.build({
+        server: session.server,
+        token: session.token
+      });
+      await client.auth.logout();
+      printSuccess("Session revoked.");
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      printInfo(`Server revoke failed: ${message}`);
+      printInfo("Removing local session anyway.");
+    }
+    await this.sessionStore.delete();
+    printSuccess("Removed ~/.config/geni/runner-session.json");
+  }
+  /**
+   * Verify the active session by hitting `/cli/auth/me`. Returns the
+   * resolved status when the session is valid, or `null` when no
+   * local session exists. Stale-session failures throw `ApiError(401)`
+   * so commands can map them to exit code 78 with the same
+   * "run `geni login`" hint as the no-session path.
+   */
+  async status() {
+    const session = await this.sessionStore.load();
+    if (!session) return null;
+    const client = this.apiClientFactory.build({
+      server: session.server,
+      token: session.token
+    });
+    const me = await client.auth.me();
+    return {
+      authenticated: true,
+      user: {
+        id: me.user.id,
+        email: me.user.email ?? null,
+        name: me.user.name ?? null
+      },
+      workspace: me.workspace,
+      server: session.server
+    };
+  }
+  /**
+   * Re-bind the active session to a different workspace by slug. Used
+   * by `geni login --workspace <slug>` after the dashboard's approval
+   * picker chose a different workspace than the operator wanted.
+   */
+  async maybeRebindWorkspace(args) {
+    const session = await this.sessionStore.load();
+    if (!session) return;
+    if (args.requestedSlug === session.workspace.slug) return;
+    const client = this.apiClientFactory.build({
+      server: args.server,
+      token: session.token
+    });
+    const list = await client.workspaces.list();
+    const target = list.workspaces.find((w) => w.slug === args.requestedSlug);
+    if (!target) {
+      const available = list.workspaces.map((w) => w.slug).join(", ") || "none";
+      printError(
+        `No workspace with slug "${args.requestedSlug}" on this account. Available: [${available}]. Re-run \`geni login --workspace <slug>\` with one of those.`
+      );
+      exit(ExitCode.NotFound);
+    }
+    const me = await client.workspaces.switch(target.membershipId);
+    await this.persistSwitch({ session, me });
+  }
+  async persistSwitch(args) {
+    await this.sessionStore.save({
+      ...args.session,
+      workspace: {
+        membershipId: args.me.workspace.membershipId,
+        organizationId: args.me.workspace.organizationId,
+        slug: args.me.workspace.slug,
+        name: args.me.workspace.name,
+        role: args.me.workspace.role
+      },
+      user: {
+        id: args.me.user.id,
+        email: args.me.user.email ?? args.session.user.email,
+        name: args.me.user.name ?? args.session.user.name
+      },
+      savedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  }
+  /**
+   * Poll the device-code endpoint until status flips to a terminal
+   * value, or until the device code itself expires server-side. The
+   * `pending` variant is normalized away here — callers only see
+   * approved / denied / expired.
+   */
+  async pollUntilResolved(client, start) {
+    const intervalMs = start.intervalSeconds * 1e3;
+    const expiresAtMs = Date.parse(start.expiresAt);
+    const hardDeadline = expiresAtMs + 3e4;
+    while (Date.now() < hardDeadline) {
+      await sleep(intervalMs);
+      const status = await client.auth.pollDeviceCode(start.userCode);
+      if (status.status === "pending") continue;
+      return status;
+    }
+    return { status: "expired" };
+  }
+};
+function buildClientLabel() {
+  return `geni CLI on ${hostname()}`;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+// src/services/WorkspaceService.ts
+var WorkspaceService = class {
+  constructor(sessionContext, sessionStore2) {
+    this.sessionContext = sessionContext;
+    this.sessionStore = sessionStore2;
+  }
+  sessionContext;
+  sessionStore;
+  /** Server-side list of every workspace the account belongs to. */
+  async list() {
+    const { client } = await this.sessionContext.requireAuthed();
+    return client.workspaces.list();
+  }
+  /**
+   * Switch the active workspace. Re-points the runner session
+   * server-side and updates the local cached pointer so subsequent
+   * commands operate against the new workspace.
+   *
+   * Returns:
+   *  - `{ kind: 'switched', workspace }` on success,
+   *  - `{ kind: 'no-change', workspace }` when the requested target
+   *    is already the active one (lets the command print a friendly
+   *    message without an unnecessary network round-trip),
+   *  - `{ kind: 'not-found', requestedSlug }` when the slug isn't
+   *    in the user's accessible workspaces. Commands map this to
+   *    exit code 4.
+   */
+  async switch(args) {
+    const { client } = await this.sessionContext.requireAuthed();
+    const me = await client.workspaces.switch(args.membershipId);
+    await this.sessionStore.updateActiveWorkspace({
+      membershipId: me.workspace.membershipId,
+      organizationId: me.workspace.organizationId,
+      slug: me.workspace.slug,
+      name: me.workspace.name,
+      role: me.workspace.role
+    });
+    return me;
+  }
+  /**
+   * Read the active workspace from the local session cache (no
+   * network round-trip). Returns `null` when no session is loaded;
+   * the command renders the unauthenticated case.
+   */
+  async current() {
+    const session = await this.sessionStore.load();
+    if (!session) return null;
+    return {
+      workspace: {
+        membershipId: session.workspace.membershipId,
+        organizationId: session.workspace.organizationId,
+        slug: session.workspace.slug,
+        name: session.workspace.name,
+        role: session.workspace.role,
+        isActive: true
+      }
+    };
+  }
+};
+
+// src/services/ExecService.ts
+import chalk4 from "chalk";
+
+// package.json
+var package_default = {
+  name: "@general-input/cli",
+  version: "0.1.0",
+  type: "module",
+  description: "The agent-facing CLI for General Input. Authenticate, manage workflows, run bash with operator credentials injected by the cloud.",
+  license: "SEE LICENSE IN LICENSE",
+  homepage: "https://generalinput.com/docs/cli",
+  keywords: [
+    "general-input",
+    "geni",
+    "cli",
+    "agent",
+    "ai",
+    "automation"
+  ],
+  engines: {
+    node: ">=20"
+  },
+  publishConfig: {
+    access: "public"
+  },
+  bin: {
+    geni: "./dist/cli.js"
+  },
+  files: [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  scripts: {
+    dev: "tsup --watch",
+    build: "tsup",
+    clean: "rm -rf dist",
+    typecheck: "tsc --noEmit",
+    lint: "eslint . --fix --max-warnings 0",
+    format: "prettier --write . --ignore-path=../../.prettierignore",
+    test: "vitest run",
+    "test:watch": "vitest",
+    prepublishOnly: "pnpm build"
+  },
+  dependencies: {
+    "@clack/prompts": "^0.7.0",
+    chalk: "^5.3.0",
+    commander: "^12.1.0",
+    tar: "^7.4.3",
+    zod: "^4.3.6"
+  },
+  devDependencies: {
+    "@packages/api": "workspace:*",
+    "@packages/eslint-config": "workspace:*",
+    "@packages/typescript-config": "workspace:*",
+    "@types/node": "^24.12.2",
+    "@types/tar": "^6.1.13",
+    eslint: "^9.39.4",
+    tsup: "^8.3.5",
+    typescript: "^5.9.3",
+    vitest: "^4.1.5"
+  }
+};
+
+// src/lib/version.ts
+var CLI_VERSION = package_default.version;
+
+// src/clients/HttpClient.ts
+var USER_AGENT = `geni/${CLI_VERSION} (${process.platform}/${process.arch}; node/${process.versions.node})`;
+var ApiError = class extends Error {
+  constructor(message, status, body) {
+    super(message);
+    this.status = status;
+    this.body = body;
+    this.name = "ApiError";
+  }
+  status;
+  body;
+};
+var HttpClient = class {
+  constructor(server, token) {
+    this.server = server;
+    this.token = token;
+  }
+  server;
+  token;
+  /**
+   * Fetch a JSON endpoint. Caller owns the response shape via the
+   * generic; the wrapper returns the parsed JSON cast to `T`. Routes
+   * that need authentication MUST be reached via a client built with
+   * a non-null token; the wrapper does not enforce auth itself, that's
+   * the per-route client's job (each can `requireAuthed()` if needed).
+   */
+  async fetch(path, opts = {}) {
+    const url = `${this.server}${path}`;
+    const headers = {
+      "Content-Type": "application/json",
+      "User-Agent": USER_AGENT
+    };
+    if (this.token !== null) {
+      headers["Authorization"] = `Bearer ${this.token}`;
+    }
+    const response = await fetch(url, {
+      method: opts.method ?? "GET",
+      headers,
+      body: opts.body !== void 0 ? JSON.stringify(opts.body) : void 0,
+      signal: opts.signal
+    });
+    return parseResponse(response);
+  }
+  /** True when this transport carries a bound runner-session token. */
+  get isAuthed() {
+    return this.token !== null;
+  }
+  /**
+   * Throw `ApiError(401)` locally when the transport has no token.
+   * Per-route clients call this before authed endpoints so a missing
+   * session surfaces with the same shape the server would produce for
+   * a missing Authorization header, without a network round-trip.
+   */
+  requireAuthed() {
+    if (this.token !== null) return;
+    throw new ApiError(
+      "No runner session on disk. Run `geni login` to authenticate, then retry.",
+      401,
+      null
+    );
+  }
+};
+async function parseResponse(response) {
+  const text = await response.text();
+  let body = null;
+  if (text.length > 0) {
+    try {
+      body = JSON.parse(text);
+    } catch {
+      body = text;
+    }
+  }
+  if (!response.ok) {
+    const errorField = body !== null && typeof body === "object" && "error" in body ? body.error : null;
+    const message = typeof errorField === "string" ? errorField : response.statusText;
+    throw new ApiError(
+      typeof message === "string" && message.length > 0 ? message : `HTTP ${response.status}`,
+      response.status,
+      body
+    );
+  }
+  return body;
+}
+
+// src/lib/scrubber.ts
+var MIN_SECRET_LEN = 8;
+var Scrubber = class {
+  /** Map of secret value → redaction marker. Shared across streams. */
+  redactions = /* @__PURE__ */ new Map();
+  /** Length of the longest registered secret. Sets the tail size. */
+  maxLen = 0;
+  register(args) {
+    const { credentialId, value } = args;
+    if (value.length < MIN_SECRET_LEN) return;
+    if (this.redactions.has(value)) return;
+    this.redactions.set(value, `[REDACTED:credential_${credentialId}]`);
+    if (value.length > this.maxLen) this.maxLen = value.length;
+  }
+  /**
+   * Register the literal secret plus the common encoded forms a child
+   * process might emit instead of the raw value: base64, base64url, hex
+   * (upper + lower), URL-percent-encoded. Catches the lazy obfuscation
+   * class of leak (`echo $TOKEN | base64`, `echo $TOKEN | xxd`,
+   * `printf '%s' $TOKEN | jq -R @uri`).
+   *
+   * Does not catch determined adversaries: anything that transforms
+   * via `tr`, splits below MIN_SECRET_LEN, or exfiltrates over the
+   * network is out of scope for an output scrubber. For airtight
+   * isolation the plaintext must not enter the child's env at all.
+   */
+  registerWithEncodings(args) {
+    this.register(args);
+    for (const variant of encodingVariants(args.value)) {
+      this.register({ credentialId: args.credentialId, value: variant });
+    }
+  }
+  /**
+   * Build a per-stream scrubber view. Each stream gets its own rolling
+   * tail buffer; the underlying secret list is shared by reference. The
+   * spawner calls this twice per child (stdout + stderr) so the two
+   * pipes don't clobber each other's tail state.
+   */
+  stream() {
+    return new StreamScrubber(this.redactions, this.maxLen);
+  }
+  /**
+   * Single-shot redaction for callers that have the entire string in
+   * hand and don't need the streaming machinery. Useful for tests and
+   * for one-off helpers (`apps/server/src/services/SandboxWorkspace`'s
+   * non-streaming surfaces). Equivalent to creating a stream, redacting
+   * once with `final: true`, and discarding.
+   */
+  redact(text) {
+    return this.stream().redact(text, { final: true });
+  }
+  /** Test-only: how many secrets are registered. */
+  get size() {
+    return this.redactions.size;
+  }
+};
+var StreamScrubber = class {
+  constructor(redactions, maxLen) {
+    this.redactions = redactions;
+    this.maxLen = maxLen;
+  }
+  redactions;
+  maxLen;
+  tail = "";
+  /**
+   * Redact a chunk and return the safe-to-emit portion. The trailing
+   * `maxLen - 1` chars are buffered for the next call so a secret that
+   * straddles the chunk boundary still gets caught.
+   *
+   * Pass `final: true` on end-of-stream to flush the buffered tail.
+   */
+  redact(chunk, opts = {}) {
+    if (this.redactions.size === 0) {
+      if (opts.final) {
+        const out = this.tail + chunk;
+        this.tail = "";
+        return out;
+      }
+      return chunk;
+    }
+    const combined = this.tail + chunk;
+    const redacted = this.replaceAll(combined);
+    if (opts.final) {
+      this.tail = "";
+      return redacted;
+    }
+    const holdback = Math.max(0, this.maxLen - 1);
+    if (redacted.length <= holdback) {
+      this.tail = redacted;
+      return "";
+    }
+    const cut = redacted.length - holdback;
+    this.tail = redacted.slice(cut);
+    return redacted.slice(0, cut);
+  }
+  /**
+   * Replace every registered secret in `text`. Iterates longest-first
+   * so a superstring secret gets redacted before any of its substrings,
+   * which prevents partial overlaps from sneaking through.
+   */
+  replaceAll(text) {
+    let result = text;
+    const entries = [...this.redactions.entries()].sort(
+      (a, b) => b[0].length - a[0].length
+    );
+    for (const [value, marker] of entries) {
+      if (!result.includes(value)) continue;
+      result = result.split(value).join(marker);
+    }
+    return result;
+  }
+};
+function encodingVariants(value) {
+  const buf = Buffer.from(value, "utf8");
+  return [
+    buf.toString("base64"),
+    buf.toString("base64url"),
+    buf.toString("hex"),
+    buf.toString("hex").toUpperCase(),
+    encodeURIComponent(value)
+  ];
+}
+
+// src/lib/execEnv.ts
+var SAFE_INHERIT_ENV = [
+  // Process essentials.
+  "PATH",
+  "HOME",
+  "USER",
+  "LOGNAME",
+  "SHELL",
+  "PWD",
+  // Locale.
+  "LANG",
+  "LC_ALL",
+  "LC_CTYPE",
+  "TZ",
+  // Terminal capabilities. Without these, color output and TUI
+  // programs render garbled.
+  "TERM",
+  "COLORTERM",
+  "LINES",
+  "COLUMNS",
+  // Tempfile location.
+  "TMPDIR"
+];
+function buildSafeInheritedEnv() {
+  const out = {};
+  for (const key of SAFE_INHERIT_ENV) {
+    const value = process.env[key];
+    if (value !== void 0) out[key] = value;
+  }
+  return out;
+}
+
+// src/services/ExecService.ts
+var ExecService = class {
+  constructor(sessionContext, spawner) {
+    this.sessionContext = sessionContext;
+    this.spawner = spawner;
+  }
+  sessionContext;
+  spawner;
+  async runBash(args) {
+    const { resolved, scrubber } = await this.resolveAndScrub(
+      args.credentials,
+      args.quiet
+    );
+    const env = {
+      ...buildSafeInheritedEnv(),
+      PLATFORM_API_KEY: resolved.platformApiKey,
+      PLATFORM_BASE_URL: resolved.platformBaseUrl
+    };
+    for (const cred of resolved.credentials) {
+      Object.assign(env, cred.envVars);
+    }
+    try {
+      return await this.spawner.run({
+        command: "bash",
+        args: ["-lc", args.command],
+        env,
+        cwd: args.cwd,
+        scrubber
+      });
+    } catch (err) {
+      const detail = err instanceof Error ? err.message : String(err);
+      printError(
+        `Could not spawn \`bash\` (${detail}). Verify bash is on $PATH with \`command -v bash\`. Credentials were already resolved (audit-logged); the subprocess never started.`
+      );
+      return ExitCode.InternalError;
+    }
+  }
+  /**
+   * Resolve credentials, register their secrets with a streaming
+   * scrubber, and print per-credential status lines unless quiet.
+   * Exits the process on resolve failure (the documented exit codes
+   * are a CLI-level contract — there's no useful recovery path above
+   * this).
+   */
+  async resolveAndScrub(credentials, quiet) {
+    const { client } = await this.sessionContext.requireAuthed();
+    let resolved;
+    try {
+      resolved = await client.exec.resolve({ credentials });
+    } catch (error) {
+      if (error instanceof ApiError) {
+        const ids = credentials.map((c) => c.id).join(", ") || "(none)";
+        if (error.status === 403) {
+          printError(
+            `Cloud refused credential resolution: ${error.message} Declared ids: [${ids}]. Verify each one with \`geni credential list\`.`
+          );
+          exit(ExitCode.CredentialResolveFailed);
+        }
+        if (error.status === 401) {
+          printError(
+            `Runner session is missing or expired: ${error.message} Run \`geni login\` to re-authenticate, then retry.`
+          );
+          exit(ExitCode.SessionMissingOrExpired);
+        }
+        printError(
+          `Cloud failed to resolve credentials (HTTP ${error.status}): ${error.message} The subprocess did not start. Retry once before reporting.`
+        );
+        exit(ExitCode.InternalError);
+      }
+      throw error;
+    }
+    const scrubber = new Scrubber();
+    scrubber.registerWithEncodings({
+      credentialId: "platform",
+      value: resolved.platformApiKey
+    });
+    for (const cred of resolved.credentials) {
+      for (const value of cred.redactionValues) {
+        scrubber.registerWithEncodings({
+          credentialId: cred.credentialId,
+          value
+        });
+      }
+    }
+    if (!quiet) this.printResolvedStatusLines(resolved);
+    return { resolved, scrubber };
+  }
+  /**
+   * Print one stderr status line per resolved credential plus one
+   * per cred error. Stays on stderr so stdout remains clean for
+   * pipe-friendly subprocess output.
+   */
+  printResolvedStatusLines(resolved) {
+    for (const cred of resolved.credentials) {
+      const envList = Object.keys(cred.envVars).sort().join(", ");
+      printInfo(
+        `resolved ${chalk4.cyan(cred.credentialId)} (${cred.providerTitle}, ${cred.credentialTitle}) \u2192 ${envList}`
+      );
+    }
+    for (const err of resolved.errors ?? []) {
+      printError(
+        `${err.credentialId} (${err.providerTitle}): ${err.message} The subprocess will run without this credential \u2014 calls that need it will 401. Re-auth ${err.providerTitle} from the dashboard.`
+      );
+    }
+  }
+};
+
+// src/services/DiscoveryService.ts
+var DiscoveryService = class {
+  constructor(sessionContext, browserOpener2, configService2) {
+    this.sessionContext = sessionContext;
+    this.browserOpener = browserOpener2;
+    this.configService = configService2;
+  }
+  sessionContext;
+  browserOpener;
+  configService;
+  // ---- credentials ----------------------------------------------------
+  async listCredentials(args) {
+    const { client } = await this.sessionContext.requireAuthed();
+    const { credentials } = await client.credentials.list();
+    let result = credentials;
+    if (args.service) {
+      result = result.filter((c) => c.service === args.service);
+    }
+    if (args.mine) {
+      result = result.filter((c) => c.isOwnedByViewer);
+    }
+    if (args.query && args.query.length > 0) {
+      result = rankCredentials(result, args.query);
+    }
+    return result;
+  }
+  async getCredential(id) {
+    const { client } = await this.sessionContext.requireAuthed();
+    return client.credentials.get(id);
+  }
+  /**
+   * Validate the service slug against the integration catalog (404
+   * surfaces the same way `integration get` does, mapped to exit 4
+   * by the command), then return the dashboard connect URL the
+   * operator should be sent to.
+   *
+   * Side effect: if `printUrlOnly` is false, opens the URL in the
+   * operator's default browser. The CLI always prints the URL too,
+   * so a silent failure to launch a browser still leaves the
+   * operator with a clickable link.
+   */
+  async connectCredential(args) {
+    const { session, client } = await this.sessionContext.requireAuthed();
+    await client.integrations.get(args.service);
+    const url = `${this.configService.resolveDashboardUrl(session.server)}/credentials/connect?service=${encodeURIComponent(args.service)}`;
+    if (args.printUrlOnly) return { kind: "print-url", url };
+    this.browserOpener.open(url);
+    return { kind: "open-browser", url };
+  }
+  // ---- integrations ---------------------------------------------------
+  async listIntegrations(args) {
+    const { client } = await this.sessionContext.requireAuthed();
+    const { integrations } = await client.integrations.list({
+      query: args.query
+    });
+    return args.type ? integrations.filter((i) => i.credentialType === args.type) : integrations;
+  }
+  async getIntegration(service) {
+    const { client } = await this.sessionContext.requireAuthed();
+    return client.integrations.get(service);
+  }
+  // ---- operations -----------------------------------------------------
+  async listOperations(args) {
+    const { client } = await this.sessionContext.requireAuthed();
+    const { operations } = await client.integrations.listOperations(
+      args.service
+    );
+    if (!args.query || args.query.length === 0) return operations;
+    return rankOperations(operations, args.query);
+  }
+  /**
+   * Look up one operation. When `service` is provided, hits the
+   * service-scoped integrations route; otherwise hits the standalone
+   * `/cli/operations/:opId` route which lets the server resolve the
+   * service from the id alone.
+   */
+  async getOperation(args) {
+    const { client } = await this.sessionContext.requireAuthed();
+    return args.service ? client.integrations.getOperation({
+      service: args.service,
+      opId: args.opId
+    }) : client.operations.getById(args.opId);
+  }
+};
+function rankCredentials(credentials, query) {
+  const q = query.toLowerCase();
+  const scored = credentials.map((c) => {
+    let score = 0;
+    if (c.service.toLowerCase().includes(q)) score += 3;
+    if (c.providerTitle.toLowerCase().includes(q)) score += 2;
+    if (c.title.toLowerCase().includes(q)) score += 1;
+    return { c, score };
+  });
+  return scored.filter((s) => s.score > 0).sort((a, b) => b.score - a.score).map((s) => s.c);
+}
+function rankOperations(operations, query) {
+  const q = query.toLowerCase();
+  const scored = operations.map((op) => {
+    let score = 0;
+    if (op.title.toLowerCase().includes(q)) score += 2;
+    if (op.description.toLowerCase().includes(q)) score += 1;
+    return { op, score };
+  });
+  return scored.filter((s) => s.score > 0).sort((a, b) => b.score - a.score).map((s) => s.op);
+}
+
+// src/types/config.ts
+import { z } from "zod";
+var CliConfigSchema = z.object({
+  version: z.literal(1),
+  /**
+   * Override for the cloud API base URL used at fresh `geni login`
+   * time. Once a session exists, the URL stored on it takes
+   * precedence — switching `apiUrl` after login does NOT reroute
+   * existing tokens (the session knows which server minted it).
+   */
+  apiUrl: z.url().optional(),
+  /**
+   * Override for the dashboard base URL used by browser-opening
+   * commands (`geni credential connect`). Independent of `apiUrl`
+   * because in dev they live on different ports.
+   */
+  dashboardUrl: z.url().optional()
+});
+var SETTABLE_CONFIG_KEYS = ["apiUrl", "dashboardUrl"];
+var SETTABLE_CONFIG_KEY_SET = new Set(
+  SETTABLE_CONFIG_KEYS
+);
+function isSettableConfigKey(key) {
+  return SETTABLE_CONFIG_KEY_SET.has(key);
+}
+
+// src/services/ConfigService.ts
+var DEFAULT_API_URL = "https://cloud.generalinput.com";
+var DEFAULT_DASHBOARD_URL = "https://web.generalinput.com";
+var ConfigService = class {
+  constructor(configStore2, sessionStore2) {
+    this.configStore = configStore2;
+    this.sessionStore = sessionStore2;
+  }
+  configStore;
+  sessionStore;
+  /**
+   * Resolve the API URL the CLI should talk to. Precedence:
+   *   1. The session's stored server (locked at `geni login` time —
+   *      the auth token was minted on that specific URL).
+   *   2. `$GENI_API_URL` env var.
+   *   3. `apiUrl` from the persistent config.
+   *   4. Compiled-in default.
+   *
+   * Callers that have a session loaded should pass `sessionServer`
+   * explicitly. The session lock means changing the config after
+   * login does NOT retarget existing commands until logout + re-login.
+   */
+  resolveApiUrl(sessionServer) {
+    return sessionServer ?? process.env.GENI_API_URL ?? this.configStore.loadSync()?.apiUrl ?? DEFAULT_API_URL;
+  }
+  /**
+   * Resolve the dashboard URL for browser-opening commands. Precedence:
+   *   1. `$GENI_DASHBOARD_URL` env var.
+   *   2. `dashboardUrl` from the persistent config.
+   *   3. Inferred from the session's API URL when it points at
+   *      localhost (dev convenience: API on :4111 → dashboard on :5177).
+   *   4. Compiled-in default.
+   */
+  resolveDashboardUrl(sessionApiUrl) {
+    if (process.env.GENI_DASHBOARD_URL) return process.env.GENI_DASHBOARD_URL;
+    const config = this.configStore.loadSync();
+    if (config?.dashboardUrl) return config.dashboardUrl;
+    if (sessionApiUrl?.includes("localhost")) return "http://localhost:5177";
+    return DEFAULT_DASHBOARD_URL;
+  }
+  /**
+   * Read what's literally in the persistent config file, with no
+   * resolver fallbacks layered on. This is what `set` writes and what
+   * `get` should display — symmetric, predictable, no "I set X, get
+   * shows Y" surprise from a session-locked URL trumping the file.
+   *
+   * For "what URL is the CLI actually hitting right now?" the answer
+   * lives on the session (printed by `geni auth status`); the resolver
+   * itself stays in `resolveApiUrl` / `resolveDashboardUrl`.
+   */
+  fileValues() {
+    const file = this.configStore.loadSync();
+    return {
+      apiUrl: file?.apiUrl,
+      dashboardUrl: file?.dashboardUrl
+    };
+  }
+  /**
+   * Write a config value. Validates against the schema; a malformed
+   * URL fails loudly here rather than waiting for the next CLI
+   * command to crash.
+   *
+   * Refuses to change `apiUrl` while a runner-session is bound to a
+   * different URL: the session's server is what the CLI actually hits
+   * at runtime, so silently letting the file diverge from that would
+   * make `geni config set` a lie. The operator must logout (or use
+   * `geni login --server <url>`) to switch servers cleanly.
+   */
+  async set(args) {
+    const existing = this.configStore.loadSync() ?? { version: 1 };
+    const next = { ...existing, [args.key]: args.value };
+    const parsed = CliConfigSchema.safeParse(next);
+    if (!parsed.success) {
+      return {
+        ok: false,
+        reason: "invalid",
+        error: parsed.error.issues[0]?.message ?? "failed validation"
+      };
+    }
+    if (args.key === "apiUrl") {
+      const session = await this.sessionStore.load();
+      if (session && session.server !== args.value) {
+        return {
+          ok: false,
+          reason: "session_conflict",
+          sessionUrl: session.server
+        };
+      }
+    }
+    await this.configStore.save(parsed.data);
+    return { ok: true };
+  }
+  /**
+   * Remove a key. When the last key is removed, the file itself is
+   * deleted so `cat $(geni config path)` doesn't show an empty
+   * `{ "version": 1 }` shell.
+   *
+   * Returns whether the key was actually present (lets the command
+   * pick "Unset apiUrl." vs "apiUrl was already unset.").
+   */
+  async unset(args) {
+    const existing = this.configStore.loadSync();
+    if (!existing || existing[args.key] === void 0) {
+      return { wasSet: false };
+    }
+    const next = { version: 1 };
+    for (const k of SETTABLE_CONFIG_KEYS) {
+      if (k === args.key) continue;
+      const value = existing[k];
+      if (value !== void 0) next[k] = value;
+    }
+    const hasRemainingValues = SETTABLE_CONFIG_KEYS.some(
+      (k) => next[k] !== void 0
+    );
+    if (hasRemainingValues) {
+      await this.configStore.save(next);
+    } else {
+      await this.configStore.delete();
+    }
+    return { wasSet: true };
+  }
+  /** Absolute path to the config file. */
+  get path() {
+    return this.configStore.path;
+  }
+  /** Re-export the type guard from the types module for convenience. */
+  isSettableKey(key) {
+    return isSettableConfigKey(key);
+  }
+};
+
+// src/clients/AuthApiClient.ts
+var AuthApiClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  async startDeviceCode(clientLabel) {
+    return this.http.fetch("/cli/auth/device-code", {
+      method: "POST",
+      body: { clientLabel }
+    });
+  }
+  async pollDeviceCode(userCode) {
+    return this.http.fetch(
+      `/cli/auth/device-code/${encodeURIComponent(userCode)}/poll`,
+      { method: "POST" }
+    );
+  }
+  async me() {
+    this.http.requireAuthed();
+    return this.http.fetch("/cli/auth/me");
+  }
+  async logout() {
+    this.http.requireAuthed();
+    return this.http.fetch("/cli/auth/logout", { method: "POST" });
+  }
+};
+
+// src/clients/WorkspacesApiClient.ts
+var WorkspacesApiClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  async list() {
+    this.http.requireAuthed();
+    return this.http.fetch("/cli/workspaces");
+  }
+  async switch(membershipId) {
+    this.http.requireAuthed();
+    return this.http.fetch("/cli/workspaces/switch", {
+      method: "POST",
+      body: { membershipId }
+    });
+  }
+};
+
+// src/clients/ExecApiClient.ts
+var ExecApiClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  async resolve(body) {
+    this.http.requireAuthed();
+    return this.http.fetch("/cli/exec/resolve", {
+      method: "POST",
+      body
+    });
+  }
+};
+
+// src/clients/CredentialsApiClient.ts
+var CredentialsApiClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  async list() {
+    this.http.requireAuthed();
+    return this.http.fetch("/cli/credentials");
+  }
+  async get(id) {
+    this.http.requireAuthed();
+    return this.http.fetch(`/cli/credentials/${encodeURIComponent(id)}`);
+  }
+};
+
+// src/clients/IntegrationsApiClient.ts
+var IntegrationsApiClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  async list(args) {
+    this.http.requireAuthed();
+    const path = args?.query && args.query.length > 0 ? `/cli/integrations?q=${encodeURIComponent(args.query)}` : "/cli/integrations";
+    return this.http.fetch(path);
+  }
+  async get(service) {
+    this.http.requireAuthed();
+    return this.http.fetch(`/cli/integrations/${encodeURIComponent(service)}`);
+  }
+  async listOperations(service) {
+    this.http.requireAuthed();
+    return this.http.fetch(
+      `/cli/integrations/${encodeURIComponent(service)}/operations`
+    );
+  }
+  async getOperation(args) {
+    this.http.requireAuthed();
+    return this.http.fetch(
+      `/cli/integrations/${encodeURIComponent(args.service)}/operations/${encodeURIComponent(args.opId)}`
+    );
+  }
+};
+
+// src/clients/OperationsApiClient.ts
+var OperationsApiClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  async getById(opId) {
+    this.http.requireAuthed();
+    return this.http.fetch(`/cli/operations/${encodeURIComponent(opId)}`);
+  }
+};
+
+// src/clients/ApiClientFactory.ts
+var ApiClientFactory = class {
+  build(args) {
+    const http = new HttpClient(args.server, args.token);
+    return {
+      auth: new AuthApiClient(http),
+      workspaces: new WorkspacesApiClient(http),
+      exec: new ExecApiClient(http),
+      credentials: new CredentialsApiClient(http),
+      integrations: new IntegrationsApiClient(http),
+      operations: new OperationsApiClient(http)
+    };
+  }
+};
+
+// src/clients/SessionStore.ts
+import { mkdir, readFile, writeFile, unlink, chmod } from "fs/promises";
+
+// src/types/session.ts
+import { z as z2 } from "zod";
+var RunnerSessionFileSchema = z2.object({
+  version: z2.literal(1),
+  server: z2.url(),
+  /** Plaintext runner-session token (`geni_rs_…`). */
+  token: z2.string().startsWith("geni_rs_"),
+  user: z2.object({
+    id: z2.string(),
+    email: z2.string().nullable(),
+    name: z2.string().nullable()
+  }),
+  workspace: z2.object({
+    membershipId: z2.string(),
+    organizationId: z2.string(),
+    slug: z2.string(),
+    name: z2.string(),
+    role: z2.string()
+  }),
+  /** ISO 8601 — when the file was last written by login or workspace switch. */
+  savedAt: z2.string()
+});
+
+// src/clients/SessionStore.ts
+var SessionStore = class {
+  constructor(filePath, directoryPath) {
+    this.filePath = filePath;
+    this.directoryPath = directoryPath;
+  }
+  filePath;
+  directoryPath;
+  /**
+   * Read the file, or `null` if no session exists. Returns `null` for
+   * unparseable / schema-invalid files too — corrupt local state
+   * shouldn't prevent re-login. The user can rerun `geni login` to
+   * write a fresh file over the broken one.
+   */
+  async load() {
+    let raw;
+    try {
+      raw = await readFile(this.filePath, "utf-8");
+    } catch (err) {
+      if (isErrnoCode(err, "ENOENT")) return null;
+      throw err;
+    }
+    let json;
+    try {
+      json = JSON.parse(raw);
+    } catch {
+      return null;
+    }
+    const parsed = RunnerSessionFileSchema.safeParse(json);
+    return parsed.success ? parsed.data : null;
+  }
+  /**
+   * Persist the session. Creates the config dir if missing and lands
+   * mode 0600 on the file. Tightens dir mode to 0700 best-effort —
+   * if the chmod fails (e.g. on a CI mount), we continue rather than
+   * failing the login outright.
+   */
+  async save(session) {
+    await mkdir(this.directoryPath, { recursive: true, mode: 448 });
+    await chmod(this.directoryPath, 448).catch(() => {
+    });
+    await writeFile(this.filePath, JSON.stringify(session, null, 2), {
+      mode: 384
+    });
+  }
+  /**
+   * Delete the session file. Idempotent — missing file is not an error.
+   * Used by `geni logout` after server revoke, and as a recovery path
+   * when the local file is corrupt or stale.
+   */
+  async delete() {
+    try {
+      await unlink(this.filePath);
+    } catch (err) {
+      if (isErrnoCode(err, "ENOENT")) return;
+      throw err;
+    }
+  }
+  /**
+   * Update just the workspace pointer in the session file, used by
+   * `geni workspace switch` after the server confirms the membership.
+   * Throws if no session exists — the caller must have verified one
+   * is loaded before calling this.
+   */
+  async updateActiveWorkspace(workspace) {
+    const current = await this.load();
+    if (!current) {
+      throw new Error("No active session to update");
+    }
+    await this.save({
+      ...current,
+      workspace,
+      savedAt: (/* @__PURE__ */ new Date()).toISOString()
+    });
+  }
+};
+function isErrnoCode(err, expected) {
+  if (typeof err !== "object" || err === null) return false;
+  if (!("code" in err)) return false;
+  return err.code === expected;
+}
+
+// src/clients/ConfigStore.ts
+import { readFileSync } from "fs";
+import { mkdir as mkdir2, writeFile as writeFile2, unlink as unlink2 } from "fs/promises";
+import { dirname } from "path";
+var ConfigStore = class {
+  constructor(filePath) {
+    this.filePath = filePath;
+  }
+  filePath;
+  /**
+   * Read the file synchronously. Returns `null` for any unreadable /
+   * corrupt / schema-invalid file so the CLI degrades to defaults
+   * instead of crashing on a stale on-disk format.
+   */
+  loadSync() {
+    let raw;
+    try {
+      raw = readFileSync(this.filePath, "utf8");
+    } catch {
+      return null;
+    }
+    let json;
+    try {
+      json = JSON.parse(raw);
+    } catch {
+      return null;
+    }
+    const parsed = CliConfigSchema.safeParse(json);
+    return parsed.success ? parsed.data : null;
+  }
+  /**
+   * Persist the config. Creates the directory if missing. Mode 0644:
+   * config is non-secret, unlike the session file.
+   */
+  async save(config) {
+    await mkdir2(dirname(this.filePath), { recursive: true });
+    await writeFile2(this.filePath, JSON.stringify(config, null, 2) + "\n", {
+      mode: 420
+    });
+  }
+  /**
+   * Delete the config file. Idempotent — succeeds silently when the
+   * file doesn't exist (the user's intent is "ensure no config",
+   * not "the file definitely existed").
+   */
+  async delete() {
+    try {
+      await unlink2(this.filePath);
+    } catch (err) {
+      if (typeof err === "object" && err !== null && "code" in err && err.code === "ENOENT") {
+        return;
+      }
+      throw err;
+    }
+  }
+  /** Path the file would be at, regardless of whether it exists. */
+  get path() {
+    return this.filePath;
+  }
+};
+
+// src/clients/BrowserOpener.ts
+import { spawn } from "child_process";
+var BrowserOpener = class {
+  open(url) {
+    const cmd = openerCommandForPlatform();
+    try {
+      const child = spawn(cmd, [url], { stdio: "ignore", detached: true });
+      child.unref();
+      return true;
+    } catch {
+      return false;
+    }
+  }
+};
+function openerCommandForPlatform() {
+  switch (process.platform) {
+    case "darwin":
+      return "open";
+    case "win32":
+      return "start";
+    default:
+      return "xdg-open";
+  }
+}
+
+// src/clients/ChildProcessSpawner.ts
+import { spawn as spawn2 } from "child_process";
+var ChildProcessSpawner = class {
+  /**
+   * Run `command` with `args` and return the child's exit code. Pipes
+   * stdout + stderr through `scrubber` before forwarding to the
+   * parent process's streams.
+   */
+  async run(args) {
+    const child = spawn2(args.command, args.args, {
+      env: args.env,
+      cwd: args.cwd ?? process.cwd(),
+      stdio: ["inherit", "pipe", "pipe"]
+    });
+    const stdoutClosed = pipeWithScrubbing(
+      child.stdout,
+      process.stdout,
+      args.scrubber.stream(),
+      args.onStdoutChunk
+    );
+    const stderrClosed = pipeWithScrubbing(
+      child.stderr,
+      process.stderr,
+      args.scrubber.stream()
+    );
+    const forwardSignal = (signal) => {
+      if (!child.killed) child.kill(signal);
+    };
+    process.on("SIGINT", forwardSignal);
+    process.on("SIGTERM", forwardSignal);
+    try {
+      const exitCode = await new Promise((resolve, reject) => {
+        child.once("exit", (code, signal) => {
+          if (code !== null) resolve(code);
+          else if (signal !== null) resolve(128 + signalNumber(signal));
+          else resolve(1);
+        });
+        child.once("error", (err) => reject(err));
+      });
+      await Promise.all([stdoutClosed, stderrClosed]);
+      return exitCode;
+    } finally {
+      process.removeListener("SIGINT", forwardSignal);
+      process.removeListener("SIGTERM", forwardSignal);
+    }
+  }
+};
+function pipeWithScrubbing(source, dest, scrubber, onChunk) {
+  return new Promise((resolve) => {
+    let flushed = false;
+    const emit = (chunk) => {
+      if (chunk.length === 0) return;
+      dest.write(chunk);
+      onChunk?.(chunk);
+    };
+    const finishOnce = () => {
+      if (flushed) return;
+      flushed = true;
+      emit(scrubber.redact("", { final: true }));
+      resolve();
+    };
+    source.on("end", finishOnce);
+    source.on("close", finishOnce);
+    source.on("error", () => {
+      flushed = true;
+      resolve();
+    });
+    source.setEncoding("utf8");
+    source.on("data", (chunk) => {
+      emit(scrubber.redact(chunk));
+    });
+  });
+}
+function signalNumber(signal) {
+  const map = {
+    SIGHUP: 1,
+    SIGINT: 2,
+    SIGQUIT: 3,
+    SIGKILL: 9,
+    SIGTERM: 15
+  };
+  return map[signal] ?? 1;
+}
+
+// src/lib/paths.ts
+import { homedir } from "os";
+import { join } from "path";
+function configDir() {
+  return process.env.GENI_CONFIG_DIR ?? join(homedir(), ".config", "geni");
+}
+function sessionFilePath() {
+  return join(configDir(), "runner-session.json");
+}
+function configFilePath() {
+  return join(configDir(), "config.json");
+}
+
+// src/dependencyInjection/clients.ts
+var sessionStore = new SessionStore(sessionFilePath(), configDir());
+var configStore = new ConfigStore(configFilePath());
+var apiClientFactory = new ApiClientFactory();
+var browserOpener = new BrowserOpener();
+var childProcessSpawner = new ChildProcessSpawner();
+
+// src/dependencyInjection/services.ts
+var configService = new ConfigService(configStore, sessionStore);
+var sessionContextService = new SessionContextService(
+  sessionStore,
+  apiClientFactory
+);
+var authService = new AuthService(
+  apiClientFactory,
+  sessionStore,
+  browserOpener,
+  configService
+);
+var workspaceService = new WorkspaceService(
+  sessionContextService,
+  sessionStore
+);
+var execService = new ExecService(
+  sessionContextService,
+  childProcessSpawner
+);
+var discoveryService = new DiscoveryService(
+  sessionContextService,
+  browserOpener,
+  configService
+);
+
+// src/lib/cliErrors.ts
+function exitOnApiError(error, opts = {}) {
+  if (error instanceof ApiError) {
+    if (error.status === 404 && opts.notFoundMessage) {
+      printError(opts.notFoundMessage);
+      exit(ExitCode.NotFound);
+    }
+    if (error.status === 401) {
+      printError(
+        `Runner session is missing or expired: ${error.message} Run \`geni login\` to re-authenticate, then retry.`
+      );
+      exit(ExitCode.SessionMissingOrExpired);
+    }
+    if (error.status === 403) {
+      printError(
+        `Forbidden: ${error.message} Verify the resource id and the active workspace (\`geni workspace current\`).`
+      );
+      exit(ExitCode.Forbidden);
+    }
+    if (error.status === 404) {
+      printError(
+        `Not found: ${error.message} Verify the id exists in the active workspace.`
+      );
+      exit(ExitCode.NotFound);
+    }
+    if (error.status >= 500) {
+      printError(
+        `Server error (HTTP ${error.status}): ${error.message} Retry once before reporting.`
+      );
+      exit(ExitCode.InternalError);
+    }
+    printError(`Request failed (HTTP ${error.status}): ${error.message}`);
+    exit(ExitCode.InternalError);
+  }
+  printError(
+    `Unexpected error: ${error instanceof Error ? error.message : String(error)}`
+  );
+  exit(ExitCode.InternalError);
+}
+
+// src/commands/auth/login.ts
+function registerLogin(parent) {
+  parent.command("login").description(
+    "Authenticate via browser device-code flow. The CLI prints (and tries to open) a one-time approval URL; the operator picks a workspace in the browser; on approval the CLI saves a runner-session token to ~/.config/geni/runner-session.json. The token is bound to the URL it was minted against, so switching API URL after login requires logout + re-login."
+  ).option(
+    "--server <url>",
+    "Override the API base URL for this login. Precedence: this flag > $GENI_API_URL > `apiUrl` from `geni config` > https://cloud.generalinput.com. Whatever URL wins is locked into the session file."
+  ).option(
+    "--workspace <slug>",
+    "After approval, re-bind the session to this workspace slug instead of whatever the dashboard picker chose. Useful in CI / scripted setups where there is no human at the browser."
+  ).action(async (opts) => {
+    try {
+      await authService.login({
+        server: opts.server,
+        workspace: opts.workspace
+      });
+    } catch (error) {
+      exitOnApiError(error);
+    }
+  });
+}
+
+// src/commands/auth/logout.ts
+function registerLogout(parent) {
+  parent.command("logout").description(
+    "Revoke the runner-session token server-side and delete the local session file (~/.config/geni/runner-session.json). The local file is removed even if the server-side revoke fails. Running `geni logout` should never leave a token the operator thinks is gone still on disk."
+  ).action(async () => {
+    try {
+      await authService.logout();
+    } catch (error) {
+      exitOnApiError(error);
+    }
+  });
+}
+
+// src/commands/auth/status.ts
+async function executeAuthStatus(opts) {
+  try {
+    const status = await authService.status();
+    if (!status) {
+      if (opts.json) {
+        printJson({ authenticated: false });
+      } else {
+        printError(
+          "No runner session on disk. Run `geni login` to authenticate, then retry."
+        );
+      }
+      exit(ExitCode.SessionMissingOrExpired);
+    }
+    if (opts.json) {
+      printJson(status);
+      exit(ExitCode.Ok);
+    }
+    printSuccess(`Authenticated as ${status.user.email ?? status.user.id}`);
+    printInfo(
+      `Active workspace: ${status.workspace.slug} (${status.workspace.name}, ${status.workspace.role})`
+    );
+    exit(ExitCode.Ok);
+  } catch (error) {
+    if (error instanceof ApiError && error.status === 401) {
+      printError(
+        "Local session token was rejected by the server (revoked, expired, or pointed at a different server). Run `geni login` to mint a fresh session."
+      );
+      exit(ExitCode.SessionMissingOrExpired);
+    }
+    const detail = error instanceof Error ? error.message : String(error);
+    printError(
+      `Failed to verify session: ${detail}. Check that the server is reachable; \`geni auth status --json\` shows the bound server URL.`
+    );
+    exit(ExitCode.InternalError);
+  }
+}
+function registerStatus(parent) {
+  parent.command("status").description(
+    'Verify the active session and print operator + active workspace. Hits `/cli/auth/me` to confirm the token is still valid server-side; a stale local session (server revoked, expired) exits 78 with a clear "run geni login" message rather than reporting a fake-OK from the local file alone.'
+  ).option(
+    "--json",
+    "Emit a machine-readable JSON object: `{ authenticated, user, workspace, server }`. When unauthenticated, `{ authenticated: false }` is the only field."
+  ).action((opts) => executeAuthStatus(opts));
+}
+
+// src/commands/auth/index.ts
+function registerAuthCommands(program2) {
+  registerLogin(program2);
+  registerLogout(program2);
+  const auth = program2.command("auth").description("Inspect the active CLI session.").action(() => executeAuthStatus({}));
+  registerStatus(auth);
+}
+
+// src/lib/printTable.ts
+import chalk5 from "chalk";
+function printTable(headers, rows, opts = {}) {
+  const out = opts.out ?? process.stdout;
+  const colCount = headers.length;
+  const markers = opts.markerFn ? rows.map((row, i) => opts.markerFn(row, i)) : null;
+  const usesMarker = markers !== null && markers.some((m) => m) && !markers.every((m) => m);
+  const widths = new Array(colCount).fill(0);
+  for (let i = 0; i < colCount; i++) widths[i] = headers[i].length;
+  for (const row of rows) {
+    for (let i = 0; i < colCount; i++) {
+      const len = row[i]?.length ?? 0;
+      if (len > widths[i]) widths[i] = len;
+    }
+  }
+  const headerCells = headers.map(
+    (h, i) => pad(chalk5.dim(h), h.length, widths[i], i === colCount - 1)
+  );
+  out.write((usesMarker ? "  " : "") + headerCells.join("  ") + "\n");
+  rows.forEach((row, rowIdx) => {
+    const isMarked = usesMarker && markers[rowIdx] === true;
+    const cells = row.map((raw, i) => {
+      const value = raw ?? "";
+      let colored = value;
+      if (isMarked && i === 0) colored = chalk5.cyan(value);
+      else if (opts.colorFn)
+        colored = opts.colorFn(value, { row: rowIdx, col: i });
+      return pad(colored, value.length, widths[i], i === colCount - 1);
+    });
+    const gutter = usesMarker ? `${isMarked ? chalk5.green("*") : " "} ` : "";
+    out.write(gutter + cells.join("  ") + "\n");
+  });
+}
+function pad(colored, rawLen, width, isLast) {
+  if (isLast) return colored;
+  if (rawLen >= width) return colored;
+  return colored + " ".repeat(width - rawLen);
+}
+function dimColumn(colIndex) {
+  return (cell, args) => args.col === colIndex ? chalk5.dim(cell) : cell;
+}
+
+// src/commands/workspace/list.ts
+async function executeWorkspaceList(opts) {
+  try {
+    const { workspaces } = await workspaceService.list();
+    if (opts.json) {
+      printJson({
+        active: workspaces.find((w) => w.isActive)?.slug ?? null,
+        workspaces
+      });
+      exit(ExitCode.Ok);
+    }
+    if (workspaces.length === 0) {
+      process.stdout.write(
+        "No workspaces yet. Create or join one in the dashboard, then re-run.\n"
+      );
+      exit(ExitCode.Ok);
+    }
+    printTable(
+      ["SLUG", "NAME", "ROLE"],
+      workspaces.map((w) => [w.slug, w.name, w.role]),
+      { markerFn: (_row, i) => workspaces[i].isActive }
+    );
+    exit(ExitCode.Ok);
+  } catch (error) {
+    exitOnApiError(error);
+  }
+}
+function registerWorkspaceList(parent) {
+  parent.command("list").description(
+    "List every workspace the authenticated account belongs to. The active workspace is marked with a `*` and rendered in cyan. Server is the source of truth for both the list and the active marker."
+  ).option(
+    "--json",
+    "Emit `{ active: <slug>, workspaces: [...] }`. Each workspace carries `membershipId`, `organizationId`, `slug`, `name`, `role`, `isActive`."
+  ).action((opts) => executeWorkspaceList(opts));
+}
+
+// src/commands/workspace/switch.ts
+import * as p from "@clack/prompts";
+function registerWorkspaceSwitch(parent) {
+  parent.command("switch").argument(
+    "[slug]",
+    "Workspace slug to switch to. Omit for an interactive picker."
+  ).description(
+    "Re-point the runner session at a different workspace the same account belongs to. The session token keeps working; only the active-workspace pointer changes server-side and in the local cache. Pass a slug for scriptable use, or omit for an interactive picker (TTY only)."
+  ).action(async (slug) => {
+    try {
+      const { session } = await sessionContextService.requireAuthed();
+      const { workspaces } = await workspaceService.list();
+      const target = slug ? findBySlug(workspaces, slug) : await pickInteractively({
+        workspaces,
+        currentMembershipId: session.workspace.membershipId
+      });
+      if (!target) return;
+      if (target.membershipId === session.workspace.membershipId) {
+        printInfo(`Already on ${target.slug} (${target.name}). No change.`);
+        exit(ExitCode.Ok);
+      }
+      const me = await workspaceService.switch({
+        membershipId: target.membershipId
+      });
+      printSuccess(
+        `Active workspace: ${me.workspace.slug} (${me.workspace.name})`
+      );
+      exit(ExitCode.Ok);
+    } catch (error) {
+      exitOnApiError(error);
+    }
+  });
+}
+function findBySlug(workspaces, slug) {
+  const target = workspaces.find((w) => w.slug === slug);
+  if (!target) {
+    const available = workspaces.map((w) => w.slug).join(", ") || "none";
+    printError(
+      `No workspace with slug "${slug}" on this account. Available: [${available}]. Pick one of those, or run \`geni workspace list\` for the full set with names + roles.`
+    );
+    exit(ExitCode.NotFound);
+  }
+  return target;
+}
+async function pickInteractively(args) {
+  if (!process.stdin.isTTY) {
+    printError(
+      "Interactive picker needs a TTY. Pass a slug: `geni workspace switch <slug>`."
+    );
+    exit(ExitCode.GenericError);
+  }
+  if (args.workspaces.length === 0) {
+    printError(
+      "No workspaces on this account. Create or join one in the dashboard before running `geni workspace switch`."
+    );
+    exit(ExitCode.NotFound);
+  }
+  if (args.workspaces.length === 1) {
+    printInfo("You only have one workspace; nothing to switch to.");
+    exit(ExitCode.Ok);
+  }
+  const choice = await p.select({
+    message: "Pick a workspace",
+    initialValue: args.currentMembershipId,
+    options: args.workspaces.map((w) => ({
+      value: w.membershipId,
+      label: `${w.slug} (${w.name})`,
+      hint: w.role
+    }))
+  });
+  if (p.isCancel(choice)) {
+    printInfo("Cancelled.");
+    return void 0;
+  }
+  return args.workspaces.find((w) => w.membershipId === choice);
+}
+
+// src/commands/workspace/current.ts
+function registerWorkspaceCurrent(parent) {
+  parent.command("current").description(
+    "Print the active workspace's slug. Reads the local session file directly (no network round-trip), so it's safe to use in shell substitutions like `cd ~/repos/$(geni workspace current)`. Use `--verbose` for slug + name + role + id, or `--json` for machine-readable."
+  ).option("--verbose", "Include name, role, and id alongside the slug.").option(
+    "--json",
+    "Emit the workspace record: `{ membershipId, organizationId, slug, name, role }`."
+  ).action((opts) => {
+    void run(opts);
+  });
+}
+async function run(opts) {
+  const current = await workspaceService.current();
+  if (!current) {
+    if (opts.json) {
+      printJson({ authenticated: false });
+    } else {
+      printError(
+        "No runner session on disk. Run `geni login` to authenticate, then retry."
+      );
+    }
+    exit(ExitCode.SessionMissingOrExpired);
+  }
+  const ws = current.workspace;
+  if (opts.json) {
+    printJson(ws);
+    exit(ExitCode.Ok);
+  }
+  if (opts.verbose) {
+    process.stdout.write(`slug: ${ws.slug}
+`);
+    process.stdout.write(`name: ${ws.name}
+`);
+    process.stdout.write(`role: ${ws.role}
+`);
+    process.stdout.write(`id:   ${ws.organizationId}
+`);
+    exit(ExitCode.Ok);
+  }
+  process.stdout.write(`${ws.slug}
+`);
+  exit(ExitCode.Ok);
+}
+
+// src/commands/workspace/index.ts
+function registerWorkspaceCommands(program2) {
+  const workspace = program2.command("workspace").alias("workspaces").description(
+    "List the workspaces the operator's account belongs to and switch which one this CLI session targets. The runner-session token is account-scoped; the active workspace pointer determines which org's credentials, integrations, and audit logs every other command operates on."
+  ).action(() => executeWorkspaceList({}));
+  registerWorkspaceList(workspace);
+  registerWorkspaceSwitch(workspace);
+  registerWorkspaceCurrent(workspace);
+}
+
+// src/commands/exec/bash.ts
+function registerExecBash(parent) {
+  parent.command("bash").description(
+    "Run `bash -lc <cmd>` locally with cloud-resolved credentials injected as env vars. Output is streamed back through a scrubber that replaces every registered secret with [REDACTED:credential_<id>]."
+  ).option(
+    "--cred <id>",
+    "Credential id to inject. Repeat once per credential; each --cred MUST be followed by exactly one --reason. Pairing is by order: the Nth --cred goes with the Nth --reason. Discover ids via `geni credential list --service <service>`.",
+    collect,
+    []
+  ).option(
+    "--reason <text>",
+    "Why this credential is being accessed. Lands in the credential access log and is shown to the operator. Re-state on every call; the audit log is per-invocation.",
+    collect,
+    []
+  ).option(
+    "--cwd <path>",
+    "Working directory for the command. Defaults to your current shell cwd."
+  ).option(
+    "--quiet",
+    "Suppress geni's `resolved <cred> \u2192 ...` status lines on stderr. Subprocess output still passes through, scrubbed."
+  ).allowExcessArguments(true).action(async (opts, command) => {
+    try {
+      const code = await runExecBash(opts, command.args);
+      process.exit(code);
+    } catch (error) {
+      exitOnApiError(error);
+    }
+  }).addHelpText(
+    "after",
+    `
+Always-injected env vars (no --cred required):
+  $PLATFORM_API_KEY    short-lived bearer for $PLATFORM_BASE_URL/<service> calls
+  $PLATFORM_BASE_URL   the cloud's base URL
+
+Per-credential env vars are derived from the integration's secret
+schema, with the credential id as a suffix so two credentials of the
+same service can coexist:  $<SERVICE>_<FIELD>_<id>
+Look up the exact names before constructing the command:
+  geni credential get <id> --field envVars        # for a known cred
+  geni integration get <service> --field envVars  # for a service
+
+Examples:
+
+  # One credential, simple curl:
+  geni exec bash \\
+    --cred cred_01HX --reason "Listing Slack channels" \\
+    -- 'curl -s -H "Authorization: Bearer $SLACK_ACCESS_TOKEN_01HX" https://slack.com/api/conversations.list'
+
+  # Multiple credentials, fan-out (suffix keeps them distinct):
+  geni exec bash \\
+    --cred cred_slackA --reason "Posting to #engineering" \\
+    --cred cred_slackB --reason "Posting to #marketing" \\
+    -- 'curl ... $SLACK_ACCESS_TOKEN_SLACKA ... && curl ... $SLACK_ACCESS_TOKEN_SLACKB ...'
+
+  # No --cred. Platform service:
+  geni exec bash -- 'curl -s -H "Authorization: Bearer $PLATFORM_API_KEY" "$PLATFORM_BASE_URL/v1/web-search" -d ...'
+
+Exit codes:
+  0\u2013125  subprocess's own exit code
+  77     server refused to resolve a credential, don't retry
+  78     runner session missing or expired, run \`geni login\`
+  125    internal CLI error
+`
+  );
+}
+function collect(value, prev) {
+  return [...prev, value];
+}
+async function runExecBash(opts, positional) {
+  const command = positional.join(" ").trim();
+  if (!command) {
+    printError(
+      "Missing the bash command. Put it after a literal `--` (flags before `--` belong to geni). Example: `geni exec bash --cred cred_X --reason \"...\" -- 'curl ...'`."
+    );
+    exit(ExitCode.InvalidArgs);
+  }
+  if (opts.cred.length !== opts.reason.length) {
+    printError(
+      `--cred and --reason must be paired one-to-one (got ${opts.cred.length} --cred and ${opts.reason.length} --reason). Example: \`--cred cred_A --reason "..." --cred cred_B --reason "..."\`.`
+    );
+    exit(ExitCode.InvalidArgs);
+  }
+  return execService.runBash({
+    command,
+    // Pair-by-index: Commander's `collect` reducer keeps both arrays
+    // in declaration order, so opts.cred[i] always corresponds to
+    // opts.reason[i].
+    credentials: opts.cred.map((id, i) => ({
+      id,
+      reason: opts.reason[i]
+    })),
+    cwd: opts.cwd,
+    quiet: opts.quiet
+  });
+}
+
+// src/commands/exec/index.ts
+function registerExecCommands(program2) {
+  const exec = program2.command("exec").description(
+    "Run bash locally with the operator's credentials resolved by the cloud and injected as env vars. Plaintext secrets never enter the agent's transcript \u2014 output is streamed through a scrubber that redacts every registered secret value."
+  );
+  registerExecBash(exec);
+}
+
+// src/commands/credential/list.ts
+async function executeCredentialList(opts) {
+  try {
+    const credentials = await discoveryService.listCredentials({
+      service: opts.service,
+      mine: opts.mine,
+      query: opts.query
+    });
+    if (opts.json) {
+      printJson({ credentials });
+      return;
+    }
+    if (credentials.length === 0) {
+      const filterDesc = describeCredentialFilters(opts);
+      process.stdout.write(
+        filterDesc ? `No credentials match (${filterDesc}). Drop filters or run \`geni credential connect <service>\` to add one.
+` : "No credentials connected yet. Connect one with `geni credential connect <service>` (find a service slug with `geni integration list -q <keyword>`).\n"
+      );
+      return;
+    }
+    printTable(
+      ["ID", "SERVICE", "TITLE"],
+      credentials.map((c) => [c.id, c.service, c.title]),
+      {
+        // `*` flags the rows you own (auto-suppressed if every row is
+        // yours or none are — i.e. the marker only renders when it
+        // actually distinguishes a subset).
+        markerFn: (_row, i) => credentials[i].isOwnedByViewer,
+        colorFn: dimColumn(0)
+      }
+    );
+  } catch (error) {
+    exitOnApiError(error);
+  }
+}
+function registerCredentialList(parent) {
+  parent.command("list").description(
+    "List credentials the runner session can use (owned, org-shared, or per-credential collaborator). Default columns are id / service / title \u2014 for env var names, OAuth scopes, or the full record use `geni credential get <id>` (or `--field <path>` / `--json`)."
+  ).option(
+    "--service <slug>",
+    "Filter to one service (e.g. slack, github, salesforce). Use `geni integration list` to discover slugs."
+  ).option(
+    "--mine",
+    "Only credentials owned by you. Excludes credentials shared with you via org-grant or collaborator rows."
+  ).option(
+    "-q, --query <text>",
+    "Substring rank across service, title, and provider name. Service slug weighs highest."
+  ).option(
+    "--json",
+    "Machine-readable output. Each entry carries `id`, `service`, `envVars`, `grantedScopes`, etc."
+  ).action((opts) => executeCredentialList(opts));
+}
+function describeCredentialFilters(opts) {
+  const parts = [];
+  if (opts.service) parts.push(`--service ${opts.service}`);
+  if (opts.mine) parts.push("--mine");
+  if (opts.query) parts.push(`-q "${opts.query}"`);
+  return parts.join(" ");
+}
+
+// src/lib/jsonField.ts
+function extractField(value, path) {
+  const segments = path.split(".").filter((s) => s.length > 0);
+  let current = value;
+  for (const segment of segments) {
+    if (current === null || current === void 0) return void 0;
+    if (Array.isArray(current)) {
+      const idx = Number.parseInt(segment, 10);
+      if (Number.isNaN(idx)) return void 0;
+      current = current[idx];
+    } else if (typeof current === "object") {
+      current = Reflect.get(current, segment);
+    } else {
+      return void 0;
+    }
+  }
+  return current;
+}
+function formatExtractedField(value) {
+  if (typeof value === "string") return value;
+  if (value === null || value === void 0) return "";
+  return JSON.stringify(value, null, 2);
+}
+
+// src/commands/credential/get.ts
+function registerCredentialGet(parent) {
+  parent.command("get").argument("<id>", "Credential id (e.g. `cred_01HX\u2026`).").description(
+    "Print one credential's full record: env var names, per-field secret/non-secret breakdown, ownership, sharing, scopes. No plaintext secret values are returned. Those resolve server-side at `geni exec bash` time."
+  ).option("--json", "Machine-readable output (full record).").option(
+    "--field <path>",
+    "Print one dotted-path field instead of the whole record. Examples: `envVars`, `grantedScopes`, `service`, `isShared`."
+  ).action(async (id, opts) => {
+    try {
+      const detail = await discoveryService.getCredential(id);
+      if (opts.field) {
+        const value = extractField(detail, opts.field);
+        if (value === void 0) {
+          const topLevel = Object.keys(detail).join(", ");
+          printError(
+            `Field "${opts.field}" is not on the credential record. Top-level fields: [${topLevel}]. Pass a dotted path that exists, or run \`geni credential get ${id} --json\` to see the whole shape.`
+          );
+          exit(ExitCode.NotFound);
+        }
+        process.stdout.write(formatExtractedField(value) + "\n");
+        return;
+      }
+      if (opts.json) {
+        printJson(detail);
+        return;
+      }
+      printDefault(detail);
+    } catch (error) {
+      exitOnApiError(error, {
+        notFoundMessage: `No credential with id "${id}" in the active workspace. Run \`geni credential list\` to find the right id.`
+      });
+    }
+  });
+}
+function printDefault(detail) {
+  const out = process.stdout;
+  out.write(`${detail.id}    ${detail.title}
+`);
+  out.write(`provider:     ${detail.providerTitle}
+`);
+  out.write(`type:         ${detail.credentialType}
+`);
+  out.write(`created:      ${detail.createdAt.slice(0, 10)}
+`);
+  out.write(
+    `ownership:    ${detail.isOwnedByViewer ? "owned by you" : "shared with you"}
+`
+  );
+  out.write(`shared:       ${detail.isShared ? "yes" : "no"}
+
+`);
+  out.write("envVars:\n");
+  for (const v of detail.envVars) out.write(`  ${v}
+`);
+  out.write("\n");
+  if (detail.fields.length > 0) {
+    out.write("fields:\n");
+    for (const f of detail.fields) {
+      out.write(`  ${f.name.padEnd(14)} ${f.isSecret ? "secret" : "config"}
+`);
+    }
+    out.write("\n");
+  }
+  if (detail.grantedScopes && detail.grantedScopes.length > 0) {
+    out.write(`scopes:        ${detail.grantedScopes.join(", ")}
+`);
+  }
+}
+
+// src/commands/credential/connect.ts
+import chalk6 from "chalk";
+function registerCredentialConnect(parent) {
+  parent.command("connect").argument(
+    "<service>",
+    "Service slug (slack, github, \u2026). Use `geni integration list` to discover."
+  ).description(
+    "Open the dashboard's authorize page for a service so the operator can connect a new credential. Lightweight by design: no polling, no rendezvous. After the operator finishes in the dashboard, re-run `geni credential list --service <service>` to discover the new credential id."
+  ).option(
+    "--print-url",
+    "Don't auto-open the browser; print the URL to stdout. Useful in headless / SSH / CI sessions."
+  ).option("--no-browser", "Alias for --print-url.").action(async (service, opts) => {
+    try {
+      const intent = await discoveryService.connectCredential({
+        service,
+        // Commander turns `--no-browser` into `noBrowser: false`,
+        // so the print-only branch is "either flag was passed".
+        printUrlOnly: opts.printUrl || opts.noBrowser === false
+      });
+      if (intent.kind === "print-url") {
+        process.stdout.write(`${intent.url}
+`);
+        return;
+      }
+      printInfo(`Opening ${chalk6.cyan(intent.url)}`);
+      printInfo("\u21B3 approve in your browser");
+      process.stdout.write(
+        `
+When you're done, re-run: geni credential list --service ${service}
+`
+      );
+    } catch (error) {
+      exitOnApiError(error, {
+        notFoundMessage: `Service "${service}" not found.`
+      });
+    }
+  });
+}
+
+// src/commands/credential/index.ts
+function registerCredentialCommands(program2) {
+  const credential = program2.command("credential").alias("credentials").description(
+    "Discover the operator's connected credentials and prompt them to connect new ones. Discovery-only: the agent sees credential ids and the env var names that get set when each is declared on `geni exec bash`, never plaintext secrets. Resolution and decryption happen server-side at exec time."
+  ).action(() => executeCredentialList({}));
+  registerCredentialList(credential);
+  registerCredentialGet(credential);
+  registerCredentialConnect(credential);
+}
+
+// src/commands/integration/list.ts
+import chalk7 from "chalk";
+var VALID_TYPES = ["oauth2", "apiKey", "platform", "noAuth"];
+var VALID_TYPE_SET = new Set(VALID_TYPES);
+async function executeIntegrationList(opts) {
+  if (opts.type && !VALID_TYPE_SET.has(opts.type)) {
+    printError(
+      `Invalid --type "${opts.type}". Valid values: [${VALID_TYPES.join(", ")}]. \`oauth2\` and \`apiKey\` are user-connected credentials; \`platform\` is first-party (uses $PLATFORM_API_KEY); \`noAuth\` is a public API.`
+    );
+    exit(ExitCode.InvalidArgs);
+  }
+  try {
+    const integrations = await discoveryService.listIntegrations({
+      type: opts.type,
+      query: opts.query
+    });
+    if (opts.json) {
+      printJson({ integrations });
+      return;
+    }
+    if (integrations.length === 0) {
+      const filterDesc = [
+        opts.type ? `--type ${opts.type}` : null,
+        opts.query ? `-q "${opts.query}"` : null
+      ].filter(Boolean).join(" ");
+      process.stdout.write(
+        `No integrations match (${filterDesc || "no filters"}). Drop filters or broaden the query.
+`
+      );
+      return;
+    }
+    printTable(
+      ["SERVICE", "TITLE", "TYPE"],
+      integrations.map((i) => [i.service, i.title, i.credentialType]),
+      {
+        // Service slug is the lookup key for every other CLI verb
+        // (`credential connect <service>`, `integration get <service>`),
+        // so render it cyan to draw the eye. Type is metadata — dim.
+        colorFn: (cell, args) => {
+          if (args.col === 0) return chalk7.cyan(cell);
+          if (args.col === 2) return chalk7.dim(cell);
+          return cell;
+        }
+      }
+    );
+  } catch (error) {
+    exitOnApiError(error);
+  }
+}
+function registerIntegrationList(parent) {
+  parent.command("list").description(
+    "List every integration available to the operator's organization: third-party services (slack, github, salesforce), platform services (chat-completion, search-internet), and noAuth APIs. The starting point for finding the canonical `service` slug to pass to `geni credential connect` or to filter `geni credential list`."
+  ).option(
+    "--type <kind>",
+    `Filter by credential type: ${VALID_TYPES.join(" | ")}. \`oauth2\` and \`apiKey\` need a connected credential; \`platform\` uses $PLATFORM_API_KEY; \`noAuth\` is a public API that needs no auth.`
+  ).option(
+    "-q, --query <text>",
+    'Server-side hybrid (semantic + lexical) search across service slug, title, and description. Search by capability ("send message", "calendar"), not just service name.'
+  ).option(
+    "--json",
+    "Machine-readable output. Each entry is `{ service, title, description, credentialType }`."
+  ).action((opts) => executeIntegrationList(opts));
+}
+
+// src/commands/integration/get.ts
+function registerIntegrationGet(parent) {
+  parent.command("get").argument("<service>", "Service slug (slack, github, \u2026).").description(
+    "Full setup metadata for one integration: bash env var names that get set when its credentials are declared, per-field secret/non-secret breakdown, OAuth scope catalog (when applicable), operator-facing setup guide. Read this when the agent needs to walk the operator through credential setup or wants to know exactly what env vars a credential will produce before declaring one."
+  ).option("--json", "Machine-readable output (full record).").option(
+    "--field <path>",
+    "Print one dotted-path field instead of the whole record. Examples: `envVars`, `oauthScopes`, `fields`, `setupGuide`."
+  ).action(async (service, opts) => {
+    try {
+      const detail = await discoveryService.getIntegration(service);
+      if (opts.field) {
+        const value = extractField(detail, opts.field);
+        if (value === void 0) {
+          const topLevel = Object.keys(detail).join(", ");
+          printError(
+            `Field "${opts.field}" is not on the integration record. Top-level fields: [${topLevel}]. Pass a dotted path that exists, or run \`geni integration get ${service} --json\` to see the whole shape.`
+          );
+          exit(ExitCode.NotFound);
+        }
+        process.stdout.write(formatExtractedField(value) + "\n");
+        return;
+      }
+      if (opts.json) {
+        printJson(detail);
+        return;
+      }
+      printDefault2(detail);
+    } catch (error) {
+      exitOnApiError(error, {
+        notFoundMessage: `No integration with slug "${service}". Run \`geni integration list -q <keyword>\` to find the right slug (slugs are the service's brand name lowercased, e.g. \`slack\`).`
+      });
+    }
+  });
+}
+function printDefault2(detail) {
+  const out = process.stdout;
+  out.write(`${detail.service}    ${detail.title}
+`);
+  out.write(`type:    ${detail.credentialType}
+
+`);
+  out.write("description:\n");
+  out.write(`  ${detail.description}
+
+`);
+  if (detail.oauthScopes && detail.oauthScopes.length > 0) {
+    out.write("OAuth scopes:\n");
+    for (const scope of detail.oauthScopes) {
+      out.write(
+        `  ${scope.name.padEnd(40)} ${scope.description || "(no description)"}
+`
+      );
+    }
+    out.write("\n");
+  }
+  if (detail.fields.length > 0) {
+    out.write("Secret schema:\n");
+    for (const f of detail.fields) {
+      out.write(`  ${f.name.padEnd(20)} ${f.isSecret ? "secret" : "config"}
+`);
+    }
+    out.write("\n");
+  }
+  if (detail.envVars.length > 0) {
+    out.write("Bash env vars set when used:\n");
+    out.write(`  ${detail.envVars.map((v) => `$${v}`).join(", ")}
+`);
+  }
+}
+
+// src/commands/integration/operations.ts
+function registerIntegrationOperations(parent) {
+  parent.command("operations").argument("<service>", "Service slug (e.g. slack, github, stripe).").description(
+    "List the operations one integration exposes (e.g. for slack: 'Send a Message', 'Get Channel History'). Each row's id is the input to `geni integration operation <id>` for full reference docs."
+  ).option(
+    "-q, --query <text>",
+    "Substring rank across operation title and description. Title weighs higher."
+  ).option(
+    "--json",
+    "Machine-readable output. Each entry is `{ id, title, description }`."
+  ).action(async (service, opts) => {
+    try {
+      const operations = await discoveryService.listOperations({
+        service,
+        query: opts.query
+      });
+      if (opts.json) {
+        printJson({ operations });
+        return;
+      }
+      if (operations.length === 0) {
+        process.stdout.write(
+          opts.query ? `No operations on \`${service}\` match -q "${opts.query}". Drop the query to list all, or broaden the keyword.
+` : `\`${service}\` exposes no operations. Verify the service slug with \`geni integration list\`.
+`
+        );
+        return;
+      }
+      printTable(
+        ["ID", "TITLE", "DESCRIPTION"],
+        operations.map((op) => [op.id, op.title, op.description]),
+        { colorFn: dimColumn(0) }
+      );
+    } catch (error) {
+      exitOnApiError(error, {
+        notFoundMessage: `No integration with slug "${service}". Run \`geni integration list -q <keyword>\` to find the right slug.`
+      });
+    }
+  });
+}
+
+// src/commands/integration/operation.ts
+var VALID_FORMATS = ["text", "markdown", "json"];
+var VALID_FORMAT_SET = new Set(VALID_FORMATS);
+function registerIntegrationOperation(parent) {
+  parent.command("operation").argument(
+    "<serviceOrId>",
+    "Operation id, or service slug followed by operation id."
+  ).argument("[opId]", "Operation id when the first arg is a service slug.").description(
+    "Full reference for one operation: HTTP method+path, required scopes, params, response shape, code example, and the env var names that get set when a credential of this service is declared on `geni exec bash`. The single most important command before constructing a credentialed request. Read this, then write the call."
+  ).option(
+    "--format <fmt>",
+    `Output format: ${VALID_FORMATS.join(" | ")}. \`markdown\` is the cleanest paste into an LLM context window.`,
+    "text"
+  ).action(
+    async (serviceOrId, maybeOpId, opts) => {
+      const format = opts.format ?? "text";
+      if (!VALID_FORMAT_SET.has(format)) {
+        printError(
+          `Invalid --format "${format}". Valid values: [${VALID_FORMATS.join(", ")}]. Default is \`text\`; use \`markdown\` when pasting into an LLM context.`
+        );
+        exit(ExitCode.InvalidArgs);
+      }
+      try {
+        const detail = await discoveryService.getOperation(
+          maybeOpId ? { service: serviceOrId, opId: maybeOpId } : { opId: serviceOrId }
+        );
+        if (format === "json") {
+          printJson(detail);
+          return;
+        }
+        if (format === "markdown") {
+          process.stdout.write(detail.documentation + "\n");
+          return;
+        }
+        printText(detail);
+      } catch (error) {
+        const target = maybeOpId ? `${serviceOrId} ${maybeOpId}` : serviceOrId;
+        exitOnApiError(error, {
+          notFoundMessage: `No operation found for "${target}". List operations for a service with \`geni integration operations <service>\`, then re-run with one of those ids.`
+        });
+      }
+    }
+  ).addHelpText(
+    "after",
+    `
+Examples:
+
+  # Look up by bare operation id (server resolves the service):
+  geni integration operation 4c21e1ee-4d54-4413-a4f2-80a80dff4c99
+
+  # Look up with service prefix (works the same, useful when the agent
+  # already knows the service):
+  geni integration operation slack 4c21e1ee-4d54-4413-a4f2-80a80dff4c99
+
+  # Paste-ready for an LLM context window:
+  geni integration operation slack 4c21e1ee... --format markdown
+
+Find ids first with:  geni integration operations <service>
+`
+  );
+}
+function printText(detail) {
+  const out = process.stdout;
+  out.write(`${detail.service} \xB7 ${detail.title}
+
+`);
+  if (detail.description) out.write(`${detail.description}
+
+`);
+  const cleaned = detail.documentation.replace(/^#+\s*/gm, "").replace(/^```[\w-]*$/gm, "");
+  out.write(cleaned);
+  if (!cleaned.endsWith("\n")) out.write("\n");
+}
+
+// src/commands/integration/index.ts
+function registerIntegrationCommands(program2) {
+  const integration = program2.command("integration").alias("integrations").description(
+    "Discover the integration catalog: which third-party and platform services the operator's organization can use, the env var names each service's credentials will inject, and per-operation reference docs (HTTP method, params, examples) needed to construct an exec call."
+  ).action(() => executeIntegrationList({}));
+  registerIntegrationList(integration);
+  registerIntegrationGet(integration);
+  registerIntegrationOperations(integration);
+  registerIntegrationOperation(integration);
+}
+
+// src/commands/config/get.ts
+var UNSET_PLACEHOLDER = "(unset)";
+function executeConfigGet(args) {
+  const file = configService.fileValues();
+  if (args.key) {
+    if (!isSettableConfigKey(args.key)) {
+      printError(
+        `Unknown config key "${args.key}". Valid keys: ${SETTABLE_CONFIG_KEYS.join(", ")}.`
+      );
+      exit(ExitCode.InvalidArgs);
+    }
+    const value = file[args.key];
+    if (args.json) {
+      printJson({ [args.key]: value ?? null });
+      return;
+    }
+    process.stdout.write((value ?? UNSET_PLACEHOLDER) + "\n");
+    return;
+  }
+  if (args.json) {
+    const payload = {};
+    for (const k of SETTABLE_CONFIG_KEYS) payload[k] = file[k] ?? null;
+    printJson(payload);
+    return;
+  }
+  printTable(
+    ["KEY", "VALUE"],
+    SETTABLE_CONFIG_KEYS.map((k) => [k, file[k] ?? UNSET_PLACEHOLDER])
+  );
+}
+function registerConfigGet(parent) {
+  parent.command("get").argument(
+    "[key]",
+    `Specific key to read (${SETTABLE_CONFIG_KEYS.join(" | ")}). Omit to list every settable key with its value.`
+  ).description(
+    "Print what's written to the persistent config file. Symmetric with `geni config set` \u2014 whatever you wrote is what you read. Unset keys render as `(unset)` in table output and `null` in --json. For the URL the CLI is actually hitting at runtime (which can differ if a runner-session is bound to a different server), run `geni auth status`."
+  ).option(
+    "--json",
+    "Machine-readable output. Unset keys are emitted as JSON `null`."
+  ).action(
+    (key, opts) => executeConfigGet({ key, json: opts.json })
+  );
+}
+
+// src/commands/config/set.ts
+function registerConfigSet(parent) {
+  parent.command("set").argument("<key>", `Config key (${SETTABLE_CONFIG_KEYS.join(" | ")}).`).argument(
+    "<value>",
+    "New value. URL keys must be valid http:// or https:// URLs (validated on write)."
+  ).description(
+    "Write a config value. Validated against the schema on write, so a malformed URL fails loudly here rather than waiting for the next CLI command to crash. Refuses to change `apiUrl` while a runner-session is bound to a different server \u2014 logout (or use `geni login --server <url>`) to switch first."
+  ).action(async (key, value) => {
+    if (!isSettableConfigKey(key)) {
+      printError(
+        `Unknown config key "${key}". Valid keys: ${SETTABLE_CONFIG_KEYS.join(", ")}.`
+      );
+      exit(ExitCode.InvalidArgs);
+    }
+    const result = await configService.set({ key, value });
+    if (result.ok) {
+      printSuccess(`Set ${key} = ${value}`);
+      return;
+    }
+    switch (result.reason) {
+      case "invalid":
+        printError(`Invalid value for ${key}: ${result.error}.`);
+        exit(ExitCode.InvalidArgs);
+      // eslint-disable-next-line no-fallthrough
+      case "session_conflict":
+        printError(
+          `Refusing to change apiUrl: an active session is bound to ${result.sessionUrl}.`
+        );
+        printError(
+          `Run \`geni logout\` first, or switch in one step with \`geni login --server ${value}\`.`
+        );
+        exit(ExitCode.GenericError);
+      // eslint-disable-next-line no-fallthrough
+      default: {
+        const _exhaustive = result;
+        throw new Error(
+          `Unhandled set result: ${JSON.stringify(_exhaustive)}`
+        );
+      }
+    }
+  });
+}
+
+// src/commands/config/unset.ts
+function registerConfigUnset(parent) {
+  parent.command("unset").argument("<key>", `Config key (${SETTABLE_CONFIG_KEYS.join(" | ")}).`).description(
+    "Remove a key from the config file. The resolver falls back through env vars then the compiled-in default, so unsetting doesn't break the CLI; it just goes to the next layer. When the last key is removed, the file itself is deleted instead of leaving an empty config behind."
+  ).action(async (key) => {
+    if (!isSettableConfigKey(key)) {
+      printError(
+        `Unknown config key "${key}". Valid keys: ${SETTABLE_CONFIG_KEYS.join(", ")}.`
+      );
+      exit(ExitCode.InvalidArgs);
+    }
+    const result = await configService.unset({ key });
+    if (!result.wasSet) {
+      printSuccess(`${key} was already unset.`);
+      return;
+    }
+    printSuccess(`Unset ${key}.`);
+  });
+}
+
+// src/commands/config/path.ts
+function registerConfigPath(parent) {
+  parent.command("path").description(
+    "Print the absolute path to the config file. Useful in shell substitutions: `cat $(geni config path)`, `vim $(geni config path)`. Honors $GENI_CONFIG_DIR; defaults to ~/.config/geni/config.json. Always prints what the path WOULD be, the file may not exist yet."
+  ).action(() => {
+    process.stdout.write(configService.path + "\n");
+  });
+}
+
+// src/commands/config/index.ts
+function registerConfigCommands(program2) {
+  const config = program2.command("config").description(
+    "Read and write the persistent CLI config (`~/.config/geni/config.json` by default; honors $GENI_CONFIG_DIR). Holds defaults the resolver consults when nothing more specific is set, useful for pointing the CLI at a self-hosted or local-dev server without re-passing `--server` or exporting an env var on every shell."
+  ).action(() => executeConfigGet({}));
+  registerConfigGet(config);
+  registerConfigSet(config);
+  registerConfigUnset(config);
+  registerConfigPath(config);
+  config.addHelpText(
+    "after",
+    `
+Settable keys:
+  apiUrl         cloud API base URL used at fresh \`geni login\` time
+  dashboardUrl   dashboard base URL used by browser-opening commands
+                 (e.g. \`geni credential connect\`)
+
+Resolver precedence for apiUrl (highest wins):
+  1. session file's stored server   (locked at \`geni login\` time)
+  2. $GENI_API_URL env var
+  3. \`apiUrl\` in this config
+  4. compiled-in default (https://cloud.generalinput.com)
+
+Switching API URL after login:
+  $ geni logout
+  $ geni config set apiUrl http://localhost:4111
+  $ geni login
+The session token is bound to the URL it was minted against, so
+\`config set apiUrl <new>\` is refused while a session is active \u2014
+logout (or use \`geni login --server <url>\`) to switch in one step.
+`
+  );
+}
+
+// src/lib/skills.ts
+import { homedir as homedir2 } from "os";
+import { join as join2 } from "path";
+import {
+  mkdirSync,
+  writeFileSync,
+  existsSync,
+  readFileSync as readFileSync2,
+  unlinkSync,
+  rmSync
+} from "fs";
+
+// src/skills/geni.md
+var geni_default = '---\nname: geni\ndescription: Use the operator\'s connected services (Slack, Gmail, GitHub, Stripe, anything they\'ve authorized in General Input) to fulfill their request. Load this whenever the user wants you to take an action on their behalf against an external SaaS account, fetch data from one of their tools, or wire something up that crosses service boundaries. Powers two modes today, one-off requests via `geni exec bash`, plus workflows (coming soon).\n---\n\n# geni\n\n`geni` is the CLI that gives you (the agent) credentialed access to\nthe operator\'s connected accounts. The cloud injects their tokens as\nenv vars into a fresh bash subprocess; you write the `curl` and\nnever see the secret.\n\n## Two modes\n\n**1. One-off requests (available now).** The operator asks you to do\na thing once: "post a Slack message to #eng," "show me my last 10\nStripe charges," "create a GitHub issue from this thread." You\ndiscover the right credential and operation, then run a single\n`geni exec bash --cred <id>` to do it. This is the entire surface\narea you should use today.\n\n**2. Workflows (coming soon).** Durable, scheduled, reusable runs\n(cron-like jobs, webhook handlers, multi-step pipelines) will live\nunder `geni workflow`. Not supported yet. If the operator asks for\n"every morning at 9," "whenever a webhook fires," or anything that\nneeds to keep running after this session ends, tell them workflows\naren\'t available yet and offer to do the work as a one-off right\nnow instead.\n\n## One-off request flow\n\nAlways run discovery before constructing a request. The operation\ndocs tell you the exact env var names and HTTP shape, derive nothing.\n\n1. **Find a connected credential.** `geni credential list` returns\n   one row per credential the operator has access to (id, service,\n   title). Filter by service: `geni credential list --service slack`.\n\n2. **If the service isn\'t connected**, search the catalog and prompt\n   the operator: `geni integration list -q "<keyword>"`. Then\n   `geni credential connect <service>` opens the dashboard for them.\n\n3. **Find the operation you need.** `geni integration operations\n<service>` lists every operation the integration exposes. Filter\n   with `-q "<keyword>"`.\n\n4. **Read the operation\'s reference docs.** `geni integration\noperation <id> --format markdown` returns HTTP method, path,\n   params, response shape, AND the exact env var names that bash\n   will set when this credential is declared. **Always read this\n   before constructing a curl.** Guessing at URLs or env var names\n   is the most common failure mode.\n\n5. **Run the call.**\n   ```\n   geni exec bash --cred <cred_id> --reason "<what + why>" \\\n     -- \'<bash command using the env vars>\'\n   ```\n\n## Env var contract\n\nEvery credential\'s env vars are on the response of step 5\n(`credentials_resolved`) and on the operation docs from step 4. Read\nthem, don\'t derive.\n\n- **Per-field, suffixed**: `<SERVICE>_<FIELD>_<id>` (e.g.\n  `$SLACK_ACCESS_TOKEN_ABC`, `$SALESFORCE_INSTANCE_URL_KG`). The\n  `<id>` suffix is the credential id with `cred_` stripped, uppercased.\n  Suffix means two credentials of the same service can coexist in one\n  call without colliding.\n- **Canonical aliases (unsuffixed)**: well-known SDKs read fixed env\n  var names (`$GH_TOKEN`, `$GITHUB_TOKEN`, `$SLACK_BOT_TOKEN`,\n  `$OPENAI_API_KEY`, `$ANTHROPIC_API_KEY`, `$STRIPE_API_KEY`).\n  These are emitted alongside the suffixed names for tools that\n  hardcode them.\n- **Always-injected platform vars**: `$PLATFORM_API_KEY` /\n  `$PLATFORM_BASE_URL` are set on every `geni exec bash` (no\n  `--cred` needed). Use them to call General Input\'s first-party\n  services (image gen, weather, send-email, etc.).\n\n## Reasons matter\n\nThe `--reason` you supply on every `geni exec bash --cred ...`\ncall lands in the credential access log and is shown to the\noperator. Be specific: "Posting daily digest to #engineering on the\noperator\'s request" is good; "Slack call" is not. Re-state the reason\non every call. The audit log is per-call, not per-session.\n\n## Output is scrubbed\n\nstdout/stderr from the bash subprocess pass through a streaming\nscrubber that replaces every literal occurrence of a registered\nsecret with `[REDACTED:credential_<id>]`. You won\'t see the token\nback. Tools like `echo $TOKEN | base64` don\'t help either, the\nscrubber knows the common encodings.\n\n## Patterns\n\n**One credential, simple curl:**\n\n```\ngeni exec bash --cred cred_01HX --reason "Listing Slack channels" \\\n  -- \'curl -s -H "Authorization: Bearer $SLACK_BOT_TOKEN" https://slack.com/api/conversations.list | jq .channels\'\n```\n\n**Multiple credentials, fan-out (suffix keeps them distinct):**\n\n```\ngeni exec bash \\\n  --cred cred_slackA --reason "Posting to #engineering" \\\n  --cred cred_slackB --reason "Posting to #marketing" \\\n  -- \'curl ... $SLACK_ACCESS_TOKEN_SLACKA ...; curl ... $SLACK_ACCESS_TOKEN_SLACKB ...\'\n```\n\n**Platform service (no --cred needed):**\n\n```\ngeni exec bash \\\n  -- \'curl -s -X POST "$PLATFORM_BASE_URL/v1/web-search" \\\n        -H "Authorization: Bearer $PLATFORM_API_KEY" \\\n        -d "{\\"query\\":\\"general input\\"}"\'\n```\n\n## Exit codes\n\n| Code  | Meaning                                                              |\n| ----- | -------------------------------------------------------------------- |\n| 0     | Subprocess succeeded                                                 |\n| 1\u2013125 | Subprocess\'s own exit code (curl failed, jq parse error, etc.)       |\n| 4     | Resource not found (cred id, integration slug, operation id)         |\n| 5     | Forbidden, session valid but no access to this resource              |\n| 9     | Validation failed (bad flag combo, malformed input)                  |\n| 77    | Server refused to resolve a credential. Don\'t retry, surface to user |\n| 78    | Runner session missing or expired. Operator runs `geni login`        |\n| 124   | Timeout                                                              |\n| 125   | Internal CLI error                                                   |\n\n## Use `--json` everywhere for programmatic output\n\nEvery list/get command supports `--json` for machine-readable shape.\nUse it whenever you\'re going to parse the response. The table output\nis meant for humans.\n\n## Don\'t\n\n- Don\'t construct a curl without reading `geni integration operation\n<id>` first. The HTTP shape, required headers, and env var names\n  are all in the operation docs; deriving them from the service slug\n  is how you end up with 401s.\n- Don\'t reach for `run_managed_script` or any JS-script tool. `geni\nexec bash` is the only execution primitive locally. If you need\n  npm packages, your bash command can call `bun --install auto run -e\n\'...\'` (if bun is installed locally) or `python3 -c \'...\'` for\n  Python.\n- Don\'t promise the operator a recurring or scheduled job. Workflows\n  are coming soon but not shipped. Offer the one-off equivalent now.\n';
+
+// src/lib/skills.ts
+var GENI_SKILL_NAME = "geni";
+var GENI_SKILL_MD = geni_default;
+var home = homedir2();
+var claudeSkillsDir = join2(home, ".claude", "skills");
+var claudeGeniDir = join2(claudeSkillsDir, GENI_SKILL_NAME);
+var agentSkillsDir = join2(home, ".agents", "skills");
+var agentSkillsGeniDir = join2(agentSkillsDir, GENI_SKILL_NAME);
+var TARGETS = [
+  {
+    name: "Claude Code",
+    detect: () => existsSync(join2(home, ".claude")),
+    skillDir: claudeGeniDir,
+    skillPath: join2(claudeGeniDir, "SKILL.md"),
+    // Earlier versions of `geni skills install` wrote a loose .md file
+    // at `~/.claude/skills/geni.md`, which Claude Code silently ignores.
+    // Clean it up on install/uninstall so upgraders aren't left with a
+    // stale sibling that confuses `doctor`.
+    legacyPaths: [join2(claudeSkillsDir, `${GENI_SKILL_NAME}.md`)]
+  },
+  {
+    name: "Codex CLI / Gemini CLI / VS Code Copilot",
+    // Detection: any of the supporting agents has touched disk, or the
+    // shared `~/.agents/` dir already exists (likely written by another
+    // installer). We don't probe for VS Code Copilot Chat directly
+    // because it lives inside VS Code's user data with no clean
+    // home-dir signal — Copilot users typically have one of the CLIs
+    // installed too, and the install is idempotent if they don't.
+    detect: () => existsSync(join2(home, ".codex")) || existsSync(join2(home, ".gemini")) || existsSync(join2(home, ".agents")),
+    skillDir: agentSkillsGeniDir,
+    skillPath: join2(agentSkillsGeniDir, "SKILL.md"),
+    legacyPaths: []
+  }
+];
+function detectSkillTargets() {
+  const out = [];
+  for (const target of TARGETS) {
+    if (!target.detect()) continue;
+    out.push({ name: target.name, path: target.skillPath });
+  }
+  return out;
+}
+function installSkills() {
+  const results = [];
+  for (const target of TARGETS) {
+    if (!target.detect()) continue;
+    const path = target.skillPath;
+    try {
+      mkdirSync(target.skillDir, { recursive: true });
+      const previous = existsSync(path) ? readFileSync2(path, "utf-8") : null;
+      const changed = previous !== GENI_SKILL_MD;
+      writeFileSync(path, GENI_SKILL_MD);
+      for (const legacy of target.legacyPaths) {
+        if (existsSync(legacy)) unlinkSync(legacy);
+      }
+      results.push({
+        name: target.name,
+        path,
+        status: changed ? "updated" : "unchanged"
+      });
+    } catch (err) {
+      results.push({
+        name: target.name,
+        path,
+        status: "failed",
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  }
+  return results;
+}
+function uninstallSkills() {
+  const results = [];
+  for (const target of TARGETS) {
+    if (!target.detect()) continue;
+    const dir = target.skillDir;
+    const path = target.skillPath;
+    const legacies = target.legacyPaths.filter((p2) => existsSync(p2));
+    if (!existsSync(dir) && legacies.length === 0) {
+      results.push({ name: target.name, path, status: "absent" });
+      continue;
+    }
+    try {
+      rmSync(dir, { recursive: true, force: true });
+      for (const legacy of legacies) unlinkSync(legacy);
+      results.push({ name: target.name, path, status: "removed" });
+    } catch (err) {
+      results.push({
+        name: target.name,
+        path,
+        status: "failed",
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  }
+  return results;
+}
+
+// src/commands/skills/install.ts
+function registerSkillsInstall(parent) {
+  parent.command("install").description(
+    "Install the bundled geni skill into every detected AI agent (Claude Code, Codex CLI, Gemini CLI, VS Code Copilot Chat). Idempotent, safe to re-run after upgrading geni."
+  ).action(() => {
+    const targets = detectSkillTargets();
+    if (targets.length === 0) {
+      printWarning(
+        "No supported AI agent detected. Install Claude Code (https://claude.ai/download), Codex CLI, or Gemini CLI first, then re-run `geni skills install`."
+      );
+      exit(ExitCode.NotFound);
+    }
+    const results = installSkills();
+    for (const r of results) {
+      if (r.status === "failed") {
+        printError(`${r.name}: ${r.error ?? "failed"} (${r.path})`);
+        continue;
+      }
+      if (r.status === "updated") {
+        printSuccess(`${r.name}: ${r.path}`);
+      } else {
+        printInfo(`${r.name}: ${r.path} (already up to date)`);
+      }
+    }
+    const failed = results.some((r) => r.status === "failed");
+    exit(failed ? ExitCode.InternalError : ExitCode.Ok);
+  });
+}
+
+// src/commands/skills/uninstall.ts
+function registerSkillsUninstall(parent) {
+  parent.command("uninstall").description(
+    "Remove the geni skill from every detected AI agent. Leaves the agent itself untouched."
+  ).action(() => {
+    const results = uninstallSkills();
+    if (results.length === 0) {
+      printInfo("No supported AI agent detected; nothing to remove.");
+      exit(ExitCode.Ok);
+    }
+    for (const r of results) {
+      if (r.status === "failed") {
+        printError(`${r.name}: ${r.error ?? "failed"} (${r.path})`);
+        continue;
+      }
+      if (r.status === "removed") {
+        printSuccess(`${r.name}: removed ${r.path}`);
+      } else {
+        printInfo(`${r.name}: nothing to remove (${r.path} not present)`);
+      }
+    }
+    const failed = results.some((r) => r.status === "failed");
+    exit(failed ? ExitCode.InternalError : ExitCode.Ok);
+  });
+}
+
+// src/commands/skills/index.ts
+function registerSkillsCommands(program2) {
+  const skills = program2.command("skills").description(
+    "Install (or remove) the agent-facing geni instructions in your AI coding agent. Detects Claude Code (others coming) and writes a skill file the agent loads automatically."
+  );
+  registerSkillsInstall(skills);
+  registerSkillsUninstall(skills);
+}
+
+// src/commands/doctor.ts
+import chalk8 from "chalk";
+
+// src/lib/preflight.ts
+import { delimiter, join as join3 } from "path";
+import { accessSync, constants } from "fs";
+var REQUIRED_RUNTIME_DEPS = ["bash", "curl", "jq"];
+function findOnPath(name) {
+  const path = process.env.PATH;
+  if (!path) return null;
+  for (const dir of path.split(delimiter)) {
+    if (dir.length === 0) continue;
+    const candidate = join3(dir, name);
+    try {
+      accessSync(candidate, constants.X_OK);
+      return candidate;
+    } catch {
+    }
+  }
+  return null;
+}
+function checkRuntimeDeps() {
+  const found = {};
+  const missing = [];
+  for (const dep of REQUIRED_RUNTIME_DEPS) {
+    const path = findOnPath(dep);
+    found[dep] = path;
+    if (path === null) missing.push(dep);
+  }
+  return { missing, found };
+}
+function requireRuntimeDeps() {
+  const { missing } = checkRuntimeDeps();
+  if (missing.length === 0) return;
+  printError(
+    `Missing required tool(s) on $PATH: ${missing.join(", ")}. ${installHint(missing)}`
+  );
+  exit(ExitCode.InternalError);
+}
+function installHint(deps) {
+  const list = deps.join(" ");
+  switch (process.platform) {
+    case "darwin":
+      return `Install with: \`brew install ${list}\``;
+    case "linux":
+      return `Install with your distro's package manager, e.g. \`sudo apt install ${list}\` or \`sudo dnf install ${list}\``;
+    default:
+      return `Install ${list} before re-running.`;
+  }
+}
+
+// src/commands/doctor.ts
+import { existsSync as existsSync2, readFileSync as readFileSync3 } from "fs";
+function registerDoctorCommand(program2) {
+  program2.command("doctor").description(
+    "Diagnose your geni setup: required system tools, active session, network reach to the cloud, and skill installation across detected AI agents. Prints a checklist with \u2713/\u2717 for each."
+  ).action(async () => {
+    const checks = [];
+    checks.push(...runtimeDepsCheck());
+    checks.push(...await sessionCheck());
+    checks.push(...skillsCheck());
+    printReport(checks);
+    const failures = checks.filter((c) => c.status === "fail").length;
+    exit(failures > 0 ? ExitCode.GenericError : ExitCode.Ok);
+  });
+}
+function runtimeDepsCheck() {
+  const { found, missing } = checkRuntimeDeps();
+  const out = [];
+  for (const dep of REQUIRED_RUNTIME_DEPS) {
+    const path = found[dep];
+    if (path) {
+      out.push({
+        label: `${dep} on $PATH`,
+        status: "pass",
+        detail: path
+      });
+    } else {
+      out.push({
+        label: `${dep} on $PATH`,
+        status: "fail",
+        detail: `not found. ${installHint([dep])}`
+      });
+    }
+  }
+  if (missing.length > 1) {
+    out.push({
+      label: "install hint",
+      status: "warn",
+      detail: installHint(missing)
+    });
+  }
+  return out;
+}
+async function sessionCheck() {
+  const session = await sessionContextService.load();
+  if (!session) {
+    return [
+      {
+        label: "runner session",
+        status: "fail",
+        detail: "no session on disk. Run `geni login` to authenticate."
+      }
+    ];
+  }
+  const out = [
+    {
+      label: "runner session",
+      status: "pass",
+      detail: `${session.user.email ?? session.user.id} on ${session.server}`
+    },
+    {
+      label: "active workspace",
+      status: "pass",
+      detail: `${session.workspace.slug} (${session.workspace.role})`
+    }
+  ];
+  try {
+    await authService.status();
+    out.push({
+      label: "server reachable + session valid",
+      status: "pass",
+      detail: session.server
+    });
+  } catch (err) {
+    if (err instanceof ApiError && err.status === 401) {
+      out.push({
+        label: "server reachable + session valid",
+        status: "fail",
+        detail: "session token rejected. Run `geni login` to re-authenticate."
+      });
+    } else {
+      const detail = err instanceof Error ? err.message : String(err);
+      out.push({
+        label: "server reachable",
+        status: "fail",
+        detail: `${session.server} unreachable: ${detail}`
+      });
+    }
+  }
+  return out;
+}
+function skillsCheck() {
+  const targets = detectSkillTargets();
+  if (targets.length === 0) {
+    return [
+      {
+        label: "AI agent detected",
+        status: "warn",
+        detail: "no supported agent installed yet. Install Claude Code (https://claude.ai/download) and re-run `geni doctor`."
+      }
+    ];
+  }
+  const out = [];
+  for (const target of targets) {
+    if (!existsSync2(target.path)) {
+      out.push({
+        label: `${target.name} skill installed`,
+        status: "fail",
+        detail: `${target.path} missing. Run \`geni skills install\` to write it.`
+      });
+      continue;
+    }
+    const onDisk = readFileSync3(target.path, "utf-8");
+    if (onDisk === GENI_SKILL_MD) {
+      out.push({
+        label: `${target.name} skill installed`,
+        status: "pass",
+        detail: `${target.path} (current)`
+      });
+    } else {
+      out.push({
+        label: `${target.name} skill installed`,
+        status: "warn",
+        detail: `${target.path} is out of date. Run \`geni skills install\` to refresh.`
+      });
+    }
+  }
+  return out;
+}
+function printReport(checks) {
+  for (const check of checks) {
+    const mark = check.status === "pass" ? chalk8.green("\u2713") : check.status === "warn" ? chalk8.yellow("!") : chalk8.red("\u2717");
+    process.stdout.write(`${mark} ${check.label}
+`);
+    process.stdout.write(`  ${chalk8.dim(check.detail)}
+`);
+  }
+  const fails = checks.filter((c) => c.status === "fail").length;
+  const warns = checks.filter((c) => c.status === "warn").length;
+  process.stdout.write("\n");
+  if (fails === 0 && warns === 0) {
+    process.stdout.write(chalk8.green("All checks passed.\n"));
+  } else {
+    process.stdout.write(
+      `${fails} failure${fails === 1 ? "" : "s"}, ${warns} warning${warns === 1 ? "" : "s"}.
+`
+    );
+  }
+}
+
+// src/cli.ts
+var program = new Command();
+program.name("geni").description(
+  "The agent-facing CLI for General Input. Discover the integrations and credentials the operator has connected, then run shell commands with those credentials injected as env vars by the cloud (audit-logged, output-scrubbed)."
+).version(CLI_VERSION, "-v, --version", "Print the geni version and exit.").showHelpAfterError().option(
+  "--workspace <slug>",
+  "Override the active workspace for this invocation. Without it, commands run against the workspace set by `geni workspace switch`."
+);
+registerAuthCommands(program);
+registerWorkspaceCommands(program);
+registerExecCommands(program);
+registerCredentialCommands(program);
+registerIntegrationCommands(program);
+registerConfigCommands(program);
+registerSkillsCommands(program);
+registerDoctorCommand(program);
+program.addHelpText(
+  "after",
+  `
+Typical agent flow:
+  1. geni integration list -q "<keyword>"             find a service
+  2. geni integration operations <service> -q "..."   find an operation
+  3. geni integration operation <opId>                read its reference (env vars, auth header, example). ALWAYS do this before writing a curl
+  4. geni credential list --service <service>         find a connected credential
+  5. geni exec bash --cred <id> --reason "..." -- '<command>'
+
+Discovery (steps 1-4) is read-only and free; only step 5 resolves
+credentials and runs code, audit-logged with the reason you supplied.
+
+First time?  geni login   then  geni config get  to verify the API URL.
+Run any command with --help for its full reference.`
+);
+if (shouldRunPreflight(process.argv)) {
+  requireRuntimeDeps();
+}
+function shouldRunPreflight(argv) {
+  const firstArg = argv[2];
+  if (!firstArg) return false;
+  if (firstArg === "doctor") return false;
+  if (firstArg === "--help" || firstArg === "-h") return false;
+  if (firstArg === "--version" || firstArg === "-v") return false;
+  return true;
+}
+try {
+  await program.parseAsync(process.argv);
+} catch (err) {
+  if (err instanceof ApiError && err.status === 426) {
+    printError(err.message);
+    exit(ExitCode.UpgradeRequired);
+  }
+  throw err;
+}
+//# sourceMappingURL=cli.js.map