@getpara/cli 2.15.0 → 2.15.1

package/dist/commands/keys/config/index.js

@@ -26,24 +26,32 @@ Each category also accepts flags for non-interactive use:
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config2 = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config2.environment);
+    const session = await ensureAuthenticated(config2.backend);
     if (!config2.organizationId || !config2.projectId) {
       throw new CliError(
         "Organization and project required. Run `para orgs switch` and `para projects switch`, or pass --org and --project."
       );
     }
     const client = new ParaApiClient({
-      environment: config2.environment,
+      backend: config2.backend,
       sessionId: session.sessionId
     });
     const { keyId, key } = await resolveKeyId(
       client,
       config2.organizationId,
       config2.projectId,
-      config2.environment,
+      config2.keyEnvironment,
       keyIdArg
     );
-    await runInteractiveMenu(client, config2.organizationId, config2.projectId, config2.environment, keyId, key, formatter);
+    await runInteractiveMenu(
+      client,
+      config2.organizationId,
+      config2.projectId,
+      config2.keyEnvironment,
+      keyId,
+      key,
+      formatter
+    );
   });
   registerSecurityConfigCommand(config);
   registerBrandingConfigCommand(config);

package/dist/commands/keys/config/ramps.js

@@ -42,28 +42,28 @@ function registerRampsConfigCommand(parent) {
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     if (!config.organizationId || !config.projectId) {
       throw new CliError(
         "Organization and project required. Run `para orgs switch` and `para projects switch`, or pass --org and --project."
       );
     }
     const client = new ParaApiClient({
-      environment: config.environment,
+      backend: config.backend,
       sessionId: session.sessionId
     });
     const { keyId, key } = await resolveKeyId(
       client,
       config.organizationId,
       config.projectId,
-      config.environment,
+      config.keyEnvironment,
       keyIdArg
     );
     await runRampsAction(
       client,
       config.organizationId,
       config.projectId,
-      config.environment,
+      config.keyEnvironment,
       keyId,
       key,
       formatter,
@@ -176,7 +176,7 @@ async function runRampsAction(client, orgId, projectId, environment, keyId, curr
   }
   await client.updateApiKey(orgId, projectId, environment, keyId, updates);
   formatter.json({ keyId, updated: updates });
-  formatter.success("Updated ramp settings.");
+  formatter.success(`Updated ramps on ${currentKey.displayName || currentKey.name} (${currentKey.environment})`);
   formatter.flush();
 }
 export {

package/dist/commands/keys/config/security.js

@@ -32,28 +32,28 @@ function registerSecurityConfigCommand(parent) {
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     if (!config.organizationId || !config.projectId) {
       throw new CliError(
         "Organization and project required. Run `para orgs switch` and `para projects switch`, or pass --org and --project."
       );
     }
     const client = new ParaApiClient({
-      environment: config.environment,
+      backend: config.backend,
       sessionId: session.sessionId
     });
     const { keyId, key } = await resolveKeyId(
       client,
       config.organizationId,
       config.projectId,
-      config.environment,
+      config.keyEnvironment,
       keyIdArg
     );
     await runSecurityAction(
       client,
       config.organizationId,
       config.projectId,
-      config.environment,
+      config.keyEnvironment,
       keyId,
       key,
       formatter,
@@ -203,7 +203,7 @@ async function runSecurityAction(client, orgId, projectId, environment, keyId, c
     await client.updateIpAllowlist(orgId, projectId, environment, keyId, ipUpdates);
   }
   formatter.json({ keyId, updated: { ...updates, ...hasIpUpdates ? { ipAllowlistCidrs: ipUpdates } : {} } });
-  formatter.success("Updated security settings.");
+  formatter.success(`Updated security on ${currentKey.displayName || currentKey.name} (${currentKey.environment})`);
   formatter.flush();
 }
 export {

package/dist/commands/keys/config/setup.js

@@ -35,28 +35,28 @@ function registerSetupConfigCommand(parent) {
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     if (!config.organizationId || !config.projectId) {
       throw new CliError(
         "Organization and project required. Run `para orgs switch` and `para projects switch`, or pass --org and --project."
       );
     }
     const client = new ParaApiClient({
-      environment: config.environment,
+      backend: config.backend,
       sessionId: session.sessionId
     });
     const { keyId, key } = await resolveKeyId(
       client,
       config.organizationId,
       config.projectId,
-      config.environment,
+      config.keyEnvironment,
       keyIdArg
     );
     await runSetupAction(
       client,
       config.organizationId,
       config.projectId,
-      config.environment,
+      config.keyEnvironment,
       keyId,
       key,
       formatter,
@@ -226,7 +226,7 @@ async function runSetupAction(client, orgId, projectId, environment, keyId, curr
   }
   await client.updateApiKey(orgId, projectId, environment, keyId, updates);
   formatter.json({ keyId, updated: updates });
-  formatter.success("Updated setup settings.");
+  formatter.success(`Updated setup on ${currentKey.displayName || currentKey.name} (${currentKey.environment})`);
   formatter.flush();
 }
 export {

package/dist/commands/keys/config/webhooks.d.ts

@@ -13,6 +13,6 @@ interface WebhooksFlags {
     yes?: boolean;
 }
 export declare function registerWebhooksConfigCommand(parent: Command): void;
-export declare function runWebhooksAction(client: ParaApiClient, orgId: string, projectId: string, environment: string, keyId: string, _currentKey: ApiKey, formatter: OutputFormatter, flags?: WebhooksFlags): Promise<void>;
+export declare function runWebhooksAction(client: ParaApiClient, orgId: string, projectId: string, environment: string, keyId: string, key: ApiKey, formatter: OutputFormatter, flags?: WebhooksFlags): Promise<void>;
 export {};
 //# sourceMappingURL=webhooks.d.ts.map

package/dist/commands/keys/config/webhooks.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../../../../src/commands/keys/config/webhooks.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIzC,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAEvD,OAAO,KAAK,EAAE,MAAM,EAAiB,MAAM,uBAAuB,CAAC;AAEnE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAKpE,UAAU,aAAa;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CAgEnE;AA0BD,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,aAAa,EACrB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,eAAe,EAC1B,KAAK,CAAC,EAAE,aAAa,GACpB,OAAO,CAAC,IAAI,CAAC,CA6Of"}
+{"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../../../../src/commands/keys/config/webhooks.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAIzC,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAEvD,OAAO,KAAK,EAAE,MAAM,EAAiB,MAAM,uBAAuB,CAAC;AAEnE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAKpE,UAAU,aAAa;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CAgEnE;AA0BD,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,aAAa,EACrB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,eAAe,EAC1B,KAAK,CAAC,EAAE,aAAa,GACpB,OAAO,CAAC,IAAI,CAAC,CA8Of"}

package/dist/commands/keys/config/webhooks.js

@@ -25,28 +25,28 @@ Event types: user.created, wallet.created, transaction.signed, send.broadcasted,
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     if (!config.organizationId || !config.projectId) {
       throw new CliError(
         "Organization and project required. Run `para orgs switch` and `para projects switch`, or pass --org and --project."
       );
     }
     const client = new ParaApiClient({
-      environment: config.environment,
+      backend: config.backend,
       sessionId: session.sessionId
     });
     const { keyId, key } = await resolveKeyId(
       client,
       config.organizationId,
       config.projectId,
-      config.environment,
+      config.keyEnvironment,
       keyIdArg
     );
     await runWebhooksAction(
       client,
       config.organizationId,
       config.projectId,
-      config.environment,
+      config.keyEnvironment,
       keyId,
       key,
       formatter,
@@ -74,7 +74,8 @@ function formatWebhookStatus(webhook) {
   p.log.info(`Enabled: ${webhook.enabled ? "yes" : "no"}`);
   p.log.info(`Events:  ${webhook.events.length ? webhook.events.join(", ") : "(none)"}`);
 }
-async function runWebhooksAction(client, orgId, projectId, environment, keyId, _currentKey, formatter, flags) {
+async function runWebhooksAction(client, orgId, projectId, environment, keyId, key, formatter, flags) {
+  const keyLabel = `${key.displayName || key.name} (${key.environment})`;
   const isInteractive = !hasAnyFlag(flags);
   if (hasOperationFlag(flags)) {
     const ops = [flags?.status, flags?.test, flags?.rotateSecret, flags?.delete].filter(Boolean);
@@ -95,7 +96,7 @@ async function runWebhooksAction(client, orgId, projectId, environment, keyId, _
       const result = await client.testWebhook(orgId, projectId, environment, keyId);
       formatter.json({ success: result.success, timestamp: result.timestamp });
       if (result.success) {
-        formatter.success("Test webhook sent successfully.");
+        formatter.success(`Test webhook sent on ${keyLabel}`);
       } else {
         formatter.error("Test webhook delivery failed.");
       }
@@ -112,7 +113,7 @@ async function runWebhooksAction(client, orgId, projectId, environment, keyId, _
       }
       const result = await client.rotateWebhookSecret(orgId, projectId, environment, keyId);
       formatter.json({ secret: result.secret });
-      formatter.success("Rotated webhook signing secret.");
+      formatter.success(`Rotated webhook secret on ${keyLabel}`);
       p.log.warn(`New secret: ${result.secret}`);
       p.log.warn("Save this now \u2014 it will not be shown again.");
       formatter.flush();
@@ -128,7 +129,7 @@ async function runWebhooksAction(client, orgId, projectId, environment, keyId, _
       }
       await client.deleteWebhookConfig(orgId, projectId, environment, keyId);
       formatter.json({ deleted: true });
-      formatter.success("Deleted webhook configuration.");
+      formatter.success(`Deleted webhook on ${keyLabel}`);
       formatter.flush();
       return;
     }
@@ -160,7 +161,7 @@ async function runWebhooksAction(client, orgId, projectId, environment, keyId, _
     }
     const result = await client.updateWebhookConfig(orgId, projectId, environment, keyId, { url, events, enabled });
     formatter.json({ webhook: result.webhook, ...result.secret ? { secret: result.secret } : {} });
-    formatter.success("Updated webhook settings.");
+    formatter.success(`Updated webhook on ${keyLabel}`);
     if (result.secret) {
       p.log.warn(`Webhook signing secret: ${result.secret}`);
       p.log.warn("Save this now \u2014 it will not be shown again.");
@@ -192,7 +193,7 @@ async function runWebhooksAction(client, orgId, projectId, environment, keyId, _
       enabled
     });
     formatter.json({ webhook: result.webhook, ...result.secret ? { secret: result.secret } : {} });
-    formatter.success("Created webhook configuration.");
+    formatter.success(`Created webhook on ${keyLabel}`);
     if (result.secret) {
       p.log.warn(`Webhook signing secret: ${result.secret}`);
       p.log.warn("Save this now \u2014 it will not be shown again.");
@@ -237,7 +238,7 @@ async function runWebhooksAction(client, orgId, projectId, environment, keyId, _
         events,
         enabled
       });
-      formatter.success("Updated webhook settings.");
+      formatter.success(`Updated webhook on ${keyLabel}`);
       if (result.secret) {
         p.log.warn(`Webhook signing secret: ${result.secret}`);
         p.log.warn("Save this now \u2014 it will not be shown again.");
@@ -246,7 +247,7 @@ async function runWebhooksAction(client, orgId, projectId, environment, keyId, _
     if (action === "test") {
       const result = await client.testWebhook(orgId, projectId, environment, keyId);
       if (result.success) {
-        formatter.success("Test webhook sent successfully.");
+        formatter.success(`Test webhook sent on ${keyLabel}`);
       } else {
         formatter.error("Test webhook delivery failed.");
       }
@@ -256,7 +257,7 @@ async function runWebhooksAction(client, orgId, projectId, environment, keyId, _
       const confirmed = await confirm("Rotate webhook signing secret?");
       if (confirmed) {
         const result = await client.rotateWebhookSecret(orgId, projectId, environment, keyId);
-        formatter.success("Rotated webhook signing secret.");
+        formatter.success(`Rotated webhook secret on ${keyLabel}`);
         p.log.warn(`New secret: ${result.secret}`);
         p.log.warn("Save this now \u2014 it will not be shown again.");
       }
@@ -266,7 +267,7 @@ async function runWebhooksAction(client, orgId, projectId, environment, keyId, _
       const confirmed = await confirm("Delete webhook?");
       if (confirmed) {
         await client.deleteWebhookConfig(orgId, projectId, environment, keyId);
-        formatter.success("Deleted webhook configuration.");
+        formatter.success(`Deleted webhook on ${keyLabel}`);
         break;
       }
     }

package/dist/commands/keys/create.js

@@ -16,7 +16,7 @@ The secret key is only shown once on creation \u2014 save it immediately.`)
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     if (!config.organizationId || !config.projectId) {
       throw new CliError(
         "Organization and project required. Run `para orgs switch` and `para projects switch`, or pass --org and --project."
@@ -28,10 +28,10 @@ The secret key is only shown once on creation \u2014 save it immediately.`)
       }
     });
     const client = new ParaApiClient({
-      environment: config.environment,
+      backend: config.backend,
       sessionId: session.sessionId
     });
-    const key = await client.createApiKey(config.organizationId, config.projectId, config.environment, {
+    const key = await client.createApiKey(config.organizationId, config.projectId, config.keyEnvironment, {
       name,
       displayName: cmdOpts.displayName
     });

package/dist/commands/keys/get.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../src/commands/keys/get.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA2BzC,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CA+E5D"}
+{"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../src/commands/keys/get.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AA4BzC,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CA2F5D"}

package/dist/commands/keys/get.js

@@ -4,6 +4,7 @@ import { resolveConfig } from "../../config/config-manager.js";
 import { ParaApiClient } from "../../api/client.js";
 import { CliError } from "../../core/error-handler.js";
 import { maskSecret } from "../../output/mask.js";
+import { resolveKeyId } from "./config/categories.js";
 async function copyToClipboard(value) {
   try {
     const { execFileSync } = await import("node:child_process");
@@ -23,68 +24,72 @@ async function copyToClipboard(value) {
   }
 }
 function registerKeysGetCommand(parent) {
-  parent.command("get").description("Get details of a specific API key").argument("<key-id>", "API key ID").option("--show-secret", "Show the full secret API key").option("--copy", "Copy the public API key to clipboard").option("--copy-secret", "Copy the secret API key to clipboard").addHelpText(
+  parent.command("get").description("Get details of an API key").argument("[key-id]", "API key ID (resolved from project + environment if omitted)").option("--show-secret", "Show the full secret API key").option("--copy", "Copy the public API key to clipboard").option("--copy-secret", "Copy the secret API key to clipboard").addHelpText(
     "after",
     helpText(`Examples:
-  $ para keys get abc-123             Show name, public key, masked secret, env, origins
-  $ para keys get abc-123 --copy      Copy the public API key to your clipboard
-  $ para keys get abc-123 --copy-secret  Copy the secret key (for .env files)
-  $ para keys get abc-123 --show-secret  Print the full unmasked secret key`)
-  ).action(async (keyId, cmdOpts, cmd) => {
-    const opts = await getGlobalOptions(cmd);
-    const formatter = createFormatter(opts);
-    const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
-    if (!config.organizationId || !config.projectId) {
-      throw new CliError(
-        "Organization and project required. Run `para orgs switch` and `para projects switch`, or pass --org and --project."
-      );
-    }
-    const client = new ParaApiClient({
-      environment: config.environment,
-      sessionId: session.sessionId
-    });
-    const key = await client.getApiKey(config.organizationId, config.projectId, config.environment, keyId);
-    if (cmdOpts.copy || cmdOpts.copySecret) {
-      const valueToCopy = cmdOpts.copySecret ? key.secretApiKey : key.apiKey;
-      if (valueToCopy) {
-        const copied = await copyToClipboard(valueToCopy);
-        if (copied) {
-          formatter.success(`${cmdOpts.copySecret ? "Secret API key" : "API key"} copied to clipboard.`);
-          formatter.flush();
-          return;
-        }
-        formatter.warn("Could not copy to clipboard. Displaying instead.");
+  $ para keys get                       Show the beta key for the active project
+  $ para keys get -e prod               Show the prod key
+  $ para keys get abc-123               Show a specific key by ID
+  $ para keys get --copy                Copy the beta API key to your clipboard
+  $ para keys get -e prod --copy-secret Copy the prod secret key (for .env files)
+  $ para keys get --show-secret         Print the full unmasked secret key`)
+  ).action(
+    async (keyIdArg, cmdOpts, cmd) => {
+      const opts = await getGlobalOptions(cmd);
+      const formatter = createFormatter(opts);
+      const config = await resolveConfig(opts);
+      const session = await ensureAuthenticated(config.backend);
+      if (!config.organizationId || !config.projectId) {
+        throw new CliError(
+          "Organization and project required. Run `para orgs switch` and `para projects switch`, or pass --org and --project."
+        );
       }
-    }
-    if (opts.json) {
-      formatter.json({
-        id: key.id,
-        name: key.name,
-        displayName: key.displayName,
-        apiKey: key.apiKey,
-        secretApiKey: cmdOpts.showSecret ? key.secretApiKey : key.secretApiKey ? maskSecret(key.secretApiKey) : void 0,
-        environment: key.environment,
-        archived: key.archived,
-        origins: key.origins
+      const client = new ParaApiClient({
+        backend: config.backend,
+        sessionId: session.sessionId
       });
-    } else {
-      formatter.detail([
-        { label: "Name", value: key.displayName || key.name },
-        { label: "ID", value: key.id },
-        { label: "API Key", value: key.apiKey },
-        {
-          label: "Secret Key",
-          value: key.secretApiKey || "N/A",
-          mask: !cmdOpts.showSecret
-        },
-        { label: "Environment", value: key.environment },
-        { label: "Status", value: key.archived ? "archived" : "active" },
-        ...key.origins?.length ? [{ label: "Origins", value: key.origins.join(", ") }] : []
-      ]);
+      const { key } = await resolveKeyId(client, config.organizationId, config.projectId, config.keyEnvironment, keyIdArg);
+      if (cmdOpts.copy || cmdOpts.copySecret) {
+        const valueToCopy = cmdOpts.copySecret ? key.secretApiKey : key.apiKey;
+        if (valueToCopy) {
+          const copied = await copyToClipboard(valueToCopy);
+          if (copied) {
+            formatter.success(`${cmdOpts.copySecret ? "Secret API key" : "API key"} copied to clipboard.`);
+            formatter.flush();
+            return;
+          }
+          formatter.warn("Could not copy to clipboard. Displaying instead.");
+        }
+      }
+      if (opts.json) {
+        formatter.json({
+          id: key.id,
+          name: key.name,
+          displayName: key.displayName,
+          apiKey: key.apiKey,
+          secretApiKey: cmdOpts.showSecret ? key.secretApiKey : key.secretApiKey ? maskSecret(key.secretApiKey) : void 0,
+          environment: key.environment,
+          archived: key.archived,
+          origins: key.origins
+        });
+      } else {
+        formatter.detail([
+          { label: "Name", value: key.displayName || key.name },
+          { label: "ID", value: key.id },
+          { label: "API Key", value: key.apiKey },
+          {
+            label: "Secret Key",
+            value: key.secretApiKey || "N/A",
+            mask: !cmdOpts.showSecret
+          },
+          { label: "Environment", value: key.environment },
+          { label: "Status", value: key.archived ? "archived" : "active" },
+          ...key.origins?.length ? [{ label: "Origins", value: key.origins.join(", ") }] : []
+        ]);
+      }
+      formatter.flush();
     }
-    formatter.flush();
-  });
+  );
 }
 export {
   registerKeysGetCommand

package/dist/commands/keys/list.js

@@ -17,17 +17,17 @@ Requires an active org and project. Run "para orgs switch" and "para projects sw
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     if (!config.organizationId || !config.projectId) {
       throw new CliError(
         "Organization and project required. Run `para orgs switch` and `para projects switch`, or pass --org and --project."
       );
     }
     const client = new ParaApiClient({
-      environment: config.environment,
+      backend: config.backend,
       sessionId: session.sessionId
     });
-    const keys = await client.getApiKeys(config.organizationId, config.projectId, config.environment);
+    const keys = await client.getApiKeys(config.organizationId, config.projectId, config.keyEnvironment);
     const filtered = cmdOpts.includeArchived ? keys : keys.filter((k) => !k.archived);
     if (opts.json) {
       formatter.json(

package/dist/commands/keys/rotate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rotate.d.ts","sourceRoot":"","sources":["../../../src/commands/keys/rotate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAQzC,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CAiE/D"}
+{"version":3,"file":"rotate.d.ts","sourceRoot":"","sources":["../../../src/commands/keys/rotate.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AASzC,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CA0E/D"}

package/dist/commands/keys/rotate.js

@@ -4,25 +4,39 @@ import { resolveConfig } from "../../config/config-manager.js";
 import { ParaApiClient } from "../../api/client.js";
 import { CliError } from "../../core/error-handler.js";
 import { confirm } from "../../output/prompts.js";
+import { resolveKeyId } from "./config/categories.js";
 function registerKeysRotateCommand(parent) {
-  parent.command("rotate").description("Rotate an API key").argument("<key-id>", "API key ID to rotate").option("--secret", "Rotate the secret key instead of the public key").option("-y, --yes", "Skip confirmation prompt").addHelpText(
+  parent.command("rotate").description("Rotate an API key").argument("[key-id]", "API key ID to rotate (resolved from project + environment if omitted)").option("--secret", "Rotate the secret key instead of the public key").option("-y, --yes", "Skip confirmation prompt").addHelpText(
     "after",
     helpText(`Examples:
-  $ para keys rotate abc-123          Generates a new public key (asks for confirmation)
-  $ para keys rotate abc-123 --secret Rotate the secret key instead of the public key
-  $ para keys rotate abc-123 -y       Skip the confirmation prompt (for scripts)
+  $ para keys rotate                  Rotate the beta key (asks for confirmation)
+  $ para keys rotate -e prod          Rotate the prod key
+  $ para keys rotate abc-123          Rotate a specific key by ID
+  $ para keys rotate --secret         Rotate the secret key instead of the public key
+  $ para keys rotate -y               Skip the confirmation prompt (for scripts)
 
 This is irreversible \u2014 the old key stops working immediately.`)
-  ).action(async (keyId, cmdOpts, cmd) => {
+  ).action(async (keyIdArg, cmdOpts, cmd) => {
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     if (!config.organizationId || !config.projectId) {
       throw new CliError(
         "Organization and project required. Run `para orgs switch` and `para projects switch`, or pass --org and --project."
       );
     }
+    const client = new ParaApiClient({
+      backend: config.backend,
+      sessionId: session.sessionId
+    });
+    const { keyId, key } = await resolveKeyId(
+      client,
+      config.organizationId,
+      config.projectId,
+      config.keyEnvironment,
+      keyIdArg
+    );
     const keyType = cmdOpts.secret ? "secret" : "public";
     if (!cmdOpts.yes) {
       const confirmed = await confirm(`Are you sure you want to rotate the ${keyType} API key? This cannot be undone.`);
@@ -31,11 +45,7 @@ This is irreversible \u2014 the old key stops working immediately.`)
         return;
       }
     }
-    const client = new ParaApiClient({
-      environment: config.environment,
-      sessionId: session.sessionId
-    });
-    const result = cmdOpts.secret ? await client.rotateSecretApiKey(config.organizationId, config.projectId, config.environment, keyId) : await client.rotateApiKey(config.organizationId, config.projectId, config.environment, keyId);
+    const result = cmdOpts.secret ? await client.rotateSecretApiKey(config.organizationId, config.projectId, config.keyEnvironment, keyId) : await client.rotateApiKey(config.organizationId, config.projectId, config.keyEnvironment, keyId);
     if (opts.json) {
       formatter.json({
         id: keyId,
@@ -45,7 +55,7 @@ This is irreversible \u2014 the old key stops working immediately.`)
     } else if (opts.quiet) {
       console.log(result.newKey);
     } else {
-      formatter.success(`Rotated ${keyType} API key`);
+      formatter.success(`Rotated ${keyType} key on ${key.displayName || key.name} (${key.environment})`);
       formatter.detail([
         { label: "Key ID", value: keyId },
         { label: `New ${keyType} key`, value: result.newKey }

package/dist/commands/orgs/list.js

@@ -13,9 +13,9 @@ function registerOrgsListCommand(parent) {
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     const client = new ParaApiClient({
-      environment: config.environment,
+      backend: config.backend,
       sessionId: session.sessionId
     });
     let userId = session.userId;

package/dist/commands/orgs/switch.js

@@ -17,9 +17,9 @@ Required before using projects or keys commands.`)
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     const client = new ParaApiClient({
-      environment: config.environment,
+      backend: config.backend,
       sessionId: session.sessionId
     });
     let userId = session.userId;

package/dist/commands/projects/archive.js

@@ -17,7 +17,7 @@ Archived projects can be restored with "para projects restore".`)
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     if (!config.organizationId) {
       throw new CliError("No organization selected. Run `para orgs switch` or pass --org <id>.");
     }
@@ -34,7 +34,7 @@ Archived projects can be restored with "para projects restore".`)
       }
     }
     const client = new ParaApiClient({
-      environment: config.environment,
+      backend: config.backend,
       sessionId: session.sessionId
     });
     await client.deleteProject(config.organizationId, projectId);

package/dist/commands/projects/create.js

@@ -17,7 +17,7 @@ Requires an active organization. Run "para orgs switch" first.`)
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     if (!config.organizationId) {
       throw new CliError("No organization selected. Run `para orgs switch` or pass --org <id>.");
     }
@@ -27,7 +27,7 @@ Requires an active organization. Run "para orgs switch" first.`)
       }
     });
     const client = new ParaApiClient({
-      environment: config.environment,
+      backend: config.backend,
       sessionId: session.sessionId
     });
     const project = await client.createProject(config.organizationId, {

package/dist/commands/projects/list.js

@@ -16,12 +16,12 @@ Requires an active organization. Run "para orgs switch" first.`)
     const opts = await getGlobalOptions(cmd);
     const formatter = createFormatter(opts);
     const config = await resolveConfig(opts);
-    const session = await ensureAuthenticated(config.environment);
+    const session = await ensureAuthenticated(config.backend);
     if (!config.organizationId) {
       throw new CliError("No organization selected. Run `para orgs switch` or pass --org <id>.");
     }
     const client = new ParaApiClient({
-      environment: config.environment,
+      backend: config.backend,
       sessionId: session.sessionId
     });
     const projects = await client.getProjects(config.organizationId);