@girardmedia/bootspring 2.0.21 → 2.0.23

package/src/core/api-client.ts

@@ -0,0 +1,1120 @@
+/**
+ * Bootspring API Client
+ *
+ * Handles all communication with api.bootspring.com
+ * This is the thin-client version that requires API for all operations.
+ *
+ * @package bootspring
+ * @module core/api-client
+ */
+
+import * as https from 'https';
+import * as http from 'http';
+import * as crypto from 'crypto';
+import * as auth from './auth';
+import type { LoginResponse as AuthLoginResponse } from './auth';
+import * as session from './session';
+
+// ============================================================================
+// Types
+// ============================================================================
+
+export interface ApiRequestOptions {
+  headers?: Record<string, string> | undefined;
+  timeout?: number | undefined;
+  noCache?: boolean | undefined;
+}
+
+export interface ApiError extends Error {
+  status?: number | undefined;
+  code?: string | undefined;
+  details?: unknown | undefined;
+}
+
+export interface HealthCheckResult {
+  connected: boolean;
+  version?: string | undefined;
+  error?: string | undefined;
+}
+
+export interface DeviceCodeResponse {
+  device_code: string;
+  user_code: string;
+  verification_uri: string;
+  expires_in: number;
+  interval: number;
+}
+
+export interface DeviceTokenResponse {
+  access_token: string;
+  refresh_token: string;
+  token_type: string;
+  expires_in: number;
+  user: UserData;
+}
+
+export interface UserData {
+  id: string;
+  email: string;
+  name?: string | undefined;
+  tier: string;
+  [key: string]: unknown;
+}
+
+// Use AuthLoginResponse from auth.ts module
+
+export interface ApiKeyValidationResponse {
+  valid: boolean;
+  tier: string;
+  scopes: string[];
+  project?: ProjectData | undefined;
+  device?: unknown | undefined;
+  usage?: unknown | undefined;
+  error?: string | undefined;
+}
+
+export interface ProjectData {
+  id: string;
+  name: string;
+  [key: string]: unknown;
+}
+
+export interface Agent {
+  id: string;
+  name: string;
+  description?: string | undefined;
+  tier?: string | undefined;
+  [key: string]: unknown;
+}
+
+export interface AgentContext {
+  id: string;
+  name: string;
+  description: string;
+  context: string;
+  tier: string;
+}
+
+export interface Skill {
+  id: string;
+  name: string;
+  category: string;
+  tier?: string | undefined;
+  [key: string]: unknown;
+}
+
+export interface SkillListResponse {
+  skills: Skill[];
+  categories: string[];
+  userTier: string;
+}
+
+export interface SkillContent {
+  id: string;
+  name: string;
+  content: string;
+  tier: string;
+}
+
+export interface Template {
+  name: string;
+  description?: string | undefined;
+  [key: string]: unknown;
+}
+
+export interface TemplateContent {
+  name: string;
+  content: string;
+  variables?: string[] | undefined;
+}
+
+export interface Workflow {
+  id: string;
+  name: string;
+  description?: string | undefined;
+  [key: string]: unknown;
+}
+
+export interface AnalyzeContextRequest {
+  projectContext: unknown;
+  currentTask?: string | undefined;
+  recentActions?: unknown[] | undefined;
+}
+
+export interface McpTool {
+  name: string;
+  description?: string | undefined;
+  [key: string]: unknown;
+}
+
+export interface McpResource {
+  uri: string;
+  name?: string | undefined;
+  [key: string]: unknown;
+}
+
+export interface Subscription {
+  plan: string;
+  status: string;
+  [key: string]: unknown;
+}
+
+export interface Entitlements {
+  tier: string;
+  features: string[];
+  limits: Record<string, number>;
+  [key: string]: unknown;
+}
+
+export interface ProjectMember {
+  userId: string;
+  email: string;
+  role: string;
+  [key: string]: unknown;
+}
+
+export interface PreseedDocument {
+  name: string;
+  content?: string | undefined;
+  format?: string | undefined;
+  [key: string]: unknown;
+}
+
+export interface PreseedDocumentsResponse {
+  documents: PreseedDocument[];
+  count: number;
+  storage?: unknown | undefined;
+}
+
+export interface PreseedWizardResponse {
+  wizardData: unknown;
+  progress: unknown;
+}
+
+export interface SkillSearchOptions {
+  category?: string | undefined;
+  search?: string | undefined;
+}
+
+export interface TelemetryBatchInfo {
+  id?: string | undefined;
+  index?: number | undefined;
+  total?: number | undefined;
+}
+
+export interface CacheEntry {
+  data: unknown;
+  time: number;
+}
+
+// ============================================================================
+// Constants & Cache
+// ============================================================================
+
+export const API_BASE = process.env['BOOTSPRING_API_URL'] || 'https://api.bootspring.com';
+export const API_VERSION = 'v1'; // Note: auth routes don't use version prefix
+
+// Cache for API responses
+const cache = new Map<string, CacheEntry>();
+const CACHE_TTL = 60000; // 1 minute
+
+// Lazy-loaded package.json
+let packageVersion: string | null = null;
+
+function getPackageVersion(): string {
+  if (packageVersion === null) {
+    try {
+      // eslint-disable-next-line @typescript-eslint/no-require-imports
+      const pkg = require('../../package.json') as { version: string };
+      packageVersion = pkg.version;
+    } catch {
+      packageVersion = 'unknown';
+    }
+  }
+  return packageVersion;
+}
+
+// ============================================================================
+// Core Request Functions
+// ============================================================================
+
+/**
+ * Make an API request (with version prefix)
+ */
+export async function request<T = unknown>(
+  method: string,
+  path: string,
+  data: unknown = null,
+  options: ApiRequestOptions = {}
+): Promise<T> {
+  const token = auth.getToken();
+  const apiKey = auth.getApiKey();
+  const url = new URL(`/api/${API_VERSION}${path}`, API_BASE);
+  const isHttps = url.protocol === 'https:';
+  const httpModule = isHttps ? https : http;
+
+  // Get device ID for request tracking
+  const deviceId = auth.getDeviceId();
+
+  // Get project context for tracking
+  const project = session.getEffectiveProject();
+  const projectId = project?.id || null;
+
+  const headers: Record<string, string> = {
+    'Content-Type': 'application/json',
+    'User-Agent': `bootspring-cli/${getPackageVersion()}`,
+    'X-Device-Id': deviceId,
+    ...(projectId && { 'X-Project-Id': projectId }),
+    ...options.headers
+  };
+
+  // Use API key if available, otherwise use JWT token
+  if (apiKey) {
+    headers['X-API-Key'] = apiKey;
+  } else if (token) {
+    headers['Authorization'] = `Bearer ${token}`;
+  }
+
+  // Check cache for GET requests
+  if (method === 'GET' && !options.noCache) {
+    const cacheKey = `${method}:${path}`;
+    const cached = cache.get(cacheKey);
+    if (cached && Date.now() - cached.time < CACHE_TTL) {
+      return cached.data as T;
+    }
+  }
+
+  return new Promise<T>((resolve, reject) => {
+    const req = httpModule.request(url, {
+      method,
+      headers,
+      timeout: options.timeout || 30000
+    }, (res) => {
+      let body = '';
+      res.on('data', (chunk: Buffer | string) => { body += chunk; });
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(body) as T & { message?: string; error?: string; code?: string; details?: unknown };
+
+          if (res.statusCode && res.statusCode >= 400) {
+            const error: ApiError = new Error(json.message || json.error || 'API Error');
+            error.status = res.statusCode;
+            error.code = json.error || json.code;
+            error.details = json.details;
+            reject(error);
+          } else {
+            // Cache successful GET responses
+            if (method === 'GET' && !options.noCache) {
+              const cacheKey = `${method}:${path}`;
+              cache.set(cacheKey, { data: json, time: Date.now() });
+            }
+            resolve(json);
+          }
+        } catch {
+          if (res.statusCode && res.statusCode >= 400) {
+            const error: ApiError = new Error(body || 'API Error');
+            error.status = res.statusCode;
+            reject(error);
+          } else {
+            resolve(body as unknown as T);
+          }
+        }
+      });
+    });
+
+    req.on('error', (err: NodeJS.ErrnoException) => {
+      if (err.code === 'ECONNREFUSED') {
+        reject(new Error('Cannot connect to Bootspring API. Please check your internet connection.'));
+      } else {
+        reject(err);
+      }
+    });
+
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error('Request timeout'));
+    });
+
+    if (data) {
+      req.write(JSON.stringify(data));
+    }
+    req.end();
+  });
+}
+
+/**
+ * Make a direct API request (without version prefix, for /api/projects etc.)
+ */
+export async function directRequest<T = unknown>(
+  method: string,
+  path: string,
+  data: unknown = null,
+  options: ApiRequestOptions = {}
+): Promise<T> {
+  const token = auth.getToken();
+  const apiKey = auth.getApiKey();
+  const url = new URL(`/api${path}`, API_BASE);
+  const isHttps = url.protocol === 'https:';
+  const httpModule = isHttps ? https : http;
+
+  const deviceId = auth.getDeviceId();
+  const project = session.getEffectiveProject();
+  const projectId = project?.id || null;
+
+  const headers: Record<string, string> = {
+    'Content-Type': 'application/json',
+    'User-Agent': `bootspring-cli/${getPackageVersion()}`,
+    'X-Device-Id': deviceId,
+    ...(projectId && { 'X-Project-Id': projectId }),
+    ...options.headers
+  };
+
+  if (apiKey) {
+    headers['X-API-Key'] = apiKey;
+  } else if (token) {
+    headers['Authorization'] = `Bearer ${token}`;
+  }
+
+  return new Promise<T>((resolve, reject) => {
+    const req = httpModule.request(url, {
+      method,
+      headers,
+      timeout: options.timeout || 30000
+    }, (res) => {
+      let body = '';
+      res.on('data', (chunk: Buffer | string) => { body += chunk; });
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(body) as T & { message?: string; error?: string; code?: string; details?: unknown };
+          if (res.statusCode && res.statusCode >= 400) {
+            const error: ApiError = new Error(json.message || json.error || 'API Error');
+            error.status = res.statusCode;
+            error.code = json.error || json.code;
+            error.details = json.details;
+            reject(error);
+          } else {
+            resolve(json);
+          }
+        } catch {
+          if (res.statusCode && res.statusCode >= 400) {
+            const error: ApiError = new Error(body || 'API Error');
+            error.status = res.statusCode;
+            reject(error);
+          } else {
+            resolve(body as unknown as T);
+          }
+        }
+      });
+    });
+
+    req.on('error', (err: NodeJS.ErrnoException) => {
+      if (err.code === 'ECONNREFUSED') {
+        reject(new Error('Cannot connect to Bootspring API. Please check your internet connection.'));
+      } else {
+        reject(err);
+      }
+    });
+
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error('Request timeout'));
+    });
+
+    if (data) {
+      req.write(JSON.stringify(data));
+    }
+    req.end();
+  });
+}
+
+/**
+ * Clear the cache
+ */
+export function clearCache(): void {
+  cache.clear();
+}
+
+/**
+ * Check if API is reachable
+ */
+export async function healthCheck(): Promise<HealthCheckResult> {
+  try {
+    // Health endpoint is at /health, not under /api/v1
+    const url = new URL('/health', API_BASE);
+    const isHttps = url.protocol === 'https:';
+    const httpModule = isHttps ? https : http;
+
+    return new Promise<HealthCheckResult>((resolve) => {
+      const req = httpModule.request(url, {
+        method: 'GET',
+        timeout: 5000
+      }, (res) => {
+        let body = '';
+        res.on('data', (chunk: Buffer | string) => { body += chunk; });
+        res.on('end', () => {
+          try {
+            const json = JSON.parse(body) as { version?: string };
+            resolve({ connected: true, version: json.version });
+          } catch {
+            resolve({ connected: false, error: 'Invalid response' });
+          }
+        });
+      });
+
+      req.on('error', (err: Error) => {
+        resolve({ connected: false, error: err.message });
+      });
+
+      req.on('timeout', () => {
+        req.destroy();
+        resolve({ connected: false, error: 'Timeout' });
+      });
+
+      req.end();
+    });
+  } catch (error) {
+    const err = error as Error;
+    return { connected: false, error: err.message };
+  }
+}
+
+/**
+ * Require authentication - throws if not logged in
+ */
+export function requireAuth(): void {
+  if (!auth.isAuthenticated()) {
+    const error: ApiError = new Error('Authentication required. Run: bootspring auth login');
+    error.code = 'AUTH_REQUIRED';
+    throw error;
+  }
+}
+
+// ============================================================================
+// API Methods
+// ============================================================================
+
+// Device Authorization Flow
+export async function requestDeviceCode(): Promise<DeviceCodeResponse> {
+  const deviceContext = auth.getDeviceContext();
+  const url = new URL('/api/v1/auth/device', API_BASE);
+  const isHttps = url.protocol === 'https:';
+  const httpModule = isHttps ? https : http;
+
+  return new Promise<DeviceCodeResponse>((resolve, reject) => {
+    const req = httpModule.request(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'User-Agent': `bootspring-cli/${getPackageVersion()}`,
+      },
+      timeout: 10000
+    }, (res) => {
+      let body = '';
+      res.on('data', (chunk: Buffer | string) => { body += chunk; });
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(body) as DeviceCodeResponse & { message?: string; error?: string };
+          if (res.statusCode && res.statusCode >= 400) {
+            const error: ApiError = new Error(json.message || json.error || 'Failed to get device code');
+            error.status = res.statusCode;
+            error.code = json.error;
+            reject(error);
+          } else {
+            resolve(json);
+          }
+        } catch {
+          reject(new Error('Invalid response from API'));
+        }
+      });
+    });
+    req.on('error', reject);
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error('Request timeout'));
+    });
+    req.write(JSON.stringify({ device: deviceContext }));
+    req.end();
+  });
+}
+
+export async function pollDeviceToken(deviceCode: string): Promise<DeviceTokenResponse> {
+  const url = new URL('/api/v1/auth/device/token', API_BASE);
+  const isHttps = url.protocol === 'https:';
+  const httpModule = isHttps ? https : http;
+
+  return new Promise<DeviceTokenResponse>((resolve, reject) => {
+    const req = httpModule.request(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'User-Agent': `bootspring-cli/${getPackageVersion()}`,
+      },
+      timeout: 10000
+    }, (res) => {
+      let body = '';
+      res.on('data', (chunk: Buffer | string) => { body += chunk; });
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(body) as DeviceTokenResponse & { message?: string; error?: string };
+          if (res.statusCode && res.statusCode >= 400) {
+            const error: ApiError = new Error(json.message || json.error || 'Authorization pending');
+            error.status = res.statusCode;
+            error.code = json.error;
+            error.details = json;
+            reject(error);
+          } else {
+            resolve(json);
+          }
+        } catch {
+          reject(new Error('Invalid response from API'));
+        }
+      });
+    });
+    req.on('error', reject);
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error('Request timeout'));
+    });
+    req.write(JSON.stringify({ device_code: deviceCode }));
+    req.end();
+  });
+}
+
+// Auth
+export async function login(email: string, password: string): Promise<AuthLoginResponse> {
+  const deviceContext = auth.getDeviceContext();
+  const response = await request<AuthLoginResponse>('POST', '/auth/login', {
+    email,
+    password,
+    device: deviceContext
+  });
+  auth.login(response);
+  return response;
+}
+
+export async function loginWithApiKey(apiKey: string): Promise<ApiKeyValidationResponse> {
+  // Validate API key by calling /api/keys/validate
+  const url = new URL('/api/keys/validate', API_BASE);
+  const isHttps = url.protocol === 'https:';
+  const httpModule = isHttps ? https : http;
+  const deviceContext = auth.getDeviceContext();
+
+  return new Promise<ApiKeyValidationResponse>((resolve, reject) => {
+    const requestBody = JSON.stringify({
+      apiKey,
+      deviceFingerprint: deviceContext.deviceId,
+      deviceName: `CLI - ${deviceContext.hostname}`
+    });
+
+    const req = httpModule.request(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'User-Agent': `bootspring-cli/${getPackageVersion()}`,
+        'Content-Length': Buffer.byteLength(requestBody).toString()
+      },
+      timeout: 10000
+    }, (res) => {
+      let body = '';
+      res.on('data', (chunk: Buffer | string) => { body += chunk; });
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(body) as ApiKeyValidationResponse;
+          if ((res.statusCode && res.statusCode >= 400) || !json.valid) {
+            const error: ApiError = new Error(json.error || 'Invalid API key');
+            error.status = res.statusCode;
+            error.code = json.error;
+            reject(error);
+          } else {
+            // Build user info from response
+            const user = {
+              tier: json.tier,
+              scopes: json.scopes
+            };
+
+            // Save API key and user info
+            auth.loginWithApiKey(apiKey, user);
+
+            // If key has a project, auto-set project context
+            if (json.project) {
+              session.setCurrentProject(json.project);
+              session.addRecentProject(json.project);
+            }
+
+            resolve(json);
+          }
+        } catch {
+          reject(new Error('Invalid response from API'));
+        }
+      });
+    });
+
+    req.on('error', reject);
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error('Request timeout'));
+    });
+    req.write(requestBody);
+    req.end();
+  });
+}
+
+export async function register(email: string, password: string, name: string): Promise<AuthLoginResponse> {
+  const deviceContext = auth.getDeviceContext();
+  const response = await request<AuthLoginResponse>('POST', '/auth/register', {
+    email,
+    password,
+    name,
+    device: deviceContext
+  });
+  auth.login(response);
+  return response;
+}
+
+export async function me(): Promise<UserData> {
+  requireAuth();
+  return request<UserData>('GET', '/auth/me');
+}
+
+export async function validateApiKey(apiKey: string): Promise<ApiKeyValidationResponse> {
+  const url = new URL('/api/keys/validate', API_BASE);
+  const isHttps = url.protocol === 'https:';
+  const httpModule = isHttps ? https : http;
+  const deviceContext = auth.getDeviceContext();
+
+  return new Promise<ApiKeyValidationResponse>((resolve, reject) => {
+    const requestBody = JSON.stringify({
+      apiKey,
+      deviceFingerprint: deviceContext.deviceId,
+      deviceName: `CLI - ${deviceContext.hostname}`
+    });
+
+    const req = httpModule.request(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'User-Agent': `bootspring-cli/${getPackageVersion()}`,
+        'Content-Length': Buffer.byteLength(requestBody).toString()
+      },
+      timeout: 10000
+    }, (res) => {
+      let body = '';
+      res.on('data', (chunk: Buffer | string) => { body += chunk; });
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(body) as ApiKeyValidationResponse;
+          if ((res.statusCode && res.statusCode >= 400) || !json.valid) {
+            const error: ApiError = new Error(json.error || 'Invalid API key');
+            error.status = res.statusCode;
+            reject(error);
+          } else {
+            resolve(json);
+          }
+        } catch {
+          reject(new Error('Invalid response from API'));
+        }
+      });
+    });
+
+    req.on('error', reject);
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error('Request timeout'));
+    });
+    req.write(requestBody);
+    req.end();
+  });
+}
+
+export async function refreshToken(): Promise<AuthLoginResponse> {
+  const refreshTokenValue = auth.getRefreshToken();
+  if (!refreshTokenValue) {
+    throw new Error('No refresh token available');
+  }
+  const deviceContext = auth.getDeviceContext();
+  const response = await request<AuthLoginResponse>('POST', '/auth/refresh', {
+    refreshToken: refreshTokenValue,
+    device: deviceContext
+  });
+  auth.updateTokens(response);
+  return response;
+}
+
+export async function logout(): Promise<void> {
+  if (auth.isAuthenticated()) {
+    try {
+      const refreshTokenValue = auth.getRefreshToken();
+      await request('POST', '/auth/logout', { refreshToken: refreshTokenValue });
+    } catch {
+      // Ignore logout API errors
+    }
+  }
+  auth.logout();
+}
+
+// Agents
+export async function listAgents(): Promise<{ agents: Agent[] }> {
+  requireAuth();
+  return request<{ agents: Agent[] }>('GET', '/agents');
+}
+
+export async function getAgent(id: string): Promise<Agent> {
+  requireAuth();
+  return request<Agent>('GET', `/agents/${encodeURIComponent(id)}`);
+}
+
+export async function getAgentContext(id: string): Promise<AgentContext> {
+  requireAuth();
+  return request<AgentContext>('GET', `/agents/${encodeURIComponent(id)}/context`);
+}
+
+export async function invokeAgent(id: string, projectContext: unknown, task: string): Promise<unknown> {
+  requireAuth();
+  return request('POST', `/agents/${encodeURIComponent(id)}/invoke`, {
+    projectContext,
+    task
+  });
+}
+
+export async function getAgentCapabilities(id: string): Promise<unknown> {
+  requireAuth();
+  return request('GET', `/agents/${encodeURIComponent(id)}/capabilities`);
+}
+
+// Skills
+export async function listSkills(options: SkillSearchOptions = {}): Promise<SkillListResponse> {
+  requireAuth();
+  const params = new URLSearchParams();
+  if (options.category) params.append('category', options.category);
+  if (options.search) params.append('search', options.search);
+
+  const query = params.toString();
+  return request<SkillListResponse>('GET', `/skills${query ? '?' + query : ''}`);
+}
+
+export async function getSkillContent(skillId: string): Promise<SkillContent> {
+  requireAuth();
+  return request<SkillContent>('GET', `/skills/${skillId}`);
+}
+
+/**
+ * @deprecated Use getSkillContent instead
+ */
+export async function getSkill(category: string, name: string): Promise<SkillContent> {
+  requireAuth();
+  return request<SkillContent>('GET', `/skills/${encodeURIComponent(category)}/${encodeURIComponent(name)}`);
+}
+
+export async function searchSkills(query: string, options: SkillSearchOptions = {}): Promise<SkillListResponse> {
+  requireAuth();
+  const params = new URLSearchParams();
+  params.append('search', query);
+  if (options.category) params.append('category', options.category);
+  return request<SkillListResponse>('GET', `/skills?${params.toString()}`);
+}
+
+// Templates
+export async function listTemplates(category: string): Promise<{ templates: Template[] }> {
+  requireAuth();
+  return request<{ templates: Template[] }>('GET', `/templates/${encodeURIComponent(category)}`);
+}
+
+export async function getTemplate(category: string, name: string): Promise<TemplateContent> {
+  requireAuth();
+  return request<TemplateContent>('GET', `/templates/${encodeURIComponent(category)}/${encodeURIComponent(name)}`);
+}
+
+// Orchestrator
+export async function listWorkflows(): Promise<{ workflows: Workflow[] }> {
+  requireAuth();
+  return request<{ workflows: Workflow[] }>('GET', '/orchestrator/workflows');
+}
+
+export async function getWorkflow(id: string): Promise<Workflow> {
+  requireAuth();
+  return request<Workflow>('GET', `/orchestrator/workflows/${encodeURIComponent(id)}`);
+}
+
+export async function analyzeContext(projectContext: unknown, currentTask?: string, recentActions?: unknown[]): Promise<unknown> {
+  requireAuth();
+  return request('POST', '/orchestrator/analyze', {
+    projectContext,
+    currentTask,
+    recentActions
+  });
+}
+
+export async function startWorkflow(workflowId: string, projectContext: unknown, parameters?: unknown): Promise<unknown> {
+  requireAuth();
+  return request('POST', '/orchestrator/start', {
+    workflow: workflowId,
+    projectContext,
+    parameters
+  });
+}
+
+export async function getSuggestions(context: unknown, action?: string): Promise<unknown> {
+  requireAuth();
+  return request('POST', '/orchestrator/suggest', { context, action });
+}
+
+// Quality
+export async function listQualityGates(): Promise<unknown> {
+  requireAuth();
+  return request('GET', '/quality/gates');
+}
+
+export async function runQualityGate(gateId: string, projectContext: unknown, options?: unknown): Promise<unknown> {
+  requireAuth();
+  return request('POST', '/quality/run', {
+    gate: gateId,
+    projectContext,
+    options
+  });
+}
+
+export async function getLintBudgets(): Promise<unknown> {
+  requireAuth();
+  return request('GET', '/quality/lint-budgets');
+}
+
+// MCP
+export async function listMcpTools(): Promise<{ tools: McpTool[] }> {
+  requireAuth();
+  return request<{ tools: McpTool[] }>('GET', '/mcp/tools');
+}
+
+export async function callMcpTool(tool: string, args: unknown): Promise<unknown> {
+  requireAuth();
+  return request('POST', '/mcp/tool', { tool, arguments: args });
+}
+
+export async function listMcpResources(): Promise<{ resources: McpResource[] }> {
+  requireAuth();
+  return request<{ resources: McpResource[] }>('GET', '/mcp/resources');
+}
+
+export async function getMcpResource(uri: string): Promise<McpResource> {
+  requireAuth();
+  return request<McpResource>('GET', `/mcp/resources/${encodeURIComponent(uri)}`);
+}
+
+// Billing
+export async function getSubscription(): Promise<Subscription> {
+  requireAuth();
+  return request<Subscription>('GET', '/billing/subscription');
+}
+
+export async function createCheckout(plan: string): Promise<{ url: string }> {
+  requireAuth();
+  return request<{ url: string }>('POST', '/billing/create-checkout', { plan });
+}
+
+export async function getPortalUrl(): Promise<{ url: string }> {
+  requireAuth();
+  return request<{ url: string }>('POST', '/billing/portal');
+}
+
+export async function getUsage(): Promise<unknown> {
+  requireAuth();
+  return request('GET', '/billing/usage');
+}
+
+export async function getInvoices(): Promise<unknown> {
+  requireAuth();
+  return request('GET', '/billing/invoices');
+}
+
+// Entitlements (v1)
+export async function resolveEntitlements(): Promise<Entitlements> {
+  requireAuth();
+  return request<Entitlements>('GET', '/entitlements/resolve', null, { noCache: false });
+}
+
+// Usage Tracking (v1)
+export async function trackUsage(type: string, metadata: Record<string, unknown> = {}): Promise<unknown> {
+  requireAuth();
+  return request('POST', '/track', { type, metadata });
+}
+
+// Telemetry Batch Upload (v1)
+export async function uploadTelemetryBatch(events: unknown[], batchInfo: TelemetryBatchInfo = {}): Promise<unknown> {
+  requireAuth();
+  const batchId = batchInfo.id || crypto.randomUUID();
+  return request('POST', '/events/batch', {
+    source: 'bootspring',
+    batch: {
+      index: batchInfo.index || 0,
+      total: batchInfo.total || 1,
+      id: batchId
+    },
+    events
+  }, {
+    headers: {
+      'X-Bootspring-Batch-Id': batchId
+    }
+  });
+}
+
+// Projects
+export async function listProjects(): Promise<{ projects: ProjectData[] }> {
+  requireAuth();
+  const url = new URL('/api/auth/device/projects', API_BASE);
+  const isHttps = url.protocol === 'https:';
+  const httpModule = isHttps ? https : http;
+  const apiKey = auth.getApiKey();
+  const token = auth.getToken();
+
+  return new Promise<{ projects: ProjectData[] }>((resolve, reject) => {
+    const headers: Record<string, string> = {
+      'Content-Type': 'application/json',
+      'User-Agent': `bootspring-cli/${getPackageVersion()}`,
+    };
+    if (apiKey) {
+      headers['X-API-Key'] = apiKey;
+    } else if (token) {
+      headers['Authorization'] = `Bearer ${token}`;
+    }
+
+    const req = httpModule.request(url, {
+      method: 'GET',
+      headers,
+      timeout: 10000
+    }, (res) => {
+      let body = '';
+      res.on('data', (chunk: Buffer | string) => { body += chunk; });
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(body) as { projects: ProjectData[]; message?: string; error?: string };
+          if (res.statusCode && res.statusCode >= 400) {
+            const error: ApiError = new Error(json.message || json.error || 'Failed to list projects');
+            error.status = res.statusCode;
+            reject(error);
+          } else {
+            resolve(json);
+          }
+        } catch {
+          reject(new Error('Invalid response from API'));
+        }
+      });
+    });
+    req.on('error', reject);
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error('Request timeout'));
+    });
+    req.end();
+  });
+}
+
+// Project Members Management
+export async function getProjectMembers(projectId: string): Promise<{ members: ProjectMember[] }> {
+  requireAuth();
+  return directRequest<{ members: ProjectMember[] }>('GET', `/projects/${encodeURIComponent(projectId)}/members`);
+}
+
+export async function addProjectMember(projectId: string, email: string, role: string = 'member'): Promise<ProjectMember> {
+  requireAuth();
+  return directRequest<ProjectMember>('POST', `/projects/${encodeURIComponent(projectId)}/members`, {
+    email,
+    role
+  });
+}
+
+export async function updateProjectMember(projectId: string, userId: string, role: string): Promise<ProjectMember> {
+  requireAuth();
+  return directRequest<ProjectMember>('PATCH', `/projects/${encodeURIComponent(projectId)}/members/${encodeURIComponent(userId)}`, {
+    role
+  });
+}
+
+export async function removeProjectMember(projectId: string, userId: string): Promise<void> {
+  requireAuth();
+  await directRequest('DELETE', `/projects/${encodeURIComponent(projectId)}/members/${encodeURIComponent(userId)}`);
+}
+
+export async function transferProjectOwnership(projectId: string, newOwnerId: string): Promise<unknown> {
+  requireAuth();
+  return directRequest('POST', `/projects/${encodeURIComponent(projectId)}/transfer`, {
+    newOwnerId
+  });
+}
+
+export async function findSimilarProjects(name?: string, repoUrl?: string): Promise<{ projects: ProjectData[] }> {
+  requireAuth();
+  const params = new URLSearchParams();
+  if (name) params.set('name', name);
+  if (repoUrl) params.set('repo', repoUrl);
+  return directRequest<{ projects: ProjectData[] }>('GET', `/projects/similar?${params.toString()}`);
+}
+
+// Preseed Documents
+export async function listPreseedDocuments(projectId: string): Promise<PreseedDocumentsResponse> {
+  requireAuth();
+  return directRequest<PreseedDocumentsResponse>('GET', `/projects/${encodeURIComponent(projectId)}/preseed/documents`);
+}
+
+export async function getPreseedDocument(projectId: string, documentName: string): Promise<PreseedDocument> {
+  requireAuth();
+  return directRequest<PreseedDocument>('GET', `/projects/${encodeURIComponent(projectId)}/preseed/documents?name=${encodeURIComponent(documentName)}`);
+}
+
+export async function downloadPreseedZip(projectId: string): Promise<Buffer> {
+  requireAuth();
+  const apiKey = auth.getApiKey();
+  const token = auth.getToken();
+  const url = new URL(`/api/projects/${encodeURIComponent(projectId)}/preseed/documents?format=zip`, API_BASE);
+  const isHttps = url.protocol === 'https:';
+  const httpModule = isHttps ? https : http;
+
+  return new Promise<Buffer>((resolve, reject) => {
+    const headers: Record<string, string> = {
+      'User-Agent': `bootspring-cli/${getPackageVersion()}`,
+    };
+    if (apiKey) {
+      headers['X-API-Key'] = apiKey;
+    } else if (token) {
+      headers['Authorization'] = `Bearer ${token}`;
+    }
+
+    const req = httpModule.request(url, {
+      method: 'GET',
+      headers,
+      timeout: 60000
+    }, (res) => {
+      if (res.statusCode && res.statusCode >= 400) {
+        let body = '';
+        res.on('data', (chunk: Buffer | string) => { body += chunk; });
+        res.on('end', () => {
+          try {
+            const json = JSON.parse(body) as { message?: string; error?: string };
+            const error: ApiError = new Error(json.message || json.error || 'Failed to download preseed documents');
+            error.status = res.statusCode;
+            reject(error);
+          } catch {
+            reject(new Error(`HTTP ${res.statusCode}: ${body}`));
+          }
+        });
+        return;
+      }
+
+      const chunks: Buffer[] = [];
+      res.on('data', (chunk: Buffer) => chunks.push(chunk));
+      res.on('end', () => {
+        resolve(Buffer.concat(chunks));
+      });
+    });
+
+    req.on('error', reject);
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error('Request timeout'));
+    });
+    req.end();
+  });
+}
+
+export async function getPreseedWizard(projectId: string): Promise<PreseedWizardResponse> {
+  requireAuth();
+  return directRequest<PreseedWizardResponse>('GET', `/projects/${encodeURIComponent(projectId)}/preseed/wizard`);
+}