@globio/cli 0.1.2 → 0.1.3

package/dist/index.js

@@ -5,6 +5,7 @@ import { Command } from "commander";
 
 // src/auth/login.ts
 import * as p from "@clack/prompts";
+import { exec } from "child_process";
 import chalk2 from "chalk";
 
 // src/lib/config.ts
@@ -24,14 +25,14 @@ var config = {
     });
   },
   clear: () => store.clear(),
-  getApiKey: () => store.get("apiKey"),
-  requireAuth: () => {
-    const key = store.get("apiKey");
-    if (!key) {
+  getPat: () => store.get("pat"),
+  requirePat: () => {
+    const pat = store.get("pat");
+    if (!pat) {
       console.error(chalk.red("Not logged in. Run: npx @globio/cli login"));
       process.exit(1);
     }
-    return key;
+    return pat;
   },
   requireProject: () => {
     const projectId = store.get("projectId");
@@ -42,9 +43,78 @@ var config = {
       process.exit(1);
     }
     return projectId;
+  },
+  setProjectAuth: (projectId, apiKey, projectName) => {
+    const projectApiKeys = store.get("projectApiKeys") ?? {};
+    const projectNames = store.get("projectNames") ?? {};
+    projectApiKeys[projectId] = apiKey;
+    if (projectName) {
+      projectNames[projectId] = projectName;
+    }
+    store.set("projectApiKeys", projectApiKeys);
+    store.set("projectNames", projectNames);
+    store.set("projectId", projectId);
+    if (projectName) {
+      store.set("projectName", projectName);
+    }
+  },
+  getProjectApiKey: (projectId) => {
+    const projectApiKeys = store.get("projectApiKeys") ?? {};
+    return projectApiKeys[projectId];
+  },
+  requireProjectApiKey: () => {
+    const projectId = store.get("projectId");
+    if (!projectId) {
+      console.error(
+        chalk.red("No active project. Run: npx @globio/cli projects use <projectId>")
+      );
+      process.exit(1);
+    }
+    const projectApiKeys = store.get("projectApiKeys") ?? {};
+    const apiKey = projectApiKeys[projectId];
+    if (!apiKey) {
+      console.error(
+        chalk.red(
+          "No project API key stored for the active project. Run: npx @globio/cli projects use <projectId>"
+        )
+      );
+      process.exit(1);
+    }
+    return apiKey;
   }
 };
 
+// src/lib/manage.ts
+var API_BASE_URL = "https://api.globio.stanlink.online";
+var CONSOLE_BASE_URL = "https://console.globio.stanlink.online";
+function getAuthToken(explicitToken) {
+  if (explicitToken) return explicitToken;
+  return config.getPat();
+}
+async function manageRequest(path, options = {}) {
+  const headers = new Headers();
+  if (!(options.body instanceof FormData)) {
+    headers.set("Content-Type", "application/json");
+  }
+  const token = getAuthToken(options.token);
+  if (token) {
+    headers.set("Authorization", `Bearer ${token}`);
+  }
+  const response = await fetch(`${API_BASE_URL}/manage${path}`, {
+    method: options.method ?? "GET",
+    headers,
+    body: options.body ? JSON.stringify(options.body) : void 0
+  });
+  const payload = await response.json().catch(() => ({}));
+  if (!response.ok) {
+    throw new Error(payload.error || payload.message || "Management request failed");
+  }
+  return payload.data ?? payload;
+}
+function getConsoleCliAuthUrl(state) {
+  return `${CONSOLE_BASE_URL}/cli-auth?state=${encodeURIComponent(state)}`;
+}
+
 // src/lib/banner.ts
 import { readFileSync } from "fs";
 import figlet from "figlet";
@@ -79,54 +149,119 @@ function getCliVersion() {
 }
 
 // src/auth/login.ts
-var DEFAULT_BASE_URL = "https://api.globio.stanlink.online";
 var version = getCliVersion();
-async function login() {
-  printBanner(version);
-  const values = await p.group(
-    {
-      apiKey: () => p.text({
-        message: "Paste your Globio API key",
-        placeholder: "gk_live_...",
-        validate: (value) => !value ? "API key is required" : void 0
-      }),
-      projectId: () => p.text({
-        message: "Paste your Project ID",
-        placeholder: "proj_...",
-        validate: (value) => !value ? "Project ID is required" : void 0
-      })
-    },
-    {
-      onCancel: () => {
-        p.cancel("Login cancelled.");
-        process.exit(0);
-      }
+function openBrowser(url) {
+  const command = process.platform === "win32" ? `start "" "${url}"` : process.platform === "darwin" ? `open "${url}"` : `xdg-open "${url}"`;
+  exec(command);
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function savePat(token) {
+  const account = await manageRequest("/account", { token });
+  config.set({
+    pat: token,
+    accountEmail: account.email,
+    accountName: account.display_name ?? account.email
+  });
+  return account;
+}
+async function runTokenLogin() {
+  const token = await p.text({
+    message: "Paste your personal access token",
+    placeholder: "glo_pat_...",
+    validate: (value) => {
+      if (!value) return "Personal access token is required";
+      if (!value.startsWith("glo_pat_")) return "Token must start with glo_pat_";
+      return void 0;
     }
-  );
+  });
+  if (p.isCancel(token)) {
+    p.cancel("Login cancelled.");
+    process.exit(0);
+  }
   const spinner2 = p.spinner();
-  spinner2.start("Validating credentials...");
+  spinner2.start("Validating personal access token...");
   try {
-    const response = await fetch(`${DEFAULT_BASE_URL}/id/health`, {
-      headers: {
-        "X-Globio-Key": values.apiKey
+    const account = await savePat(token);
+    spinner2.stop("Token validated.");
+    p.outro(`Logged in as ${account.email}`);
+  } catch (error) {
+    spinner2.stop("Validation failed.");
+    p.outro(chalk2.red(error instanceof Error ? error.message : "Could not validate token"));
+    process.exit(1);
+  }
+}
+async function runBrowserLogin() {
+  const state = crypto.randomUUID();
+  const spinner2 = p.spinner();
+  await manageRequest("/cli-auth/request", {
+    method: "POST",
+    body: { state }
+  });
+  const url = getConsoleCliAuthUrl(state);
+  openBrowser(url);
+  console.log("  " + muted("Browser URL: ") + orange(url));
+  console.log("");
+  spinner2.start("Waiting for browser approval...");
+  const deadline = Date.now() + 5 * 60 * 1e3;
+  while (Date.now() < deadline) {
+    try {
+      const status = await manageRequest(
+        `/cli-auth/poll?state=${encodeURIComponent(state)}`
+      );
+      if (status.status === "expired") {
+        spinner2.stop("Approval window expired.");
+        p.outro(chalk2.red("CLI auth request expired. Try again or use globio login --token."));
+        process.exit(1);
       }
-    });
-    if (!response.ok) {
-      spinner2.stop("Validation failed.");
-      p.outro(chalk2.red("Invalid API key or project ID."));
-      process.exit(1);
+      if (status.status === "approved" && status.code) {
+        const exchange = await manageRequest("/cli-auth/exchange", {
+          method: "POST",
+          body: { code: status.code }
+        });
+        config.set({
+          pat: exchange.token,
+          accountEmail: exchange.account.email,
+          accountName: exchange.account.display_name ?? exchange.account.email
+        });
+        spinner2.stop("Browser approval received.");
+        p.outro(`Logged in as ${exchange.account.email}`);
+        return;
+      }
+    } catch {
     }
-    config.set({
-      apiKey: values.apiKey,
-      projectId: values.projectId
-    });
-    spinner2.stop("Credentials validated.");
-    p.outro(
-      "  Logged in.\n\n  " + muted("API Key:  ") + orange(values.apiKey) + "\n  " + muted("Project:  ") + orange(values.projectId)
-    );
-  } catch {
-    spinner2.stop("");
-    p.outro(chalk2.red("Could not connect to Globio. Check your credentials."));
+    await sleep(2e3);
+  }
+  spinner2.stop("Approval timed out.");
+  p.outro(chalk2.red("Timed out waiting for browser approval. Try again or use globio login --token."));
+  process.exit(1);
+}
+async function login(options = {}) {
+  printBanner(version);
+  if (options.token) {
+    await runTokenLogin();
+    return;
+  }
+  const choice = await p.select({
+    message: "Choose a login method",
+    options: [
+      { value: "browser", label: "Browser", hint: "Open console and approve access" },
+      { value: "token", label: "Token", hint: "Paste a personal access token" }
+    ]
+  });
+  if (p.isCancel(choice)) {
+    p.cancel("Login cancelled.");
+    process.exit(0);
+  }
+  if (choice === "token") {
+    await runTokenLogin();
+    return;
+  }
+  try {
+    await runBrowserLogin();
+  } catch (error) {
+    p.outro(chalk2.red(error instanceof Error ? error.message : "Could not connect to Globio."));
     process.exit(1);
   }
 }
@@ -143,18 +278,21 @@ async function logout() {
 import chalk4 from "chalk";
 async function whoami() {
   const cfg = config.get();
-  if (!cfg.apiKey) {
+  if (!cfg.pat) {
     console.log(chalk4.red("Not logged in."));
     return;
   }
   console.log("");
-  console.log(chalk4.cyan("API Key:   ") + cfg.apiKey);
-  console.log(chalk4.cyan("Project:   ") + (cfg.projectId ?? "none"));
+  console.log(chalk4.cyan("Account:   ") + (cfg.accountEmail ?? "unknown"));
+  console.log(chalk4.cyan("Name:      ") + (cfg.accountName ?? "unknown"));
+  console.log(
+    chalk4.cyan("Project:   ") + (cfg.projectId ? `${cfg.projectName ?? "unnamed"} (${cfg.projectId})` : "none")
+  );
   console.log("");
 }
 
 // src/commands/init.ts
-import * as p5 from "@clack/prompts";
+import * as p6 from "@clack/prompts";
 import { existsSync, readFileSync as readFileSync2, writeFileSync } from "fs";
 
 // src/prompts/init.ts
@@ -162,16 +300,6 @@ import * as p3 from "@clack/prompts";
 async function promptInit() {
   return p3.group(
     {
-      apiKey: () => p3.text({
-        message: "Globio API key",
-        placeholder: "gk_live_...",
-        validate: (value) => !value ? "Required" : void 0
-      }),
-      projectId: () => p3.text({
-        message: "Project ID",
-        placeholder: "proj_...",
-        validate: (value) => !value ? "Required" : void 0
-      }),
       migrateFromFirebase: () => p3.confirm({
         message: "Migrating from Firebase?",
         initialValue: false
@@ -232,8 +360,7 @@ function createProgressBar(label) {
 // src/lib/sdk.ts
 import { Globio } from "@globio/sdk";
 function getClient() {
-  const apiKey = config.requireAuth();
-  config.requireProject();
+  const apiKey = config.requireProjectApiKey();
   return new Globio({ apiKey });
 }
 
@@ -363,22 +490,146 @@ async function migrateFirebaseStorage(options) {
   );
 }
 
+// src/commands/projects.ts
+import * as p5 from "@clack/prompts";
+import chalk7 from "chalk";
+function slugify(value) {
+  return value.toLowerCase().trim().replace(/[^a-z0-9\\s-]/g, "").replace(/\\s+/g, "-").replace(/-+/g, "-");
+}
+async function ensureProjectKey(projectId) {
+  const existingKey = config.getProjectApiKey(projectId);
+  if (existingKey) return existingKey;
+  const created = await manageRequest(`/projects/${projectId}/keys`, {
+    method: "POST",
+    body: {
+      name: "CLI server key",
+      scope: "server"
+    }
+  });
+  if (!created.token) {
+    throw new Error("Management API did not return a project API key");
+  }
+  return created.token;
+}
+async function projectsList() {
+  const projects2 = await manageRequest("/projects");
+  const activeProjectId = config.get().projectId;
+  const grouped = /* @__PURE__ */ new Map();
+  for (const project of projects2) {
+    const list = grouped.get(project.org_name) ?? [];
+    list.push(project);
+    grouped.set(project.org_name, list);
+  }
+  console.log("");
+  if (!projects2.length) {
+    console.log(chalk7.gray("No projects found."));
+    console.log("");
+    return;
+  }
+  for (const [orgName, orgProjects] of grouped.entries()) {
+    console.log(chalk7.cyan(`org: ${orgName}`));
+    for (const project of orgProjects) {
+      const marker = project.id === activeProjectId ? chalk7.green("\u25CF") : chalk7.gray("\u25CB");
+      const active = project.id === activeProjectId ? chalk7.green("  (active)") : "";
+      console.log(`  ${marker} ${project.slug.padEnd(22)} ${chalk7.gray(project.id)}${active}`);
+    }
+    console.log("");
+  }
+}
+async function projectsUse(projectId) {
+  const projects2 = await manageRequest("/projects");
+  const project = projects2.find((item) => item.id === projectId);
+  if (!project) {
+    console.log(chalk7.red(`Project not found: ${projectId}`));
+    process.exit(1);
+  }
+  const apiKey = await ensureProjectKey(projectId);
+  config.setProjectAuth(projectId, apiKey, project.name);
+  console.log(chalk7.green("Active project set to: ") + chalk7.cyan(`${project.name} (${project.id})`));
+}
+async function projectsCreate() {
+  const orgs = await manageRequest("/orgs");
+  if (!orgs.length) {
+    console.log(chalk7.red("No organizations found. Create one in the console first."));
+    process.exit(1);
+  }
+  const orgId = await p5.select({
+    message: "Select an organization",
+    options: orgs.map((org) => ({
+      value: org.id,
+      label: org.name,
+      hint: org.role
+    }))
+  });
+  if (p5.isCancel(orgId)) {
+    p5.cancel("Project creation cancelled.");
+    process.exit(0);
+  }
+  const values = await p5.group(
+    {
+      name: () => p5.text({
+        message: "Project name",
+        validate: (value) => !value ? "Project name is required" : void 0
+      }),
+      slug: ({ results }) => p5.text({
+        message: "Project slug",
+        initialValue: slugify(String(results.name ?? "")),
+        validate: (value) => !value ? "Project slug is required" : void 0
+      }),
+      environment: () => p5.select({
+        message: "Environment",
+        options: [
+          { value: "development", label: "development" },
+          { value: "staging", label: "staging" },
+          { value: "production", label: "production" }
+        ]
+      })
+    },
+    {
+      onCancel: () => {
+        p5.cancel("Project creation cancelled.");
+        process.exit(0);
+      }
+    }
+  );
+  const result = await manageRequest("/projects", {
+    method: "POST",
+    body: {
+      org_id: orgId,
+      name: values.name,
+      slug: values.slug,
+      environment: values.environment
+    }
+  });
+  config.setProjectAuth(result.project.id, result.keys.server, result.project.name);
+  console.log("");
+  console.log(chalk7.green("Project created successfully."));
+  console.log(chalk7.cyan("Project: ") + `${result.project.name} (${result.project.id})`);
+  console.log(chalk7.cyan("Client key: ") + result.keys.client);
+  console.log(chalk7.cyan("Server key: ") + result.keys.server);
+  console.log("");
+}
+
 // src/commands/init.ts
 var version3 = getCliVersion();
 async function init() {
   printBanner(version3);
-  p5.intro(orange("\u21D2\u21D2") + "  Initialize your Globio project");
+  p6.intro(orange("\u21D2\u21D2") + "  Initialize your Globio project");
+  const cfg = config.get();
+  if (!cfg.projectId) {
+    await projectsCreate();
+  } else {
+    await projectsUse(cfg.projectId);
+  }
   const values = await promptInit();
-  config.set({
-    apiKey: values.apiKey,
-    projectId: values.projectId
-  });
+  const activeProjectKey = config.requireProjectApiKey();
+  const activeProjectId = config.requireProject();
   if (!existsSync("globio.config.ts")) {
     writeFileSync(
       "globio.config.ts",
-      `import { GlobioClient } from '@globio/sdk';
+      `import { Globio } from '@globio/sdk';
 
-export const globio = new GlobioClient({
+export const globio = new Globio({
   apiKey: process.env.GLOBIO_API_KEY!,
 });
 `
@@ -386,7 +637,7 @@ export const globio = new GlobioClient({
     printSuccess("Created globio.config.ts");
   }
   if (!existsSync(".env")) {
-    writeFileSync(".env", `GLOBIO_API_KEY=${values.apiKey}
+    writeFileSync(".env", `GLOBIO_API_KEY=${activeProjectKey}
 `);
     printSuccess("Created .env");
   }
@@ -407,24 +658,13 @@ export const globio = new GlobioClient({
     });
   }
   console.log("");
-  p5.outro(
-    orange("\u21D2\u21D2") + "  Your project is ready.\n\n  " + muted("Next steps:") + "\n\n  npm install @globio/sdk\n  npx @globio/cli functions create my-first-function"
-  );
-}
+  p6.outro(
+    orange("\u21D2\u21D2") + "  Your project is ready.\n\n  " + muted("Next steps:") + `
 
-// src/commands/projects.ts
-import chalk7 from "chalk";
-async function projectsList() {
-  const cfg = config.get();
-  console.log("");
-  console.log(
-    chalk7.cyan("Active project: ") + (cfg.projectId ?? chalk7.gray("none"))
+  npm install @globio/sdk
+  # active project: ${activeProjectId}
+  npx @globio/cli functions create my-first-function`
   );
-  console.log("");
-}
-async function projectsUse(projectId) {
-  config.set({ projectId });
-  console.log(chalk7.green("Active project set to: ") + chalk7.cyan(projectId));
 }
 
 // src/commands/services.ts
@@ -617,12 +857,13 @@ program.name("globio").description("The official Globio CLI").version(version4).
   printBanner(version4);
   return "";
 });
-program.command("login").description("Log in to your Globio account").action(login);
+program.command("login").description("Log in to your Globio account").option("--token", "Use a personal access token").action(login);
 program.command("logout").description("Log out").action(logout);
 program.command("whoami").description("Show current account and project").action(whoami);
 program.command("init").description("Initialize a Globio project").action(init);
 var projects = program.command("projects").description("Manage projects");
 projects.command("list").description("List projects").action(projectsList);
+projects.command("create").description("Create a project").action(projectsCreate);
 projects.command("use <projectId>").description("Set active project").action(projectsUse);
 program.command("services").description("List available Globio services").action(servicesList);
 var functions = program.command("functions").alias("fn").description("Manage GlobalCode edge functions");
@@ -637,7 +878,13 @@ functions.command("disable <slug>").description("Disable a function").action((sl
 var migrate = program.command("migrate").description("Migrate from Firebase to Globio");
 migrate.command("firestore").description("Migrate Firestore collections to GlobalDoc").requiredOption("--from <path>", "Path to Firebase service account JSON").option("--collection <name>", "Migrate a specific collection").option("--all", "Migrate all collections").action(migrateFirestore);
 migrate.command("firebase-storage").description("Migrate Firebase Storage to GlobalVault").requiredOption("--from <path>", "Path to Firebase service account JSON").requiredOption("--bucket <name>", "Firebase Storage bucket").option("--folder <path>", "Migrate a specific folder").option("--all", "Migrate all files").action(migrateFirebaseStorage);
-if (process.argv.length <= 2) {
-  program.help();
+async function main() {
+  if (process.argv.length <= 2) {
+    program.help();
+  }
+  await program.parseAsync();
 }
-await program.parseAsync();
+main().catch((error) => {
+  console.error(error instanceof Error ? error.message : error);
+  process.exit(1);
+});

package/jsr.json

@@ -1,6 +1,6 @@
 {
   "name": "@globio/cli",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "license": "MIT",
   "exports": "./src/index.ts"
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@globio/cli",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "The official CLI for Globio — game backend as a service",
   "type": "module",
   "license": "MIT",

package/src/auth/login.ts

@@ -1,72 +1,155 @@
 import * as p from '@clack/prompts';
+import { exec } from 'child_process';
 import chalk from 'chalk';
 import { config } from '../lib/config.js';
+import { getConsoleCliAuthUrl, manageRequest, type ManageAccount } from '../lib/manage.js';
 import { getCliVersion, muted, orange, printBanner } from '../lib/banner.js';
 
-const DEFAULT_BASE_URL = 'https://api.globio.stanlink.online';
 const version = getCliVersion();
 
-export async function login() {
-  printBanner(version);
+function openBrowser(url: string) {
+  const command = process.platform === 'win32'
+    ? `start "" "${url}"`
+    : process.platform === 'darwin'
+      ? `open "${url}"`
+      : `xdg-open "${url}"`;
+
+  exec(command);
+}
+
+function sleep(ms: number) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
 
-  const values = await p.group(
-    {
-      apiKey: () =>
-        p.text({
-          message: 'Paste your Globio API key',
-          placeholder: 'gk_live_...',
-          validate: (value) => (!value ? 'API key is required' : undefined),
-        }),
-      projectId: () =>
-        p.text({
-          message: 'Paste your Project ID',
-          placeholder: 'proj_...',
-          validate: (value) => (!value ? 'Project ID is required' : undefined),
-        }),
+async function savePat(token: string) {
+  const account = await manageRequest<ManageAccount>('/account', { token });
+  config.set({
+    pat: token,
+    accountEmail: account.email,
+    accountName: account.display_name ?? account.email,
+  });
+  return account;
+}
+
+async function runTokenLogin() {
+  const token = await p.text({
+    message: 'Paste your personal access token',
+    placeholder: 'glo_pat_...',
+    validate: (value) => {
+      if (!value) return 'Personal access token is required';
+      if (!value.startsWith('glo_pat_')) return 'Token must start with glo_pat_';
+      return undefined;
     },
-    {
-      onCancel: () => {
-        p.cancel('Login cancelled.');
-        process.exit(0);
-      },
-    }
-  );
+  });
 
-  const spinner = p.spinner();
-  spinner.start('Validating credentials...');
+  if (p.isCancel(token)) {
+    p.cancel('Login cancelled.');
+    process.exit(0);
+  }
 
+  const spinner = p.spinner();
+  spinner.start('Validating personal access token...');
   try {
-    const response = await fetch(`${DEFAULT_BASE_URL}/id/health`, {
-      headers: {
-        'X-Globio-Key': values.apiKey as string,
-      },
-    });
-
-    if (!response.ok) {
-      spinner.stop('Validation failed.');
-      p.outro(chalk.red('Invalid API key or project ID.'));
-      process.exit(1);
+    const account = await savePat(token);
+    spinner.stop('Token validated.');
+    p.outro(`Logged in as ${account.email}`);
+  } catch (error) {
+    spinner.stop('Validation failed.');
+    p.outro(chalk.red(error instanceof Error ? error.message : 'Could not validate token'));
+    process.exit(1);
+  }
+}
+
+async function runBrowserLogin() {
+  const state = crypto.randomUUID();
+  const spinner = p.spinner();
+
+  await manageRequest('/cli-auth/request', {
+    method: 'POST',
+    body: { state },
+  });
+
+  const url = getConsoleCliAuthUrl(state);
+  openBrowser(url);
+  console.log('  ' + muted('Browser URL: ') + orange(url));
+  console.log('');
+
+  spinner.start('Waiting for browser approval...');
+  const deadline = Date.now() + 5 * 60 * 1000;
+
+  while (Date.now() < deadline) {
+    try {
+      const status = await manageRequest<{ status: 'pending' | 'approved' | 'expired'; code?: string }>(
+        `/cli-auth/poll?state=${encodeURIComponent(state)}`
+      );
+
+      if (status.status === 'expired') {
+        spinner.stop('Approval window expired.');
+        p.outro(chalk.red('CLI auth request expired. Try again or use globio login --token.'));
+        process.exit(1);
+      }
+
+      if (status.status === 'approved' && status.code) {
+        const exchange = await manageRequest<{
+          token: string;
+          account: { email: string; display_name: string | null };
+        }>('/cli-auth/exchange', {
+          method: 'POST',
+          body: { code: status.code },
+        });
+
+        config.set({
+          pat: exchange.token,
+          accountEmail: exchange.account.email,
+          accountName: exchange.account.display_name ?? exchange.account.email,
+        });
+
+        spinner.stop('Browser approval received.');
+        p.outro(`Logged in as ${exchange.account.email}`);
+        return;
+      }
+    } catch {
+      // Keep polling until timeout.
     }
 
-    config.set({
-      apiKey: values.apiKey as string,
-      projectId: values.projectId as string,
-    });
-
-    spinner.stop('Credentials validated.');
-    p.outro(
-      '  Logged in.\n\n' +
-        '  ' +
-        muted('API Key:  ') +
-        orange(values.apiKey as string) +
-        '\n' +
-        '  ' +
-        muted('Project:  ') +
-        orange(values.projectId as string)
-    );
-  } catch {
-    spinner.stop('');
-    p.outro(chalk.red('Could not connect to Globio. Check your credentials.'));
+    await sleep(2000);
+  }
+
+  spinner.stop('Approval timed out.');
+  p.outro(chalk.red('Timed out waiting for browser approval. Try again or use globio login --token.'));
+  process.exit(1);
+}
+
+export async function login(options: { token?: boolean } = {}) {
+  printBanner(version);
+
+  if (options.token) {
+    await runTokenLogin();
+    return;
+  }
+
+  const choice = await p.select({
+    message: 'Choose a login method',
+    options: [
+      { value: 'browser', label: 'Browser', hint: 'Open console and approve access' },
+      { value: 'token', label: 'Token', hint: 'Paste a personal access token' },
+    ],
+  });
+
+  if (p.isCancel(choice)) {
+    p.cancel('Login cancelled.');
+    process.exit(0);
+  }
+
+  if (choice === 'token') {
+    await runTokenLogin();
+    return;
+  }
+
+  try {
+    await runBrowserLogin();
+  } catch (error) {
+    p.outro(chalk.red(error instanceof Error ? error.message : 'Could not connect to Globio.'));
     process.exit(1);
   }
 }

package/src/auth/whoami.ts

@@ -3,13 +3,17 @@ import { config } from '../lib/config.js';
 
 export async function whoami() {
   const cfg = config.get();
-  if (!cfg.apiKey) {
+  if (!cfg.pat) {
     console.log(chalk.red('Not logged in.'));
     return;
   }
 
   console.log('');
-  console.log(chalk.cyan('API Key:   ') + cfg.apiKey);
-  console.log(chalk.cyan('Project:   ') + (cfg.projectId ?? 'none'));
+  console.log(chalk.cyan('Account:   ') + (cfg.accountEmail ?? 'unknown'));
+  console.log(chalk.cyan('Name:      ') + (cfg.accountName ?? 'unknown'));
+  console.log(
+    chalk.cyan('Project:   ') +
+      (cfg.projectId ? `${cfg.projectName ?? 'unnamed'} (${cfg.projectId})` : 'none')
+  );
   console.log('');
 }

package/src/commands/init.ts

@@ -10,6 +10,7 @@ import {
 } from '../lib/banner.js';
 import { promptInit } from '../prompts/init.js';
 import { migrateFirestore, migrateFirebaseStorage } from './migrate.js';
+import { projectsCreate, projectsUse } from './projects.js';
 
 const version = getCliVersion();
 
@@ -17,19 +18,23 @@ export async function init() {
   printBanner(version);
   p.intro(orange('⇒⇒') + '  Initialize your Globio project');
 
-  const values = await promptInit();
+  const cfg = config.get();
+  if (!cfg.projectId) {
+    await projectsCreate();
+  } else {
+    await projectsUse(cfg.projectId);
+  }
 
-  config.set({
-    apiKey: values.apiKey as string,
-    projectId: values.projectId as string,
-  });
+  const values = await promptInit();
+  const activeProjectKey = config.requireProjectApiKey();
+  const activeProjectId = config.requireProject();
 
   if (!existsSync('globio.config.ts')) {
     writeFileSync(
       'globio.config.ts',
-      `import { GlobioClient } from '@globio/sdk';
+      `import { Globio } from '@globio/sdk';
 
-export const globio = new GlobioClient({
+export const globio = new Globio({
   apiKey: process.env.GLOBIO_API_KEY!,
 });
 `
@@ -38,7 +43,7 @@ export const globio = new GlobioClient({
   }
 
   if (!existsSync('.env')) {
-    writeFileSync('.env', `GLOBIO_API_KEY=${values.apiKey}\n`);
+    writeFileSync('.env', `GLOBIO_API_KEY=${activeProjectKey}\n`);
     printSuccess('Created .env');
   }
 
@@ -70,6 +75,7 @@ export const globio = new GlobioClient({
       muted('Next steps:') +
       '\n\n' +
       '  npm install @globio/sdk\n' +
+      `  # active project: ${activeProjectId}\n` +
       '  npx @globio/cli functions create my-first-function'
   );
 }

package/src/commands/projects.ts

@@ -1,16 +1,154 @@
+import * as p from '@clack/prompts';
 import chalk from 'chalk';
 import { config } from '../lib/config.js';
+import {
+  manageRequest,
+  type ManageOrg,
+  type ManageProject,
+  type ManageProjectKey,
+} from '../lib/manage.js';
+
+function slugify(value: string) {
+  return value
+    .toLowerCase()
+    .trim()
+    .replace(/[^a-z0-9\\s-]/g, '')
+    .replace(/\\s+/g, '-')
+    .replace(/-+/g, '-');
+}
+
+async function ensureProjectKey(projectId: string) {
+  const existingKey = config.getProjectApiKey(projectId);
+  if (existingKey) return existingKey;
+
+  const created = await manageRequest<ManageProjectKey>(`/projects/${projectId}/keys`, {
+    method: 'POST',
+    body: {
+      name: 'CLI server key',
+      scope: 'server',
+    },
+  });
+
+  if (!created.token) {
+    throw new Error('Management API did not return a project API key');
+  }
+
+  return created.token;
+}
 
 export async function projectsList() {
-  const cfg = config.get();
-  console.log('');
-  console.log(
-    chalk.cyan('Active project: ') + (cfg.projectId ?? chalk.gray('none'))
-  );
+  const projects = await manageRequest<ManageProject[]>('/projects');
+  const activeProjectId = config.get().projectId;
+  const grouped = new Map<string, ManageProject[]>();
+
+  for (const project of projects) {
+    const list = grouped.get(project.org_name) ?? [];
+    list.push(project);
+    grouped.set(project.org_name, list);
+  }
+
   console.log('');
+  if (!projects.length) {
+    console.log(chalk.gray('No projects found.'));
+    console.log('');
+    return;
+  }
+
+  for (const [orgName, orgProjects] of grouped.entries()) {
+    console.log(chalk.cyan(`org: ${orgName}`));
+    for (const project of orgProjects) {
+      const marker = project.id === activeProjectId ? chalk.green('●') : chalk.gray('○');
+      const active = project.id === activeProjectId ? chalk.green('  (active)') : '';
+      console.log(`  ${marker} ${project.slug.padEnd(22)} ${chalk.gray(project.id)}${active}`);
+    }
+    console.log('');
+  }
 }
 
 export async function projectsUse(projectId: string) {
-  config.set({ projectId });
-  console.log(chalk.green('Active project set to: ') + chalk.cyan(projectId));
+  const projects = await manageRequest<ManageProject[]>('/projects');
+  const project = projects.find((item) => item.id === projectId);
+  if (!project) {
+    console.log(chalk.red(`Project not found: ${projectId}`));
+    process.exit(1);
+  }
+
+  const apiKey = await ensureProjectKey(projectId);
+  config.setProjectAuth(projectId, apiKey, project.name);
+  console.log(chalk.green('Active project set to: ') + chalk.cyan(`${project.name} (${project.id})`));
+}
+
+export async function projectsCreate() {
+  const orgs = await manageRequest<ManageOrg[]>('/orgs');
+  if (!orgs.length) {
+    console.log(chalk.red('No organizations found. Create one in the console first.'));
+    process.exit(1);
+  }
+
+  const orgId = await p.select({
+    message: 'Select an organization',
+    options: orgs.map((org) => ({
+      value: org.id,
+      label: org.name,
+      hint: org.role,
+    })),
+  });
+
+  if (p.isCancel(orgId)) {
+    p.cancel('Project creation cancelled.');
+    process.exit(0);
+  }
+
+  const values = await p.group(
+    {
+      name: () =>
+        p.text({
+          message: 'Project name',
+          validate: (value) => (!value ? 'Project name is required' : undefined),
+        }),
+      slug: ({ results }) =>
+        p.text({
+          message: 'Project slug',
+          initialValue: slugify(String(results.name ?? '')),
+          validate: (value) => (!value ? 'Project slug is required' : undefined),
+        }),
+      environment: () =>
+        p.select({
+          message: 'Environment',
+          options: [
+            { value: 'development', label: 'development' },
+            { value: 'staging', label: 'staging' },
+            { value: 'production', label: 'production' },
+          ],
+        }),
+    },
+    {
+      onCancel: () => {
+        p.cancel('Project creation cancelled.');
+        process.exit(0);
+      },
+    }
+  );
+
+  const result = await manageRequest<{
+    project: { id: string; name: string; slug: string; environment: string; active: boolean };
+    keys: { client: string; server: string };
+  }>('/projects', {
+    method: 'POST',
+    body: {
+      org_id: orgId,
+      name: values.name,
+      slug: values.slug,
+      environment: values.environment,
+    },
+  });
+
+  config.setProjectAuth(result.project.id, result.keys.server, result.project.name);
+
+  console.log('');
+  console.log(chalk.green('Project created successfully.'));
+  console.log(chalk.cyan('Project: ') + `${result.project.name} (${result.project.id})`);
+  console.log(chalk.cyan('Client key: ') + result.keys.client);
+  console.log(chalk.cyan('Server key: ') + result.keys.server);
+  console.log('');
 }

package/src/index.ts

@@ -4,7 +4,7 @@ import { login } from './auth/login.js';
 import { logout } from './auth/logout.js';
 import { whoami } from './auth/whoami.js';
 import { init } from './commands/init.js';
-import { projectsList, projectsUse } from './commands/projects.js';
+import { projectsCreate, projectsList, projectsUse } from './commands/projects.js';
 import { servicesList } from './commands/services.js';
 import {
   functionsList,
@@ -34,7 +34,11 @@ program
     return '';
   });
 
-program.command('login').description('Log in to your Globio account').action(login);
+program
+  .command('login')
+  .description('Log in to your Globio account')
+  .option('--token', 'Use a personal access token')
+  .action(login);
 program.command('logout').description('Log out').action(logout);
 program.command('whoami').description('Show current account and project').action(whoami);
 
@@ -42,6 +46,7 @@ program.command('init').description('Initialize a Globio project').action(init);
 
 const projects = program.command('projects').description('Manage projects');
 projects.command('list').description('List projects').action(projectsList);
+projects.command('create').description('Create a project').action(projectsCreate);
 projects.command('use <projectId>').description('Set active project').action(projectsUse);
 
 program.command('services').description('List available Globio services').action(servicesList);
@@ -94,8 +99,15 @@ migrate
   .option('--all', 'Migrate all files')
   .action(migrateFirebaseStorage);
 
-if (process.argv.length <= 2) {
-  program.help();
+async function main() {
+  if (process.argv.length <= 2) {
+    program.help();
+  }
+
+  await program.parseAsync();
 }
 
-await program.parseAsync();
+main().catch((error) => {
+  console.error(error instanceof Error ? error.message : error);
+  process.exit(1);
+});

package/src/lib/config.ts

@@ -2,10 +2,13 @@ import chalk from 'chalk';
 import Conf from 'conf';
 
 interface GlobioConfig {
-  apiKey?: string;
+  pat?: string;
+  accountEmail?: string;
+  accountName?: string;
   projectId?: string;
   projectName?: string;
-  email?: string;
+  projectApiKeys?: Record<string, string>;
+  projectNames?: Record<string, string>;
 }
 
 const store = new Conf<GlobioConfig>({
@@ -23,14 +26,14 @@ export const config = {
     });
   },
   clear: () => store.clear(),
-  getApiKey: () => store.get('apiKey'),
-  requireAuth: () => {
-    const key = store.get('apiKey');
-    if (!key) {
+  getPat: () => store.get('pat'),
+  requirePat: () => {
+    const pat = store.get('pat');
+    if (!pat) {
       console.error(chalk.red('Not logged in. Run: npx @globio/cli login'));
       process.exit(1);
     }
-    return key;
+    return pat;
   },
   requireProject: () => {
     const projectId = store.get('projectId');
@@ -42,6 +45,47 @@ export const config = {
     }
     return projectId;
   },
+  setProjectAuth: (projectId: string, apiKey: string, projectName?: string) => {
+    const projectApiKeys = store.get('projectApiKeys') ?? {};
+    const projectNames = store.get('projectNames') ?? {};
+    projectApiKeys[projectId] = apiKey;
+    if (projectName) {
+      projectNames[projectId] = projectName;
+    }
+
+    store.set('projectApiKeys', projectApiKeys);
+    store.set('projectNames', projectNames);
+    store.set('projectId', projectId);
+    if (projectName) {
+      store.set('projectName', projectName);
+    }
+  },
+  getProjectApiKey: (projectId: string) => {
+    const projectApiKeys = store.get('projectApiKeys') ?? {};
+    return projectApiKeys[projectId];
+  },
+  requireProjectApiKey: () => {
+    const projectId = store.get('projectId');
+    if (!projectId) {
+      console.error(
+        chalk.red('No active project. Run: npx @globio/cli projects use <projectId>')
+      );
+      process.exit(1);
+    }
+
+    const projectApiKeys = store.get('projectApiKeys') ?? {};
+    const apiKey = projectApiKeys[projectId];
+    if (!apiKey) {
+      console.error(
+        chalk.red(
+          'No project API key stored for the active project. Run: npx @globio/cli projects use <projectId>'
+        )
+      );
+      process.exit(1);
+    }
+
+    return apiKey;
+  },
 };
 
 export type { GlobioConfig };

package/src/lib/manage.ts

@@ -0,0 +1,83 @@
+import { config } from './config.js';
+
+const API_BASE_URL = 'https://api.globio.stanlink.online';
+const CONSOLE_BASE_URL = 'https://console.globio.stanlink.online';
+
+interface ManageRequestOptions {
+  method?: string;
+  body?: unknown;
+  token?: string;
+}
+
+export interface ManageAccount {
+  id: string;
+  email: string;
+  display_name: string | null;
+  avatar_url: string | null;
+  created_at: number;
+}
+
+export interface ManageOrg {
+  id: string;
+  name: string;
+  slug: string;
+  role: 'owner' | 'admin' | 'developer' | 'viewer';
+  created_at: number;
+}
+
+export interface ManageProject {
+  id: string;
+  name: string;
+  slug: string;
+  org_id: string;
+  org_name: string;
+  environment: string;
+  active: boolean;
+}
+
+export interface ManageProjectKey {
+  id: string;
+  name: string;
+  key_prefix: string;
+  scope: string;
+  created_at: number;
+  last_used_at: number | null;
+  token?: string;
+}
+
+function getAuthToken(explicitToken?: string): string | undefined {
+  if (explicitToken) return explicitToken;
+  return config.getPat();
+}
+
+export async function manageRequest<T>(
+  path: string,
+  options: ManageRequestOptions = {}
+): Promise<T> {
+  const headers = new Headers();
+  if (!(options.body instanceof FormData)) {
+    headers.set('Content-Type', 'application/json');
+  }
+
+  const token = getAuthToken(options.token);
+  if (token) {
+    headers.set('Authorization', `Bearer ${token}`);
+  }
+
+  const response = await fetch(`${API_BASE_URL}/manage${path}`, {
+    method: options.method ?? 'GET',
+    headers,
+    body: options.body ? JSON.stringify(options.body) : undefined,
+  });
+
+  const payload = await response.json().catch(() => ({}));
+  if (!response.ok) {
+    throw new Error(payload.error || payload.message || 'Management request failed');
+  }
+
+  return (payload.data ?? payload) as T;
+}
+
+export function getConsoleCliAuthUrl(state: string): string {
+  return `${CONSOLE_BASE_URL}/cli-auth?state=${encodeURIComponent(state)}`;
+}

package/src/lib/sdk.ts

@@ -2,8 +2,7 @@ import { Globio } from '@globio/sdk';
 import { config } from './config.js';
 
 export function getClient(): Globio {
-  const apiKey = config.requireAuth();
-  config.requireProject();
+  const apiKey = config.requireProjectApiKey();
   return new Globio({ apiKey });
 }
 

package/src/prompts/init.ts

@@ -3,18 +3,6 @@ import * as p from '@clack/prompts';
 export async function promptInit() {
   return p.group(
     {
-      apiKey: () =>
-        p.text({
-          message: 'Globio API key',
-          placeholder: 'gk_live_...',
-          validate: (value) => (!value ? 'Required' : undefined),
-        }),
-      projectId: () =>
-        p.text({
-          message: 'Project ID',
-          placeholder: 'proj_...',
-          validate: (value) => (!value ? 'Required' : undefined),
-        }),
       migrateFromFirebase: () =>
         p.confirm({
           message: 'Migrating from Firebase?',