@guildai/cli 0.5.12 → 0.6.0

package/dist/commands/credentials/endpoint-list.js

@@ -0,0 +1,87 @@
+// Copyright 2026 Guild.ai
+// SPDX-License-Identifier: Apache-2.0
+import { Command } from 'commander';
+import chalk from 'chalk';
+import { GuildAPIClient } from '../../lib/api-client.js';
+import { getAuthToken } from '../../lib/auth.js';
+import { handleAxiosError } from '../../lib/errors.js';
+import { getOutputMode } from '../../lib/output-mode.js';
+import { createOutputWriter } from '../../lib/output.js';
+import { Table } from '../../lib/table.js';
+export function createCredentialsEndpointListCommand() {
+    const cmd = new Command('list');
+    cmd
+        .description('List endpoints for a credential')
+        .argument('<credential-id>', 'Credential ID')
+        .option('--include-previous-versions', 'Include endpoints from previous versions')
+        .option('--search <query>', 'Search by operation name')
+        .option('--limit <number>', 'Number of results to return', '20')
+        .option('--offset <number>', 'Offset for pagination', '0')
+        .action(async (credentialId, options) => {
+        const output = createOutputWriter();
+        try {
+            const token = await getAuthToken();
+            if (!token) {
+                output.error('Not authenticated. Run: guild auth login');
+                process.exit(1);
+            }
+            const client = new GuildAPIClient();
+            const params = new URLSearchParams();
+            params.append('limit', options.limit);
+            params.append('offset', options.offset);
+            if (options.includePreviousVersions) {
+                params.append('include_previous_versions', 'true');
+            }
+            if (options.search) {
+                params.append('search', options.search);
+            }
+            const response = await client.get(`/credentials/${credentialId}/endpoints/new?${params.toString()}`);
+            if (getOutputMode() === 'json') {
+                console.log(JSON.stringify(response, null, 2));
+            }
+            else {
+                formatEndpointsTable(response.items, response.pagination);
+            }
+        }
+        catch (error) {
+            const formattedError = handleAxiosError(error);
+            output.error(formattedError.details);
+            process.exit(1);
+        }
+    });
+    return cmd;
+}
+function formatEndpointsTable(endpoints, pagination) {
+    if (endpoints.length === 0) {
+        console.log(chalk.dim('No endpoints found'));
+        return;
+    }
+    const table = new Table({
+        columns: [
+            { name: 'operation', title: 'OPERATION', alignment: 'left' },
+            { name: 'method', title: 'METHOD', alignment: 'left' },
+            { name: 'path', title: 'PATH', alignment: 'left' },
+            { name: 'tags', title: 'TAGS', alignment: 'left' },
+        ],
+    });
+    endpoints.forEach((ep) => {
+        const methodColor = ep.method === 'DELETE' ? chalk.red : chalk.green;
+        table.addRow({
+            operation: ep.operation,
+            method: methodColor(ep.method),
+            path: ep.path,
+            tags: ep.tags?.join(', ') || '',
+        });
+    });
+    table.printTable();
+    const showing = Math.min(pagination.limit, endpoints.length);
+    if (pagination.has_more) {
+        const nextOffset = pagination.offset + pagination.limit;
+        console.log(`\nShowing ${showing} of ${pagination.total_count} endpoints. ` +
+            chalk.dim(`Use --offset ${nextOffset} to see more.`));
+    }
+    else if (pagination.total_count > showing) {
+        console.log(chalk.dim(`\nShowing ${showing} of ${pagination.total_count} endpoints`));
+    }
+}
+//# sourceMappingURL=endpoint-list.js.map

package/dist/commands/credentials/list.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare function createCredentialsListCommand(): Command;
+//# sourceMappingURL=list.d.ts.map

package/dist/commands/{container → credentials}/list.js

@@ -5,13 +5,13 @@ import { GuildAPIClient } from '../../lib/api-client.js';
 import { getAuthToken } from '../../lib/auth.js';
 import { handleAxiosError } from '../../lib/errors.js';
 import { getOutputMode } from '../../lib/output-mode.js';
-import { createOutputWriter, formatContainerTable } from '../../lib/output.js';
-export function createContainerListCommand() {
+import { createOutputWriter, formatCredentialsTable } from '../../lib/output.js';
+export function createCredentialsListCommand() {
     const cmd = new Command('list');
     cmd
-        .description('List containers for an account')
-        .requiredOption('--account <id-or-name>', 'Account ID or name')
-        .option('--status <status>', 'Filter by status: STARTING, RUNNING, ERRORED, DESTROYED')
+        .description('List credentials for an account')
+        .requiredOption('--owner <account>', 'Account name or ID')
+        .option('--search <query>', 'Filter by integration name')
         .option('--limit <number>', 'Number of results to return', '20')
         .option('--offset <number>', 'Offset for pagination', '0')
         .action(async (options) => {
@@ -23,23 +23,24 @@ export function createContainerListCommand() {
                 process.exit(1);
             }
             const client = new GuildAPIClient();
+            const accountId = options.owner;
             const params = new URLSearchParams();
             params.append('limit', options.limit);
             params.append('offset', options.offset);
-            if (options.status) {
-                params.append('statuses', options.status.toUpperCase());
+            if (options.search) {
+                params.append('search', options.search);
             }
-            const response = await client.get(`/accounts/${options.account}/containers?${params.toString()}`);
+            const response = await client.get(`/accounts/${accountId}/credentials?${params.toString()}`);
             if (getOutputMode() === 'json') {
                 console.log(JSON.stringify(response, null, 2));
             }
             else {
-                formatContainerTable(response.items, response.pagination);
+                formatCredentialsTable(response.items, response.pagination);
             }
         }
         catch (error) {
             const formattedError = handleAxiosError(error);
-            output.error(`Failed to list containers: ${formattedError.details}`);
+            output.error(formattedError.details);
             process.exit(1);
         }
     });

package/dist/commands/credentials/policy-create.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare function createCredentialsPolicyCreateCommand(): Command;
+//# sourceMappingURL=policy-create.d.ts.map

package/dist/commands/credentials/policy-create.js

@@ -0,0 +1,66 @@
+// Copyright 2026 Guild.ai
+// SPDX-License-Identifier: Apache-2.0
+import { Command } from 'commander';
+import { GuildAPIClient } from '../../lib/api-client.js';
+import { getAuthToken } from '../../lib/auth.js';
+import { handleAxiosError } from '../../lib/errors.js';
+import { createOutputWriter } from '../../lib/output.js';
+export function createCredentialsPolicyCreateCommand() {
+    const cmd = new Command('create');
+    cmd
+        .description('Create a policy for a credential')
+        .argument('<credential-id>', 'Credential ID')
+        .requiredOption('--decision <decision>', 'ALLOW or DENY')
+        .option('--operations <ops>', 'Comma-separated operation names')
+        .option('--workspaces <ids-or-names>', 'Comma-separated workspace IDs or names')
+        .option('--agents <ids-or-names>', 'Comma-separated agent IDs or names')
+        .option('--resources <json>', 'Resource restrictions as JSON')
+        .action(async (credentialId, options) => {
+        const output = createOutputWriter();
+        try {
+            const token = await getAuthToken();
+            if (!token) {
+                output.error('Not authenticated. Run: guild auth login');
+                process.exit(1);
+            }
+            const decision = options.decision.toUpperCase();
+            if (decision !== 'ALLOW' && decision !== 'DENY') {
+                output.error('--decision must be ALLOW or DENY');
+                process.exit(1);
+            }
+            const body = {
+                decision,
+            };
+            if (options.operations) {
+                body.operations = options.operations.split(',').map((s) => s.trim());
+            }
+            if (options.workspaces) {
+                body.workspace_ids_or_names = options.workspaces
+                    .split(',')
+                    .map((s) => s.trim());
+            }
+            if (options.agents) {
+                body.agent_ids_or_names = options.agents.split(',').map((s) => s.trim());
+            }
+            if (options.resources) {
+                try {
+                    body.resources = JSON.parse(options.resources);
+                }
+                catch {
+                    output.error('--resources must be valid JSON');
+                    process.exit(1);
+                }
+            }
+            const client = new GuildAPIClient();
+            const response = await client.post(`/credentials/${credentialId}/policies`, body);
+            output.data(response);
+        }
+        catch (error) {
+            const formattedError = handleAxiosError(error);
+            output.error(formattedError.details);
+            process.exit(1);
+        }
+    });
+    return cmd;
+}
+//# sourceMappingURL=policy-create.js.map

package/dist/commands/credentials/policy-delete.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare function createCredentialsPolicyDeleteCommand(): Command;
+//# sourceMappingURL=policy-delete.d.ts.map

package/dist/commands/{container/get.js → credentials/policy-delete.js}

@@ -5,12 +5,12 @@ import { GuildAPIClient } from '../../lib/api-client.js';
 import { getAuthToken } from '../../lib/auth.js';
 import { handleAxiosError } from '../../lib/errors.js';
 import { createOutputWriter } from '../../lib/output.js';
-export function createContainerGetCommand() {
-    const cmd = new Command('get');
+export function createCredentialsPolicyDeleteCommand() {
+    const cmd = new Command('delete');
     cmd
-        .description('Get container details')
-        .argument('<container-id>', 'Container ID')
-        .action(async (containerId) => {
+        .description('Delete a credential policy')
+        .argument('<policy-id>', 'Policy ID')
+        .action(async (policyId) => {
         const output = createOutputWriter();
         try {
             const token = await getAuthToken();
@@ -19,15 +19,15 @@ export function createContainerGetCommand() {
                 process.exit(1);
             }
             const client = new GuildAPIClient();
-            const response = await client.get(`/containers/${containerId}`);
-            output.data(response);
+            await client.delete(`/credentials/policies/${policyId}`);
+            output.success(`Policy ${policyId} deleted`);
         }
         catch (error) {
             const formattedError = handleAxiosError(error);
-            output.error(`Failed to get container: ${formattedError.details}`);
+            output.error(formattedError.details);
             process.exit(1);
         }
     });
     return cmd;
 }
-//# sourceMappingURL=get.js.map
+//# sourceMappingURL=policy-delete.js.map

package/dist/commands/credentials/policy-list.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare function createCredentialsPolicyListCommand(): Command;
+//# sourceMappingURL=policy-list.d.ts.map

package/dist/commands/{container-image/list.js → credentials/policy-list.js}

@@ -5,15 +5,15 @@ import { GuildAPIClient } from '../../lib/api-client.js';
 import { getAuthToken } from '../../lib/auth.js';
 import { handleAxiosError } from '../../lib/errors.js';
 import { getOutputMode } from '../../lib/output-mode.js';
-import { createOutputWriter, formatContainerImageTable } from '../../lib/output.js';
-export function createContainerImageListCommand() {
+import { createOutputWriter, formatPoliciesTable } from '../../lib/output.js';
+export function createCredentialsPolicyListCommand() {
     const cmd = new Command('list');
     cmd
-        .description('List container images for an account')
-        .requiredOption('--account <id-or-name>', 'Account ID or name')
+        .description('List policies for a credential')
+        .argument('<credential-id>', 'Credential ID')
         .option('--limit <number>', 'Number of results to return', '20')
         .option('--offset <number>', 'Offset for pagination', '0')
-        .action(async (options) => {
+        .action(async (credentialId, options) => {
         const output = createOutputWriter();
         try {
             const token = await getAuthToken();
@@ -25,20 +25,20 @@ export function createContainerImageListCommand() {
             const params = new URLSearchParams();
             params.append('limit', options.limit);
             params.append('offset', options.offset);
-            const response = await client.get(`/accounts/${options.account}/container-images?${params.toString()}`);
+            const response = await client.get(`/credentials/${credentialId}/policies?${params.toString()}`);
             if (getOutputMode() === 'json') {
                 console.log(JSON.stringify(response, null, 2));
             }
             else {
-                formatContainerImageTable(response.items, response.pagination);
+                formatPoliciesTable(response.items, response.pagination);
             }
         }
         catch (error) {
             const formattedError = handleAxiosError(error);
-            output.error(`Failed to list container images: ${formattedError.details}`);
+            output.error(formattedError.details);
             process.exit(1);
         }
     });
     return cmd;
 }
-//# sourceMappingURL=list.js.map
+//# sourceMappingURL=policy-list.js.map

package/dist/commands/credentials/policy-update.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+export declare function createCredentialsPolicyUpdateCommand(): Command;
+//# sourceMappingURL=policy-update.d.ts.map

package/dist/commands/credentials/policy-update.js

@@ -0,0 +1,66 @@
+// Copyright 2026 Guild.ai
+// SPDX-License-Identifier: Apache-2.0
+import { Command } from 'commander';
+import { GuildAPIClient } from '../../lib/api-client.js';
+import { getAuthToken } from '../../lib/auth.js';
+import { handleAxiosError } from '../../lib/errors.js';
+import { createOutputWriter } from '../../lib/output.js';
+export function createCredentialsPolicyUpdateCommand() {
+    const cmd = new Command('update');
+    cmd
+        .description('Update a credential policy')
+        .argument('<policy-id>', 'Policy ID')
+        .requiredOption('--decision <decision>', 'ALLOW or DENY')
+        .option('--operations <ops>', 'Comma-separated operation names')
+        .option('--workspaces <ids-or-names>', 'Comma-separated workspace IDs or names')
+        .option('--agents <ids-or-names>', 'Comma-separated agent IDs or names')
+        .option('--resources <json>', 'Resource restrictions as JSON')
+        .action(async (policyId, options) => {
+        const output = createOutputWriter();
+        try {
+            const token = await getAuthToken();
+            if (!token) {
+                output.error('Not authenticated. Run: guild auth login');
+                process.exit(1);
+            }
+            const decision = options.decision.toUpperCase();
+            if (decision !== 'ALLOW' && decision !== 'DENY') {
+                output.error('--decision must be ALLOW or DENY');
+                process.exit(1);
+            }
+            const body = {
+                decision,
+            };
+            if (options.operations) {
+                body.operations = options.operations.split(',').map((s) => s.trim());
+            }
+            if (options.workspaces) {
+                body.workspace_ids_or_names = options.workspaces
+                    .split(',')
+                    .map((s) => s.trim());
+            }
+            if (options.agents) {
+                body.agent_ids_or_names = options.agents.split(',').map((s) => s.trim());
+            }
+            if (options.resources) {
+                try {
+                    body.resources = JSON.parse(options.resources);
+                }
+                catch {
+                    output.error('--resources must be valid JSON');
+                    process.exit(1);
+                }
+            }
+            const client = new GuildAPIClient();
+            const response = await client.put(`/credentials/policies/${policyId}`, body);
+            output.data(response);
+        }
+        catch (error) {
+            const formattedError = handleAxiosError(error);
+            output.error(formattedError.details);
+            process.exit(1);
+        }
+    });
+    return cmd;
+}
+//# sourceMappingURL=policy-update.js.map

package/dist/commands/trigger/create.js

@@ -6,7 +6,7 @@ import { getAuthToken } from '../../lib/auth.js';
 import { getWorkspaceId } from '../../lib/guild-config.js';
 import { handleAxiosError, ErrorCodes } from '../../lib/errors.js';
 import { createOutputWriter } from '../../lib/output.js';
-import { WEBHOOK_SERVICES, TIME_TRIGGER_FREQUENCIES, } from '../../lib/api-types.js';
+import { TIME_TRIGGER_FREQUENCIES, } from '../../lib/api-types.js';
 export function createTriggerCreateCommand() {
     const cmd = new Command('create');
     cmd
@@ -15,7 +15,7 @@ export function createTriggerCreateCommand() {
         .requiredOption('--type <type>', 'Trigger type: webhook or time')
         .requiredOption('--agent <identifier>', 'Agent identifier (e.g., owner/agent-name)')
         // Webhook options
-        .option('--service <service>', 'Webhook service: GITHUB, BITBUCKET, JIRA, SLACK')
+        .option('--integration <name>', 'Integration name for webhook triggers (e.g., github, slack, jira)')
         .option('--event <event>', 'Event type (e.g., app_mention, issues)')
         .option('--action <action>', 'Event action (e.g., opened, created)')
         .option('--service-config <json>', 'Service-specific config as JSON')
@@ -29,17 +29,26 @@ export function createTriggerCreateCommand() {
         .action(async (options) => {
         const output = createOutputWriter();
         try {
-            const token = await getAuthToken();
-            if (!token) {
-                output.error('Not authenticated. Run: guild auth login');
-                process.exit(1);
-            }
-            // Validate trigger type
+            // Validate trigger type before auth (fail fast on bad input)
             const triggerType = options.type.toLowerCase();
             if (triggerType !== 'webhook' && triggerType !== 'time') {
                 output.error('--type must be "webhook" or "time"');
                 process.exit(1);
             }
+            // Validate type-specific required options before auth
+            if (triggerType === 'webhook' && !options.integration) {
+                output.error('--integration is required for webhook triggers (e.g., --integration github)');
+                process.exit(1);
+            }
+            if (triggerType === 'time' && !options.frequency) {
+                output.error(`--frequency is required for time triggers. Valid: ${TIME_TRIGGER_FREQUENCIES.join(', ')}`);
+                process.exit(1);
+            }
+            const token = await getAuthToken();
+            if (!token) {
+                output.error('Not authenticated. Run: guild auth login');
+                process.exit(1);
+            }
             // Resolve workspace
             let workspaceId = options.workspace;
             if (!workspaceId) {
@@ -63,20 +72,31 @@ export function createTriggerCreateCommand() {
             // Build request body based on trigger type
             let body;
             if (triggerType === 'webhook') {
-                // Validate webhook-specific options
-                if (!options.service) {
-                    output.error(`--service is required for webhook triggers. Valid: ${WEBHOOK_SERVICES.join(', ')}`);
+                // Fetch workspace details to get the owner account ID
+                const workspace = await client.get(`/workspaces/${workspaceId}`);
+                if (!workspace.owner) {
+                    output.error('Could not resolve workspace owner');
                     process.exit(1);
                 }
-                const service = options.service.toUpperCase();
-                if (!WEBHOOK_SERVICES.includes(service)) {
-                    output.error(`Invalid service "${options.service}". Valid: ${WEBHOOK_SERVICES.join(', ')}`);
+                // Fetch integrations with webhook configs for this account
+                const integrations = await client.fetchAll(`/accounts/${workspace.owner.id}/integrations?has_webhooks_only=true`);
+                // Match by integration name (case-insensitive)
+                const integrationName = options.integration.toLowerCase();
+                const integration = integrations.find((i) => i.name.toLowerCase() === integrationName ||
+                    i.full_name.toLowerCase() === integrationName);
+                if (!integration) {
+                    const available = integrations.map((i) => i.name).join(', ');
+                    output.error(`Integration "${options.integration}" not found.${available ? ` Available: ${available}` : ' No webhook integrations configured.'}`);
+                    process.exit(1);
+                }
+                if (!integration.webhook_config) {
+                    output.error(`Integration "${integration.name}" does not have webhooks configured`);
                     process.exit(1);
                 }
                 body = {
                     type: 'webhook',
-                    service: service,
                     workspace_agent_id: workspaceAgent.id,
+                    webhook_config_id: integration.webhook_config.id,
                 };
                 if (options.event) {
                     body.event_type = options.event;
@@ -96,10 +116,6 @@ export function createTriggerCreateCommand() {
             }
             else {
                 // Time trigger
-                if (!options.frequency) {
-                    output.error(`--frequency is required for time triggers. Valid: ${TIME_TRIGGER_FREQUENCIES.join(', ')}`);
-                    process.exit(1);
-                }
                 const frequency = options.frequency.toUpperCase();
                 if (!TIME_TRIGGER_FREQUENCIES.includes(frequency)) {
                     output.error(`Invalid frequency "${options.frequency}". Valid: ${TIME_TRIGGER_FREQUENCIES.join(', ')}`);

package/dist/commands/workspace/select.js

@@ -2,10 +2,11 @@
 // SPDX-License-Identifier: Apache-2.0
 import { Command } from 'commander';
 import * as fs from 'fs/promises';
-import * as readline from 'readline';
+import search from '@inquirer/search';
 import { GuildAPIClient } from '../../lib/api-client.js';
 import { handleAxiosError, ErrorCodes } from '../../lib/errors.js';
 import { createOutputWriter } from '../../lib/output.js';
+import { isInteractive } from '../../lib/stdin.js';
 import { isAgentDirectory, loadLocalConfig, getLocalConfigPath, getWorkspaceId, saveGlobalConfig, } from '../../lib/guild-config.js';
 /**
  * Format workspace for display with owner name.
@@ -68,44 +69,38 @@ export function createWorkspaceSelectCommand() {
                 }
                 return;
             }
-            // Interactive mode: fetch workspaces for selection
-            const workspaces = await client.get('/me/workspaces?filter=all');
-            if (workspaces.items.length === 0) {
+            if (!isInteractive()) {
+                output.error('Interactive mode requires a terminal.', 'Provide a workspace argument:\n  guild workspace select <name|id>');
+                process.exit(1);
+            }
+            // Interactive mode: fetch all workspaces across all pages
+            const workspaces = await client.fetchAll('/me/workspaces?filter=all');
+            if (workspaces.length === 0) {
                 output.error('No workspaces found.', 'Create a workspace first:\n  guild workspace create <name>');
                 process.exit(1);
             }
             // Resolve the currently selected workspace (if any)
             const current = await getWorkspaceId();
-            const currentIndex = current
-                ? workspaces.items.findIndex((w) => w.id === current.workspaceId)
-                : -1;
-            // Show interactive selection
-            console.log('Select a default workspace:\n');
-            workspaces.items.forEach((workspace, index) => {
-                const marker = index === currentIndex ? ' (current)' : '';
-                console.log(`  ${index + 1}. ${formatWorkspaceDisplay(workspace)}${marker}`);
-            });
-            console.log('');
-            const rl = readline.createInterface({
-                input: process.stdin,
-                output: process.stdout,
-            });
-            const defaultHint = currentIndex >= 0 ? ` [${currentIndex + 1}]` : '';
-            const answer = await new Promise((resolve) => {
-                rl.question(`Enter number (1-${workspaces.items.length})${defaultHint}: `, resolve);
+            const currentId = current?.workspaceId;
+            // Interactive searchable selection
+            const selectedId = await search({
+                message: 'Select a workspace (type to filter)',
+                pageSize: 15,
+                source: (input) => {
+                    const term = input?.toLowerCase() ?? '';
+                    const filtered = term
+                        ? workspaces.filter((w) => w.name.toLowerCase().includes(term) ||
+                            w.full_name?.toLowerCase().includes(term) ||
+                            w.owner?.name.toLowerCase().includes(term))
+                        : workspaces;
+                    return filtered.map((w) => ({
+                        name: formatWorkspaceDisplay(w) + (w.id === currentId ? ' (current)' : ''),
+                        value: w.id,
+                        short: w.name,
+                    }));
+                },
             });
-            rl.close();
-            // Empty input keeps current selection
-            if (answer.trim() === '' && currentIndex >= 0) {
-                console.log('Workspace unchanged.');
-                return;
-            }
-            const selection = parseInt(answer.trim(), 10);
-            if (isNaN(selection) || selection < 1 || selection > workspaces.items.length) {
-                output.error('Invalid selection');
-                process.exit(1);
-            }
-            const selectedWorkspace = workspaces.items[selection - 1];
+            const selectedWorkspace = workspaces.find((w) => w.id === selectedId);
             const target = await saveWorkspaceConfig(selectedWorkspace.id, selectedWorkspace.name);
             if (target === 'local') {
                 output.success(`Workspace set for this agent: ${formatWorkspaceDisplay(selectedWorkspace)}`);

package/dist/index.js

@@ -59,27 +59,24 @@ import { createSessionEventsCommand } from './commands/session/events.js';
 import { createSessionTasksCommand } from './commands/session/tasks.js';
 import { createSessionCreateCommand } from './commands/session/create.js';
 import { createSessionSendCommand } from './commands/session/send.js';
-import { createContainerGetCommand } from './commands/container/get.js';
-import { createContainerListCommand } from './commands/container/list.js';
-import { createContainerEventsCommand } from './commands/container/events.js';
-import { createContainerExecCommand } from './commands/container/exec.js';
-import { createContainerDestroyCommand } from './commands/container/destroy.js';
-import { createContainerImageListCommand } from './commands/container-image/list.js';
-import { createContainerImageGetCommand } from './commands/container-image/get.js';
-import { createContainerImageCreateCommand } from './commands/container-image/create.js';
 import { createJobGetCommand } from './commands/job/get.js';
 import { createJobStepGetCommand } from './commands/job/step-get.js';
 import { createConfigListCommand } from './commands/config/list.js';
 import { createConfigGetCommand } from './commands/config/get.js';
 import { createConfigSetCommand } from './commands/config/set.js';
 import { createConfigPathCommand } from './commands/config/path.js';
+import { createCredentialsEndpointListCommand } from './commands/credentials/endpoint-list.js';
+import { createCredentialsListCommand } from './commands/credentials/list.js';
+import { createCredentialsPolicyCreateCommand } from './commands/credentials/policy-create.js';
+import { createCredentialsPolicyDeleteCommand } from './commands/credentials/policy-delete.js';
+import { createCredentialsPolicyListCommand } from './commands/credentials/policy-list.js';
+import { createCredentialsPolicyUpdateCommand } from './commands/credentials/policy-update.js';
 import { createDoctorCommand } from './commands/doctor.js';
 import { createSetupCommand } from './commands/setup.js';
 import { createMcpCommand } from './commands/mcp.js';
 import { showSplashScreen, shouldShowSplash } from './lib/splash.js';
 import { checkForUpdate } from './lib/update-check.js';
 import { setupUnknownCommandSuggestions } from './lib/did-you-mean.js';
-import { getEnabledGKs, isGKEnabled } from './lib/gk.js';
 import chalk from 'chalk';
 // ESM equivalent of __dirname
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
@@ -217,24 +214,22 @@ triggerCmd.addCommand(createTriggerUpdateCommand());
 triggerCmd.addCommand(createTriggerActivateCommand());
 triggerCmd.addCommand(createTriggerDeactivateCommand());
 triggerCmd.addCommand(createTriggerSessionsCommand());
-// GK-gated commands: fetch enabled GKs and conditionally register command groups
-const enabledGKs = await getEnabledGKs();
-if (isGKEnabled('CONTAINERS', enabledGKs)) {
-    // Container command group
-    const containerCmd = program.command('container').description('Container management');
-    containerCmd.addCommand(createContainerListCommand());
-    containerCmd.addCommand(createContainerGetCommand());
-    containerCmd.addCommand(createContainerEventsCommand());
-    containerCmd.addCommand(createContainerExecCommand());
-    containerCmd.addCommand(createContainerDestroyCommand());
-    // Container image command group
-    const containerImageCmd = program
-        .command('container-image')
-        .description('Container image management');
-    containerImageCmd.addCommand(createContainerImageCreateCommand());
-    containerImageCmd.addCommand(createContainerImageListCommand());
-    containerImageCmd.addCommand(createContainerImageGetCommand());
-}
+// Credentials command group
+const credentialsCmd = program
+    .command('credentials')
+    .description('Credential management');
+credentialsCmd.addCommand(createCredentialsListCommand());
+const credentialsPolicyCmd = credentialsCmd
+    .command('policy')
+    .description('Manage credential policies');
+credentialsPolicyCmd.addCommand(createCredentialsPolicyListCommand());
+credentialsPolicyCmd.addCommand(createCredentialsPolicyCreateCommand());
+credentialsPolicyCmd.addCommand(createCredentialsPolicyUpdateCommand());
+credentialsPolicyCmd.addCommand(createCredentialsPolicyDeleteCommand());
+const credentialsEndpointCmd = credentialsCmd
+    .command('endpoint')
+    .description('Manage credential endpoints');
+credentialsEndpointCmd.addCommand(createCredentialsEndpointListCommand());
 // Session command group
 const sessionCmd = program.command('session').description('Session management');
 sessionCmd.addCommand(createSessionListCommand());