@insforge/cli 0.1.60 → 0.1.62

package/dist/index.js

@@ -2,7 +2,7 @@
 
 // src/index.ts
 import { readFileSync as readFileSync7 } from "fs";
-import { join as join12, dirname } from "path";
+import { join as join13, dirname } from "path";
 import { fileURLToPath } from "url";
 import { Command } from "commander";
 import * as clack11 from "@clack/prompts";
@@ -1237,7 +1237,7 @@ async function reportCliUsage(toolName, success, maxRetries = 1, explicitConfig)
 
 // src/lib/analytics.ts
 import { PostHog } from "posthog-node";
-var POSTHOG_API_KEY = "phc_ueV1ii62wdBTkH7E70ugyeqHIHu8dFDdjs0qq3TZhJz";
+var POSTHOG_API_KEY = "";
 var POSTHOG_HOST = process.env.POSTHOG_HOST || "https://us.i.posthog.com";
 var client = null;
 function getClient() {
@@ -1269,6 +1269,17 @@ function trackDiagnose(subcommand, config) {
     oss_mode: config.project_id === FAKE_PROJECT_ID
   });
 }
+function trackPayments(subcommand, config, properties) {
+  captureEvent(config.project_id, "cli_payments_invoked", {
+    subcommand,
+    project_id: config.project_id,
+    project_name: config.project_name,
+    org_id: config.org_id,
+    region: config.region,
+    oss_mode: config.project_id === FAKE_PROJECT_ID,
+    ...properties
+  });
+}
 async function shutdownAnalytics() {
   try {
     if (client) await client.shutdown();
@@ -1326,6 +1337,9 @@ ${err.nextActions}`;
     if (res.status === 404 && isRouteLevel404 && path5.startsWith("/api/compute")) {
       message = "Compute services are not available on this backend.\nSelf-hosted: upgrade your InsForge instance. Cloud: contact your InsForge admin to enable compute.";
     }
+    if (res.status === 404 && isRouteLevel404 && path5.startsWith("/api/payments")) {
+      message = "Payments are not available on this backend.\nSelf-hosted: upgrade your InsForge instance. Cloud/private preview: contact your InsForge admin to enable payments.";
+    }
     if (res.status === 404 && isRouteLevel404 && path5 === "/api/database/migrations") {
       message = "Database migrations are not available on this backend.\nSelf-hosted: upgrade your InsForge instance. Cloud: contact your InsForge admin about database migration support.";
     }
@@ -4844,11 +4858,13 @@ function registerComputeLogsCommand(computeCmd2) {
 }
 
 // src/commands/compute/deploy.ts
-import { existsSync as existsSync7 } from "fs";
-import { join as join11, resolve as resolve4 } from "path";
+import { existsSync as existsSync8 } from "fs";
+import { join as join12, resolve as resolve4 } from "path";
 
 // src/lib/flyctl.ts
 import { spawn, spawnSync } from "child_process";
+import { existsSync as existsSync7, writeFileSync as writeFileSync5, unlinkSync as unlinkSync2 } from "fs";
+import { join as join11 } from "path";
 function ensureFlyctlAvailable() {
   const r = spawnSync("flyctl", ["version"], {
     encoding: "utf8",
@@ -4860,8 +4876,41 @@ function ensureFlyctlAvailable() {
     );
   }
 }
+function ensureFlyTomlStub(opts) {
+  const path5 = join11(opts.dir, "fly.toml");
+  if (existsSync7(path5)) {
+    return () => {
+    };
+  }
+  const stub = `# Auto-generated by @insforge/cli for compute deploy. Safe to delete.
+app = "${opts.appId}"
+primary_region = "${opts.region}"
+
+[build]
+
+[http_service]
+  internal_port = ${opts.port}
+  force_https = true
+  auto_stop_machines = false
+  auto_start_machines = true
+  min_machines_running = 0
+`;
+  writeFileSync5(path5, stub, "utf8");
+  return () => {
+    try {
+      unlinkSync2(path5);
+    } catch {
+    }
+  };
+}
 function flyctlBuildAndPush(opts) {
   return new Promise((resolve5, reject) => {
+    const cleanupStub = ensureFlyTomlStub({
+      dir: opts.dir,
+      appId: opts.appId,
+      region: opts.region,
+      port: opts.port
+    });
     const child = spawn(
       "flyctl",
       [
@@ -4893,9 +4942,11 @@ function flyctlBuildAndPush(opts) {
       process.stderr.write(s);
     });
     child.on("error", (err) => {
+      cleanupStub();
       reject(new CLIError(`flyctl deploy could not start: ${err.message}`));
     });
     child.on("exit", (code) => {
+      cleanupStub();
       if (code !== 0) {
         return reject(
           new CLIError(`flyctl deploy --build-only failed (exit ${code}). See output above.`)
@@ -5003,8 +5054,8 @@ function registerComputeDeployCommand(computeCmd2) {
         return;
       }
       const absDir = resolve4(dir);
-      const dockerfilePath = join11(absDir, "Dockerfile");
-      if (!existsSync7(dockerfilePath)) {
+      const dockerfilePath = join12(absDir, "Dockerfile");
+      if (!existsSync8(dockerfilePath)) {
         throw new CLIError(
           `No Dockerfile at ${dockerfilePath}.
   Either:
@@ -5046,12 +5097,33 @@ function registerComputeDeployCommand(computeCmd2) {
       const tokenJson = await tokenRes.json();
       const imageLabel = `cli-${Date.now()}`;
       if (!json) outputInfo(`Building & pushing on Fly remote builder...`);
-      const { imageRef } = await flyctlBuildAndPush({
-        dir: absDir,
-        appId: flyAppId,
-        imageLabel,
-        token: tokenJson.token
-      });
+      let imageRef;
+      try {
+        ({ imageRef } = await flyctlBuildAndPush({
+          dir: absDir,
+          appId: flyAppId,
+          imageLabel,
+          token: tokenJson.token,
+          region: opts.region,
+          port
+        }));
+      } catch (buildErr) {
+        if (!existing) {
+          try {
+            await ossFetch(`/api/compute/services/${encodeURIComponent(serviceId)}`, {
+              method: "DELETE"
+            });
+            if (!json) outputInfo(`Rolled back service "${opts.name}" after build failure.`);
+          } catch {
+            if (!json) {
+              outputInfo(
+                `Build failed and rollback also failed. Run: npx @insforge/cli compute delete ${serviceId}`
+              );
+            }
+          }
+        }
+        throw buildErr;
+      }
       if (!json) outputInfo("Launching machine...");
       const updateBody = {
         imageUrl: imageRef,
@@ -5761,7 +5833,7 @@ function registerDiagnoseCommands(diagnoseCmd2) {
         const s = !json ? clack10.spinner() : null;
         s?.start("Collecting diagnostic data...");
         const data2 = await collectDiagnosticData(projectId, ossMode, apiUrl);
-        const cliVersion = "0.1.60";
+        const cliVersion = "0.1.62";
         s?.stop("Data collected");
         if (!json) {
           console.log(`
@@ -5988,9 +6060,859 @@ function formatBytesCompact(bytes) {
   return `${(bytes / (1024 * 1024)).toFixed(1)}MB`;
 }
 
+// src/lib/api/payments.ts
+function withQuery(path5, params) {
+  const query = new URLSearchParams();
+  for (const [key, value] of Object.entries(params)) {
+    if (value !== void 0) query.set(key, String(value));
+  }
+  const suffix = query.toString();
+  return suffix ? `${path5}?${suffix}` : path5;
+}
+async function readJson(res) {
+  return await res.json();
+}
+async function getPaymentsStatus() {
+  return readJson(await ossFetch("/api/payments/status"));
+}
+async function getPaymentsConfig() {
+  return readJson(await ossFetch("/api/payments/config"));
+}
+async function setStripeSecretKey(environment, secretKey) {
+  return readJson(await ossFetch("/api/payments/config", {
+    method: "POST",
+    body: JSON.stringify({ environment, secretKey })
+  }));
+}
+async function removeStripeSecretKey(environment) {
+  return readJson(await ossFetch(`/api/payments/config/${encodeURIComponent(environment)}`, {
+    method: "DELETE"
+  }));
+}
+async function syncPayments(environment = "all") {
+  return readJson(await ossFetch("/api/payments/sync", {
+    method: "POST",
+    body: JSON.stringify({ environment })
+  }));
+}
+async function configurePaymentWebhook(environment) {
+  return readJson(await ossFetch(
+    `/api/payments/webhooks/${encodeURIComponent(environment)}/configure`,
+    { method: "POST" }
+  ));
+}
+async function listPaymentCatalog(environment) {
+  return readJson(await ossFetch(withQuery("/api/payments/catalog", { environment })));
+}
+async function listPaymentProducts(environment) {
+  return readJson(await ossFetch(withQuery("/api/payments/products", { environment })));
+}
+async function getPaymentProduct(environment, productId) {
+  return readJson(await ossFetch(withQuery(
+    `/api/payments/products/${encodeURIComponent(productId)}`,
+    { environment }
+  )));
+}
+async function createPaymentProduct(request) {
+  return readJson(await ossFetch("/api/payments/products", {
+    method: "POST",
+    body: JSON.stringify(request)
+  }));
+}
+async function updatePaymentProduct(productId, request) {
+  return readJson(await ossFetch(`/api/payments/products/${encodeURIComponent(productId)}`, {
+    method: "PATCH",
+    body: JSON.stringify(request)
+  }));
+}
+async function deletePaymentProduct(environment, productId) {
+  return readJson(await ossFetch(withQuery(
+    `/api/payments/products/${encodeURIComponent(productId)}`,
+    { environment }
+  ), { method: "DELETE" }));
+}
+async function listPaymentPrices(environment, stripeProductId) {
+  return readJson(await ossFetch(withQuery("/api/payments/prices", {
+    environment,
+    stripeProductId
+  })));
+}
+async function getPaymentPrice(environment, priceId) {
+  return readJson(await ossFetch(withQuery(
+    `/api/payments/prices/${encodeURIComponent(priceId)}`,
+    { environment }
+  )));
+}
+async function createPaymentPrice(request) {
+  return readJson(await ossFetch("/api/payments/prices", {
+    method: "POST",
+    body: JSON.stringify(request)
+  }));
+}
+async function updatePaymentPrice(priceId, request) {
+  return readJson(await ossFetch(`/api/payments/prices/${encodeURIComponent(priceId)}`, {
+    method: "PATCH",
+    body: JSON.stringify(request)
+  }));
+}
+async function archivePaymentPrice(environment, priceId) {
+  return readJson(await ossFetch(withQuery(
+    `/api/payments/prices/${encodeURIComponent(priceId)}`,
+    { environment }
+  ), { method: "DELETE" }));
+}
+async function listSubscriptions(request) {
+  return readJson(await ossFetch(withQuery("/api/payments/subscriptions", request)));
+}
+async function listPaymentHistory(request) {
+  return readJson(await ossFetch(withQuery("/api/payments/payment-history", request)));
+}
+
+// src/commands/payments/utils.ts
+function parseEnvironment(value) {
+  if (value === "test" || value === "live") return value;
+  throw new CLIError('Environment must be "test" or "live".');
+}
+function parseEnvironmentOrAll(value) {
+  if (value === "all") return value;
+  return parseEnvironment(value);
+}
+function parseBooleanOption(value, flagName) {
+  if (value === void 0) return void 0;
+  const normalized = value.toLowerCase();
+  if (normalized === "true") return true;
+  if (normalized === "false") return false;
+  throw new CLIError(`${flagName} must be "true" or "false".`);
+}
+function parseIntegerOption(value, flagName, options = {}) {
+  if (value === void 0) return void 0;
+  const parsed = Number.parseInt(value, 10);
+  if (!Number.isInteger(parsed) || String(parsed) !== value.trim()) {
+    throw new CLIError(`${flagName} must be an integer.`);
+  }
+  if (options.min !== void 0 && parsed < options.min) {
+    throw new CLIError(`${flagName} must be at least ${options.min}.`);
+  }
+  if (options.max !== void 0 && parsed > options.max) {
+    throw new CLIError(`${flagName} must be at most ${options.max}.`);
+  }
+  return parsed;
+}
+function parseMetadataOption(value) {
+  if (value === void 0) return void 0;
+  let parsed;
+  try {
+    parsed = JSON.parse(value);
+  } catch {
+    throw new CLIError("Invalid JSON for --metadata.");
+  }
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new CLIError("--metadata must be a JSON object.");
+  }
+  const metadata = {};
+  for (const [key, raw] of Object.entries(parsed)) {
+    if (typeof raw !== "string") {
+      throw new CLIError(`Metadata value for "${key}" must be a string.`);
+    }
+    metadata[key] = raw;
+  }
+  return metadata;
+}
+function formatDate(value) {
+  if (!value) return "-";
+  const date = new Date(value);
+  return Number.isNaN(date.getTime()) ? value : date.toLocaleString();
+}
+function formatAmount(amount, currency) {
+  if (amount === null || amount === void 0) return "-";
+  const code = currency?.toUpperCase();
+  let fractionDigits = 2;
+  if (code) {
+    try {
+      fractionDigits = new Intl.NumberFormat(void 0, {
+        style: "currency",
+        currency: code
+      }).resolvedOptions().maximumFractionDigits;
+    } catch {
+      fractionDigits = 2;
+    }
+  }
+  const divisor = 10 ** fractionDigits;
+  return `${(amount / divisor).toFixed(fractionDigits)} ${code ?? ""}`.trim();
+}
+function formatRecurring(interval, intervalCount) {
+  if (!interval) return "one-time";
+  return `${intervalCount && intervalCount > 1 ? `${intervalCount} ` : ""}${interval}`;
+}
+async function trackPaymentUsage(subcommand, success, properties = {}) {
+  try {
+    try {
+      const config = getProjectConfig();
+      if (config) {
+        trackPayments(subcommand, config, {
+          success,
+          ...properties
+        });
+      }
+    } catch {
+    }
+  } finally {
+    await shutdownAnalytics();
+  }
+}
+
+// src/commands/payments/catalog.ts
+function registerPaymentsCatalogCommand(paymentsCmd2) {
+  paymentsCmd2.command("catalog").description("List mirrored Stripe products and prices").option("--environment <environment>", "Stripe environment: test or live").action(async (opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = opts.environment ? parseEnvironment(opts.environment) : void 0;
+      await requireAuth();
+      const data = await listPaymentCatalog(environment);
+      if (json) {
+        outputJson(data);
+      } else {
+        if (data.products.length === 0 && data.prices.length === 0) {
+          console.log("No Stripe catalog records found.");
+          await trackPaymentUsage("catalog", true, { environment });
+          return;
+        }
+        if (data.products.length > 0) {
+          console.log("Products");
+          outputTable(
+            ["Env", "Product ID", "Name", "Active", "Default Price"],
+            data.products.map((product) => [
+              product.environment,
+              product.stripeProductId,
+              product.name,
+              product.active ? "Yes" : "No",
+              product.defaultPriceId ?? "-"
+            ])
+          );
+        }
+        if (data.prices.length > 0) {
+          console.log("Prices");
+          outputTable(
+            ["Env", "Price ID", "Product ID", "Amount", "Type", "Active", "Recurring"],
+            data.prices.map((price) => [
+              price.environment,
+              price.stripePriceId,
+              price.stripeProductId ?? "-",
+              formatAmount(price.unitAmount, price.currency),
+              price.type,
+              price.active ? "Yes" : "No",
+              formatRecurring(price.recurringInterval, price.recurringIntervalCount)
+            ])
+          );
+        }
+      }
+      await trackPaymentUsage("catalog", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("catalog", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+}
+
+// src/commands/payments/config.ts
+function outputConfigTable(data) {
+  if (data.keys.length === 0) {
+    console.log("No Stripe keys configured.");
+    return;
+  }
+  outputTable(
+    ["Env", "Configured", "Key"],
+    data.keys.map((key) => [
+      key.environment,
+      key.hasKey ? "Yes" : "No",
+      key.maskedKey ?? "-"
+    ])
+  );
+}
+function registerPaymentsConfigCommand(paymentsCmd2) {
+  const configCmd = paymentsCmd2.command("config").description("Manage Stripe API keys for payments").action(async (_opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      await requireAuth();
+      const data = await getPaymentsConfig();
+      if (json) {
+        outputJson(data);
+      } else {
+        outputConfigTable(data);
+      }
+      await trackPaymentUsage("config", true);
+    } catch (err) {
+      await trackPaymentUsage("config", false);
+      handleError(err, json);
+    }
+  });
+  configCmd.command("set <environment> [secretKey]").description("Configure a Stripe secret key for test or live payments").action(async (environmentValue, secretKeyValue, _opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(environmentValue);
+      await requireAuth();
+      let secretKey = secretKeyValue;
+      if (!secretKey) {
+        if (json) {
+          throw new CLIError("Provide secretKey when using --json.");
+        }
+        const input = await password2({
+          message: `Stripe ${environment} secret key`
+        });
+        if (isCancel2(input)) process.exit(0);
+        secretKey = input;
+      }
+      const data = await setStripeSecretKey(environment, secretKey);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputSuccess(`Stripe ${environment} key configured.`);
+      }
+      await trackPaymentUsage("config.set", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("config.set", false, { environment: environmentValue });
+      handleError(err, json);
+    }
+  });
+  configCmd.command("remove <environment>").alias("delete").description("Remove a configured Stripe secret key").action(async (environmentValue, _opts, cmd) => {
+    const { json, yes } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(environmentValue);
+      await requireAuth();
+      if (json && !yes) {
+        throw new CLIError("Use --yes with --json to remove a Stripe key non-interactively.");
+      }
+      if (!yes) {
+        const confirm3 = await confirm2({
+          message: `Remove Stripe ${environment} key? Payment sync and mutations for this environment will stop.`
+        });
+        if (isCancel2(confirm3) || !confirm3) process.exit(0);
+      }
+      const data = await removeStripeSecretKey(environment);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputSuccess(`Stripe ${environment} key removed.`);
+      }
+      await trackPaymentUsage("config.remove", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("config.remove", false, { environment: environmentValue });
+      handleError(err, json);
+    }
+  });
+}
+
+// src/commands/payments/history.ts
+function registerPaymentsHistoryCommand(paymentsCmd2) {
+  paymentsCmd2.command("history").description("List mirrored Stripe payment history").requiredOption("--environment <environment>", "Stripe environment: test or live").option("--subject-type <type>", "Filter by billing subject type").option("--subject-id <id>", "Filter by billing subject id").option("--limit <limit>", "Maximum rows to return (1-100)", "50").action(async (opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      const limit = parseIntegerOption(opts.limit, "--limit", { min: 1, max: 100 }) ?? 50;
+      await requireAuth();
+      const data = await listPaymentHistory({
+        environment,
+        limit,
+        ...opts.subjectType !== void 0 ? { subjectType: opts.subjectType } : {},
+        ...opts.subjectId !== void 0 ? { subjectId: opts.subjectId } : {}
+      });
+      if (json) {
+        outputJson(data);
+      } else if (data.paymentHistory.length === 0) {
+        console.log("No Stripe payment history found.");
+      } else {
+        outputTable(
+          ["Type", "Status", "Subject", "Amount", "Customer", "Stripe Object", "When"],
+          data.paymentHistory.map((entry) => [
+            entry.type,
+            entry.status,
+            entry.subjectType && entry.subjectId ? `${entry.subjectType}:${entry.subjectId}` : "-",
+            formatAmount(entry.amount, entry.currency),
+            entry.stripeCustomerId ?? "-",
+            entry.stripeCheckoutSessionId ?? entry.stripeInvoiceId ?? entry.stripePaymentIntentId ?? entry.stripeRefundId ?? "-",
+            formatDate(entry.paidAt ?? entry.failedAt ?? entry.refundedAt ?? entry.stripeCreatedAt)
+          ])
+        );
+      }
+      await trackPaymentUsage("history", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("history", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+}
+
+// src/commands/payments/prices.ts
+function nullableString(value) {
+  if (value === void 0) return void 0;
+  return value === "null" ? null : value;
+}
+function parseRecurringInterval(value) {
+  if (value === void 0) return void 0;
+  if (value === "day" || value === "week" || value === "month" || value === "year") return value;
+  throw new CLIError("--interval must be one of: day, week, month, year.");
+}
+function parseTaxBehavior(value) {
+  if (value === void 0) return void 0;
+  if (value === "exclusive" || value === "inclusive" || value === "unspecified") return value;
+  throw new CLIError("--tax-behavior must be one of: exclusive, inclusive, unspecified.");
+}
+function outputPricesTable(prices) {
+  if (prices.length === 0) {
+    console.log("No Stripe prices found.");
+    return;
+  }
+  outputTable(
+    ["Env", "Price ID", "Product ID", "Amount", "Type", "Active", "Recurring", "Synced At"],
+    prices.map((price) => [
+      price.environment,
+      price.stripePriceId,
+      price.stripeProductId ?? "-",
+      formatAmount(price.unitAmount, price.currency),
+      price.type,
+      price.active ? "Yes" : "No",
+      formatRecurring(price.recurringInterval, price.recurringIntervalCount),
+      formatDate(price.syncedAt)
+    ])
+  );
+}
+function registerPaymentsPricesCommand(paymentsCmd2) {
+  const pricesCmd = paymentsCmd2.command("prices").description("Manage Stripe prices");
+  pricesCmd.command("list").description("List mirrored Stripe prices").requiredOption("--environment <environment>", "Stripe environment: test or live").option("--product <productId>", "Filter by Stripe product id").action(async (opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      await requireAuth();
+      const data = await listPaymentPrices(environment, opts.product);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputPricesTable(data.prices);
+      }
+      await trackPaymentUsage("prices.list", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("prices.list", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+  pricesCmd.command("get <priceId>").description("Show one Stripe price").requiredOption("--environment <environment>", "Stripe environment: test or live").action(async (priceId, opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      await requireAuth();
+      const data = await getPaymentPrice(environment, priceId);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputPricesTable([data.price]);
+      }
+      await trackPaymentUsage("prices.get", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("prices.get", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+  pricesCmd.command("create").description("Create a Stripe one-time or recurring price").requiredOption("--environment <environment>", "Stripe environment: test or live").requiredOption("--product <productId>", "Stripe product id").requiredOption("--currency <currency>", "Three-letter currency code, e.g. usd").requiredOption("--unit-amount <amount>", "Unit amount in the smallest currency unit, e.g. cents").option("--interval <interval>", "Recurring interval: day, week, month, or year").option("--interval-count <count>", "Recurring interval count").option("--lookup-key <key>", 'Stripe lookup key, or "null"').option("--active <bool>", "Set active status (true/false)").option("--tax-behavior <behavior>", "exclusive, inclusive, or unspecified").option("--metadata <json>", "Metadata JSON object with string values").option("--idempotency-key <key>", "Caller-stable idempotency key").action(async (opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      await requireAuth();
+      const interval = parseRecurringInterval(opts.interval);
+      const intervalCount = parseIntegerOption(opts.intervalCount, "--interval-count", { min: 1 });
+      if (!interval && intervalCount !== void 0) {
+        throw new CLIError("Provide --interval when using --interval-count.");
+      }
+      const request = {
+        environment,
+        stripeProductId: opts.product,
+        currency: opts.currency,
+        unitAmount: parseIntegerOption(opts.unitAmount, "--unit-amount", { min: 0 }) ?? 0
+      };
+      const lookupKey = nullableString(opts.lookupKey);
+      const active = parseBooleanOption(opts.active, "--active");
+      const taxBehavior = parseTaxBehavior(opts.taxBehavior);
+      const metadata = parseMetadataOption(opts.metadata);
+      if (lookupKey !== void 0) request.lookupKey = lookupKey;
+      if (active !== void 0) request.active = active;
+      if (taxBehavior !== void 0) request.taxBehavior = taxBehavior;
+      if (metadata !== void 0) request.metadata = metadata;
+      if (opts.idempotencyKey !== void 0) request.idempotencyKey = opts.idempotencyKey;
+      if (interval) {
+        request.recurring = {
+          interval,
+          ...intervalCount !== void 0 ? { intervalCount } : {}
+        };
+      }
+      const data = await createPaymentPrice(request);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputSuccess(`Stripe price created: ${data.price.stripePriceId}`);
+      }
+      await trackPaymentUsage("prices.create", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("prices.create", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+  pricesCmd.command("update <priceId>").description("Update a Stripe price").requiredOption("--environment <environment>", "Stripe environment: test or live").option("--active <bool>", "Set active status (true/false)").option("--lookup-key <key>", 'Stripe lookup key, or "null"').option("--tax-behavior <behavior>", "exclusive, inclusive, or unspecified").option("--metadata <json>", "Metadata JSON object with string values").action(async (priceId, opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      await requireAuth();
+      const request = { environment };
+      const active = parseBooleanOption(opts.active, "--active");
+      const lookupKey = nullableString(opts.lookupKey);
+      const taxBehavior = parseTaxBehavior(opts.taxBehavior);
+      const metadata = parseMetadataOption(opts.metadata);
+      if (active !== void 0) request.active = active;
+      if (lookupKey !== void 0) request.lookupKey = lookupKey;
+      if (taxBehavior !== void 0) request.taxBehavior = taxBehavior;
+      if (metadata !== void 0) request.metadata = metadata;
+      if (Object.keys(request).length === 1) {
+        throw new CLIError("Provide at least one option to update (--active, --lookup-key, --tax-behavior, --metadata).");
+      }
+      const data = await updatePaymentPrice(priceId, request);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputSuccess(`Stripe price updated: ${data.price.stripePriceId}`);
+      }
+      await trackPaymentUsage("prices.update", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("prices.update", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+  pricesCmd.command("archive <priceId>").alias("delete").description("Archive a Stripe price").requiredOption("--environment <environment>", "Stripe environment: test or live").action(async (priceId, opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      await requireAuth();
+      const data = await archivePaymentPrice(environment, priceId);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputSuccess(`Stripe price archived: ${data.price.stripePriceId}`);
+      }
+      await trackPaymentUsage("prices.archive", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("prices.archive", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+}
+
+// src/commands/payments/products.ts
+function nullableString2(value) {
+  if (value === void 0) return void 0;
+  return value === "null" ? null : value;
+}
+function outputProductsTable(products) {
+  if (products.length === 0) {
+    console.log("No Stripe products found.");
+    return;
+  }
+  outputTable(
+    ["Env", "Product ID", "Name", "Active", "Default Price", "Synced At"],
+    products.map((product) => [
+      product.environment,
+      product.stripeProductId,
+      product.name,
+      product.active ? "Yes" : "No",
+      product.defaultPriceId ?? "-",
+      formatDate(product.syncedAt)
+    ])
+  );
+}
+function registerPaymentsProductsCommand(paymentsCmd2) {
+  const productsCmd = paymentsCmd2.command("products").description("Manage Stripe products");
+  productsCmd.command("list").description("List mirrored Stripe products").requiredOption("--environment <environment>", "Stripe environment: test or live").action(async (opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      await requireAuth();
+      const data = await listPaymentProducts(environment);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputProductsTable(data.products);
+      }
+      await trackPaymentUsage("products.list", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("products.list", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+  productsCmd.command("get <productId>").description("Show one Stripe product and its prices").requiredOption("--environment <environment>", "Stripe environment: test or live").action(async (productId, opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      await requireAuth();
+      const data = await getPaymentProduct(environment, productId);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputProductsTable([data.product]);
+        if (data.prices.length > 0) {
+          console.log("Prices");
+          outputTable(
+            ["Price ID", "Amount", "Type", "Active", "Lookup Key"],
+            data.prices.map((price) => [
+              price.stripePriceId,
+              formatAmount(price.unitAmount, price.currency),
+              price.type,
+              price.active ? "Yes" : "No",
+              price.lookupKey ?? "-"
+            ])
+          );
+        }
+      }
+      await trackPaymentUsage("products.get", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("products.get", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+  productsCmd.command("create").description("Create a Stripe product").requiredOption("--environment <environment>", "Stripe environment: test or live").requiredOption("--name <name>", "Product name").option("--description <description>", 'Product description, or "null"').option("--active <bool>", "Set active status (true/false)").option("--metadata <json>", "Metadata JSON object with string values").option("--idempotency-key <key>", "Caller-stable idempotency key").action(async (opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      await requireAuth();
+      const request = {
+        environment,
+        name: opts.name
+      };
+      const description = nullableString2(opts.description);
+      const active = parseBooleanOption(opts.active, "--active");
+      const metadata = parseMetadataOption(opts.metadata);
+      if (description !== void 0) request.description = description;
+      if (active !== void 0) request.active = active;
+      if (metadata !== void 0) request.metadata = metadata;
+      if (opts.idempotencyKey !== void 0) request.idempotencyKey = opts.idempotencyKey;
+      const data = await createPaymentProduct(request);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputSuccess(`Stripe product created: ${data.product.stripeProductId}`);
+      }
+      await trackPaymentUsage("products.create", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("products.create", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+  productsCmd.command("update <productId>").description("Update a Stripe product").requiredOption("--environment <environment>", "Stripe environment: test or live").option("--name <name>", "Product name").option("--description <description>", 'Product description, or "null"').option("--active <bool>", "Set active status (true/false)").option("--metadata <json>", "Metadata JSON object with string values").action(async (productId, opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      await requireAuth();
+      const request = { environment };
+      const description = nullableString2(opts.description);
+      const active = parseBooleanOption(opts.active, "--active");
+      const metadata = parseMetadataOption(opts.metadata);
+      if (opts.name !== void 0) request.name = opts.name;
+      if (description !== void 0) request.description = description;
+      if (active !== void 0) request.active = active;
+      if (metadata !== void 0) request.metadata = metadata;
+      if (Object.keys(request).length === 1) {
+        throw new CLIError("Provide at least one option to update (--name, --description, --active, --metadata).");
+      }
+      const data = await updatePaymentProduct(productId, request);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputSuccess(`Stripe product updated: ${data.product.stripeProductId}`);
+      }
+      await trackPaymentUsage("products.update", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("products.update", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+  productsCmd.command("delete <productId>").description("Delete a Stripe product that has no prices").requiredOption("--environment <environment>", "Stripe environment: test or live").action(async (productId, opts, cmd) => {
+    const { json, yes } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      await requireAuth();
+      if (json && !yes) {
+        throw new CLIError("Use --yes with --json to delete a Stripe product non-interactively.");
+      }
+      if (!yes) {
+        const confirm3 = await confirm2({
+          message: `Delete Stripe ${environment} product "${productId}"?`
+        });
+        if (isCancel2(confirm3) || !confirm3) process.exit(0);
+      }
+      const data = await deletePaymentProduct(environment, productId);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputSuccess(`Stripe product deleted: ${data.stripeProductId}`);
+      }
+      await trackPaymentUsage("products.delete", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("products.delete", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+}
+
+// src/commands/payments/status.ts
+function registerPaymentsStatusCommand(paymentsCmd2) {
+  paymentsCmd2.command("status").description("Show Stripe payment connection, sync, and webhook status").action(async (_opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      await requireAuth();
+      const data = await getPaymentsStatus();
+      if (json) {
+        outputJson(data);
+      } else if (data.connections.length === 0) {
+        console.log("No Stripe payment environments found.");
+      } else {
+        outputTable(
+          ["Env", "Status", "Key", "Account", "Webhook", "Last Sync", "Synced At"],
+          data.connections.map((connection) => [
+            connection.environment,
+            connection.status,
+            connection.maskedKey ?? "-",
+            connection.stripeAccountId ?? "-",
+            connection.webhookEndpointId ? "Configured" : "-",
+            connection.lastSyncStatus ?? "-",
+            formatDate(connection.lastSyncedAt)
+          ])
+        );
+      }
+      await trackPaymentUsage("status", true);
+    } catch (err) {
+      await trackPaymentUsage("status", false);
+      handleError(err, json);
+    }
+  });
+}
+
+// src/commands/payments/subscriptions.ts
+function registerPaymentsSubscriptionsCommand(paymentsCmd2) {
+  paymentsCmd2.command("subscriptions").description("List mirrored Stripe subscriptions").requiredOption("--environment <environment>", "Stripe environment: test or live").option("--subject-type <type>", "Filter by billing subject type").option("--subject-id <id>", "Filter by billing subject id").option("--limit <limit>", "Maximum rows to return (1-100)", "50").action(async (opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(opts.environment);
+      const limit = parseIntegerOption(opts.limit, "--limit", { min: 1, max: 100 }) ?? 50;
+      await requireAuth();
+      const data = await listSubscriptions({
+        environment,
+        limit,
+        ...opts.subjectType !== void 0 ? { subjectType: opts.subjectType } : {},
+        ...opts.subjectId !== void 0 ? { subjectId: opts.subjectId } : {}
+      });
+      if (json) {
+        outputJson(data);
+      } else if (data.subscriptions.length === 0) {
+        console.log("No Stripe subscriptions found.");
+      } else {
+        outputTable(
+          ["Subscription ID", "Customer", "Subject", "Status", "Items", "Period End"],
+          data.subscriptions.map((subscription) => [
+            subscription.stripeSubscriptionId,
+            subscription.stripeCustomerId,
+            subscription.subjectType && subscription.subjectId ? `${subscription.subjectType}:${subscription.subjectId}` : "-",
+            subscription.status,
+            String(subscription.items?.length ?? 0),
+            formatDate(subscription.currentPeriodEnd)
+          ])
+        );
+      }
+      await trackPaymentUsage("subscriptions", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("subscriptions", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+}
+
+// src/commands/payments/sync.ts
+function registerPaymentsSyncCommand(paymentsCmd2) {
+  paymentsCmd2.command("sync").description("Sync configured Stripe products, prices, and subscriptions").option("--environment <environment>", "Stripe environment: test, live, or all", "all").action(async (opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironmentOrAll(opts.environment);
+      await requireAuth();
+      const data = await syncPayments(environment);
+      if (json) {
+        outputJson(data);
+      } else if (data.results.length === 0) {
+        console.log("No configured Stripe environments to sync.");
+      } else {
+        outputTable(
+          ["Env", "Status", "Products", "Prices", "Subscriptions", "Unmapped", "Synced At"],
+          data.results.map((result) => [
+            result.environment,
+            result.connection.lastSyncStatus ?? result.connection.status,
+            String(result.connection.lastSyncCounts.products ?? 0),
+            String(result.connection.lastSyncCounts.prices ?? 0),
+            String(result.subscriptions?.synced ?? 0),
+            String(result.subscriptions?.unmapped ?? 0),
+            formatDate(result.connection.lastSyncedAt)
+          ])
+        );
+        outputSuccess("Stripe payments synced.");
+      }
+      await trackPaymentUsage("sync", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("sync", false, { environment: opts.environment });
+      handleError(err, json);
+    }
+  });
+}
+
+// src/commands/payments/webhooks.ts
+function registerPaymentsWebhooksCommand(paymentsCmd2) {
+  const webhooksCmd = paymentsCmd2.command("webhooks").description("Manage InsForge-managed Stripe webhooks");
+  webhooksCmd.command("configure <environment>").description("Create or recreate the managed Stripe webhook endpoint").action(async (environmentValue, _opts, cmd) => {
+    const { json } = getRootOpts(cmd);
+    try {
+      const environment = parseEnvironment(environmentValue);
+      await requireAuth();
+      const data = await configurePaymentWebhook(environment);
+      if (json) {
+        outputJson(data);
+      } else {
+        outputTable(
+          ["Env", "Webhook ID", "URL", "Configured At"],
+          [[
+            data.connection.environment,
+            data.connection.webhookEndpointId ?? "-",
+            data.connection.webhookEndpointUrl ?? "-",
+            formatDate(data.connection.webhookConfiguredAt)
+          ]]
+        );
+        outputSuccess(`Stripe ${environment} webhook configured.`);
+      }
+      await trackPaymentUsage("webhooks.configure", true, { environment });
+    } catch (err) {
+      await trackPaymentUsage("webhooks.configure", false, { environment: environmentValue });
+      handleError(err, json);
+    }
+  });
+}
+
+// src/commands/payments/index.ts
+function registerPaymentsCommands(paymentsCmd2) {
+  paymentsCmd2.description("Manage Stripe payments");
+  registerPaymentsStatusCommand(paymentsCmd2);
+  registerPaymentsConfigCommand(paymentsCmd2);
+  registerPaymentsSyncCommand(paymentsCmd2);
+  registerPaymentsWebhooksCommand(paymentsCmd2);
+  registerPaymentsCatalogCommand(paymentsCmd2);
+  registerPaymentsProductsCommand(paymentsCmd2);
+  registerPaymentsPricesCommand(paymentsCmd2);
+  registerPaymentsSubscriptionsCommand(paymentsCmd2);
+  registerPaymentsHistoryCommand(paymentsCmd2);
+}
+
 // src/index.ts
 var __dirname = dirname(fileURLToPath(import.meta.url));
-var pkg = JSON.parse(readFileSync7(join12(__dirname, "../package.json"), "utf-8"));
+var pkg = JSON.parse(readFileSync7(join13(__dirname, "../package.json"), "utf-8"));
 var INSFORGE_LOGO = `
 \u2588\u2588\u2557\u2588\u2588\u2588\u2557   \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557  \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557
 \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2557  \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D\u2588\u2588\u2554\u2550\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D \u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255D
@@ -6059,6 +6981,8 @@ registerLogsCommand(program);
 registerMetadataCommand(program);
 var diagnoseCmd = program.command("diagnose");
 registerDiagnoseCommands(diagnoseCmd);
+var paymentsCmd = program.command("payments").description("Manage Stripe payments");
+registerPaymentsCommands(paymentsCmd);
 var computeCmd = program.command("compute").description("Manage compute services (Docker containers on Fly.io)");
 registerComputeListCommand(computeCmd);
 registerComputeGetCommand(computeCmd);