@ishlabs/cli 0.8.1

package/dist/connect.js

@@ -0,0 +1,573 @@
+/**
+ * Localhost connect CLI — wraps cloudflared and registers with Ish backend.
+ */
+import { spawn, execSync } from "node:child_process";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { existsSync, mkdirSync, chmodSync, writeFileSync } from "node:fs";
+import { loadConfig, saveConfig } from "./config.js";
+import { refreshTokens, isTokenExpired, decodeJwtExp } from "./auth.js";
+const TUNNEL_URL_PATTERN = /https:\/\/[a-z0-9-]+\.trycloudflare\.com/;
+const HEARTBEAT_INTERVAL = 10_000;
+const MAX_HEARTBEAT_FAILURES = 3;
+const CLOUDFLARED_STARTUP_TIMEOUT = 30_000;
+const DEFAULT_API_URL = "https://api.ishlabs.io";
+const API_BASE = "/api/v1";
+const ISH_DIR = join(homedir(), ".ish");
+const CLOUDFLARED_BIN = join(ISH_DIR, "bin", process.platform === "win32" ? "cloudflared.exe" : "cloudflared");
+// --- Simulation card rendering ---
+const CARD_WIDTH = 64;
+function statusColor(status) {
+    switch (status) {
+        case "running": return "\x1b[32m";
+        case "pending": return "\x1b[33m";
+        case "completed": return "\x1b[32m";
+        case "failed": return "\x1b[31m";
+        default: return "\x1b[2m";
+    }
+}
+function sentimentColor(sentiment) {
+    switch (sentiment) {
+        case "Excited":
+        case "Satisfied": return GREEN;
+        case "Frustrated":
+        case "Unsure": return RED;
+        default: return DIM; // Neutral
+    }
+}
+function padVisible(str, len) {
+    const visible = str.replace(/\x1b\[[0-9;]*m/g, "").length;
+    return visible >= len ? str : str + " ".repeat(len - visible);
+}
+function truncate(str, maxLen) {
+    return str.length > maxLen ? str.slice(0, maxLen - 1) + "…" : str;
+}
+function row(content, inner) {
+    return `\x1b[2m│\x1b[0m  ${padVisible(content, inner)}\x1b[2m│\x1b[0m`;
+}
+function renderCard(sim) {
+    const inner = CARD_WIDTH - 4;
+    const name = truncate(sim.tester_name ?? sim.instance_name ?? sim.tester_id.slice(0, 8), inner - 2);
+    // Top border with name
+    const nameSegment = `─ ${name} `;
+    const topPad = CARD_WIDTH - 2 - nameSegment.length;
+    const top = `\x1b[2m┌\x1b[0m${ORANGE}${BOLD}${nameSegment}${RESET}\x1b[2m${"─".repeat(Math.max(0, topPad))}┐\x1b[0m`;
+    const li = sim.last_interaction;
+    const lines = [top];
+    // Status badge: ● Status (N steps) — right-aligned
+    const titleStatus = sim.status.charAt(0).toUpperCase() + sim.status.slice(1);
+    const steps = `${sim.interaction_count} step${sim.interaction_count !== 1 ? "s" : ""}`;
+    const badge = `${statusColor(sim.status)}●${RESET} ${titleStatus} ${DIM}(${steps})${RESET}`;
+    const badgePlain = `● ${titleStatus} (${steps})`;
+    if (li) {
+        // Frame name (bold) + status badge right-aligned
+        if (li.current_frame_name) {
+            const frameStr = truncate(li.current_frame_name, inner - badgePlain.length - 2);
+            const gap = inner - frameStr.length - badgePlain.length;
+            lines.push(row(`${BOLD}${frameStr}${RESET}${" ".repeat(Math.max(1, gap))}${badge}`, inner));
+        }
+        else {
+            const pad = inner - badgePlain.length;
+            lines.push(row(`${" ".repeat(Math.max(0, pad))}${badge}`, inner));
+        }
+        // Comment (dim, italic quotes — up to 3 lines)
+        if (li.comment) {
+            const maxChars = inner - 3;
+            const words = li.comment.split(" ");
+            const commentLines = [];
+            let current = "";
+            for (const word of words) {
+                const next = current ? `${current} ${word}` : word;
+                if (next.length > maxChars && current) {
+                    commentLines.push(current);
+                    current = word;
+                }
+                else {
+                    current = next;
+                }
+                if (commentLines.length === 3)
+                    break;
+            }
+            if (current && commentLines.length < 3)
+                commentLines.push(current);
+            if (commentLines.length > 0) {
+                commentLines[0] = `"${commentLines[0]}`;
+                const lastIdx = commentLines.length - 1;
+                commentLines[lastIdx] = `${commentLines[lastIdx]}"`;
+            }
+            for (const cl of commentLines) {
+                lines.push(row(`${DIM}${truncate(cl, inner)}${RESET}`, inner));
+            }
+        }
+        // Action rows — one per action, action_type in cyan
+        for (const action of li.actions) {
+            if (!action.action_type)
+                continue;
+            const label = action.element_label
+                ? ` ${truncate(action.element_label, inner - action.action_type.length - 2)}`
+                : "";
+            lines.push(row(`${CYAN}${action.action_type}${RESET}${label}`, inner));
+        }
+        // Sentiment badge
+        if (li.sentiment) {
+            const sc = sentimentColor(li.sentiment);
+            lines.push(row(`${sc}${li.sentiment}${RESET}`, inner));
+        }
+    }
+    else {
+        // No interaction — just show status badge
+        const pad = inner - badgePlain.length;
+        lines.push(row(`${" ".repeat(Math.max(0, pad))}${badge}`, inner));
+    }
+    // Bottom border
+    lines.push(`\x1b[2m└${"─".repeat(CARD_WIDTH - 2)}┘\x1b[0m`);
+    return lines;
+}
+function renderAllCards(simulations) {
+    if (simulations.length === 0)
+        return [];
+    const lines = [];
+    const ts = new Date().toLocaleTimeString("en-GB", { hour12: false });
+    const study = simulations[0]?.study_name;
+    lines.push(`\x1b[2m${study ? `${study} · ` : ""}Updated ${ts}\x1b[0m`);
+    lines.push("");
+    for (const sim of simulations) {
+        lines.push(...renderCard(sim));
+        lines.push("");
+    }
+    return lines;
+}
+let cardLineCount = 0;
+function clearCards() {
+    if (cardLineCount > 0) {
+        process.stdout.write(`\x1b[${cardLineCount}A`);
+        for (let i = 0; i < cardLineCount; i++) {
+            process.stdout.write("\x1b[2K\n");
+        }
+        process.stdout.write(`\x1b[${cardLineCount}A`);
+    }
+}
+function renderSimulationCards(simulations) {
+    clearCards();
+    const lines = renderAllCards(simulations);
+    cardLineCount = lines.length;
+    if (lines.length > 0) {
+        process.stdout.write(lines.join("\n") + "\n");
+    }
+}
+// --- Local storage for completed simulations ---
+const SIMULATIONS_DIR = join(ISH_DIR, "simulations");
+const storedTesterIds = new Set();
+function storeCompletedSimulation(sim) {
+    if (storedTesterIds.has(sim.tester_id))
+        return;
+    storedTesterIds.add(sim.tester_id);
+    mkdirSync(SIMULATIONS_DIR, { recursive: true });
+    const logFile = join(SIMULATIONS_DIR, "history.jsonl");
+    const entry = {
+        tester_id: sim.tester_id,
+        instance_name: sim.instance_name,
+        status: sim.status,
+        study_name: sim.study_name,
+        interaction_count: sim.interaction_count,
+        last_interaction: sim.last_interaction,
+        completed_at: new Date().toISOString(),
+    };
+    writeFileSync(logFile, JSON.stringify(entry) + "\n", { flag: "a" });
+}
+// --- Token resolution ---
+async function verifyToken(token, apiUrl) {
+    try {
+        const resp = await fetch(`${apiUrl}${API_BASE}/connect/active`, {
+            headers: { Authorization: `Bearer ${token}` },
+            signal: AbortSignal.timeout(10_000),
+        });
+        // 404 = valid token, no connection (expected). 401/403 = bad token.
+        return resp.status !== 401 && resp.status !== 403;
+    }
+    catch {
+        // Network error — can't verify, assume ok
+        console.error("Warning: Could not verify token (network error). Proceeding anyway.");
+        return true;
+    }
+}
+function resolveApiUrl(apiUrlArg) {
+    if (apiUrlArg)
+        return apiUrlArg;
+    return process.env.ISH_API_URL ?? DEFAULT_API_URL;
+}
+/**
+ * Resolve an access token, refreshing if needed.
+ * Returns both the token and a mutable holder for runtime refresh.
+ */
+async function resolveToken(tokenArg, apiUrl) {
+    // 1. Explicit token argument
+    if (tokenArg)
+        return { token: tokenArg, refresh: null };
+    // 2. Environment variable
+    const envToken = process.env.ISH_TOKEN;
+    if (envToken)
+        return { token: envToken, refresh: null };
+    // 3. Saved config with refresh token
+    const config = loadConfig();
+    if (config.access_token && config.refresh_token) {
+        let accessToken = config.access_token;
+        // Refresh if expired or close to expiry
+        if (isTokenExpired(accessToken)) {
+            try {
+                const tokens = await refreshTokens(config.refresh_token);
+                accessToken = tokens.accessToken;
+                config.access_token = tokens.accessToken;
+                config.refresh_token = tokens.refreshToken;
+                saveConfig(config);
+            }
+            catch {
+                console.error('Session expired. Run "ish login" to re-authenticate.');
+                process.exit(1);
+            }
+        }
+        if (await verifyToken(accessToken, apiUrl)) {
+            // Return with refresh capability for long-running tunnel
+            const doRefresh = async () => {
+                const cfg = loadConfig();
+                if (!cfg.refresh_token)
+                    throw new Error("No refresh token");
+                const tokens = await refreshTokens(cfg.refresh_token);
+                cfg.access_token = tokens.accessToken;
+                cfg.refresh_token = tokens.refreshToken;
+                saveConfig(cfg);
+                return tokens.accessToken;
+            };
+            return { token: accessToken, refresh: doRefresh };
+        }
+        console.error('Saved token is invalid. Run "ish login" to re-authenticate.');
+        process.exit(1);
+    }
+    // 4. Legacy saved token (no refresh token)
+    if (config.token) {
+        if (await verifyToken(config.token, apiUrl)) {
+            return { token: config.token, refresh: null };
+        }
+        console.error('Saved token is invalid. Run "ish login" to re-authenticate.');
+        process.exit(1);
+    }
+    // 5. No valid token found — direct user to login
+    console.error('No valid token found. Run "ish login" to authenticate.');
+    process.exit(1);
+}
+// --- Branding ---
+const RESET = "\x1b[0m";
+const ORANGE = "\x1b[38;2;212;117;78m";
+const BOLD = "\x1b[1m";
+const DIM = "\x1b[2m";
+const GREEN = "\x1b[32m";
+const RED = "\x1b[31m";
+const YELLOW = "\x1b[33m";
+const CYAN = "\x1b[36m";
+function printBanner() {
+    console.log(`
+${ORANGE}${BOLD}   ██╗███████╗██╗  ██╗
+   ██║██╔════╝██║  ██║
+   ██║███████╗███████║
+   ██║╚════██║██╔══██║
+   ██║███████║██║  ██║
+   ╚═╝╚══════╝╚═╝  ╚═╝${RESET}
+
+   Connected
+`);
+}
+// --- Cloudflared ---
+async function resolveCloudflaredBin() {
+    // 1. Prefer system-installed cloudflared
+    try {
+        execSync(process.platform === "win32" ? "where cloudflared" : "which cloudflared", { stdio: "ignore" });
+        return "cloudflared";
+    }
+    catch {
+        // Not on PATH
+    }
+    // 2. Check ~/.ish/bin/cloudflared
+    if (existsSync(CLOUDFLARED_BIN))
+        return CLOUDFLARED_BIN;
+    // 3. Download from Cloudflare releases
+    console.log("cloudflared not found. Installing...");
+    const url = getCloudflaredDownloadUrl();
+    if (!url) {
+        printManualInstallInstructions();
+        process.exit(1);
+    }
+    try {
+        const binDir = join(ISH_DIR, "bin");
+        mkdirSync(binDir, { recursive: true, mode: 0o755 });
+        if (url.endsWith(".tgz")) {
+            execSync(`curl -fsSL "${url}" | tar xz -C "${binDir}" cloudflared`, { stdio: "ignore" });
+        }
+        else {
+            const resp = await fetch(url);
+            if (!resp.ok)
+                throw new Error(`HTTP ${resp.status}`);
+            writeFileSync(CLOUDFLARED_BIN, Buffer.from(await resp.arrayBuffer()));
+        }
+        chmodSync(CLOUDFLARED_BIN, 0o755);
+        return CLOUDFLARED_BIN;
+    }
+    catch (e) {
+        console.error(`Failed to install cloudflared: ${e instanceof Error ? e.message : e}\n`);
+        printManualInstallInstructions();
+        process.exit(1);
+    }
+}
+function getCloudflaredDownloadUrl() {
+    const base = "https://github.com/cloudflare/cloudflared/releases/latest/download";
+    const platform = process.platform;
+    const arch = process.arch;
+    if (platform === "darwin" && arch === "arm64")
+        return `${base}/cloudflared-darwin-arm64.tgz`;
+    if (platform === "darwin" && arch === "x64")
+        return `${base}/cloudflared-darwin-amd64.tgz`;
+    if (platform === "linux" && arch === "x64")
+        return `${base}/cloudflared-linux-amd64`;
+    if (platform === "linux" && arch === "arm64")
+        return `${base}/cloudflared-linux-arm64`;
+    if (platform === "win32" && arch === "x64")
+        return `${base}/cloudflared-windows-amd64.exe`;
+    return null;
+}
+function printManualInstallInstructions() {
+    console.error("You can install it manually:\n" +
+        "  brew install cloudflare/cloudflare/cloudflared   # macOS\n" +
+        "  sudo apt install cloudflared                     # Debian/Ubuntu\n" +
+        "\n  Or: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/");
+}
+function startCloudflared(port, binPath) {
+    return new Promise((resolve, reject) => {
+        console.log(`Connecting to localhost:${port}...`);
+        const proc = spawn(binPath, ["tunnel", "--url", `http://localhost:${port}`], {
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        let tunnelUrl = null;
+        const timeout = setTimeout(() => {
+            if (!tunnelUrl) {
+                proc.kill();
+                reject(new Error("Failed to get tunnel URL within timeout."));
+            }
+        }, CLOUDFLARED_STARTUP_TIMEOUT);
+        proc.stderr?.on("data", (data) => {
+            const line = data.toString("utf-8");
+            const match = line.match(TUNNEL_URL_PATTERN);
+            if (match && !tunnelUrl) {
+                tunnelUrl = match[0];
+                clearTimeout(timeout);
+                printBanner();
+                resolve({ process: proc, tunnelUrl });
+            }
+        });
+        proc.on("exit", (code) => {
+            clearTimeout(timeout);
+            if (!tunnelUrl) {
+                reject(new Error("cloudflared exited unexpectedly."));
+            }
+        });
+        proc.on("error", (err) => {
+            clearTimeout(timeout);
+            reject(err);
+        });
+    });
+}
+// --- API calls ---
+async function registerTunnel(apiUrl, token, tunnelUrl, port) {
+    try {
+        const resp = await fetch(`${apiUrl}${API_BASE}/connect`, {
+            method: "POST",
+            headers: {
+                Authorization: `Bearer ${token}`,
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({ tunnel_url: tunnelUrl, local_port: port }),
+            signal: AbortSignal.timeout(10_000),
+        });
+        if (!resp.ok)
+            throw new Error(`HTTP ${resp.status}`);
+        // Registration successful — banner already shown
+    }
+    catch (e) {
+        console.error(`Warning: Failed to register connection: ${e}`);
+        console.error("Connection is still active — you can retry manually.");
+    }
+}
+async function deregisterTunnel(apiUrl, token) {
+    try {
+        const resp = await fetch(`${apiUrl}${API_BASE}/connect`, {
+            method: "DELETE",
+            headers: { Authorization: `Bearer ${token}` },
+            signal: AbortSignal.timeout(2_000),
+        });
+        if (!resp.ok)
+            throw new Error(`HTTP ${resp.status}`);
+        console.log("Disconnected");
+    }
+    catch (e) {
+        console.error(`Warning: Failed to deregister connection: ${e}`);
+    }
+}
+function processHeartbeatResponse(resp) {
+    resp.json().then((data) => {
+        const sims = data.simulations ?? [];
+        renderSimulationCards(sims);
+        // Store completed simulations locally
+        for (const sim of sims) {
+            if (sim.status === "completed" || sim.status === "failed" || sim.status === "cancelled") {
+                storeCompletedSimulation(sim);
+            }
+        }
+    }).catch(() => {
+        // Non-fatal: response parsing failed, silently continue
+    });
+}
+function startHeartbeat(apiUrl, getToken, doRefresh, onTokenRefreshed, onFatal) {
+    let consecutiveFailures = 0;
+    let stopped = false;
+    const interval = setInterval(async () => {
+        if (stopped)
+            return;
+        try {
+            const resp = await fetch(`${apiUrl}${API_BASE}/connect/heartbeat`, {
+                method: "POST",
+                headers: { Authorization: `Bearer ${getToken()}` },
+                signal: AbortSignal.timeout(10_000),
+            });
+            // If 401 and we can refresh, try once
+            if (resp.status === 401 && doRefresh) {
+                try {
+                    const newToken = await doRefresh();
+                    onTokenRefreshed(newToken);
+                    console.log("Token refreshed.");
+                    // Retry heartbeat with new token
+                    const retry = await fetch(`${apiUrl}${API_BASE}/connect/heartbeat`, {
+                        method: "POST",
+                        headers: { Authorization: `Bearer ${newToken}` },
+                        signal: AbortSignal.timeout(10_000),
+                    });
+                    if (!retry.ok)
+                        throw new Error(`HTTP ${retry.status}`);
+                    consecutiveFailures = 0;
+                    processHeartbeatResponse(retry);
+                    return;
+                }
+                catch (refreshErr) {
+                    console.error(`Token refresh failed: ${refreshErr}`);
+                }
+            }
+            if (!resp.ok)
+                throw new Error(`HTTP ${resp.status}`);
+            consecutiveFailures = 0;
+            processHeartbeatResponse(resp);
+        }
+        catch (e) {
+            consecutiveFailures++;
+            console.error(`Heartbeat failed (${consecutiveFailures}/${MAX_HEARTBEAT_FAILURES}): ${e}`);
+            if (consecutiveFailures >= MAX_HEARTBEAT_FAILURES) {
+                console.error("Lost connection to Ish backend. Shutting down.");
+                stopped = true;
+                clearInterval(interval);
+                onFatal();
+            }
+        }
+    }, HEARTBEAT_INTERVAL);
+    return {
+        stop: () => {
+            stopped = true;
+            clearInterval(interval);
+        },
+    };
+}
+/**
+ * Schedule a proactive token refresh before the JWT expires.
+ * Refreshes 10 minutes before expiry.
+ */
+function scheduleProactiveRefresh(token, doRefresh, onTokenRefreshed) {
+    if (!doRefresh)
+        return { stop: () => { } };
+    const exp = decodeJwtExp(token);
+    if (!exp)
+        return { stop: () => { } };
+    const refreshAt = (exp - 600) * 1000; // 10 min before expiry
+    const delay = refreshAt - Date.now();
+    if (delay <= 0)
+        return { stop: () => { } };
+    const timer = setTimeout(async () => {
+        try {
+            const newToken = await doRefresh();
+            onTokenRefreshed(newToken);
+            console.log("Token proactively refreshed.");
+            // Schedule next refresh for the new token
+            scheduleProactiveRefresh(newToken, doRefresh, onTokenRefreshed);
+        }
+        catch (e) {
+            console.error(`Proactive token refresh failed: ${e}`);
+        }
+    }, delay);
+    return { stop: () => clearTimeout(timer) };
+}
+// --- Main ---
+export async function runTunnel(port, tokenArg, apiUrlArg) {
+    const apiUrl = resolveApiUrl(apiUrlArg);
+    if (apiUrl !== DEFAULT_API_URL) {
+        console.log(`Using API: ${apiUrl}`);
+    }
+    const resolved = await resolveToken(tokenArg, apiUrl);
+    let currentToken = resolved.token;
+    const onTokenRefreshed = (newToken) => {
+        currentToken = newToken;
+    };
+    // Serialize refresh calls to prevent concurrent use of single-use refresh tokens
+    let refreshInFlight = null;
+    const serializedRefresh = resolved.refresh
+        ? async () => {
+            if (refreshInFlight)
+                return refreshInFlight;
+            refreshInFlight = resolved.refresh().finally(() => { refreshInFlight = null; });
+            return refreshInFlight;
+        }
+        : null;
+    const cloudflaredPath = await resolveCloudflaredBin();
+    let cfResult;
+    try {
+        cfResult = await startCloudflared(port, cloudflaredPath);
+    }
+    catch (e) {
+        console.error(`Failed to start cloudflared: ${e}`);
+        process.exit(1);
+    }
+    const { process: cfProcess, tunnelUrl } = cfResult;
+    await registerTunnel(apiUrl, currentToken, tunnelUrl, port);
+    let shuttingDown = false;
+    const heartbeat = startHeartbeat(apiUrl, () => currentToken, serializedRefresh, onTokenRefreshed, async () => {
+        await deregisterTunnel(apiUrl, currentToken);
+        cfProcess.kill();
+        process.exit(1);
+    });
+    const proactiveRefresh = scheduleProactiveRefresh(currentToken, serializedRefresh, onTokenRefreshed);
+    const shutdown = async () => {
+        if (shuttingDown)
+            process.exit(1);
+        shuttingDown = true;
+        console.log("\nShutting down...");
+        heartbeat.stop();
+        proactiveRefresh.stop();
+        cfProcess.kill();
+        await deregisterTunnel(apiUrl, currentToken);
+        process.exit(0);
+    };
+    process.on("SIGINT", shutdown);
+    process.on("SIGTERM", shutdown);
+    console.log("\nPress Ctrl+C to disconnect.\n");
+    cfProcess.on("exit", async () => {
+        if (!shuttingDown) {
+            heartbeat.stop();
+            proactiveRefresh.stop();
+            await deregisterTunnel(apiUrl, currentToken);
+            process.exit(0);
+        }
+    });
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,89 @@
+#!/usr/bin/env node
+import { program, Option } from "commander";
+import { runTunnel } from "./connect.js";
+import { login, getAppUrl } from "./auth.js";
+import { loadConfig, saveConfig } from "./config.js";
+import { upgrade } from "./upgrade.js";
+import { registerWorkspaceCommands } from "./commands/workspace.js";
+import { registerStudyCommands } from "./commands/study.js";
+import { registerIterationCommands } from "./commands/iteration.js";
+import { registerTesterProfileCommands } from "./commands/tester-profile.js";
+import { registerTesterCommands } from "./commands/tester.js";
+import { registerSimulationCommands } from "./commands/simulation.js";
+import { registerConfigCommands } from "./commands/config.js";
+import pkg from "../package.json" with { type: "json" };
+const { version } = pkg;
+program
+    .name("ish")
+    .description("Ish CLI — manage workspaces, studies, simulations, and more")
+    .version(version);
+// Global options
+program
+    .option("-t, --token <token>", "Auth token (or set ISH_TOKEN env var)")
+    .option("--api-url <url>", "Backend API URL (default: ISH_API_URL or https://api.ishlabs.io)")
+    .addOption(new Option("--dev", "Use local dev API (http://localhost:8000)").hideHelp())
+    .option("--json", "Output as JSON (auto-enabled when piped)")
+    .option("--fields <fields>", "Comma-separated fields to include in JSON output (e.g. alias,name,status)")
+    .option("--verbose", "Include full UUIDs and timestamps in JSON output")
+    .option("-q, --quiet", "Suppress progress messages on stderr");
+// --- Inline commands (from upstream) ---
+program
+    .command("login")
+    .description("Authenticate with Ish via your browser")
+    .action(async (_opts, cmd) => {
+    try {
+        const globals = cmd.optsWithGlobals();
+        const appUrl = globals.dev ? "http://localhost:3000" : getAppUrl();
+        const tokens = await login(appUrl);
+        const config = loadConfig();
+        config.access_token = tokens.accessToken;
+        config.refresh_token = tokens.refreshToken;
+        saveConfig(config);
+        console.log("\nLogin successful!");
+    }
+    catch (e) {
+        console.error(`Login failed: ${e instanceof Error ? e.message : e}`);
+        process.exit(1);
+    }
+});
+program
+    .command("logout")
+    .description("Remove saved authentication credentials")
+    .action(() => {
+    const config = loadConfig();
+    delete config.access_token;
+    delete config.refresh_token;
+    delete config.token;
+    saveConfig(config);
+    console.log("Logged out.");
+});
+program
+    .command("connect")
+    .description("Expose your localhost to Ish via a Cloudflare tunnel")
+    .argument("<port>", "Local port to connect (e.g. 3000)")
+    .action(async (port, _opts, cmd) => {
+    const portNum = parseInt(port, 10);
+    if (isNaN(portNum) || portNum < 1 || portNum > 65535) {
+        console.error(`Invalid port: ${port}`);
+        process.exit(1);
+    }
+    const globals = cmd.optsWithGlobals();
+    const apiUrl = globals.dev ? "http://localhost:8000" : globals.apiUrl;
+    await runTunnel(portNum, globals.token, apiUrl);
+});
+// --- Modular command groups ---
+registerWorkspaceCommands(program);
+registerStudyCommands(program);
+registerIterationCommands(program);
+registerTesterProfileCommands(program);
+registerTesterCommands(program);
+registerSimulationCommands(program);
+registerConfigCommands(program);
+program
+    .command("upgrade")
+    .description("Update ish to the latest version")
+    .option("--version <version>", "Install a specific version")
+    .action(async (options) => {
+    await upgrade(version, options.version);
+});
+program.parse();