@kylewadegrove/cutline-mcp-cli-staging 0.1.0

package/dist/commands/setup.js

@@ -0,0 +1,425 @@
+import chalk from 'chalk';
+import ora from 'ora';
+import { createInterface } from 'node:readline';
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join, dirname, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { getRefreshToken } from '../auth/keychain.js';
+import { fetchFirebaseApiKey } from '../utils/config.js';
+import { loginCommand } from './login.js';
+import { initCommand } from './init.js';
+function getCliVersion() {
+    try {
+        const __filename = fileURLToPath(import.meta.url);
+        const pkg = JSON.parse(readFileSync(join(dirname(__filename), '..', '..', 'package.json'), 'utf-8'));
+        return pkg.version ?? 'unknown';
+    }
+    catch {
+        return 'unknown';
+    }
+}
+const SERVER_NAMES = [
+    'constraints',
+    'premortem',
+    'exploration',
+    'tools',
+    'output',
+    'integrations',
+];
+const AUDIT_DIMENSIONS = ['engineering', 'security', 'reliability', 'scalability', 'compliance'];
+async function detectTier(options) {
+    const refreshToken = await getRefreshToken();
+    if (!refreshToken)
+        return { tier: 'free' };
+    try {
+        const apiKey = await fetchFirebaseApiKey(options);
+        const response = await fetch(`https://securetoken.googleapis.com/v1/token?key=${apiKey}`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ grant_type: 'refresh_token', refresh_token: refreshToken }),
+        });
+        if (!response.ok)
+            return { tier: 'free' };
+        const data = await response.json();
+        const idToken = data.id_token;
+        const payload = JSON.parse(Buffer.from(idToken.split('.')[1], 'base64').toString());
+        const baseUrl = options.staging
+            ? 'https://us-central1-cutline-staging.cloudfunctions.net'
+            : 'https://us-central1-cutline-prod.cloudfunctions.net';
+        const subRes = await fetch(`${baseUrl}/mcpSubscriptionStatus`, {
+            headers: { Authorization: `Bearer ${idToken}` },
+        });
+        const sub = subRes.ok ? await subRes.json() : { status: 'free' };
+        const isPremium = sub.status === 'active' || sub.status === 'trialing';
+        return { tier: isPremium ? 'premium' : 'free', email: payload.email, idToken };
+    }
+    catch {
+        return { tier: 'free' };
+    }
+}
+async function fetchProducts(idToken, options) {
+    try {
+        const baseUrl = options.staging
+            ? 'https://us-central1-cutline-staging.cloudfunctions.net'
+            : 'https://us-central1-cutline-prod.cloudfunctions.net';
+        const res = await fetch(`${baseUrl}/mcpListProducts`, {
+            headers: { Authorization: `Bearer ${idToken}` },
+        });
+        if (!res.ok)
+            return { products: [], requestOk: false };
+        const data = await res.json();
+        return { products: data.products ?? [], requestOk: true };
+    }
+    catch {
+        return { products: [], requestOk: false };
+    }
+}
+function prompt(question) {
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    return new Promise((resolve) => {
+        rl.question(question, (answer) => {
+            rl.close();
+            resolve(answer.trim());
+        });
+    });
+}
+function parseDimensionCsv(csv) {
+    if (!csv)
+        return [];
+    return csv
+        .split(',')
+        .map((s) => s.trim())
+        .filter(Boolean);
+}
+function normalizeAuditDimensions(values) {
+    const allowed = new Set(AUDIT_DIMENSIONS);
+    const deduped = [...new Set(values.map((v) => v.trim().toLowerCase()).filter(Boolean))];
+    const valid = deduped.filter((v) => allowed.has(v));
+    const invalid = deduped.filter((v) => !allowed.has(v));
+    return { valid, invalid };
+}
+async function resolveHiddenAuditDimensions(options) {
+    const explicit = [
+        ...(options.hideAuditDimension ?? []),
+        ...parseDimensionCsv(options.hideAuditDimensions),
+    ];
+    if (explicit.length > 0) {
+        const { valid, invalid } = normalizeAuditDimensions(explicit);
+        if (invalid.length > 0) {
+            console.log(chalk.yellow(`  Ignoring invalid audit dimensions: ${invalid.join(', ')} ` +
+                `(allowed: ${AUDIT_DIMENSIONS.join(', ')})`));
+        }
+        return valid;
+    }
+    const answer = await prompt(chalk.cyan(`  Hide any code audit dimensions? ` +
+        `(comma-separated: ${AUDIT_DIMENSIONS.join(', ')}; Enter for none): `));
+    if (!answer)
+        return [];
+    const { valid, invalid } = normalizeAuditDimensions(parseDimensionCsv(answer));
+    if (invalid.length > 0) {
+        console.log(chalk.yellow(`  Ignoring invalid audit dimensions: ${invalid.join(', ')} ` +
+            `(allowed: ${AUDIT_DIMENSIONS.join(', ')})`));
+    }
+    return valid;
+}
+function writeAuditVisibilityConfig(hiddenDimensions) {
+    const configDir = join(homedir(), '.cutline-mcp');
+    const configPath = join(configDir, 'config.json');
+    let existing = {};
+    try {
+        if (existsSync(configPath)) {
+            existing = JSON.parse(readFileSync(configPath, 'utf-8'));
+        }
+    }
+    catch {
+        existing = {};
+    }
+    const next = {
+        ...existing,
+        audit_visibility: {
+            ...(existing.audit_visibility ?? {}),
+            hidden_dimensions: hiddenDimensions,
+        },
+    };
+    mkdirSync(configDir, { recursive: true });
+    writeFileSync(configPath, JSON.stringify(next, null, 2) + '\n');
+}
+function resolveServeRuntime() {
+    // Optional explicit override for advanced environments.
+    if (process.env.CUTLINE_MCP_BIN?.trim()) {
+        return {
+            command: process.env.CUTLINE_MCP_BIN.trim(),
+            argsPrefix: [],
+            source: 'binary',
+        };
+    }
+    // Prefer the globally installed binary for faster/more reliable startup.
+    const voltaBin = join(homedir(), '.volta', 'bin', 'cutline-mcp');
+    if (existsSync(voltaBin)) {
+        return {
+            command: voltaBin,
+            argsPrefix: [],
+            source: 'binary',
+        };
+    }
+    // Fallback for machines without a global install.
+    const voltaNpx = join(homedir(), '.volta', 'bin', 'npx');
+    const npxCommand = existsSync(voltaNpx) ? voltaNpx : 'npx';
+    return {
+        command: npxCommand,
+        argsPrefix: ['-y', '@vibekiln/cutline-mcp-cli@latest'],
+        source: 'npx',
+    };
+}
+function buildServerConfig(runtime) {
+    const config = {};
+    for (const name of SERVER_NAMES) {
+        config[`cutline-${name}`] = {
+            command: runtime.command,
+            args: [...runtime.argsPrefix, 'serve', name],
+        };
+    }
+    return config;
+}
+function mergeIdeConfig(filePath, serverConfig) {
+    let existing = {};
+    if (existsSync(filePath)) {
+        try {
+            existing = JSON.parse(readFileSync(filePath, 'utf-8'));
+        }
+        catch {
+            existing = {};
+        }
+    }
+    else {
+        const dir = join(filePath, '..');
+        mkdirSync(dir, { recursive: true });
+    }
+    const existingServers = (existing.mcpServers ?? {});
+    // Remove old cutline-* entries, then add fresh ones
+    const cleaned = {};
+    for (const [key, val] of Object.entries(existingServers)) {
+        if (!key.startsWith('cutline-')) {
+            cleaned[key] = val;
+        }
+    }
+    existing.mcpServers = { ...cleaned, ...serverConfig };
+    writeFileSync(filePath, JSON.stringify(existing, null, 2) + '\n');
+    return true;
+}
+export async function setupCommand(options) {
+    const version = getCliVersion();
+    console.log(chalk.bold(`\n🔌 Cutline MCP Setup`) + chalk.dim(` v${version}\n`));
+    // ── 1. Authenticate ──────────────────────────────────────────────────────
+    const hasToken = await getRefreshToken();
+    if (!hasToken && !options.skipLogin) {
+        console.log(chalk.dim('  No credentials found — starting login flow.\n'));
+        await loginCommand({ staging: options.staging, source: 'setup' });
+        console.log();
+        const tokenAfterLogin = await getRefreshToken();
+        if (!tokenAfterLogin) {
+            console.log(chalk.yellow('  Login not completed — trying account creation instead.\n'));
+            await loginCommand({ staging: options.staging, signup: true, source: 'setup' });
+            console.log();
+        }
+    }
+    const spinner = ora('Detecting account tier...').start();
+    const { tier, email, idToken } = await detectTier({ staging: options.staging });
+    if (email) {
+        spinner.succeed(chalk.green(`Authenticated as ${email} (${tier})`));
+    }
+    else {
+        spinner.succeed(chalk.yellow(`Running as ${tier} tier`));
+    }
+    console.log();
+    // ── 2. Connect to a product graph ────────────────────────────────────────
+    const projectRoot = resolve(options.projectRoot ?? process.cwd());
+    const configPath = join(projectRoot, '.cutline', 'config.json');
+    const hasExistingConfig = existsSync(configPath);
+    let existingConfig = null;
+    let hasUsableExistingConfig = false;
+    let graphConnected = false;
+    if (hasExistingConfig) {
+        try {
+            existingConfig = JSON.parse(readFileSync(configPath, 'utf-8'));
+            hasUsableExistingConfig = Boolean(existingConfig?.product_id);
+            graphConnected = hasUsableExistingConfig;
+        }
+        catch {
+            existingConfig = null;
+            hasUsableExistingConfig = false;
+            graphConnected = false;
+        }
+    }
+    // Validate that an existing binding is visible to the current account.
+    // This prevents showing "connected" when the repo has a product_id from
+    // a different account.
+    if (hasUsableExistingConfig && idToken) {
+        const currentEmail = (email ?? '').trim().toLowerCase();
+        const boundEmail = String(existingConfig?.linked_email ?? '').trim().toLowerCase();
+        if (boundEmail && currentEmail && boundEmail !== currentEmail) {
+            graphConnected = false;
+            hasUsableExistingConfig = false;
+            console.log(chalk.yellow(`  Existing product binding is for ${existingConfig?.linked_email}, not ${email}.`));
+            console.log(chalk.dim('  Will not use this graph for the current account.\n'));
+        }
+        else {
+            const { products, requestOk } = await fetchProducts(idToken, { staging: options.staging });
+            if (requestOk) {
+                const canAccessBoundProduct = products.some((p) => p.id === existingConfig?.product_id);
+                if (!canAccessBoundProduct) {
+                    graphConnected = false;
+                    hasUsableExistingConfig = false;
+                    console.log(chalk.yellow(`  Existing product graph is not accessible from ${email}.`));
+                    console.log(chalk.dim('  Re-linking is required for this account.\n'));
+                }
+            }
+        }
+    }
+    if (tier === 'premium' && idToken && !hasUsableExistingConfig) {
+        const productSpinner = ora('Fetching your product graphs...').start();
+        const { products, requestOk } = await fetchProducts(idToken, { staging: options.staging });
+        productSpinner.stop();
+        if (requestOk && products.length > 0) {
+            console.log(chalk.bold('  Connect to a product graph\n'));
+            products.forEach((p, i) => {
+                const date = p.createdAt ? chalk.dim(` (${new Date(p.createdAt).toLocaleDateString()})`) : '';
+                console.log(`  ${chalk.cyan(`${i + 1}.`)} ${chalk.white(p.name)}${date}`);
+                if (p.brief)
+                    console.log(`     ${chalk.dim(p.brief)}`);
+            });
+            console.log(`  ${chalk.dim(`${products.length + 1}.`)} ${chalk.dim('Skip — I\'ll connect later')}`);
+            console.log();
+            const answer = await prompt(chalk.cyan('  Select a product (number): '));
+            const choice = parseInt(answer, 10);
+            if (choice >= 1 && choice <= products.length) {
+                const selected = products[choice - 1];
+                mkdirSync(join(projectRoot, '.cutline'), { recursive: true });
+                writeFileSync(configPath, JSON.stringify({
+                    product_id: selected.id,
+                    product_name: selected.name,
+                    linked_email: email ?? null,
+                }, null, 2) + '\n');
+                console.log(chalk.green(`\n  ✓ Connected to "${selected.name}"`));
+                console.log(chalk.dim(`    ${configPath}\n`));
+                graphConnected = true;
+            }
+            else {
+                console.log(chalk.dim('\n  Skipped. Run `cutline-mcp setup` again to connect later.\n'));
+            }
+        }
+        else if (requestOk) {
+            console.log(chalk.dim('  No completed product graphs found.'));
+            console.log(chalk.dim('  Ask your AI agent to "Run a deep dive on my product idea" first,'));
+            console.log(chalk.dim('  then re-run'), chalk.cyan('cutline-mcp setup'), chalk.dim('to connect it.'));
+            console.log();
+        }
+        else {
+            console.log(chalk.yellow('  Could not verify product graphs (network/auth issue).'));
+            console.log(chalk.dim('  Re-run'), chalk.cyan('cutline-mcp setup'), chalk.dim('after auth/network is healthy.\n'));
+        }
+    }
+    else if (hasUsableExistingConfig) {
+        try {
+            const existing = existingConfig ?? JSON.parse(readFileSync(configPath, 'utf-8'));
+            console.log(chalk.green(`  ✓ Connected to product graph:`), chalk.white(existing.product_name || existing.product_id));
+            console.log();
+        }
+        catch { /* ignore parse errors */ }
+    }
+    const hiddenAuditDimensions = await resolveHiddenAuditDimensions(options);
+    writeAuditVisibilityConfig(hiddenAuditDimensions);
+    if (hiddenAuditDimensions.length > 0) {
+        console.log(chalk.dim(`  Hidden audit dimensions: ${hiddenAuditDimensions.join(', ')}\n`));
+    }
+    else {
+        console.log(chalk.dim('  Hidden audit dimensions: none\n'));
+    }
+    // ── 3. Write MCP server config to IDEs ───────────────────────────────────
+    const runtime = resolveServeRuntime();
+    const serverConfig = buildServerConfig(runtime);
+    const home = homedir();
+    const ideConfigs = [
+        { name: 'Cursor', path: join(home, '.cursor', 'mcp.json') },
+        { name: 'Claude Code', path: join(home, '.claude.json') },
+    ];
+    let wroteAny = false;
+    for (const ide of ideConfigs) {
+        try {
+            mergeIdeConfig(ide.path, serverConfig);
+            console.log(chalk.green(`  ✓ ${ide.name}`), chalk.dim(ide.path));
+            wroteAny = true;
+        }
+        catch (err) {
+            console.log(chalk.red(`  ✗ ${ide.name}`), chalk.dim(err.message));
+        }
+    }
+    if (wroteAny) {
+        console.log(chalk.dim('\n  MCP server entries merged into IDE config (existing servers preserved).\n'));
+        if (runtime.source === 'binary') {
+            console.log(chalk.dim(`  Using local MCP binary: ${runtime.command}\n`));
+        }
+        else {
+            console.log(chalk.dim('  Local `cutline-mcp` binary not found — using npx fallback.\n'));
+        }
+    }
+    else {
+        console.log(chalk.yellow('\n  No IDE config files found. Printing config for manual setup:\n'));
+        console.log(chalk.green(JSON.stringify({ mcpServers: serverConfig }, null, 2)));
+        console.log();
+    }
+    // ── 4. Generate IDE rules ────────────────────────────────────────────────
+    console.log(chalk.bold('  Generating IDE rules...\n'));
+    await initCommand({ projectRoot: options.projectRoot, staging: options.staging });
+    // ── 5. Claude Code one-liners ────────────────────────────────────────────
+    console.log(chalk.bold('  Claude Code one-liner alternative:\n'));
+    console.log(chalk.dim('  If you prefer `claude mcp add` instead of ~/.claude.json:\n'));
+    const coreServers = ['constraints', 'premortem', 'tools', 'exploration'];
+    for (const name of coreServers) {
+        const invocation = [runtime.command, ...runtime.argsPrefix, 'serve', name].join(' ');
+        console.log(chalk.cyan(`  claude mcp add cutline-${name} -- ${invocation}`));
+    }
+    console.log();
+    // ── 6. What you can do ───────────────────────────────────────────────────
+    console.log(chalk.bold('  Start a new terminal or restart your MCP servers, then ask your AI agent:\n'));
+    if (tier === 'premium') {
+        if (!graphConnected) {
+            console.log(`  ${chalk.cyan('→')} ${chalk.white('cutline-mcp setup')}  ${chalk.dim('(re-run to connect a product graph)')}`);
+            console.log(`    ${chalk.dim('Link a pre-mortem to unlock constraint-aware code guidance')}`);
+        }
+        const items = [
+            { cmd: 'use cutline', desc: 'Magic phrase (also works with "use cutline to...", "using cutline...", "with cutline...") — Cutline infers intent and routes to the right flow' },
+            { cmd: 'Run a deep dive on my product idea', desc: 'Pre-mortem analysis — risks, assumptions, experiments' },
+            { cmd: 'Plan this feature with constraints from my product', desc: 'RGR plan — constraint-aware implementation roadmap' },
+            { cmd: 'Run a security vibe check on this codebase', desc: 'Free security vibe check (`code_audit`) — security, reliability, and scalability (generic, not product-linked)' },
+            { cmd: 'Run an engineering vibe check for my product', desc: 'Premium deep vibe check (`engineering_audit`) — product-linked analysis + RGR remediation plan' },
+            { cmd: 'Check constraints for src/api/upload.ts', desc: 'Get NFR boundaries for a specific file' },
+            { cmd: 'Generate .cutline.md for my product', desc: 'Write the constraint routing engine' },
+            { cmd: 'What does my persona think about X?', desc: 'AI persona feedback on features' },
+            ...(!graphConnected ? [{ cmd: 'Connect my Cutline product graph', desc: 'Link a completed pre-mortem for constraint-aware code guidance' }] : []),
+        ];
+        for (const item of items) {
+            console.log(`  ${chalk.cyan('→')} ${chalk.white(`"${item.cmd}"`)}`);
+            console.log(`    ${chalk.dim(item.desc)}`);
+        }
+    }
+    else {
+        const items = [
+            { cmd: 'use cutline', desc: 'Magic phrase (also works with "use cutline to...", "using cutline...", "with cutline...") — Cutline routes to the highest-value free flow for your intent' },
+            { cmd: 'Run a security vibe check on this codebase', desc: 'Free security vibe check (`code_audit`) — security, reliability, and scalability scan (3/month free)' },
+            { cmd: 'Explore a product idea', desc: 'Free 6-act discovery flow to identify pain points and opportunities' },
+            { cmd: 'Continue my exploration session', desc: 'Resume and refine an existing free exploration conversation' },
+        ];
+        for (const item of items) {
+            console.log(`  ${chalk.cyan('→')} ${chalk.white(`"${item.cmd}"`)}`);
+            console.log(`    ${chalk.dim(item.desc)}`);
+        }
+        console.log();
+        console.log(chalk.dim('  Want product-linked constraints, full code audit + RGR plans, and pre-mortem deep dives?'));
+        console.log(chalk.dim('  →'), chalk.cyan('cutline-mcp upgrade'), chalk.dim('or https://thecutline.ai/upgrade'));
+    }
+    console.log();
+    console.log(chalk.dim(`  cutline-mcp v${version} · docs: https://thecutline.ai/docs/setup`));
+    console.log();
+}

package/dist/commands/status.d.ts

@@ -0,0 +1,3 @@
+export declare function statusCommand(options: {
+    staging?: boolean;
+}): Promise<void>;

package/dist/commands/status.js

@@ -0,0 +1,127 @@
+import chalk from 'chalk';
+import ora from 'ora';
+import { getRefreshToken } from '../auth/keychain.js';
+import { fetchFirebaseApiKey } from '../utils/config.js';
+async function getSubscriptionStatus(idToken, isStaging) {
+    try {
+        const baseUrl = isStaging
+            ? 'https://us-central1-cutline-staging.cloudfunctions.net'
+            : 'https://us-central1-cutline-prod.cloudfunctions.net';
+        const response = await fetch(`${baseUrl}/mcpSubscriptionStatus`, {
+            method: 'GET',
+            headers: {
+                'Authorization': `Bearer ${idToken}`,
+            },
+        });
+        if (!response.ok) {
+            return { status: 'unknown' };
+        }
+        return await response.json();
+    }
+    catch (error) {
+        console.error('Error fetching subscription:', error);
+        return { status: 'unknown' };
+    }
+}
+async function exchangeRefreshToken(refreshToken, apiKey) {
+    const response = await fetch(`https://securetoken.googleapis.com/v1/token?key=${apiKey}`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            grant_type: 'refresh_token',
+            refresh_token: refreshToken,
+        }),
+    });
+    if (!response.ok) {
+        const errorText = await response.text();
+        let errorMessage = 'Failed to refresh token';
+        try {
+            const errorData = JSON.parse(errorText);
+            errorMessage = errorData.error?.message || errorText;
+        }
+        catch {
+            errorMessage = errorText;
+        }
+        throw new Error(errorMessage);
+    }
+    const data = await response.json();
+    return data.id_token;
+}
+export async function statusCommand(options) {
+    console.log(chalk.bold('\n📊 Cutline MCP Status\n'));
+    const spinner = ora('Checking authentication...').start();
+    try {
+        // Check for stored refresh token
+        const refreshToken = await getRefreshToken();
+        if (!refreshToken) {
+            spinner.info(chalk.yellow('Not authenticated'));
+            console.log(chalk.gray('  Run'), chalk.cyan('cutline-mcp login'), chalk.gray('to authenticate\n'));
+            return;
+        }
+        // Get Firebase API key
+        spinner.text = 'Fetching configuration...';
+        let firebaseApiKey;
+        try {
+            firebaseApiKey = await fetchFirebaseApiKey(options);
+        }
+        catch (error) {
+            spinner.fail(chalk.red('Configuration error'));
+            console.error(chalk.red(`  ${error instanceof Error ? error.message : 'Failed to get Firebase API key'}`));
+            process.exit(1);
+        }
+        // Exchange refresh token for ID token
+        spinner.text = 'Verifying credentials...';
+        const idToken = await exchangeRefreshToken(refreshToken, firebaseApiKey);
+        // Decode JWT payload (base64) to get user info - no verification needed, just display
+        const payloadBase64 = idToken.split('.')[1];
+        const decoded = JSON.parse(Buffer.from(payloadBase64, 'base64').toString());
+        spinner.succeed(chalk.green('Authenticated'));
+        console.log(chalk.gray('  User:'), chalk.white(decoded.email || decoded.user_id || decoded.sub));
+        console.log(chalk.gray('  UID:'), chalk.dim(decoded.user_id || decoded.sub));
+        // Calculate token expiry
+        const expiresIn = Math.floor((decoded.exp * 1000 - Date.now()) / 1000 / 60);
+        console.log(chalk.gray('  Token expires in:'), chalk.white(`${expiresIn} minutes`));
+        // Show custom claims if present
+        if (decoded.mcp) {
+            console.log(chalk.gray('  MCP enabled:'), chalk.green('✓'));
+        }
+        if (decoded.deviceId) {
+            console.log(chalk.gray('  Device ID:'), chalk.dim(decoded.deviceId));
+        }
+        // Check subscription status via Cloud Function
+        spinner.start('Checking subscription...');
+        const subscription = await getSubscriptionStatus(idToken, !!options.staging);
+        spinner.stop();
+        if (subscription.status === 'active' || subscription.status === 'trialing') {
+            const statusLabel = subscription.status === 'trialing' ? ' (trial)' : '';
+            console.log(chalk.gray('  Plan:'), chalk.green(`✓ ${subscription.planName || 'Premium'}${statusLabel}`));
+            if (subscription.periodEnd) {
+                const periodEndDate = new Date(subscription.periodEnd);
+                const daysLeft = Math.ceil((periodEndDate.getTime() - Date.now()) / (1000 * 60 * 60 * 24));
+                console.log(chalk.gray('  Renews:'), chalk.white(`${periodEndDate.toLocaleDateString()} (${daysLeft} days)`));
+            }
+        }
+        else if (subscription.status === 'past_due') {
+            console.log(chalk.gray('  Plan:'), chalk.yellow('⚠ Premium (payment past due)'));
+        }
+        else if (subscription.status === 'canceled') {
+            console.log(chalk.gray('  Plan:'), chalk.yellow('Premium (canceled)'));
+            if (subscription.periodEnd) {
+                console.log(chalk.gray('  Access until:'), chalk.white(new Date(subscription.periodEnd).toLocaleDateString()));
+            }
+        }
+        else {
+            console.log(chalk.gray('  Plan:'), chalk.white('Free'));
+            console.log(chalk.dim('  Upgrade at'), chalk.cyan('https://thecutline.ai/pricing'));
+        }
+        console.log();
+    }
+    catch (error) {
+        spinner.fail(chalk.red('Status check failed'));
+        if (error instanceof Error) {
+            console.error(chalk.red(`  ${error.message}`));
+            console.log(chalk.gray('  Try running'), chalk.cyan('cutline-mcp login'), chalk.gray('again\n'));
+        }
+        process.exit(1);
+    }
+}

package/dist/commands/upgrade.d.ts

@@ -0,0 +1,3 @@
+export declare function upgradeCommand(options: {
+    staging?: boolean;
+}): Promise<void>;

package/dist/commands/upgrade.js

@@ -0,0 +1,112 @@
+import open from 'open';
+import chalk from 'chalk';
+import ora from 'ora';
+import { startCallbackServer } from '../auth/callback.js';
+import { storeRefreshToken } from '../auth/keychain.js';
+import { saveConfig } from '../utils/config-store.js';
+import { getConfig, fetchFirebaseApiKey } from '../utils/config.js';
+async function exchangeCustomToken(customToken, apiKey) {
+    const response = await fetch(`https://identitytoolkit.googleapis.com/v1/accounts:signInWithCustomToken?key=${apiKey}`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            token: customToken,
+            returnSecureToken: true,
+        }),
+    });
+    if (!response.ok) {
+        const error = await response.text();
+        throw new Error(`Failed to exchange custom token: ${error}`);
+    }
+    const data = await response.json();
+    return {
+        refreshToken: data.refreshToken,
+        email: data.email,
+    };
+}
+export async function upgradeCommand(options) {
+    const config = getConfig(options);
+    console.log(chalk.bold('\n⬆️  Cutline MCP - Upgrade to Premium\n'));
+    if (options.staging) {
+        console.log(chalk.yellow('  ⚠️  Using STAGING environment\n'));
+    }
+    // Fetch Firebase API key
+    let firebaseApiKey;
+    try {
+        firebaseApiKey = await fetchFirebaseApiKey(options);
+    }
+    catch (error) {
+        console.error(chalk.red(`Error: ${error instanceof Error ? error.message : 'Failed to get Firebase API key'}`));
+        process.exit(1);
+    }
+    // Determine upgrade URL based on environment
+    const baseUrl = options.staging
+        ? 'https://cutline-staging.web.app'
+        : 'https://thecutline.ai';
+    console.log(chalk.gray('  Opening upgrade page in your browser...\n'));
+    console.log(chalk.dim('  After upgrading, your MCP session will be refreshed automatically.\n'));
+    const spinner = ora('Waiting for upgrade and re-authentication...').start();
+    try {
+        // Start callback server for re-auth after upgrade
+        const serverPromise = startCallbackServer('upgrade');
+        // Open upgrade page with callback for re-auth
+        // The upgrade page will redirect to mcp-auth after successful upgrade
+        const upgradeUrl = `${baseUrl}/upgrade?mcp_callback=${encodeURIComponent(config.CALLBACK_URL)}`;
+        await open(upgradeUrl);
+        spinner.text = 'Browser opened - complete your upgrade, then re-authenticate';
+        // Wait for callback with new token (after upgrade + re-auth)
+        const result = await serverPromise;
+        // Exchange custom token for refresh token
+        spinner.text = 'Refreshing your session...';
+        const { refreshToken, email } = await exchangeCustomToken(result.token, firebaseApiKey);
+        // Store refresh token
+        try {
+            await storeRefreshToken(refreshToken);
+        }
+        catch (error) {
+            console.warn(chalk.yellow('  ⚠️  Could not save to Keychain (skipping)'));
+        }
+        // Save to file config (API key is fetched at runtime, not stored)
+        try {
+            saveConfig({
+                refreshToken,
+                environment: options.staging ? 'staging' : 'production',
+            });
+        }
+        catch (error) {
+            console.error(chalk.red('  ✗ Failed to save config file:'), error);
+        }
+        spinner.succeed(chalk.green('Upgrade complete! Session refreshed.'));
+        const envLabel = options.staging ? chalk.yellow('STAGING') : chalk.green('PRODUCTION');
+        console.log(chalk.gray(`  Environment: ${envLabel}`));
+        if (email || result.email) {
+            console.log(chalk.gray(`  Account: ${email || result.email}`));
+        }
+        console.log(chalk.green('\n  Premium features are now available!\n'));
+        console.log(chalk.bold('  Re-run init to update your IDE rules:'));
+        console.log(chalk.cyan('    cutline-mcp init\n'));
+        console.log(chalk.bold('  Then ask your AI agent:\n'));
+        const items = [
+            { cmd: 'use cutline', desc: 'Magic phrase (also works with "use cutline to...", "using cutline...", "with cutline...") — Cutline infers intent and routes automatically' },
+            { cmd: 'Run a deep dive on my product idea', desc: 'Pre-mortem analysis — risks, assumptions, experiments' },
+            { cmd: 'Plan this feature with constraints from my product', desc: 'RGR plan — constraint-aware implementation roadmap' },
+            { cmd: 'Run a code audit on this codebase', desc: 'Free code audit — security, reliability, and scalability (generic, not product-linked)' },
+            { cmd: 'Run an engineering audit for my product', desc: 'Premium deep audit — product-linked analysis + RGR remediation plan' },
+            { cmd: 'Generate .cutline.md for my product', desc: 'Write the constraint routing engine' },
+        ];
+        for (const item of items) {
+            console.log(`  ${chalk.cyan('→')} ${chalk.white(`"${item.cmd}"`)}`);
+            console.log(`    ${chalk.dim(item.desc)}`);
+        }
+        console.log();
+    }
+    catch (error) {
+        spinner.fail(chalk.red('Upgrade flow failed'));
+        if (error instanceof Error) {
+            console.error(chalk.red(`  ${error.message}`));
+        }
+        console.log(chalk.gray('\n  You can also upgrade at:'), chalk.cyan(`${baseUrl}/upgrade`));
+        console.log(chalk.gray('  Then run:'), chalk.cyan('cutline-mcp login'), chalk.gray('to refresh your session\n'));
+        process.exit(1);
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};