@lifeaitools/clauth 0.7.6 → 1.1.0

package/cli/api.js

@@ -74,8 +74,14 @@ export async function enable(password, machineHash, token, timestamp, service, e
   return authPost("enable", password, machineHash, token, timestamp, { service, enabled });
 }
 
-export async function addService(password, machineHash, token, timestamp, name, label, key_type, description) {
-  return authPost("add", password, machineHash, token, timestamp, { name, label, key_type, description });
+export async function addService(password, machineHash, token, timestamp, name, label, key_type, description, project) {
+  const extra = { name, label, key_type, description };
+  if (project) extra.project = project;
+  return authPost("add", password, machineHash, token, timestamp, extra);
+}
+
+export async function updateService(password, machineHash, token, timestamp, service, updates) {
+  return authPost("update", password, machineHash, token, timestamp, { service, ...updates });
 }
 
 export async function removeService(password, machineHash, token, timestamp, service, confirm) {
@@ -86,8 +92,10 @@ export async function revoke(password, machineHash, token, timestamp, service, c
   return authPost("revoke", password, machineHash, token, timestamp, { service, confirm });
 }
 
-export async function status(password, machineHash, token, timestamp) {
-  return authPost("status", password, machineHash, token, timestamp);
+export async function status(password, machineHash, token, timestamp, project) {
+  const extra = {};
+  if (project) extra.project = project;
+  return authPost("status", password, machineHash, token, timestamp, extra);
 }
 
 export async function test(password, machineHash, token, timestamp) {
@@ -108,6 +116,6 @@ export async function registerMachine(machineHash, seedHash, label, adminToken)
 }
 
 export default {
-  retrieve, write, enable, addService, removeService, revoke,
+  retrieve, write, enable, addService, updateService, removeService, revoke,
   status, test, registerMachine, getBaseUrl, getAnonKey
 };

package/cli/commands/doctor.js

@@ -0,0 +1,302 @@
+// cli/commands/doctor.js
+// clauth doctor — check all prerequisites for a healthy installation
+// Checks: Node version, cloudflared, network, Supabase connectivity, config, service status
+
+import os from "os";
+import fs from "fs";
+import path from "path";
+import { execSync } from "child_process";
+import { fileURLToPath } from "url";
+import chalk from "chalk";
+import ora from "ora";
+import Conf from "conf";
+import { getConfOptions } from "../conf-path.js";
+import { getMachineHash } from "../fingerprint.js";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, "../../package.json"), "utf8"));
+
+const CHECK = chalk.green("\u2713");
+const CROSS = chalk.red("\u2717");
+const WARN  = chalk.yellow("!");
+
+/**
+ * Run a shell command and return stdout, or null on failure.
+ */
+function execSafe(cmd, timeoutMs = 10000) {
+  try {
+    return execSync(cmd, {
+      encoding: "utf8",
+      timeout: timeoutMs,
+      stdio: ["pipe", "pipe", "pipe"],
+    }).trim();
+  } catch {
+    return null;
+  }
+}
+
+export async function runDoctor() {
+  const results = [];
+  const platform = os.platform();
+
+  console.log(chalk.cyan(`\n  clauth doctor v${pkg.version}\n`));
+  console.log(chalk.gray(`  Platform: ${platform} (${os.arch()})`));
+  console.log(chalk.gray(`  Node:     ${process.version}`));
+  console.log();
+
+  // ── 1. Node version ──────────────────────────────────────
+  {
+    const major = parseInt(process.versions.node.split(".")[0], 10);
+    if (major >= 18) {
+      results.push(true);
+      console.log(`  ${CHECK} Node.js ${process.versions.node} (>= 18 required)`);
+    } else {
+      results.push(false);
+      console.log(`  ${CROSS} Node.js ${process.versions.node} — version 18+ required`);
+      console.log(chalk.gray("    Fix: Install Node.js 18+ from https://nodejs.org/"));
+    }
+  }
+
+  // ── 2. cloudflared ───────────────────────────────────────
+  {
+    // Check common Windows paths if not on PATH
+    let cfVersion = execSafe("cloudflared --version");
+    if (!cfVersion && platform === "win32") {
+      const winPaths = [
+        path.join(process.env["ProgramFiles(x86)"] || "C:\\Program Files (x86)", "cloudflared", "cloudflared.exe"),
+        path.join(process.env.ProgramFiles || "C:\\Program Files", "cloudflared", "cloudflared.exe"),
+        path.join(os.homedir(), "scoop", "shims", "cloudflared.exe"),
+        "C:\\ProgramData\\chocolatey\\bin\\cloudflared.exe",
+      ];
+      for (const p of winPaths) {
+        try { if (fs.statSync(p).isFile()) { cfVersion = execSafe(`"${p}" --version`); break; } } catch {}
+      }
+    }
+    if (cfVersion) {
+      results.push(true);
+      console.log(`  ${CHECK} cloudflared installed (${cfVersion.split("\n")[0]})`);
+    } else {
+      results.push(false);
+      console.log(`  ${CROSS} cloudflared not found`);
+      if (platform === "win32") {
+        console.log(chalk.gray("    Fix: winget install Cloudflare.cloudflared"));
+        console.log(chalk.gray("     or: choco install cloudflared -y"));
+      } else if (platform === "darwin") {
+        console.log(chalk.gray("    Fix: brew install cloudflared"));
+      } else {
+        console.log(chalk.gray("    Fix: curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /usr/local/bin/cloudflared && chmod +x /usr/local/bin/cloudflared"));
+        console.log(chalk.gray("     or: snap install cloudflared"));
+      }
+    }
+  }
+
+  // ── 3. Config exists ─────────────────────────────────────
+  {
+    const config = new Conf(getConfOptions());
+    const supaUrl = config.get("supabase_url");
+    const anonKey = config.get("supabase_anon_key");
+
+    if (supaUrl && anonKey) {
+      results.push(true);
+      console.log(`  ${CHECK} Config found (Supabase URL + anon key saved)`);
+      console.log(chalk.gray(`    URL: ${supaUrl}`));
+    } else if (supaUrl && !anonKey) {
+      results.push(false);
+      console.log(`  ${CROSS} Config incomplete — Supabase anon key missing`);
+      console.log(chalk.gray("    Fix: Run 'clauth install' to complete setup"));
+    } else {
+      results.push(false);
+      console.log(`  ${CROSS} Config not found — clauth not installed`);
+      console.log(chalk.gray("    Fix: Run 'clauth install' to set up your vault"));
+    }
+  }
+
+  // ── 4. Network: can reach Supabase ───────────────────────
+  {
+    const config = new Conf(getConfOptions());
+    const supaUrl = config.get("supabase_url");
+
+    if (supaUrl) {
+      try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 8000);
+        const res = await fetch(`${supaUrl}/rest/v1/`, {
+          method: "HEAD",
+          signal: controller.signal,
+          headers: { apikey: config.get("supabase_anon_key") || "" },
+        });
+        clearTimeout(timeout);
+        if (res.ok || res.status === 401 || res.status === 400) {
+          results.push(true);
+          console.log(`  ${CHECK} Network — Supabase reachable (HTTP ${res.status})`);
+        } else {
+          results.push(false);
+          console.log(`  ${CROSS} Network — Supabase returned HTTP ${res.status}`);
+        }
+      } catch (err) {
+        results.push(false);
+        console.log(`  ${CROSS} Network — cannot reach Supabase: ${err.message}`);
+        console.log(chalk.gray("    Check your internet connection"));
+      }
+    } else {
+      results.push(null);
+      console.log(`  ${WARN} Network — skipped (no Supabase URL configured)`);
+    }
+  }
+
+  // ── 5. Machine fingerprint ───────────────────────────────
+  {
+    try {
+      const hash = getMachineHash();
+      results.push(true);
+      console.log(`  ${CHECK} Machine fingerprint: ${hash.slice(0, 16)}...`);
+    } catch (err) {
+      results.push(false);
+      console.log(`  ${CROSS} Machine fingerprint failed: ${err.message}`);
+      console.log(chalk.gray("    Fix: Run 'clauth setup' to register this machine"));
+    }
+  }
+
+  // ── 6. Daemon status ─────────────────────────────────────
+  {
+    try {
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), 3000);
+      const res = await fetch("http://127.0.0.1:52437/ping", { signal: controller.signal });
+      clearTimeout(timeout);
+      if (res.ok) {
+        const data = await res.json();
+        results.push(true);
+        const locked = data.locked ? chalk.yellow(" (locked)") : chalk.green(" (unlocked)");
+        console.log(`  ${CHECK} Daemon running on port ${data.port || 52437}${locked}`);
+      } else {
+        results.push(false);
+        console.log(`  ${CROSS} Daemon responded with HTTP ${res.status}`);
+      }
+    } catch {
+      results.push(false);
+      console.log(`  ${CROSS} Daemon not running`);
+      console.log(chalk.gray("    Fix: clauth serve start"));
+    }
+  }
+
+  // ── 7. Autostart / service registration ──────────────────
+  {
+    if (platform === "win32") {
+      const taskOutput = execSafe('schtasks /query /tn "ClauthAutostart" 2>&1');
+      if (taskOutput && !taskOutput.includes("ERROR")) {
+        results.push(true);
+        console.log(`  ${CHECK} Windows Scheduled Task registered (ClauthAutostart)`);
+      } else {
+        results.push(null);
+        console.log(`  ${WARN} Windows Scheduled Task not registered`);
+        console.log(chalk.gray("    Optional: clauth serve install (auto-start on login)"));
+      }
+    } else if (platform === "darwin") {
+      const plistPath = path.join(os.homedir(), "Library", "LaunchAgents", "com.lifeai.clauth.plist");
+      if (fs.existsSync(plistPath)) {
+        results.push(true);
+        console.log(`  ${CHECK} macOS LaunchAgent registered`);
+      } else {
+        results.push(null);
+        console.log(`  ${WARN} macOS LaunchAgent not registered`);
+        console.log(chalk.gray("    Optional: clauth serve install (auto-start on login)"));
+      }
+    } else {
+      const serviceFile = path.join(os.homedir(), ".config", "systemd", "user", "clauth.service");
+      if (fs.existsSync(serviceFile)) {
+        results.push(true);
+        console.log(`  ${CHECK} systemd user service registered`);
+      } else {
+        results.push(null);
+        console.log(`  ${WARN} systemd user service not registered`);
+        console.log(chalk.gray("    Optional: clauth serve install (auto-start on login)"));
+      }
+    }
+  }
+
+  // ── 8. Tunnel configuration ──────────────────────────────
+  {
+    const config = new Conf(getConfOptions());
+    const tunnelHostname = config.get("tunnel_hostname");
+    if (tunnelHostname) {
+      results.push(true);
+      console.log(`  ${CHECK} Tunnel configured: ${tunnelHostname}`);
+    } else {
+      results.push(null);
+      console.log(`  ${WARN} Tunnel not configured (optional for remote MCP access)`);
+      console.log(chalk.gray("    Optional: clauth serve install --tunnel <hostname>"));
+    }
+  }
+
+  // ── Summary ──────────────────────────────────────────────
+  console.log();
+  const failed = results.filter(r => r === false).length;
+  const warnings = results.filter(r => r === null).length;
+  const passed = results.filter(r => r === true).length;
+
+  if (failed === 0) {
+    console.log(chalk.green(`  All ${passed} checks passed.`));
+    if (warnings > 0) {
+      console.log(chalk.yellow(`  ${warnings} optional recommendation${warnings > 1 ? "s" : ""}.`));
+    }
+  } else {
+    console.log(chalk.red(`  ${failed} issue${failed > 1 ? "s" : ""} found.`));
+    if (passed > 0) console.log(chalk.green(`  ${passed} check${passed > 1 ? "s" : ""} passed.`));
+    if (warnings > 0) console.log(chalk.yellow(`  ${warnings} optional.`));
+    console.log(chalk.gray("\n  Run the suggested fix commands above to resolve issues."));
+  }
+  console.log();
+}
+
+/**
+ * Install cloudflared on the current platform.
+ * Exported so other commands (e.g., serve install) can offer auto-install.
+ */
+export async function installCloudflared() {
+  const platform = os.platform();
+  const spinner = ora("Installing cloudflared...").start();
+
+  try {
+    if (platform === "win32") {
+      // Try winget first
+      try {
+        execSync(
+          "winget install Cloudflare.cloudflared --accept-source-agreements --accept-package-agreements",
+          { stdio: "inherit", timeout: 120000 }
+        );
+        spinner.succeed(chalk.green("cloudflared installed via winget"));
+        return true;
+      } catch {
+        spinner.text = "winget failed, trying chocolatey...";
+      }
+
+      // Try chocolatey
+      try {
+        execSync("choco install cloudflared -y", { stdio: "inherit", timeout: 120000 });
+        spinner.succeed(chalk.green("cloudflared installed via chocolatey"));
+        return true;
+      } catch {
+        spinner.fail(chalk.red("Could not install cloudflared automatically"));
+        console.log(chalk.gray("  Download manually: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/"));
+        return false;
+      }
+    } else if (platform === "darwin") {
+      execSync("brew install cloudflared", { stdio: "inherit", timeout: 120000 });
+      spinner.succeed(chalk.green("cloudflared installed via Homebrew"));
+      return true;
+    } else {
+      // Linux
+      execSync(
+        "curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /usr/local/bin/cloudflared && chmod +x /usr/local/bin/cloudflared",
+        { stdio: "inherit", timeout: 120000 }
+      );
+      spinner.succeed(chalk.green("cloudflared installed"));
+      return true;
+    }
+  } catch (err) {
+    spinner.fail(chalk.red(`cloudflared installation failed: ${err.message}`));
+    console.log(chalk.gray("  Install manually: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/"));
+    return false;
+  }
+}

package/cli/commands/install.js

@@ -85,6 +85,119 @@ async function mgmt(pat, method, path, body) {
 export async function runInstall(opts = {}) {
   console.log(chalk.cyan('\n🔐 clauth install\n'));
 
+  // ── Step 0: Upgrade detection ──────────────
+  const config0 = new Conf(getConfOptions());
+  if (config0.get('supabase_url')) {
+    console.log(chalk.cyan('  Existing installation detected.\n'));
+    console.log(chalk.gray(`  Vault:  ${config0.get('supabase_url')}`));
+    console.log(chalk.gray(`  Config: ${config0.path}\n`));
+
+    const inquirerMod = await import('inquirer');
+    const { action } = await inquirerMod.default.prompt([{
+      type: 'list',
+      name: 'action',
+      message: 'What would you like to do?',
+      choices: [
+        { name: 'Upgrade (keep config, redeploy Edge Function + migrations)', value: 'upgrade' },
+        { name: 'Fresh install (new vault)', value: 'fresh' },
+        { name: 'Cancel', value: 'cancel' },
+      ],
+    }]);
+
+    if (action === 'cancel') {
+      console.log(chalk.gray('\n  Cancelled.\n'));
+      return;
+    }
+
+    if (action === 'upgrade') {
+      // Upgrade path: skip provisioning, just redeploy Edge Function and run migrations
+      console.log(chalk.cyan('\n  Running upgrade...\n'));
+
+      let ref = opts.ref;
+      let pat = opts.pat;
+      if (!ref || !pat) {
+        console.log(chalk.gray('  Need Supabase PAT to redeploy Edge Function + run migrations.\n'));
+        if (!ref) ref = await ask(chalk.white('Supabase project ref: '));
+        if (!pat) pat = await askSecret(chalk.white('Supabase PAT: '));
+        closeRL();
+      }
+      if (!ref || !pat) {
+        console.log(chalk.red('\n  Both required.\n')); process.exit(1);
+      }
+
+      // Run migrations
+      const s4 = ora('Running database migrations...').start();
+      const migrations = [
+        { name: '001_clauth_schema',  file: 'supabase/migrations/001_clauth_schema.sql'  },
+        { name: '002_vault_helpers',  file: 'supabase/migrations/002_vault_helpers.sql'  },
+      ];
+      for (const m of migrations) {
+        const sql = readFileSync(join(ROOT, m.file), 'utf8');
+        try {
+          await mgmt(pat, 'POST', `/projects/${ref}/database/query`, { query: sql });
+          s4.text = `Migrations: ${m.name} ✓`;
+        } catch (e) {
+          s4.fail(`Migration ${m.name} failed: ${e.message}`);
+          process.exit(1);
+        }
+      }
+      s4.succeed('Database migrations applied');
+
+      // Redeploy Edge Function
+      const s5 = ora('Redeploying auth-vault Edge Function...').start();
+      const fnSource = readFileSync(join(ROOT, 'supabase/functions/auth-vault/index.ts'), 'utf8');
+      try {
+        const formData = new FormData();
+        const metadata = {
+          name: 'auth-vault',
+          entrypoint_path: 'index.ts',
+          verify_jwt: true,
+        };
+        formData.append('metadata', new Blob([JSON.stringify(metadata)], { type: 'application/json' }));
+        formData.append('file', new Blob([fnSource], { type: 'application/typescript' }), 'index.ts');
+
+        const deployRes = await fetch(
+          `${MGMT}/projects/${ref}/functions/deploy?slug=auth-vault`,
+          {
+            method: 'POST',
+            headers: { 'Authorization': `Bearer ${pat}` },
+            body: formData,
+          }
+        );
+        if (!deployRes.ok) {
+          const errText = await deployRes.text().catch(() => deployRes.statusText);
+          throw new Error(`HTTP ${deployRes.status}: ${errText}`);
+        }
+        s5.succeed('auth-vault Edge Function redeployed');
+      } catch (e) {
+        s5.warn(`Edge Function deploy failed: ${e.message}`);
+        console.log(chalk.yellow('  Run manually: supabase functions deploy auth-vault'));
+      }
+
+      // Reinstall Claude skill
+      const s9 = ora('Updating Claude skill...').start();
+      const skillSrc = join(ROOT, '.clauth-skill');
+      if (existsSync(skillSrc)) {
+        try {
+          const skillDest = join(SKILLS_DIR, 'clauth');
+          mkdirSync(skillDest, { recursive: true });
+          cpSync(skillSrc, skillDest, { recursive: true, force: true });
+          s9.succeed(`Claude skill updated → ${skillDest}`);
+        } catch (e) {
+          s9.warn(`Skill update skipped: ${e.message}`);
+        }
+      } else {
+        s9.warn('Skill directory not found — skipping');
+      }
+
+      console.log('');
+      console.log(chalk.green('  Upgrade complete.'));
+      console.log(chalk.gray('  Run clauth test to verify.\n'));
+      return;
+    }
+    // action === 'fresh' — continue with normal install below
+  }
+
   // ── Step 1: Check internet ────────────────
   const s1 = ora('Checking connectivity...').start();
   try {

package/cli/commands/invite.js

@@ -0,0 +1,175 @@
+// cli/commands/invite.js
+// clauth invite generate [--uses <n>] [--expires <hours>]
+// clauth invite list
+// clauth invite revoke <code>
+//
+// Admin generates invite codes. Friends redeem them via `clauth join`.
+
+import chalk from "chalk";
+import ora from "ora";
+import crypto from "crypto";
+import Conf from "conf";
+import { getConfOptions } from "../conf-path.js";
+import * as api from "../api.js";
+import { getMachineHash, deriveToken } from "../fingerprint.js";
+
+// ============================================================
+// Generate a human-friendly invite code: XXXX-XXXX-XXXX
+// No ambiguous characters (0/O, 1/I)
+// ============================================================
+function generateCode() {
+  const chars = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789";
+  const segments = [];
+  for (let s = 0; s < 3; s++) {
+    let seg = "";
+    for (let i = 0; i < 4; i++) {
+      seg += chars[crypto.randomInt(chars.length)];
+    }
+    segments.push(seg);
+  }
+  return segments.join("-");
+}
+
+// ============================================================
+// Main invite handler
+// ============================================================
+export async function runInvite(action, opts) {
+  const config = new Conf(getConfOptions());
+
+  if (action === "generate") {
+    // Requires admin auth — prompt for password
+    const inquirer = (await import("inquirer")).default;
+    const { pw } = await inquirer.prompt([{
+      type: "password",
+      name: "pw",
+      message: "Admin password:",
+      mask: "*",
+      validate: v => v.length >= 8 || "Password must be at least 8 characters",
+    }]);
+
+    const machineHash = getMachineHash();
+    const { token, timestamp } = deriveToken(pw, machineHash);
+
+    const code = generateCode();
+    const maxUses = parseInt(opts.uses, 10) || 1;
+    const expiresHours = parseInt(opts.expires, 10) || 168; // 7 days default
+    const expiresAt = new Date(Date.now() + expiresHours * 3600000).toISOString();
+
+    const spinner = ora("Creating invite...").start();
+
+    // Try to store invite in Supabase via Edge Function
+    let storedRemote = false;
+    try {
+      const supabaseUrl = config.get("supabase_url");
+      const anonKey = config.get("supabase_anon_key");
+
+      if (supabaseUrl && anonKey) {
+        const res = await fetch(`${supabaseUrl}/functions/v1/auth-vault/create-invite`, {
+          method: "POST",
+          headers: {
+            "Authorization": `Bearer ${anonKey}`,
+            "Content-Type": "application/json",
+          },
+          body: JSON.stringify({
+            machine_hash: machineHash,
+            token,
+            timestamp,
+            password: pw,
+            invite_code: code,
+            max_uses: maxUses,
+            expires_hours: expiresHours,
+          }),
+        });
+
+        if (res.ok) {
+          const body = await res.json();
+          if (body.success) storedRemote = true;
+        }
+      }
+    } catch {
+      // Edge Function may not support invites yet — fall through to local
+    }
+
+    // Always store locally as well (source of truth for `invite list`)
+    const invites = config.get("invites") || [];
+    invites.push({
+      code,
+      max_uses: maxUses,
+      uses: 0,
+      expires_at: expiresAt,
+      created_at: new Date().toISOString(),
+      stored_remote: storedRemote,
+    });
+    config.set("invites", invites);
+
+    spinner.succeed(storedRemote ? "Invite created (synced to vault)" : "Invite created (local only)");
+
+    console.log(chalk.green(`\n  Invite code: ${chalk.bold(code)}`));
+    console.log(chalk.gray(`  Max uses:    ${maxUses}`));
+    console.log(chalk.gray(`  Expires:     ${expiresHours}h (${expiresAt})`));
+    console.log("");
+    console.log(chalk.cyan("  Share this with your friend:"));
+    console.log(chalk.white(`  npm install -g @lifeaitools/clauth && clauth join ${code}`));
+    console.log("");
+
+  } else if (action === "list") {
+    const invites = config.get("invites") || [];
+    if (invites.length === 0) {
+      console.log(chalk.gray("\n  No invites generated.\n"));
+      return;
+    }
+
+    console.log(chalk.cyan("\n  Invites:\n"));
+    console.log(
+      chalk.bold(
+        "  " +
+        "CODE".padEnd(16) +
+        "STATUS".padEnd(12) +
+        "USES".padEnd(10) +
+        "EXPIRES"
+      )
+    );
+    console.log("  " + "-".repeat(60));
+
+    for (const inv of invites) {
+      const now = new Date();
+      const expired = new Date(inv.expires_at) < now;
+      const exhausted = inv.uses >= inv.max_uses;
+      const status = expired
+        ? chalk.red("expired")
+        : exhausted
+          ? chalk.yellow("used up")
+          : chalk.green("active");
+
+      const uses = `${inv.uses}/${inv.max_uses}`;
+      const expStr = new Date(inv.expires_at).toLocaleDateString();
+
+      console.log(
+        `  ${inv.code.padEnd(16)}${status.padEnd(12 + (status.length - (expired ? 7 : exhausted ? 7 : 6)))}  ${uses.padEnd(10)}${expStr}`
+      );
+    }
+    console.log("");
+
+  } else if (action === "revoke") {
+    const code = opts.code;
+    if (!code) {
+      console.log(chalk.red("\n  Usage: clauth invite revoke <code>\n"));
+      return;
+    }
+
+    const invites = config.get("invites") || [];
+    const idx = invites.findIndex(i => i.code === code.toUpperCase());
+    if (idx === -1) {
+      console.log(chalk.red(`\n  Invite ${code} not found.\n`));
+      return;
+    }
+
+    invites.splice(idx, 1);
+    config.set("invites", invites);
+    console.log(chalk.green(`\n  Invite ${code} revoked.\n`));
+
+  } else {
+    console.log(chalk.yellow(`\n  Unknown invite action: ${action}`));
+    console.log(chalk.gray("  Usage: clauth invite generate | list | revoke <code>\n"));
+  }
+}