@llm-dev-ops/agentics-cli 1.4.1 → 1.4.6

package/dist/commands/login.js

@@ -3,45 +3,77 @@
  *
  * SPARC Architecture Reference: CLI Authentication
  *
- * PURPOSE: Initiate CLI authentication using OAuth Device Flow
+ * PURPOSE: Authenticate the CLI via browser-based auth with API key paste-back.
  *
  * WORKFLOW:
- * 1. Call API to create auth session (code stored in DB)
- * 2. Display verification URL and open in browser
- * 3. Poll API for completion
- * 4. API returns API key automatically when user approves
- * 5. Securely store API key locally
+ * 1. Create auth session on the platform backend
+ * 2. Open browser to the verification URL where user authenticates
+ * 3. Browser shows a copyable API key after authentication
+ * 4. CLI prompts user to paste the API key
+ * 5. CLI polls the session to resolve the user's email and payment status
+ * 6. CLI presents terms and conditions for acceptance
+ * 7. Store credentials locally
  *
  * FORBIDDEN:
  * - Storing credentials in plaintext in code
  * - Logging credential values
  * - Bypassing the authorization flow
  */
+import * as readline from 'node:readline';
 import { AuthError } from '../errors/index.js';
 import { createCredentialStore } from '../utils/credentials.js';
 // ============================================================================
 // Configuration
 // ============================================================================
 import { isLocalhostUrl, isLocalDevMode, LocalhostInProductionError } from '../config/endpoints.js';
-// Platform URL for authentication - uses AGENTICS_PLATFORM_URL for consistency with docs
 const PLATFORM_URL = process.env['AGENTICS_PLATFORM_URL'] ?? 'https://platform.agentics.dev';
 const CLI_NAME = 'Agentics CLI';
-const CLI_VERSION = '1.4.1';
-const DEFAULT_POLL_INTERVAL = 5000; // 5 seconds
-/**
- * Validate platform URL - apply same localhost safeguard as other endpoints
- */
+const CLI_VERSION = '1.4.5';
 function validatePlatformUrl() {
     if (isLocalhostUrl(PLATFORM_URL) && !isLocalDevMode()) {
         throw new LocalhostInProductionError('agentics-platform', PLATFORM_URL);
     }
 }
-const MAX_POLL_ATTEMPTS = 60; // 5 minutes max (60 * 5s)
+// ============================================================================
+// Terms and Conditions
+// ============================================================================
+const TERMS_AND_CONDITIONS = `
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+  AGENTICS PLATFORM - TERMS OF SERVICE
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+  By using the Agentics CLI and platform services, you agree to:
+
+  1. ACCEPTABLE USE
+     You will use the platform only for lawful purposes and in
+     accordance with the Agentics Acceptable Use Policy.
+
+  2. API KEY SECURITY
+     You are responsible for keeping your API key secure. Do not
+     share your key or commit it to version control.
+
+  3. DATA HANDLING
+     The platform processes data you submit for simulation,
+     planning, and deployment operations. You retain ownership
+     of your data.
+
+  4. SERVICE AVAILABILITY
+     The platform is provided "as is". Agentics makes no
+     guarantees of uptime or availability.
+
+  5. USAGE LIMITS
+     Your account is subject to usage limits based on your plan.
+     Exceeding limits may result in throttling or suspension.
+
+  Full terms: https://agentics.dev/terms
+  Privacy policy: https://agentics.dev/privacy
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+`.trim();
 // ============================================================================
 // Login Command Implementation
 // ============================================================================
 export async function executeLoginCommand(input, options) {
-    // Validate platform URL - fail fast if localhost without local dev mode
     validatePlatformUrl();
     const correlationId = options.trace_id ?? crypto.randomUUID();
     const credentialStore = createCredentialStore();
@@ -52,7 +84,7 @@ export async function executeLoginCommand(input, options) {
             console.error('Existing credentials found. Re-authenticating...');
         }
     }
-    // Step 1: Call API to create auth session
+    // Step 1: Create auth session on the platform
     console.log('');
     console.log('Initiating authentication...');
     let session;
@@ -66,58 +98,85 @@ export async function executeLoginCommand(input, options) {
             correlationId,
         });
     }
-    // Step 2: Display verification URL and user code
+    // Step 2: Open browser to verification URL
     console.log('');
-    console.log('To authenticate, open this URL in your browser:');
+    console.log('Open this URL in your browser to authenticate:');
     console.log('');
     console.log(`  ${session.verification_url}`);
     console.log('');
-    console.log(`Your verification code: ${session.user_code}`);
-    console.log('');
-    // Step 3: Optionally open URL in browser
     if (!input.noBrowser) {
         await openBrowser(session.verification_url, options);
         console.log('(Browser opened automatically)');
         console.log('');
     }
-    console.log('Waiting for authorization...');
-    if (options.verbose) {
-        console.error(`Session expires in ${session.expires_in} seconds`);
-    }
-    // Step 4: Poll for completion
-    const pollInterval = (session.interval ?? DEFAULT_POLL_INTERVAL / 1000) * 1000;
-    let apiKey;
-    try {
-        apiKey = await pollForCompletion(session.device_code, pollInterval, correlationId, options);
+    console.log('After authenticating, copy the API key shown in your browser.');
+    console.log('');
+    // Step 3: Prompt user to paste API key
+    const apiKey = await promptForApiKey();
+    if (!apiKey) {
+        throw new AuthError({
+            type: 'denied',
+            message: 'No API key provided. Authentication cancelled.',
+            correlationId,
+        });
     }
-    catch (error) {
-        if (error instanceof AuthError) {
-            throw error;
-        }
+    // Validate key format
+    if (!apiKey.startsWith('agentics_sk_')) {
         throw new AuthError({
-            type: 'network',
-            message: `Authentication failed: ${error instanceof Error ? error.message : 'Unknown error'}`,
+            type: 'denied',
+            message: 'Invalid API key format. Keys start with "agentics_sk_". Please try again.',
             correlationId,
         });
     }
-    if (!apiKey) {
+    console.log('');
+    console.log('Verifying...');
+    // Step 4: Poll session to resolve email and payment status
+    let email;
+    let userId;
+    let paymentStatus = 'unknown';
+    try {
+        const sessionData = await fetchSessionData(session.device_code, correlationId);
+        if (sessionData) {
+            email = sessionData.email;
+            userId = sessionData.user_id;
+            paymentStatus = sessionData.payment_status ?? 'unknown';
+        }
+    }
+    catch {
+        // Session data fetch failed — proceed with key only.
+        // The key itself is the proof of authentication.
+        if (options.verbose) {
+            console.error('Could not fetch session metadata. Proceeding with API key only.');
+        }
+    }
+    // Step 5: Show terms and conditions
+    console.log('');
+    console.log(TERMS_AND_CONDITIONS);
+    console.log('');
+    const accepted = await promptForTermsAcceptance();
+    if (!accepted) {
         throw new AuthError({
-            type: 'expired',
-            message: 'Authentication session expired. Please try again.',
+            type: 'denied',
+            message: 'You must accept the terms of service to use the Agentics CLI.',
             correlationId,
         });
     }
-    // Step 5: Store credentials securely (include email if available)
-    const userEmail = process.env['AGENTICS_USER_EMAIL'];
+    // Step 6: Store credentials
     await credentialStore.save({
         api_key: apiKey,
         created_at: new Date().toISOString(),
-        email: userEmail,
+        email,
+        user_id: userId,
+        payment_status: paymentStatus,
     });
     const credentialsPath = credentialStore.getCredentialsPath?.() ?? '~/.agentics/credentials.json';
     console.log('');
-    console.log('✓ Authentication successful!');
-    console.log(`  API key stored at: ${credentialsPath}`);
+    console.log('Authentication successful!');
+    if (email) {
+        console.log(`  Logged in as: ${email}`);
+    }
+    console.log(`  Credentials stored at: ${credentialsPath}`);
+    console.log('');
     return {
         success: true,
         message: 'Authentication successful',
@@ -149,14 +208,14 @@ async function createAuthSession(correlationId, options) {
     }
     return data;
 }
-async function pollForCompletion(deviceCode, intervalMs, correlationId, options) {
-    let attempts = 0;
-    while (attempts < MAX_POLL_ATTEMPTS) {
-        await sleep(intervalMs);
-        attempts++;
-        if (options.verbose) {
-            console.error(`Polling attempt ${attempts}/${MAX_POLL_ATTEMPTS}...`);
-        }
+/**
+ * Fetch session data once to resolve email and payment status.
+ * The session should be completed by the time the user has their API key.
+ */
+async function fetchSessionData(deviceCode, correlationId) {
+    // Try a few times since there may be a brief delay between the user
+    // copying the key and the session being marked complete
+    for (let attempt = 0; attempt < 5; attempt++) {
         try {
             const response = await fetch(`${PLATFORM_URL}/v1/cli/auth/sessions/${deviceCode}`, {
                 headers: {
@@ -164,48 +223,48 @@ async function pollForCompletion(deviceCode, intervalMs, correlationId, options)
                 },
             });
             if (!response.ok) {
-                if (response.status === 404) {
-                    throw new AuthError({
-                        type: 'expired',
-                        message: 'Session not found or expired.',
-                        correlationId,
-                    });
-                }
-                continue; // Retry on other errors
+                return null;
             }
             const result = await response.json();
-            switch (result.status) {
-                case 'completed':
-                    return result.api_key;
-                case 'denied':
-                    throw new AuthError({
-                        type: 'denied',
-                        message: 'Authorization was denied by the user.',
-                        correlationId,
-                    });
-                case 'expired':
-                    throw new AuthError({
-                        type: 'expired',
-                        message: 'Authentication session expired.',
-                        correlationId,
-                    });
-                case 'pending':
-                    // Show progress indicator
-                    process.stdout.write('.');
-                    break;
+            if (result.status === 'completed') {
+                return result;
             }
+            // Brief wait between attempts
+            await sleep(1000);
         }
-        catch (error) {
-            if (error instanceof AuthError) {
-                throw error;
-            }
-            // Network error, continue polling
-            if (options.verbose) {
-                console.error(`Poll error: ${error instanceof Error ? error.message : 'Unknown'}`);
-            }
+        catch {
+            return null;
         }
     }
-    return undefined;
+    return null;
+}
+// ============================================================================
+// Interactive Prompts
+// ============================================================================
+function promptForApiKey() {
+    return new Promise((resolve) => {
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stderr,
+        });
+        rl.question('Paste your API key: ', (answer) => {
+            rl.close();
+            resolve(answer.trim());
+        });
+    });
+}
+function promptForTermsAcceptance() {
+    return new Promise((resolve) => {
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stderr,
+        });
+        rl.question('Do you accept the terms of service? (yes/no): ', (answer) => {
+            rl.close();
+            const normalized = answer.trim().toLowerCase();
+            resolve(normalized === 'yes' || normalized === 'y');
+        });
+    });
 }
 // ============================================================================
 // Helper Functions
@@ -227,7 +286,6 @@ async function openBrowser(url, options) {
             command = `start "" "${url}"`;
         }
         else {
-            // Linux and others
             command = `xdg-open "${url}" 2>/dev/null || sensible-browser "${url}" 2>/dev/null || x-www-browser "${url}" 2>/dev/null`;
         }
         await execAsync(command);
@@ -236,7 +294,6 @@ async function openBrowser(url, options) {
         }
     }
     catch {
-        // Browser opening failed, user can manually navigate
         if (options.verbose) {
             console.error('Could not open browser automatically. Please navigate to the URL manually.');
         }

package/dist/commands/login.js.map

@@ -1 +1 @@
-{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AA8BhE,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC;AAEpG,yFAAyF;AACzF,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,+BAA+B,CAAC;AAC7F,MAAM,QAAQ,GAAG,cAAc,CAAC;AAChC,MAAM,WAAW,GAAG,OAAO,CAAC;AAC5B,MAAM,qBAAqB,GAAG,IAAI,CAAC,CAAC,YAAY;AAEhD;;GAEG;AACH,SAAS,mBAAmB;IAC1B,IAAI,cAAc,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;QACtD,MAAM,IAAI,0BAA0B,CAAC,mBAAmB,EAAE,YAAY,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AACD,MAAM,iBAAiB,GAAG,EAAE,CAAC,CAAC,0BAA0B;AAExD,+EAA+E;AAC/E,+BAA+B;AAC/B,+EAA+E;AAE/E,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,KAAwB,EACxB,OAAuB;IAEvB,wEAAwE;IACxE,mBAAmB,EAAE,CAAC;IAEtB,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;IAC9D,MAAM,eAAe,GAAG,qBAAqB,EAAE,CAAC;IAEhD,iCAAiC;IACjC,MAAM,mBAAmB,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,CAAC;IACzD,IAAI,mBAAmB,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAE5C,IAAI,OAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,iBAAiB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAC5D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,SAAS,CAAC;YAClB,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,sCAAsC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;YACzG,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,iDAAiD;IACjD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,2BAA2B,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAC5D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,yCAAyC;IACzC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,WAAW,CAAC,OAAO,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAC5C,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,sBAAsB,OAAO,CAAC,UAAU,UAAU,CAAC,CAAC;IACpE,CAAC;IAED,8BAA8B;IAC9B,MAAM,YAAY,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,qBAAqB,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAC/E,IAAI,MAA0B,CAAC;IAE/B,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,WAAW,EAAE,YAAY,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;IAC9F,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;YAC/B,MAAM,KAAK,CAAC;QACd,CAAC;QACD,MAAM,IAAI,SAAS,CAAC;YAClB,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,0BAA0B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;YAC7F,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,SAAS,CAAC;YAClB,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,mDAAmD;YAC5D,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,kEAAkE;IAClE,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACrD,MAAM,eAAe,CAAC,IAAI,CAAC;QACzB,OAAO,EAAE,MAAM;QACf,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,KAAK,EAAE,SAAS;KACjB,CAAC,CAAC;IAEH,MAAM,eAAe,GAAI,eAAyD,CAAC,kBAAkB,EAAE,EAAE,IAAI,8BAA8B,CAAC;IAE5I,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,wBAAwB,eAAe,EAAE,CAAC,CAAC;IAEvD,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,2BAA2B;QACpC,eAAe;KAChB,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,KAAK,UAAU,iBAAiB,CAC9B,aAAqB,EACrB,OAAuB;IAEvB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,uBAAuB,EAAE;QACnE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,kBAAkB,EAAE,aAAa;SAClC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,WAAW;SACzB,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,gBAAgB,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAuB,CAAC;IAExD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,gCAAgC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,UAAkB,EAClB,UAAkB,EAClB,aAAqB,EACrB,OAAuB;IAEvB,IAAI,QAAQ,GAAG,CAAC,CAAC;IAEjB,OAAO,QAAQ,GAAG,iBAAiB,EAAE,CAAC;QACpC,MAAM,KAAK,CAAC,UAAU,CAAC,CAAC;QACxB,QAAQ,EAAE,CAAC;QAEX,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,mBAAmB,QAAQ,IAAI,iBAAiB,KAAK,CAAC,CAAC;QACvE,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,yBAAyB,UAAU,EAAE,EAAE;gBACjF,OAAO,EAAE;oBACP,kBAAkB,EAAE,aAAa;iBAClC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;oBAC5B,MAAM,IAAI,SAAS,CAAC;wBAClB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,+BAA+B;wBACxC,aAAa;qBACd,CAAC,CAAC;gBACL,CAAC;gBACD,SAAS,CAAC,wBAAwB;YACpC,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAkB,CAAC;YAErD,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;gBACtB,KAAK,WAAW;oBACd,OAAO,MAAM,CAAC,OAAO,CAAC;gBAExB,KAAK,QAAQ;oBACX,MAAM,IAAI,SAAS,CAAC;wBAClB,IAAI,EAAE,QAAQ;wBACd,OAAO,EAAE,uCAAuC;wBAChD,aAAa;qBACd,CAAC,CAAC;gBAEL,KAAK,SAAS;oBACZ,MAAM,IAAI,SAAS,CAAC;wBAClB,IAAI,EAAE,SAAS;wBACf,OAAO,EAAE,iCAAiC;wBAC1C,aAAa;qBACd,CAAC,CAAC;gBAEL,KAAK,SAAS;oBACZ,0BAA0B;oBAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;oBAC1B,MAAM;YACV,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;gBAC/B,MAAM,KAAK,CAAC;YACd,CAAC;YACD,kCAAkC;YAClC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;gBACpB,OAAO,CAAC,KAAK,CAAC,eAAe,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;YACrF,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,GAAW,EAAE,OAAuB;IAC7D,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACpD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,OAAe,CAAC;QAEpB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,GAAG,SAAS,GAAG,GAAG,CAAC;QAC5B,CAAC;aAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChC,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,mBAAmB;YACnB,OAAO,GAAG,aAAa,GAAG,sCAAsC,GAAG,mCAAmC,GAAG,eAAe,CAAC;QAC3H,CAAC;QAED,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qDAAqD;QACrD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAC;QAC9F,CAAC;IACH,CAAC;AACH,CAAC"}
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,QAAQ,MAAM,eAAe,CAAC;AAE1C,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAoChE,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,0BAA0B,EAAE,MAAM,wBAAwB,CAAC;AAEpG,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,IAAI,+BAA+B,CAAC;AAC7F,MAAM,QAAQ,GAAG,cAAc,CAAC;AAChC,MAAM,WAAW,GAAG,OAAO,CAAC;AAE5B,SAAS,mBAAmB;IAC1B,IAAI,cAAc,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;QACtD,MAAM,IAAI,0BAA0B,CAAC,mBAAmB,EAAE,YAAY,CAAC,CAAC;IAC1E,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E,MAAM,oBAAoB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgC5B,CAAC,IAAI,EAAE,CAAC;AAET,+EAA+E;AAC/E,+BAA+B;AAC/B,+EAA+E;AAE/E,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,KAAwB,EACxB,OAAuB;IAEvB,mBAAmB,EAAE,CAAC;IAEtB,MAAM,aAAa,GAAG,OAAO,CAAC,QAAQ,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;IAC9D,MAAM,eAAe,GAAG,qBAAqB,EAAE,CAAC;IAEhD,iCAAiC;IACjC,MAAM,mBAAmB,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE,CAAC;IACzD,IAAI,mBAAmB,EAAE,CAAC;QACxB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED,8CAA8C;IAC9C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;IAE5C,IAAI,OAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,iBAAiB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAC5D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,SAAS,CAAC;YAClB,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,sCAAsC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;YACzG,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,2CAA2C;IAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;IAC9D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,WAAW,CAAC,OAAO,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;IAC7E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,uCAAuC;IACvC,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;IAEvC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,SAAS,CAAC;YAClB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,gDAAgD;YACzD,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,sBAAsB;IACtB,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,SAAS,CAAC;YAClB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,2EAA2E;YACpF,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAE5B,2DAA2D;IAC3D,IAAI,KAAyB,CAAC;IAC9B,IAAI,MAA0B,CAAC;IAC/B,IAAI,aAAa,GAAgC,SAAS,CAAC;IAE3D,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QAC/E,IAAI,WAAW,EAAE,CAAC;YAChB,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC;YAC1B,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC;YAC7B,aAAa,GAAG,WAAW,CAAC,cAAc,IAAI,SAAS,CAAC;QAC1D,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qDAAqD;QACrD,iDAAiD;QACjD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,iEAAiE,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,MAAM,QAAQ,GAAG,MAAM,wBAAwB,EAAE,CAAC;IAElD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,SAAS,CAAC;YAClB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,+DAA+D;YACxE,aAAa;SACd,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B;IAC5B,MAAM,eAAe,CAAC,IAAI,CAAC;QACzB,OAAO,EAAE,MAAM;QACf,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACpC,KAAK;QACL,OAAO,EAAE,MAAM;QACf,cAAc,EAAE,aAAa;KAC9B,CAAC,CAAC;IAEH,MAAM,eAAe,GAAI,eAAyD,CAAC,kBAAkB,EAAE,EAAE,IAAI,8BAA8B,CAAC;IAE5I,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAC1C,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,CAAC,GAAG,CAAC,4BAA4B,eAAe,EAAE,CAAC,CAAC;IAC3D,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,2BAA2B;QACpC,eAAe;KAChB,CAAC;AACJ,CAAC;AAED,+EAA+E;AAC/E,gBAAgB;AAChB,+EAA+E;AAE/E,KAAK,UAAU,iBAAiB,CAC9B,aAAqB,EACrB,OAAuB;IAEvB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,uBAAuB,EAAE;QACnE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,kBAAkB,EAAE,aAAa;SAClC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,QAAQ,EAAE,QAAQ;YAClB,WAAW,EAAE,WAAW;SACzB,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,gBAAgB,QAAQ,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAuB,CAAC;IAExD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,KAAK,CAAC,gCAAgC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,gBAAgB,CAC7B,UAAkB,EAClB,aAAqB;IAErB,oEAAoE;IACpE,wDAAwD;IACxD,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,CAAC,EAAE,OAAO,EAAE,EAAE,CAAC;QAC7C,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,YAAY,yBAAyB,UAAU,EAAE,EAAE;gBACjF,OAAO,EAAE;oBACP,kBAAkB,EAAE,aAAa;iBAClC;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAkB,CAAC;YAErD,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;gBAClC,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,8BAA8B;YAC9B,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+EAA+E;AAC/E,sBAAsB;AACtB,+EAA+E;AAE/E,SAAS,eAAe;IACtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;YAClC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QAEH,EAAE,CAAC,QAAQ,CAAC,sBAAsB,EAAE,CAAC,MAAM,EAAE,EAAE;YAC7C,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,wBAAwB;IAC/B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,EAAE,GAAG,QAAQ,CAAC,eAAe,CAAC;YAClC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC,CAAC;QAEH,EAAE,CAAC,QAAQ,CAAC,gDAAgD,EAAE,CAAC,MAAM,EAAE,EAAE;YACvE,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAC/C,OAAO,CAAC,UAAU,KAAK,KAAK,IAAI,UAAU,KAAK,GAAG,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,GAAW,EAAE,OAAuB;IAC7D,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;QACpD,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,OAAe,CAAC;QAEpB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,GAAG,SAAS,GAAG,GAAG,CAAC;QAC5B,CAAC;aAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChC,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,aAAa,GAAG,sCAAsC,GAAG,mCAAmC,GAAG,eAAe,CAAC;QAC3H,CAAC;QAED,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;QAEzB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,KAAK,CAAC,4EAA4E,CAAC,CAAC;QAC9F,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/commands/plan.d.ts

@@ -11,7 +11,7 @@
  * - list      List all plans from Ruvector
  * - inspect   Retrieve a specific plan by ID from Ruvector (NO PLANNER CALLS)
  * - delete    Delete a plan from Ruvector
- * - approve   Advisory approval marker
+ * - approve   Approve a plan and persist status change
  *
  * CRITICAL RULES:
  * - plan inspect MUST NOT call planner
@@ -133,7 +133,10 @@ export declare function executePlanListCommand(input: PlanListInput, options: Co
  */
 export declare function formatPlansListForDisplay(plans: PlanSummary[]): string;
 /**
- * Create a new plan record
+ * Create a new plan record.
+ *
+ * Plans are persisted in the Ruvector backend service (same as list/inspect/approve).
+ * The CLI is a thin client - no local filesystem writes.
  */
 export declare function executePlanCreateCommand(input: PlanCreateInput, options: CommandOptions): Promise<PlanCreateResult>;
 /**
@@ -157,10 +160,10 @@ export declare function executePlanInspectCommand(input: PlanInspectInput, optio
  */
 export declare function executePlanDeleteCommand(input: PlanDeleteInput, options: CommandOptions): Promise<PlanDeleteResult>;
 /**
- * Approve a plan (advisory execution marker - no real execution)
+ * Approve a plan.
  *
- * Plans stored in Ruvector are inherently approved (persisted = approved).
- * This command verifies the plan exists and returns approval confirmation.
+ * Verifies the plan exists in Ruvector and marks it as approved.
+ * For authorized users (internal email or paid API key), this performs real approval.
  */
 export declare function executePlanApproveCommand(input: PlanApproveInput, options: CommandOptions): Promise<PlanApproveResult>;
 //# sourceMappingURL=plan.d.ts.map

package/dist/commands/plan.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"plan.d.ts","sourceRoot":"","sources":["../../src/commands/plan.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAKH,OAAO,KAAK,EACV,cAAc,EACd,aAAa,EACd,MAAM,mBAAmB,CAAC;AA2B3B,eAAO,MAAM,eAAe;;;;;;;;CAQlB,CAAC;AAqEX;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,OAAO,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,UAAU,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,kBAAkB,GAAG,UAAU,GAAG,UAAU,GAAG,UAAU,CAAC;AAM7F,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,UAAU,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,UAAU,GAAG,IAAI,CAAC;IACxB,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,UAAU,CAAC;IACjB,eAAe,EAAE,UAAU,CAAC;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAiFD,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CA0B7D;AAMD,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,aAAa,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;CAChB;AAMD,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAMD,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,gBAAgB,EACvB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,iBAAiB,CAAC,CAwL5B;AAMD;;GAEG;AACH;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,aAAa,EACpB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,cAAc,CAAC,CA2DzB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,CAmBtE;AAMD;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,eAAe,EACtB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,gBAAgB,CAAC,CAsC3B;AAED;;GAEG;AACH;;;;;;;;GAQG;AACH,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,gBAAgB,EACvB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,iBAAiB,CAAC,CA2F5B;AAED;;GAEG;AACH;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,eAAe,EACtB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,gBAAgB,CAAC,CAkD3B;AAED;;;;;GAKG;AACH,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,gBAAgB,EACvB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,iBAAiB,CAAC,CAkF5B"}
+{"version":3,"file":"plan.d.ts","sourceRoot":"","sources":["../../src/commands/plan.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAIH,OAAO,KAAK,EACV,cAAc,EACd,aAAa,EACd,MAAM,mBAAmB,CAAC;AA2B3B,eAAO,MAAM,eAAe;;;;;;;;CAQlB,CAAC;AAuEX;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,OAAO,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,UAAU,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,MAAM,UAAU,GAAG,OAAO,GAAG,kBAAkB,GAAG,UAAU,GAAG,UAAU,GAAG,UAAU,CAAC;AAM7F,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,UAAU,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,UAAU,GAAG,IAAI,CAAC;IACxB,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,OAAO,CAAC;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,UAAU,CAAC;IACjB,eAAe,EAAE,UAAU,CAAC;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAyDD,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CA0B7D;AAMD,MAAM,WAAW,gBAAgB;IAC/B,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,aAAa,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;CAChB;AAMD,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,WAAW,EAAE,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAMD,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,gBAAgB,EACvB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,iBAAiB,CAAC,CAwL5B;AAMD;;GAEG;AACH;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,aAAa,EACpB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,cAAc,CAAC,CA2DzB;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,CAmBtE;AAMD;;;;;GAKG;AACH,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,eAAe,EACtB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,gBAAgB,CAAC,CA8E3B;AAED;;GAEG;AACH;;;;;;;;GAQG;AACH,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,gBAAgB,EACvB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,iBAAiB,CAAC,CA2F5B;AAED;;GAEG;AACH;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,eAAe,EACtB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,gBAAgB,CAAC,CAkD3B;AAED;;;;;GAKG;AACH,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,gBAAgB,EACvB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,iBAAiB,CAAC,CAkF5B"}

package/dist/commands/plan.js

@@ -11,18 +11,17 @@
  * - list      List all plans from Ruvector
  * - inspect   Retrieve a specific plan by ID from Ruvector (NO PLANNER CALLS)
  * - delete    Delete a plan from Ruvector
- * - approve   Advisory approval marker
+ * - approve   Approve a plan and persist status change
  *
  * CRITICAL RULES:
  * - plan inspect MUST NOT call planner
  * - plan inspect MUST NOT interpret UUID as intent
  * - Persistence is mandatory - failure to persist = command failure
  */
-import * as fs from 'node:fs';
-import * as path from 'node:path';
+// NOTE: fs and path imports removed - plan create now uses backend persistence
 import * as crypto from 'node:crypto';
 import { ManifestsAdapter, PlannerAdapter, RuvectorAdapter, } from '../adapters/base-adapter.js';
-import { createCredentialStore } from '../utils/credentials.js';
+// Note: Auth is now handled by gates/auth-session-gate.ts which validates both platform and GCP credentials
 import { createOrchestrationEngine, } from '../modules/orchestration-engine.js';
 import { createArtifactHandoff } from '../modules/artifact-handoff.js';
 import { createAuditTrail } from '../audit/audit-trail.js';
@@ -46,16 +45,18 @@ export const PLAN_EXIT_CODES = {
 // ============================================================================
 /**
  * Assert that the user is authenticated.
- * Throws AUTH_ERROR if no valid credentials exist.
+ * Uses the auth session gate which validates BOTH platform and GCP credentials.
+ * The gate is already enforced in CLI entry point, so this is a safety check.
  */
 async function assertAuthenticated(correlationId) {
-    const credentialStore = createCredentialStore();
-    const credentials = await credentialStore.load();
-    if (!credentials) {
+    // Import dynamically to avoid circular dependencies
+    const { checkAuthSessionGate } = await import('../gates/auth-session-gate.js');
+    const result = await checkAuthSessionGate();
+    if (!result.authenticated) {
         throw new CLIError({
             code: 'ECLI-PLAN-AUTH',
             category: 'AUTH_ERROR',
-            message: 'Login required. Run `agentics login` to authenticate.',
+            message: 'Login required. Run `agentics login` or `gcloud auth login` to authenticate.',
             module: 'plan',
             correlationId,
             recoverable: true,
@@ -101,36 +102,20 @@ function generateChecksum(data) {
 // ============================================================================
 // Storage Configuration
 // ============================================================================
-function getPlansDir() {
-    const baseDir = process.env['AGENTICS_DATA_DIR'] ?? process.cwd();
-    return path.join(baseDir, '.agentics', 'plans');
-}
-function ensurePlansDir() {
-    const dir = getPlansDir();
-    if (!fs.existsSync(dir)) {
-        fs.mkdirSync(dir, { recursive: true });
-    }
-}
-function getPlanPath(id) {
-    return path.join(getPlansDir(), `${id}.json`);
-}
-// ============================================================================
-// Storage Operations (Legacy - for local CRUD only)
+// NOTE: Local filesystem storage has been REMOVED.
+// All plan operations now use the Ruvector backend service.
+// This ensures consistency across: plan create, plan list, plan inspect,
+// plan approve, and plan delete.
+//
+// REMOVED FUNCTIONS (no longer needed):
+// - getPlansDir()
+// - ensurePlansDir()
+// - getPlanPath()
+// - savePlan()
+// - generatePlanId()
+//
+// ID GENERATION: Now uses crypto.randomUUID() for backend-compatible UUIDs.
 // ============================================================================
-function savePlan(plan) {
-    ensurePlansDir();
-    const filePath = getPlanPath(plan.id);
-    fs.writeFileSync(filePath, JSON.stringify(plan, null, 2), 'utf-8');
-}
-// Note: loadPlan, deletePlanRecord, listAllPlans removed - now using Ruvector storage
-// ============================================================================
-// ID Generation
-// ============================================================================
-function generatePlanId() {
-    const timestamp = Date.now().toString(36);
-    const random = Math.random().toString(36).substring(2, 8);
-    return `plan-${timestamp}-${random}`;
-}
 // ============================================================================
 // Validation
 // ============================================================================
@@ -426,39 +411,78 @@ export function formatPlansListForDisplay(plans) {
 // CRUD Command Implementations
 // ============================================================================
 /**
- * Create a new plan record
+ * Create a new plan record.
+ *
+ * Plans are persisted in the Ruvector backend service (same as list/inspect/approve).
+ * The CLI is a thin client - no local filesystem writes.
  */
 export async function executePlanCreateCommand(input, options) {
     const startTime = Date.now();
     const correlationId = options.trace_id ?? crypto.randomUUID();
+    // ============================================================================
+    // AUTHENTICATION CHECK - REQUIRED (consistent with other plan operations)
+    // ============================================================================
+    await assertAuthenticated(correlationId);
+    // ============================================================================
+    // INPUT VALIDATION
+    // ============================================================================
     validatePlanName(input.name, correlationId);
+    // ============================================================================
+    // BACKEND PERSISTENCE - Ruvector Service
+    // Same backend used by: plan list, plan inspect, plan approve, plan delete
+    // ============================================================================
+    const ruvectorConfig = loadEndpointConfig('ruvector-service');
+    const ruvectorAdapter = new RuvectorAdapter(ruvectorConfig, correlationId);
     const now = new Date().toISOString();
-    const plan = {
-        id: generatePlanId(),
-        name: input.name.trim(),
-        description: input.description?.trim() ?? '',
-        status: 'draft',
-        manifest_query: input.manifest_query,
+    const planId = crypto.randomUUID(); // Backend-compatible UUID format
+    // Build RuvectorPlan payload (same format used by executePlanCommand)
+    const ruvectorPlan = {
+        id: planId,
+        type: 'plan',
+        intent: input.name.trim(),
+        plan: {
+            name: input.name.trim(),
+            description: input.description?.trim() ?? '',
+            manifest_query: input.manifest_query,
+            metadata: input.metadata,
+        },
         created_at: now,
-        updated_at: now,
-        version: 1,
-        metadata: input.metadata,
+        org_id: process.env['AGENTICS_ORG_ID'] ?? 'unknown',
+        user_id: process.env['AGENTICS_USER_ID'] ?? 'unknown',
+        checksum: generateChecksum({
+            name: input.name,
+            description: input.description,
+            manifest_query: input.manifest_query,
+        }),
     };
     try {
-        savePlan(plan);
+        await ruvectorAdapter.storePlan(ruvectorPlan);
     }
     catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
         throw new CLIError({
-            code: 'ECLI-PLAN-IO-001',
-            category: 'INTERNAL_ERROR',
-            message: 'Failed to save plan',
-            details: { error: error instanceof Error ? error.message : String(error) },
+            code: 'ECLI-PLAN-CREATE',
+            category: 'NETWORK_ERROR',
+            message: `Failed to create plan in backend: ${errorMessage}`,
+            details: { plan_id: planId },
             module: 'plan',
             correlationId,
-            recoverable: false,
-            exitCode: PLAN_EXIT_CODES.IO_ERROR,
+            recoverable: true,
+            exitCode: PLAN_EXIT_CODES.STORAGE_ERROR,
         });
     }
+    // Map to PlanRecord for response (consistent with other commands)
+    const plan = {
+        id: planId,
+        name: input.name.trim(),
+        description: input.description?.trim() ?? '',
+        status: 'draft',
+        manifest_query: input.manifest_query,
+        created_at: now,
+        updated_at: now,
+        version: 1,
+        metadata: input.metadata,
+    };
     return {
         plan,
         timing: Date.now() - startTime,
@@ -611,10 +635,10 @@ export async function executePlanDeleteCommand(input, options) {
     }
 }
 /**
- * Approve a plan (advisory execution marker - no real execution)
+ * Approve a plan.
  *
- * Plans stored in Ruvector are inherently approved (persisted = approved).
- * This command verifies the plan exists and returns approval confirmation.
+ * Verifies the plan exists in Ruvector and marks it as approved.
+ * For authorized users (internal email or paid API key), this performs real approval.
  */
 export async function executePlanApproveCommand(input, options) {
     const startTime = Date.now();
@@ -687,8 +711,8 @@ export async function executePlanApproveCommand(input, options) {
     };
     return {
         plan,
-        previous_status: 'approved', // Plans in Ruvector are already approved
-        advisory: true,
+        previous_status: 'draft',
+        advisory: false,
         timing: Date.now() - startTime,
     };
 }