@metabase/cli 0.1.0 → 0.1.1

package/dist/{runtime-C9CEZhcn.mjs → runtime-D7jihh81.mjs}

@@ -1,113 +1,16 @@
-import { package_default } from "./package-BGfw4ZWJ.mjs";
+import { package_default } from "./package-DBsS7a5x.mjs";
 import { setMetabaseAugment } from "./command-augment-D9pI9Vbh.mjs";
+import { AbortError, ConfigError, MetabaseError, NetworkError, TimeoutError, VERBOSE_ENV, ValidationError, errorMessage, isNotFoundError, isPlainObject, toMetabaseError } from "./predicates-DiIiS3k7.mjs";
 import { defineCommand } from "citty";
-import { ZodError, z } from "zod";
+import { z } from "zod";
 import { promises } from "node:fs";
-import { homedir } from "node:os";
 import { dirname, join } from "node:path";
+import { homedir } from "node:os";
 import { Entry } from "@napi-rs/keyring";
-import { isCancel } from "@clack/prompts";
 import { setTimeout } from "node:timers/promises";
-import Table from "cli-table3";
 
-//#region src/core/errors.ts
-var MetabaseError = class extends Error {
-	get userMessage() {
-		return this.message;
-	}
-};
-var NetworkError = class extends MetabaseError {
-	category = "network";
-	isRetryable = true;
-	exitCode = 1;
-	developerDetail;
-	constructor(message, developerDetail) {
-		super(message);
-		this.name = "NetworkError";
-		this.developerDetail = developerDetail;
-	}
-};
-var TimeoutError = class extends MetabaseError {
-	category = "timeout";
-	isRetryable = true;
-	exitCode = 1;
-	developerDetail;
-	constructor(message, developerDetail) {
-		super(message);
-		this.name = "TimeoutError";
-		this.developerDetail = developerDetail;
-	}
-};
-var ValidationError = class extends MetabaseError {
-	category = "validation";
-	isRetryable = false;
-	exitCode = 1;
-	developerDetail;
-	constructor(message, developerDetail) {
-		super(message);
-		this.name = "ValidationError";
-		this.developerDetail = developerDetail;
-	}
-};
-var ConfigError = class extends MetabaseError {
-	category = "config";
-	isRetryable = false;
-	exitCode = 2;
-	developerDetail = null;
-	constructor(message) {
-		super(message);
-		this.name = "ConfigError";
-	}
-};
-var AbortError = class extends MetabaseError {
-	category = "abort";
-	isRetryable = false;
-	exitCode = 130;
-	developerDetail = null;
-	constructor(message = "aborted") {
-		super(message);
-		this.name = "AbortError";
-	}
-};
-var UnknownError = class extends MetabaseError {
-	category = "unknown";
-	isRetryable = false;
-	exitCode = 1;
-	developerDetail;
-	constructor(input) {
-		super(input.originalMessage);
-		this.name = "UnknownError";
-		this.developerDetail = input;
-	}
-};
-function toMetabaseError(error) {
-	if (error instanceof MetabaseError) return error;
-	if (isCancel(error)) return new AbortError();
-	if (error instanceof ZodError) return new ConfigError(formatZodError(error));
-	if (error instanceof Error) return new UnknownError({
-		originalMessage: error.message,
-		stack: error.stack ?? null
-	});
-	return new UnknownError({
-		originalMessage: String(error),
-		stack: null
-	});
-}
-function formatZodError(error) {
-	return error.issues.map((issue) => {
-		const path = issue.path.join(".");
-		return path ? `${path}: ${issue.message}` : issue.message;
-	}).join("; ");
-}
-function isNotFoundError(value) {
-	return value instanceof Error && "code" in value && value.code === "ENOENT";
-}
-function errorMessage(value) {
-	return value instanceof Error ? value.message : String(value);
-}
-
-//#endregion
 //#region src/runtime/json.ts
+const JSON_CONTENT_TYPE$1 = "application/json";
 function parseJson(input, schema, opts = {}) {
 	const result = parseJsonResult(input, schema, opts);
 	if (!result.ok) throw result.error;
@@ -137,12 +40,175 @@ function parseJsonResult(input, schema, opts = {}) {
 		value: parsed.data
 	};
 }
+function parseJsonOrPlain(text, contentType, schema, opts = {}) {
+	if (!isJsonContentType(contentType)) return parseJson(JSON.stringify(text), schema, opts);
+	const attempt = parseJsonResult(text, schema, opts);
+	if (attempt.ok) return attempt.value;
+	if (attempt.error instanceof ValidationError) throw attempt.error;
+	return parseJson(JSON.stringify(text), schema, opts);
+}
+function isJsonContentType(contentType) {
+	return contentType !== null && contentType.includes(JSON_CONTENT_TYPE$1);
+}
+
+//#endregion
+//#region src/output/types.ts
+const DEFAULT_MAX_BYTES = 65536;
+function listEnvelopeSchema(item) {
+	return z.object({
+		data: z.array(item),
+		returned: z.number().int().nonnegative(),
+		total: z.number().int().nonnegative().nullable().optional(),
+		limit: z.number().int().nonnegative().optional(),
+		truncated: z.object({
+			reason: z.literal("max_bytes"),
+			bytes: z.number().int().nonnegative()
+		}).optional()
+	});
+}
+function wrapList(items) {
+	return {
+		data: items,
+		returned: items.length,
+		total: items.length
+	};
+}
+
+//#endregion
+//#region src/commands/flags.ts
+const outputFlags = {
+	format: {
+		type: "string",
+		description: "auto | json | text",
+		default: "auto"
+	},
+	json: {
+		type: "boolean",
+		description: "Shorthand for --format json"
+	},
+	full: {
+		type: "boolean",
+		description: "Return the full object (default: compact)"
+	},
+	fields: {
+		type: "string",
+		description: "Dot-paths, comma separated (mutually exclusive with --full)"
+	},
+	maxBytes: {
+		type: "string",
+		description: "Output size cap; 0 disables",
+		default: String(DEFAULT_MAX_BYTES),
+		alias: "max-bytes"
+	}
+};
+const profileFlag = { profile: {
+	type: "string",
+	description: "Named profile (default: 'default')"
+} };
+const connectionFlags = {
+	url: {
+		type: "string",
+		description: "Metabase URL"
+	},
+	apiKey: {
+		type: "string",
+		description: "API key",
+		alias: "api-key"
+	}
+};
+
+//#endregion
+//#region src/commands/parse-integer.ts
+const INTEGER_PATTERN = /^-?\d+$/;
+function parseInteger(value, options) {
+	const trimmed = value.trim();
+	if (!INTEGER_PATTERN.test(trimmed)) throw new ConfigError(`invalid ${options.name}: "${value}" (expected integer)`);
+	const parsed = Number.parseInt(trimmed, 10);
+	if (parsed < options.min) throw new ConfigError(`invalid ${options.name}: ${parsed} (must be ≥ ${options.min})`);
+	return parsed;
+}
+function parseOptionalInteger(value, options) {
+	if (value === void 0 || value === "") return null;
+	return parseInteger(value, options);
+}
+
+//#endregion
+//#region src/core/paths.ts
+const APP_DIR_NAME = "metabase-cli";
+function configDir() {
+	if (process.platform === "win32") {
+		const appData = process.env["APPDATA"] ?? join(homedir(), "AppData", "Roaming");
+		return join(appData, APP_DIR_NAME);
+	}
+	const xdg = process.env["XDG_CONFIG_HOME"] ?? join(homedir(), ".config");
+	return join(xdg, APP_DIR_NAME);
+}
+
+//#endregion
+//#region src/core/auth/rejection.ts
+const REJECTIONS_FILE = "rejections.json";
+const REJECTIONS_FILE_MODE = 384;
+const REJECTIONS_DIR_MODE = 448;
+const RejectionRecord = z.object({
+	reason: z.string(),
+	url: z.string(),
+	rejectedAt: z.string()
+});
+const RejectionsFileSchema = z.record(z.string(), RejectionRecord);
+function rejectionsFilePath() {
+	return join(configDir(), REJECTIONS_FILE);
+}
+async function readRejectionsFile() {
+	const path = rejectionsFilePath();
+	let raw;
+	try {
+		raw = await promises.readFile(path, "utf8");
+	} catch (error) {
+		if (isNotFoundError(error)) return {};
+		throw error;
+	}
+	return parseJson(raw, RejectionsFileSchema, { source: path });
+}
+async function writeRejectionsFile(store) {
+	const path = rejectionsFilePath();
+	if (Object.keys(store).length === 0) {
+		await promises.unlink(path).catch(() => void 0);
+		return;
+	}
+	await promises.mkdir(dirname(path), {
+		recursive: true,
+		mode: REJECTIONS_DIR_MODE
+	});
+	await promises.writeFile(path, JSON.stringify(store, null, 2) + "\n", { mode: REJECTIONS_FILE_MODE });
+	if (process.platform !== "win32") await promises.chmod(path, REJECTIONS_FILE_MODE);
+}
+async function recordRejection(profile, input) {
+	const store = await readRejectionsFile();
+	store[profile] = {
+		reason: input.reason,
+		url: input.url,
+		rejectedAt: new Date().toISOString()
+	};
+	await writeRejectionsFile(store);
+}
+async function clearRejection(profile) {
+	const store = await readRejectionsFile();
+	if (!(profile in store)) return false;
+	delete store[profile];
+	await writeRejectionsFile(store);
+	return true;
+}
+async function readRejection(profile) {
+	const store = await readRejectionsFile();
+	return store[profile] ?? null;
+}
 
 //#endregion
 //#region src/core/auth/storage.ts
 const CredentialsFileSchema = z.record(z.string(), z.string());
 const KEYRING_SERVICE = "metabase-cli";
 const CREDENTIALS_FILE = "credentials.json";
+const PROFILE_INDEX_FILE = "profiles.json";
 const DEFAULT_PROFILE = "default";
 const CREDENTIALS_FILE_MODE = 384;
 const CREDENTIALS_DIR_MODE = 448;
@@ -151,17 +217,14 @@ const account = {
 	profileApiKey: (profile) => `profile:${profile}:apiKey`,
 	license: "license"
 };
-function configDir() {
-	if (process.platform === "win32") {
-		const appData = process.env["APPDATA"] ?? join(homedir(), "AppData", "Roaming");
-		return join(appData, "metabase-cli");
-	}
-	const xdg = process.env["XDG_CONFIG_HOME"] ?? join(homedir(), ".config");
-	return join(xdg, "metabase-cli");
-}
+const ProfileIndexSchema = z.array(z.string());
+const FILE_STORE_PROFILE_URL_PATTERN = /^profile:(.+):url$/;
 function fallbackFilePath() {
 	return join(configDir(), CREDENTIALS_FILE);
 }
+function profileIndexPath() {
+	return join(configDir(), PROFILE_INDEX_FILE);
+}
 function keyringEnabled() {
 	return process.env["METABASE_CLI_DISABLE_KEYRING"] !== "1";
 }
@@ -281,13 +344,74 @@ async function readProfile(name = DEFAULT_PROFILE) {
 }
 async function writeProfile(profile, name = DEFAULT_PROFILE) {
 	await credentials.set(account.profileUrl(name), profile.url);
-	return credentials.set(account.profileApiKey(name), profile.apiKey);
+	const location = await credentials.set(account.profileApiKey(name), profile.apiKey);
+	await addToProfileIndex(name);
+	return location;
 }
 async function clearProfile(name = DEFAULT_PROFILE) {
 	const removedUrl = await credentials.remove(account.profileUrl(name));
 	const removedKey = await credentials.remove(account.profileApiKey(name));
+	await removeFromProfileIndex(name);
 	return removedUrl || removedKey;
 }
+async function listProfileNames() {
+	const stored = await readProfileIndex();
+	if (stored !== null) return stored;
+	const backfilled = await backfillProfileIndexFromFile();
+	if (backfilled.length > 0) await writeProfileIndex(backfilled);
+	return backfilled;
+}
+async function readProfileIndex() {
+	const path = profileIndexPath();
+	let raw;
+	try {
+		raw = await promises.readFile(path, "utf8");
+	} catch (error) {
+		if (isNotFoundError(error)) return null;
+		throw error;
+	}
+	return parseJson(raw, ProfileIndexSchema, { source: path });
+}
+async function writeProfileIndex(names) {
+	const path = profileIndexPath();
+	const unique = [...new Set(names)].toSorted();
+	await promises.mkdir(dirname(path), {
+		recursive: true,
+		mode: CREDENTIALS_DIR_MODE
+	});
+	await promises.writeFile(path, JSON.stringify(unique, null, 2) + "\n", { mode: CREDENTIALS_FILE_MODE });
+	if (process.platform !== "win32") await promises.chmod(path, CREDENTIALS_FILE_MODE);
+}
+async function deleteProfileIndex() {
+	await promises.unlink(profileIndexPath()).catch(() => void 0);
+}
+async function addToProfileIndex(name) {
+	const current = await listProfileNames();
+	if (current.includes(name)) return;
+	await writeProfileIndex([...current, name]);
+}
+async function removeFromProfileIndex(name) {
+	const current = await listProfileNames();
+	const next = current.filter((entry) => entry !== name);
+	if (next.length === current.length) return;
+	if (next.length === 0) {
+		await deleteProfileIndex();
+		return;
+	}
+	await writeProfileIndex(next);
+}
+async function backfillProfileIndexFromFile() {
+	const store = await readFileStore();
+	const names = new Set();
+	for (const key of Object.keys(store)) {
+		const name = FILE_STORE_PROFILE_URL_PATTERN.exec(key)?.[1];
+		if (name !== void 0) names.add(name);
+	}
+	return [...names];
+}
+async function readLicense() {
+	return credentials.read(account.license);
+}
 async function writeLicense(token) {
 	return credentials.set(account.license, token);
 }
@@ -295,6 +419,86 @@ async function clearLicense() {
 	return credentials.remove(account.license);
 }
 
+//#endregion
+//#region src/core/url.ts
+function normalizeUrl(input) {
+	const trimmed = input.trim().replace(/\/+$/, "");
+	if (!/^https?:\/\//i.test(trimmed)) throw new Error("URL must start with http:// or https://");
+	return trimmed;
+}
+function originOnly(input) {
+	const parsed = new URL(input);
+	parsed.username = "";
+	parsed.password = "";
+	return parsed.origin;
+}
+function localUrl(port) {
+	return `http://localhost:${port}`;
+}
+
+//#endregion
+//#region src/core/config.ts
+const ENV_URL = "METABASE_URL";
+const ENV_API_KEY = "METABASE_API_KEY";
+const ENV_PROFILE = "METABASE_PROFILE";
+const ENV_LICENSE_TOKEN = "METABASE_LICENSE_TOKEN";
+function resolveProfileName(profileFlag$1) {
+	return profileFlag$1 || process.env[ENV_PROFILE] || DEFAULT_PROFILE;
+}
+function readEnvCredentials() {
+	return {
+		url: process.env[ENV_URL] ?? null,
+		apiKey: process.env[ENV_API_KEY] ?? null
+	};
+}
+function readEnvLicenseToken() {
+	return process.env[ENV_LICENSE_TOKEN] ?? null;
+}
+async function resolveConfig(flags) {
+	const profile = resolveProfileName(flags.profile);
+	const env = readEnvCredentials();
+	const flagUrl = flags.url;
+	const flagKey = flags.apiKey;
+	const needsStored = !flagUrl && !env.url || !flagKey && !env.apiKey;
+	const stored = needsStored ? await readProfile(profile) : null;
+	const urlField = pickField(flagUrl, env.url, stored?.url);
+	const keyField = pickField(flagKey, env.apiKey, stored?.apiKey);
+	if (urlField === null || keyField === null) {
+		const rejection = await readRejection(profile);
+		if (rejection !== null) throw new ConfigError(`Last login for profile "${profile}" was rejected by ${originOnly(rejection.url)}: ${rejection.reason}. Re-run \`metabase auth login --profile ${profile}\` with valid credentials.`);
+		throw new ConfigError(`Not authenticated for profile "${profile}". Run \`metabase auth login\`, set ${ENV_URL}/${ENV_API_KEY}, or pass --url/--api-key.`);
+	}
+	return {
+		url: normalizeUrl(urlField.value),
+		apiKey: keyField.value,
+		profile,
+		source: urlField.source === keyField.source ? urlField.source : "mixed"
+	};
+}
+async function resolveLicenseToken(flags) {
+	const flag = flags.token;
+	const env = readEnvLicenseToken();
+	const stored = !flag && !env ? await readLicense() : null;
+	const value = flag ?? env ?? stored;
+	if (!value) throw new ConfigError(`No license token. Pass --token, set ${ENV_LICENSE_TOKEN}, or store one with \`metabase license set\`.`);
+	return value;
+}
+function pickField(flag, env, stored) {
+	if (flag) return {
+		value: flag,
+		source: "flag"
+	};
+	if (env) return {
+		value: env,
+		source: "env"
+	};
+	if (stored) return {
+		value: stored,
+		source: "stored"
+	};
+	return null;
+}
+
 //#endregion
 //#region src/runtime/signal.ts
 function createProcessAbortHandler() {
@@ -394,8 +598,13 @@ const STATUS_CLASSIFICATIONS = {
 const ErrorEnvelope = z.object({
 	message: z.string().optional(),
 	error: z.string().optional(),
-	"error-message": z.string().optional()
-});
+	"error-message": z.string().optional(),
+	via: z.array(z.object({ message: z.string().optional() }).loose()).optional(),
+	"specific-errors": z.unknown().optional(),
+	errors: z.unknown().optional()
+}).loose();
+const MAX_EXTRACTED_MESSAGE_LEN = 500;
+const ELLIPSIS = "…";
 var HttpError = class extends MetabaseError {
 	category = "http";
 	exitCode = 1;
@@ -437,7 +646,46 @@ function parseEnvelopeMessage(sanitizedBody) {
 	const result = parseJsonResult(sanitizedBody, ErrorEnvelope);
 	if (!result.ok) return null;
 	const envelope = result.value;
-	return envelope.message ?? envelope.error ?? envelope["error-message"] ?? null;
+	const topLevel = envelope.message ?? envelope.error ?? envelope["error-message"];
+	if (topLevel) return capLength(topLevel);
+	const viaMessage = envelope.via?.find((entry) => entry.message)?.message;
+	if (viaMessage) return capLength(viaMessage);
+	const specific = formatErrorTree(envelope["specific-errors"]);
+	if (specific) return capLength(specific);
+	const generic = formatErrorTree(envelope.errors);
+	if (generic) return capLength(generic);
+	return null;
+}
+function formatErrorTree(value) {
+	const entries = collectLeafEntries(value, []);
+	if (entries.length === 0) return null;
+	return entries.map(formatLeafEntry).join("; ");
+}
+function formatLeafEntry(entry) {
+	return entry.path === "" ? entry.message : `${entry.path}: ${entry.message}`;
+}
+function collectLeafEntries(value, path) {
+	if (typeof value === "string") {
+		const trimmed = value.trim();
+		return trimmed === "" ? [] : [{
+			path: path.join("."),
+			message: trimmed
+		}];
+	}
+	if (Array.isArray(value)) {
+		const messages = value.filter((entry) => typeof entry === "string" && entry.trim() !== "");
+		if (messages.length === 0) return [];
+		return [{
+			path: path.join("."),
+			message: messages.join("; ")
+		}];
+	}
+	if (isPlainObject(value)) return Object.entries(value).flatMap(([key, child]) => collectLeafEntries(child, [...path, key]));
+	return [];
+}
+function capLength(message) {
+	if (message.length <= MAX_EXTRACTED_MESSAGE_LEN) return message;
+	return message.slice(0, MAX_EXTRACTED_MESSAGE_LEN - ELLIPSIS.length) + ELLIPSIS;
 }
 function defaultMessageForStatus(status) {
 	return STATUS_CLASSIFICATIONS[status]?.message ?? `Metabase returned ${status}`;
@@ -470,6 +718,7 @@ function sleep(ms, signal) {
 //#region src/core/http/client.ts
 const DEFAULT_TIMEOUT_MS = 3e4;
 const JSON_CONTENT_TYPE = "application/json";
+const OCTET_STREAM_CONTENT_TYPE = "application/octet-stream";
 const TEXT_CONTENT_TYPE_PREFIX = "text/";
 const ERROR_BODY_BYTE_CAP = 64 * 1024;
 const USER_AGENT = `metabase-cli/${package_default.version}`;
@@ -562,7 +811,10 @@ function createClient(config, overrides = {}) {
 		let body = null;
 		if (opts.body !== void 0 && opts.body !== null) if (typeof opts.body === "string" || opts.body instanceof URLSearchParams) body = opts.body;
 		else if (opts.body instanceof FormData || opts.body instanceof ReadableStream) body = opts.body;
-		else {
+		else if (opts.body instanceof Uint8Array) {
+			body = opts.body;
+			headers.set("content-type", OCTET_STREAM_CONTENT_TYPE);
+		} else {
 			body = JSON.stringify(opts.body);
 			headers.set("content-type", JSON_CONTENT_TYPE);
 		}
@@ -588,9 +840,9 @@ function createClient(config, overrides = {}) {
 				expectContentType: "json"
 			});
 			const response = await executeRaw(prepared);
-			const text$1 = await response.text();
+			const text = await response.text();
 			try {
-				return parseJson(text$1, schema, { source: prepared.url });
+				return parseJson(text, schema, { source: prepared.url });
 			} catch (error) {
 				if (error instanceof ConfigError) throw new HttpError({
 					status: response.status,
@@ -598,7 +850,7 @@ function createClient(config, overrides = {}) {
 					method: prepared.method,
 					url: prepared.url,
 					responseHeaders: response.headers,
-					rawBody: text$1,
+					rawBody: text,
 					redactionContext
 				});
 				throw error;
@@ -662,318 +914,12 @@ async function readBodyForError(response) {
 	}
 }
 
-//#endregion
-//#region src/core/url.ts
-function normalizeUrl(input) {
-	const trimmed = input.trim().replace(/\/+$/, "");
-	if (!/^https?:\/\//i.test(trimmed)) throw new Error("URL must start with http:// or https://");
-	return trimmed;
-}
-function originOnly(input) {
-	const parsed = new URL(input);
-	parsed.username = "";
-	parsed.password = "";
-	return parsed.origin;
-}
-
-//#endregion
-//#region src/core/config.ts
-const ENV_URL = "METABASE_URL";
-const ENV_API_KEY = "METABASE_API_KEY";
-const ENV_PROFILE = "METABASE_PROFILE";
-const ENV_LICENSE_TOKEN = "METABASE_LICENSE_TOKEN";
-function resolveProfileName(profileFlag$1) {
-	return profileFlag$1 || process.env[ENV_PROFILE] || DEFAULT_PROFILE;
-}
-function readEnvCredentials() {
-	return {
-		url: process.env[ENV_URL] ?? null,
-		apiKey: process.env[ENV_API_KEY] ?? null
-	};
-}
-function readEnvLicenseToken() {
-	return process.env[ENV_LICENSE_TOKEN] ?? null;
-}
-async function resolveConfig(flags) {
-	const profile = resolveProfileName(flags.profile);
-	const env = readEnvCredentials();
-	const flagUrl = flags.url;
-	const flagKey = flags.apiKey;
-	const needsStored = !flagUrl && !env.url || !flagKey && !env.apiKey;
-	const stored = needsStored ? await readProfile(profile) : null;
-	const urlField = pickField(flagUrl, env.url, stored?.url);
-	const keyField = pickField(flagKey, env.apiKey, stored?.apiKey);
-	if (urlField === null || keyField === null) throw new ConfigError(`Not authenticated for profile "${profile}". Run \`metabase auth login\`, set ${ENV_URL}/${ENV_API_KEY}, or pass --url/--api-key.`);
-	return {
-		url: normalizeUrl(urlField.value),
-		apiKey: keyField.value,
-		profile,
-		source: urlField.source === keyField.source ? urlField.source : "mixed"
-	};
-}
-function pickField(flag, env, stored) {
-	if (flag) return {
-		value: flag,
-		source: "flag"
-	};
-	if (env) return {
-		value: env,
-		source: "env"
-	};
-	if (stored) return {
-		value: stored,
-		source: "stored"
-	};
-	return null;
-}
-
-//#endregion
-//#region src/output/notice.ts
-function warn(message) {
-	process.stderr.write(message + "\n");
-}
-function listTruncationNotice(bytes) {
-	return `… cut at ${bytes} bytes; rerun with --max-bytes 0`;
-}
-function itemOversizeNotice(bytes) {
-	return `… item is ${bytes} bytes (exceeds --max-bytes); narrow with --fields, or pass --max-bytes 0`;
-}
-
-//#endregion
-//#region src/output/cap.ts
-function capListEnvelope(envelope, maxBytes) {
-	if (maxBytes <= 0) return envelope;
-	const fullBytes = jsonByteLength(envelope);
-	if (fullBytes <= maxBytes) return envelope;
-	let lo = 0;
-	let hi = envelope.data.length;
-	while (lo < hi) {
-		const mid = Math.ceil((lo + hi) / 2);
-		if (jsonByteLength(truncate(envelope, mid, fullBytes)) <= maxBytes) lo = mid;
-		else hi = mid - 1;
-	}
-	return truncate(envelope, lo, fullBytes);
-}
-function truncate(envelope, count, originalBytes) {
-	return {
-		...envelope,
-		data: envelope.data.slice(0, count),
-		returned: count,
-		truncated: {
-			reason: "max_bytes",
-			bytes: originalBytes
-		}
-	};
-}
-function jsonByteLength(value) {
-	return Buffer.byteLength(JSON.stringify(value), "utf8");
-}
-
-//#endregion
-//#region src/output/projection.ts
-function applyProjection(value, view, full, fields) {
-	if (fields !== void 0) {
-		if (fields.length === 0) throw new ConfigError("--fields requires at least one path");
-		return projectFields(value, fields);
-	}
-	if (full) return value;
-	const parsed = view.compactPick.safeParse(value);
-	if (parsed.success) return parsed.data;
-	throw new ConfigError(`compact projection failed: ${parsed.error.message}`);
-}
-function projectFields(value, fields) {
-	const out = {};
-	for (const path of fields) {
-		if (path.length === 0) throw new ConfigError(`empty field path`);
-		const parts = path.split(".");
-		if (parts.some((part) => part.length === 0)) throw new ConfigError(`invalid field path: "${path}"`);
-		setPath(out, parts, pickPath(value, parts));
-	}
-	return out;
-}
-function pickPath(value, parts) {
-	let cursor = value;
-	for (const part of parts) {
-		if (!isPlainObject(cursor) || !Object.hasOwn(cursor, part)) throw new ConfigError(`unknown field path: "${parts.join(".")}"`);
-		cursor = Reflect.get(cursor, part);
-	}
-	return cursor;
-}
-function setPath(target, parts, value) {
-	let cursor = target;
-	const lastIndex = parts.length - 1;
-	for (const [index, part] of parts.entries()) {
-		if (index === lastIndex) {
-			cursor[part] = value;
-			return;
-		}
-		const existing = cursor[part];
-		if (isPlainObject(existing)) cursor = existing;
-		else {
-			const next = {};
-			cursor[part] = next;
-			cursor = next;
-		}
-	}
-}
-function isPlainObject(value) {
-	return typeof value === "object" && value !== null && !Array.isArray(value);
-}
-
-//#endregion
-//#region src/output/table.ts
-function renderTable(rows, columns) {
-	const head = columns.map((column) => column.label ?? column.key);
-	const widths = columns.map((column) => column.width ?? null);
-	const hasWidth = widths.some((width) => width !== null);
-	const table = new Table(hasWidth ? {
-		head,
-		colWidths: widths
-	} : { head });
-	for (const row of rows) table.push(columns.map((column) => formatCell(row, column)));
-	return table.toString();
-}
-function formatCell(row, column) {
-	const value = row[column.key];
-	if (column.format !== void 0) return column.format(value);
-	return formatScalar(value);
-}
-function formatScalar(value) {
-	if (value === null || value === void 0) return "";
-	if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") return String(value);
-	return JSON.stringify(value);
-}
-
-//#endregion
-//#region src/output/render.ts
-function renderItem(item, view, opts) {
-	const projected = applyProjection(item, view, opts.full, opts.fields);
-	const body = renderItemBody(item, view, projected, opts) + "\n";
-	process.stdout.write(body);
-	emitItemOversizeNotice(body, opts.maxBytes);
-}
-function renderList(envelope, view, opts) {
-	if (opts.format === "json" || opts.fields !== void 0) {
-		renderJsonEnvelope(envelope, view, opts);
-		return;
-	}
-	if (envelope.data.length === 0) {
-		process.stdout.write("(no results)\n");
-		return;
-	}
-	const capped = capListEnvelope(envelope, opts.maxBytes);
-	process.stdout.write(renderTable(capped.data, view.tableColumns) + "\n");
-	if (capped.truncated !== void 0) warn(listTruncationNotice(capped.truncated.bytes));
-}
-function renderJsonEnvelope(envelope, view, opts) {
-	const projectedItems = envelope.data.map((item) => applyProjection(item, view, opts.full, opts.fields));
-	const projectedEnvelope = {
-		...envelope,
-		data: projectedItems
-	};
-	const capped = capListEnvelope(projectedEnvelope, opts.maxBytes);
-	process.stdout.write(JSON.stringify(capped, null, 2) + "\n");
-	if (capped.truncated !== void 0) warn(listTruncationNotice(capped.truncated.bytes));
-}
-function renderItemBody(item, view, projected, opts) {
-	if (opts.format === "json" || opts.fields !== void 0) return JSON.stringify(projected, null, 2);
-	if (!opts.full) return renderKeyValueLines(columnPairs(item, view.tableColumns));
-	return renderKeyValueLines(objectPairs(projected));
-}
-function columnPairs(item, columns) {
-	return columns.map((column) => [column.label ?? column.key, formatCell(item, column)]);
-}
-function objectPairs(value) {
-	if (!isPlainObject(value)) {
-		const scalar = formatScalar(value);
-		return scalar === "" ? [] : [["", scalar]];
-	}
-	return Object.entries(value).map(([key, raw]) => [key, formatScalar(raw)]);
-}
-function renderKeyValueLines(pairs) {
-	if (pairs.length === 0) return "";
-	const padding = Math.max(...pairs.map(([label]) => label.length));
-	return pairs.map(([label, value]) => `${label.padEnd(padding)}  ${value}`).join("\n");
-}
-function emitItemOversizeNotice(body, maxBytes) {
-	if (maxBytes <= 0) return;
-	const bytes = Buffer.byteLength(body, "utf8");
-	if (bytes <= maxBytes) return;
-	warn(itemOversizeNotice(bytes));
-}
-
-//#endregion
-//#region src/output/types.ts
-const DEFAULT_MAX_BYTES = 65536;
-function listEnvelopeSchema(item) {
-	return z.object({
-		data: z.array(item),
-		returned: z.number().int().nonnegative(),
-		total: z.number().int().nonnegative().optional(),
-		limit: z.number().int().nonnegative().optional(),
-		truncated: z.object({
-			reason: z.literal("max_bytes"),
-			bytes: z.number().int().nonnegative()
-		}).optional()
-	});
-}
-function wrapList(items) {
-	return {
-		data: items,
-		returned: items.length,
-		total: items.length
-	};
-}
-
-//#endregion
-//#region src/commands/flags.ts
-const outputFlags = {
-	format: {
-		type: "string",
-		description: "auto | json | text",
-		default: "auto"
-	},
-	json: {
-		type: "boolean",
-		description: "Shorthand for --format json"
-	},
-	full: {
-		type: "boolean",
-		description: "Return the full object (default: compact)"
-	},
-	fields: {
-		type: "string",
-		description: "Dot-paths, comma separated (mutually exclusive with --full)"
-	},
-	maxBytes: {
-		type: "string",
-		description: "Output size cap; 0 disables",
-		default: String(DEFAULT_MAX_BYTES),
-		alias: "max-bytes"
-	}
-};
-const profileFlag = { profile: {
-	type: "string",
-	description: "Named profile (default: 'default')"
-} };
-const connectionFlags = {
-	url: {
-		type: "string",
-		description: "Metabase URL"
-	},
-	apiKey: {
-		type: "string",
-		description: "API key",
-		alias: "api-key"
-	}
-};
-
 //#endregion
 //#region src/output/error.ts
 function reportError(error) {
 	const handled = toMetabaseError(error);
 	process.stderr.write(handled.userMessage + "\n");
-	if (process.env["METABASE_VERBOSE"] === "1" && handled.developerDetail !== null) process.stderr.write(JSON.stringify(handled.developerDetail, null, 2) + "\n");
+	if (process.env[VERBOSE_ENV] === "1" && handled.developerDetail !== null) process.stderr.write(JSON.stringify(handled.developerDetail, null, 2) + "\n");
 	process.exitCode = handled.exitCode;
 }
 
@@ -988,9 +934,40 @@ function resolveFormat({ json, format, isTty }) {
 	return isTty ? "text" : "json";
 }
 
+//#endregion
+//#region src/runtime/csv.ts
+function parseCsv(raw) {
+	return raw.split(",").map((part) => part.trim()).filter((part) => part.length > 0);
+}
+function parseEnumCsv(raw, schema, flagName) {
+	if (raw === void 0 || raw === "") return void 0;
+	const parts = parseCsv(raw);
+	if (parts.length === 0) return void 0;
+	const accepted = [];
+	const rejected = [];
+	for (const part of parts) {
+		const result = schema.safeParse(part);
+		if (result.success) accepted.push(result.data);
+		else rejected.push(part);
+	}
+	if (rejected.length > 0) {
+		const allowed = Object.values(schema.enum).join(", ");
+		throw new ConfigError(`invalid ${flagName} value: ${rejected.join(", ")} (expected one of: ${allowed})`);
+	}
+	return accepted;
+}
+function parseEnum(raw, schema, flagName) {
+	if (raw === void 0 || raw === "") return void 0;
+	const result = schema.safeParse(raw);
+	if (!result.success) {
+		const allowed = Object.values(schema.enum).join(", ");
+		throw new ConfigError(`invalid ${flagName} value: "${raw}" (expected one of: ${allowed})`);
+	}
+	return result.data;
+}
+
 //#endregion
 //#region src/commands/context.ts
-const INTEGER_PATTERN = /^-?\d+$/;
 function resolveCommonFlags(args, options = {}) {
 	const isTty = options.isTty ?? Boolean(process.stdout.isTTY);
 	const fields = parseFields(args.fields);
@@ -1012,15 +989,14 @@ function resolveCommonFlags(args, options = {}) {
 }
 function parseFields(value) {
 	if (value === void 0 || value === "") return void 0;
-	const parts = value.split(",").map((part) => part.trim()).filter((part) => part.length > 0);
+	const parts = parseCsv(value);
 	return parts.length > 0 ? parts : void 0;
 }
 function parseMaxBytes(value) {
-	const raw = value ?? String(DEFAULT_MAX_BYTES);
-	if (!INTEGER_PATTERN.test(raw)) throw new ConfigError(`invalid --max-bytes value: "${raw}" (expected non-negative integer)`);
-	const parsed = Number.parseInt(raw, 10);
-	if (parsed < 0) throw new ConfigError(`invalid --max-bytes value: ${parsed} (must be non-negative)`);
-	return parsed;
+	return parseInteger(value ?? String(DEFAULT_MAX_BYTES), {
+		name: "--max-bytes",
+		min: 0
+	});
 }
 
 //#endregion
@@ -1032,20 +1008,27 @@ function defineMetabaseCommand(def) {
 		async run({ args }) {
 			try {
 				const ctx = resolveCommonFlags(pickCommonArgs(args));
-				let cached = null;
+				let cachedConfig = null;
+				let cachedClient = null;
+				const getResolvedConfig = async () => {
+					if (cachedConfig === null) cachedConfig = await resolveConfig(buildConfigFlags(ctx));
+					return cachedConfig;
+				};
 				const getClient = async () => {
-					if (cached) return cached;
-					const resolved = await resolveConfig(buildConfigFlags(ctx));
-					cached = createClient({
-						url: resolved.url,
-						apiKey: resolved.apiKey
-					});
-					return cached;
+					if (cachedClient === null) {
+						const resolved = await getResolvedConfig();
+						cachedClient = createClient({
+							url: resolved.url,
+							apiKey: resolved.apiKey
+						});
+					}
+					return cachedClient;
 				};
 				await def.run({
 					args,
 					ctx,
-					getClient
+					getClient,
+					getResolvedConfig
 				});
 			} catch (error) {
 				reportError(error);
@@ -1079,4 +1062,4 @@ function buildConfigFlags(ctx) {
 }
 
 //#endregion
-export { AbortError, ConfigError, HttpError, MetabaseError, TimeoutError, account, clearLicense, clearProfile, combineAborts, connectionFlags, createClient, credentials, defineMetabaseCommand, errorMessage, isNotFoundError, listEnvelopeSchema, normalizeUrl, originOnly, outputFlags, parseJson, profileFlag, readEnvCredentials, readEnvLicenseToken, renderItem, renderList, resolveProfileName, throwIfAborted, warn, wrapList, writeLicense, writeProfile };
+export { HttpError, account, clearLicense, clearProfile, clearRejection, combineAborts, connectionFlags, createClient, credentials, defineMetabaseCommand, listEnvelopeSchema, listProfileNames, localUrl, normalizeUrl, originOnly, outputFlags, parseCsv, parseEnum, parseEnumCsv, parseInteger, parseJson, parseJsonOrPlain, parseOptionalInteger, profileFlag, readEnvCredentials, readEnvLicenseToken, readProfile, recordRejection, resolveLicenseToken, resolveProfileName, throwIfAborted, wrapList, writeLicense, writeProfile };