@moneysiren/cli 0.1.0-alpha.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 MoneySiren contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,155 @@
+# MoneySiren CLI
+
+Public alpha packaging metadata for `moneysiren`.
+
+MoneySiren is local-first. The CLI reads configuration and secrets from the process environment only, writes normalized data to local SQLite, and does not enable telemetry by default.
+
+## Requirements
+
+- Node.js 20.11 or newer.
+- MoneySiren uses the Node SQLite runtime when available. `sqlite3` on `PATH` or `MONEYSIREN_SQLITE_BIN` is an optional fallback.
+- No live provider credentials are required for `moneysiren --version`, `moneysiren doctor`, or `moneysiren sync --provider mock`.
+
+## Published Alpha Usage
+
+After an alpha is published:
+
+```bash
+npm install -g @moneysiren/cli@alpha
+moneysiren
+moneysiren --version
+moneysiren /version
+moneysiren install --status
+moneysiren modes
+moneysiren /modes
+moneysiren doctor
+moneysiren /doctor
+moneysiren dashboard check
+```
+
+During a PowerShell, cmd, or shell install with an interactive TTY, `postinstall` prompts for the local surfaces to enable:
+
+- CLI
+- Web dashboard
+- HUD
+
+Press Enter to accept the recommended default, which selects all three. In CI or non-interactive npm installs, MoneySiren writes that all-selected profile automatically. Re-run `moneysiren install` later to change the profile, or use `moneysiren install --status` to inspect it.
+
+One-off execution:
+
+```bash
+npx --package @moneysiren/cli@alpha moneysiren
+npx --package @moneysiren/cli@alpha moneysiren --version
+npx --package @moneysiren/cli@alpha moneysiren /version
+npx --package @moneysiren/cli@alpha moneysiren modes
+npx --package @moneysiren/cli@alpha moneysiren doctor
+npx --package @moneysiren/cli@alpha moneysiren /doctor
+npx --package @moneysiren/cli@alpha moneysiren dashboard check
+npx --package @moneysiren/cli@alpha moneysiren sync --provider aws --profile <profile>
+```
+
+`aws sso login --profile <profile>` refreshes AWS SSO credentials, but it does not set `AWS_PROFILE` in the current shell. Pass `--profile <profile>` or export `AWS_PROFILE` before live AWS sync.
+
+## Local Tarball Review
+
+From the repository root:
+
+```bash
+pnpm --filter moneysiren build
+cd apps/cli
+npm pack
+```
+
+Install the generated tarball into a temporary project:
+
+```bash
+mkdir -p /tmp/moneysiren-alpha-review
+cd /tmp/moneysiren-alpha-review
+npm init -y
+npm install /path/to/moneysiren-cli-0.1.0-alpha.0.tgz
+npm exec moneysiren
+npm exec moneysiren -- --version
+npm exec moneysiren -- /version
+npm exec moneysiren -- modes
+npm exec moneysiren -- doctor
+npm exec moneysiren -- /doctor
+npm exec moneysiren -- dashboard check
+```
+
+PowerShell equivalent for the temporary project:
+
+```powershell
+New-Item -ItemType Directory -Force -Path $env:TEMP\moneysiren-alpha-review
+Set-Location $env:TEMP\moneysiren-alpha-review
+npm init -y
+npm install C:\path\to\moneysiren-cli-0.1.0-alpha.0.tgz
+npm exec moneysiren
+npm exec moneysiren -- --version
+npm exec moneysiren -- modes
+npm exec moneysiren -- /doctor
+```
+
+Do not create `.env`, paste real API keys, or write Slack webhook URLs into local project files. Fixture mode and `mock` sync are the intended no-credentials review paths.
+
+Live provider sync is read-only and env-only. Use fixture mode for no-credentials review; export live credentials only in the shell for one run.
+
+## Publishing the Alpha
+
+From the repository root:
+
+```bash
+npm run publish:cli:dry-run
+npm run publish:cli:alpha
+```
+
+The dry run checks the full secret scan, package metadata, npm registry version availability, and tarball contents. The publish command requires `npm login` in the local terminal and publishes this package with the `alpha` tag and public access.
+
+## Slash Home
+
+Running `moneysiren` without subcommands prints a readable slash-command home guide. In a TTY it may enter a minimal line-based slash prompt; in CI or non-TTY package review it prints the guide and exits `0`.
+
+Supported slash aliases:
+
+```bash
+moneysiren /help
+moneysiren /version
+moneysiren /doctor
+moneysiren /install
+moneysiren /modes
+moneysiren /init
+moneysiren /dashboard
+moneysiren /dashboard check
+moneysiren /sync mock
+moneysiren /sync aws
+moneysiren /sync openai
+moneysiren /sync supabase
+moneysiren /sync cloudflare
+moneysiren /report ko
+moneysiren /quit
+```
+
+Slash aliases are thin wrappers around the existing CLI commands. Home/help does not call provider APIs, read secret values, create `.env`, or enable telemetry. ANSI color respects `NO_COLOR`, `FORCE_COLOR`, and `TERM=dumb`.
+
+## Runtime Modes
+
+`moneysiren modes` prints the three supported surfaces after an npm install:
+
+- CLI automation from the npm package.
+- Local web dashboard/runtime, with `moneysiren serve` providing the sanitized local API runtime.
+- Desktop tray/notifier status and notification preview commands, while the native Tauri tray binary remains a separate repo/native build artifact for this alpha.
+
+The mode list includes the local install profile selected by npm `postinstall` or `moneysiren install`.
+
+The shared runtime lock defaults to `%APPDATA%\MoneySiren\runtime.json` on Windows and `~/Library/Application Support/MoneySiren/runtime.json` on macOS so a globally installed CLI and the desktop tray can discover the same local runtime. Set `MONEYSIREN_RUNTIME_LOCK_PATH` only when you intentionally need an isolated runtime lock for testing.
+
+## Dashboard Check
+
+`moneysiren dashboard check` probes `http://localhost:3000/api/dashboard` by default and reports the sanitized dashboard URL, API status, local DB path/existence, payload source, provider count, and generated time.
+
+Use `--url` only for a local dashboard origin:
+
+```bash
+moneysiren dashboard check --url http://localhost:3000
+```
+
+Path, query, and hash values are ignored before printing or probing, and URLs with credentials are rejected. The command does not package, start, or serve the Next.js dashboard; from this repository, start it with `pnpm --filter @moneysiren/web dev`.

package/dist/apps/cli/src/cli.d.ts

@@ -0,0 +1,56 @@
+import { type CliLocalRuntimeAdapter } from "./runtime-adapter.js";
+import { type Theme } from "./theme.js";
+import type { SlackReportTransport } from "../../../packages/report/src/index.js";
+import type { AwsCostExplorerClientAdapter } from "../../../packages/connectors/aws/src/index.js";
+import type { CloudflareBillingUsageClient } from "../../../packages/connectors/cloudflare/src/index.js";
+import type { OpenAiUsageCostsClient } from "../../../packages/connectors/openai/src/index.js";
+import type { SupabaseManagementClient } from "../../../packages/connectors/supabase/src/index.js";
+export declare const CLI_VERSION = "0.1.0-alpha.0";
+export interface CliRuntime {
+    cwd?: string;
+    env?: Record<string, string | undefined>;
+    now?: () => Date;
+    stdin?: NodeJS.ReadableStream;
+    output?: NodeJS.WritableStream;
+    stdinIsTTY?: boolean;
+    stdoutIsTTY?: boolean;
+    interactive?: boolean;
+    stdout?: (line: string) => void;
+    stderr?: (line: string) => void;
+    stdoutBuffer?: string[];
+    stderrBuffer?: string[];
+    slackTransport?: SlackReportTransport;
+    liveClients?: CliLiveClients;
+    fetch?: typeof fetch;
+    localRuntime?: CliLocalRuntimeAdapter;
+    openUrl?: (url: string) => Promise<void> | void;
+}
+export interface CliLiveClients {
+    awsCostExplorer?: AwsCostExplorerClientAdapter;
+    cloudflareBillingUsage?: CloudflareBillingUsageClient;
+    openaiUsageCosts?: OpenAiUsageCostsClient;
+    supabaseUsageHealth?: SupabaseManagementClient;
+}
+export interface CliExecutionContext {
+    cwd: string;
+    env: Record<string, string | undefined>;
+    now: () => Date;
+    stdout(line: string): void;
+    stderr(line: string): void;
+    slackTransport?: SlackReportTransport;
+    liveClients?: CliLiveClients;
+    fetch(input: RequestInfo | URL, init?: RequestInit): Promise<Response>;
+    openUrl(url: string): Promise<void> | void;
+    stdin?: NodeJS.ReadableStream;
+    output?: NodeJS.WritableStream;
+    interactive: boolean;
+    theme: Theme;
+    localRuntime?: CliLocalRuntimeAdapter;
+}
+export interface CliResult {
+    exitCode: number;
+    stdout: readonly string[];
+    stderr: readonly string[];
+}
+export declare function runCli(args: readonly string[], runtime?: CliRuntime): Promise<CliResult>;
+//# sourceMappingURL=cli.d.ts.map

package/dist/apps/cli/src/cli.js

@@ -0,0 +1,182 @@
+import { runDashboardCommand } from "./commands/dashboard.js";
+import { runDoctorCommand } from "./commands/doctor.js";
+import { runInitCommand } from "./commands/init.js";
+import { runInstallCommand } from "./commands/install.js";
+import { runModesCommand } from "./commands/modes.js";
+import { runNotifyCommand } from "./commands/notify.js";
+import { runReportCommand } from "./commands/report.js";
+import { runDesktopCommand, runOpenCommand, runServeCommand } from "./commands/runtime.js";
+import { runSummaryCommand } from "./commands/summary.js";
+import { runSyncCommand } from "./commands/sync.js";
+import { runThemeCommand } from "./commands/theme.js";
+import { renderHelpScreen, renderHomeScreen } from "./home.js";
+import { runSlashPrompt } from "./interactive.js";
+import { openUrlInBrowser } from "./runtime-adapter.js";
+import { resolveSlashCommand } from "./slash.js";
+import { createTheme } from "./theme.js";
+export const CLI_VERSION = "0.1.0-alpha.0";
+const HELP = renderHelpScreen(CLI_VERSION);
+export async function runCli(args, runtime = {}) {
+    const stdout = runtime.stdoutBuffer ?? [];
+    const stderr = runtime.stderrBuffer ?? [];
+    const env = runtime.env ?? process.env;
+    const stdinIsTTY = runtime.stdinIsTTY ?? Boolean(process.stdin.isTTY);
+    const stdoutIsTTY = runtime.stdoutIsTTY ?? Boolean(process.stdout.isTTY);
+    const theme = createTheme({
+        cwd: runtime.cwd ?? process.cwd(),
+        env,
+        stdoutIsTTY,
+    });
+    const context = {
+        cwd: runtime.cwd ?? process.cwd(),
+        env,
+        now: runtime.now ?? (() => new Date()),
+        stdout(line) {
+            if (runtime.stdoutBuffer === undefined && runtime.stdout !== undefined) {
+                stdout.push(line);
+            }
+            if (runtime.stdout === undefined) {
+                stdout.push(line);
+                return;
+            }
+            runtime.stdout(line);
+        },
+        stderr(line) {
+            if (runtime.stderrBuffer === undefined && runtime.stderr !== undefined) {
+                stderr.push(line);
+            }
+            if (runtime.stderr === undefined) {
+                stderr.push(line);
+                return;
+            }
+            runtime.stderr(line);
+        },
+        fetch: runtime.fetch ?? globalThis.fetch,
+        openUrl: runtime.openUrl ?? openUrlInBrowser,
+        interactive: runtime.interactive ?? shouldEnterInteractivePrompt({
+            env,
+            stdinIsTTY,
+            stdoutIsTTY,
+        }),
+        theme,
+        ...(runtime.localRuntime === undefined ? {} : { localRuntime: runtime.localRuntime }),
+    };
+    context.stdin = runtime.stdin ?? process.stdin;
+    context.output = runtime.output ?? process.stdout;
+    if (runtime.slackTransport !== undefined) {
+        context.slackTransport = runtime.slackTransport;
+    }
+    if (runtime.liveClients !== undefined) {
+        context.liveClients = runtime.liveClients;
+    }
+    try {
+        return {
+            exitCode: await dispatchCommand(stripLeadingArgumentSeparator(args), context),
+            stdout,
+            stderr,
+        };
+    }
+    catch (error) {
+        context.stderr(error instanceof Error ? error.message : String(error));
+        return {
+            exitCode: 1,
+            stdout,
+            stderr,
+        };
+    }
+}
+function stripLeadingArgumentSeparator(args) {
+    return args[0] === "--" ? args.slice(1) : args;
+}
+async function dispatchCommand(args, context) {
+    const [command, ...rest] = args;
+    if (command === undefined) {
+        context.stdout(renderHomeScreen({
+            version: CLI_VERSION,
+            theme: context.theme,
+        }));
+        if (context.interactive) {
+            return runSlashPrompt(context, (promptArgs) => dispatchCommand(promptArgs, context));
+        }
+        return 0;
+    }
+    if (command.startsWith("/")) {
+        return dispatchSlashCommand(args, context);
+    }
+    if (command === "--help" || command === "-h" || command === "help") {
+        context.stdout(HELP);
+        return 0;
+    }
+    if (command === "--version" || command === "-v" || command === "version") {
+        context.stdout(CLI_VERSION);
+        return 0;
+    }
+    if (command === "init") {
+        return runInitCommand(rest, context);
+    }
+    if (command === "install") {
+        return runInstallCommand(rest, context);
+    }
+    if (command === "doctor") {
+        return runDoctorCommand(rest, context);
+    }
+    if (command === "modes") {
+        return runModesCommand(rest, context);
+    }
+    if (command === "dashboard") {
+        return runDashboardCommand(rest, context);
+    }
+    if (command === "serve") {
+        return runServeCommand(rest, context);
+    }
+    if (command === "open") {
+        return runOpenCommand(rest, context);
+    }
+    if (command === "sync") {
+        return runSyncCommand(rest, context);
+    }
+    if (command === "summary") {
+        return runSummaryCommand(rest, context);
+    }
+    if (command === "notify") {
+        return runNotifyCommand(rest, context);
+    }
+    if (command === "desktop") {
+        return runDesktopCommand(rest, context);
+    }
+    if (command === "report") {
+        return runReportCommand(rest, context);
+    }
+    if (command === "theme") {
+        return runThemeCommand(rest, context);
+    }
+    context.stderr(`Unknown command: ${command}`);
+    context.stderr("Run `moneysiren --help` for usage.");
+    return 1;
+}
+async function dispatchSlashCommand(args, context) {
+    const resolved = resolveSlashCommand(args);
+    if (resolved.kind === "dispatch") {
+        return dispatchCommand(resolved.args, context);
+    }
+    if (resolved.kind === "quit") {
+        context.stdout("Bye.");
+        return 0;
+    }
+    context.stderr(resolved.message);
+    if (resolved.usage !== undefined) {
+        context.stderr(resolved.usage);
+    }
+    return 1;
+}
+function shouldEnterInteractivePrompt(input) {
+    return input.stdinIsTTY && input.stdoutIsTTY && !isTruthyEnvValue(input.env.CI);
+}
+function isTruthyEnvValue(value) {
+    if (value === undefined) {
+        return false;
+    }
+    const normalized = value.trim().toLowerCase();
+    return normalized.length > 0 && normalized !== "0" && normalized !== "false" && normalized !== "no";
+}
+//# sourceMappingURL=cli.js.map

package/dist/apps/cli/src/commands/dashboard.d.ts

@@ -0,0 +1,3 @@
+import type { CliExecutionContext } from "../cli.js";
+export declare function runDashboardCommand(args: readonly string[], context: CliExecutionContext): Promise<number>;
+//# sourceMappingURL=dashboard.d.ts.map

package/dist/apps/cli/src/commands/dashboard.js

@@ -0,0 +1,239 @@
+import { stat } from "node:fs/promises";
+import { loadCliConfig, resolveDbPath } from "./shared.js";
+const DEFAULT_DASHBOARD_URL = "http://localhost:3000";
+const DASHBOARD_CHECK_TIMEOUT_MS = 2_000;
+const DASHBOARD_CHECK_USAGE = "Usage: moneysiren dashboard check [--url <local-dashboard-url>]";
+class DashboardCheckTimeoutError extends Error {
+    constructor(timeoutMs) {
+        super(`Dashboard API request timed out after ${timeoutMs}ms.`);
+    }
+}
+export async function runDashboardCommand(args, context) {
+    const [subcommand, ...rest] = args;
+    if (subcommand === "--help" || subcommand === "-h" || subcommand === "help") {
+        context.stdout(DASHBOARD_CHECK_USAGE);
+        return 0;
+    }
+    if (subcommand !== "check") {
+        context.stderr(DASHBOARD_CHECK_USAGE);
+        return 1;
+    }
+    if (rest.includes("--help") || rest.includes("-h")) {
+        context.stdout(DASHBOARD_CHECK_USAGE);
+        return 0;
+    }
+    const parsedArgs = parseDashboardCheckArgs(rest);
+    if (parsedArgs === undefined) {
+        context.stderr(DASHBOARD_CHECK_USAGE);
+        return 1;
+    }
+    const sanitizedUrl = sanitizeDashboardUrl(parsedArgs.dashboardUrl);
+    if (sanitizedUrl instanceof Error) {
+        context.stderr(sanitizedUrl.message);
+        context.stderr(DASHBOARD_CHECK_USAGE);
+        return 1;
+    }
+    const config = loadCliConfig(context.env);
+    const dbPath = resolveDbPath(context.cwd, config.dbPath);
+    const dbExists = await pathExists(dbPath);
+    context.stdout("MoneySiren dashboard check");
+    context.stdout(`Dashboard URL: ${sanitizedUrl.dashboardUrl}`);
+    context.stdout(`API endpoint: ${sanitizedUrl.apiUrl}`);
+    if (sanitizedUrl.ignoredUnsafeParts) {
+        context.stdout("URL note: path, query, and hash were ignored for safety.");
+    }
+    context.stdout(`DB path: ${config.dbPath}`);
+    context.stdout(`DB exists locally: ${dbExists}`);
+    try {
+        const response = await fetchDashboardApi(context, sanitizedUrl.apiUrl, DASHBOARD_CHECK_TIMEOUT_MS);
+        context.stdout(`API status: ${response.status}${response.ok ? " OK" : ""}`);
+        if (!response.ok) {
+            writeDashboardDevGuidance(context);
+            return 1;
+        }
+        const payload = parseDashboardPayload(await response.json());
+        if (payload === undefined) {
+            context.stderr("Dashboard API returned an unexpected payload shape.");
+            writeDashboardDevGuidance(context);
+            return 1;
+        }
+        const dashboardState = isSafeEmptyDashboardState(payload) ? "safe empty state" : "data available";
+        context.stdout(`Payload source: ${payload.source}`);
+        context.stdout(`Provider count: ${payload.providerCount}`);
+        context.stdout(`Generated at: ${payload.generatedAt}`);
+        context.stdout(`Payload database: ${payload.databaseAvailable ? "available" : "missing"} (${payload.databaseReason})`);
+        context.stdout(`Dashboard state: ${dashboardState}`);
+        writeDashboardSuccessGuidance(context, payload);
+        return 0;
+    }
+    catch (error) {
+        context.stdout(error instanceof DashboardCheckTimeoutError
+            ? `API status: timeout after ${DASHBOARD_CHECK_TIMEOUT_MS}ms`
+            : "API status: unreachable");
+        writeDashboardDevGuidance(context);
+        return 1;
+    }
+}
+function parseDashboardCheckArgs(args) {
+    let dashboardUrl = DEFAULT_DASHBOARD_URL;
+    for (let index = 0; index < args.length; index += 1) {
+        const arg = args[index];
+        if (arg === "--url") {
+            const value = args[index + 1];
+            if (value === undefined || value.startsWith("--")) {
+                return undefined;
+            }
+            dashboardUrl = value;
+            index += 1;
+            continue;
+        }
+        if (arg?.startsWith("--url=")) {
+            const value = arg.slice("--url=".length);
+            if (value.trim().length === 0) {
+                return undefined;
+            }
+            dashboardUrl = value;
+            continue;
+        }
+        return undefined;
+    }
+    return {
+        dashboardUrl,
+    };
+}
+function sanitizeDashboardUrl(rawUrl) {
+    let parsedUrl;
+    try {
+        parsedUrl = new URL(rawUrl.trim());
+    }
+    catch {
+        return new Error("Dashboard URL must be a valid http:// or https:// URL.");
+    }
+    if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {
+        return new Error("Dashboard URL must use http:// or https://.");
+    }
+    if (parsedUrl.username.length > 0 || parsedUrl.password.length > 0) {
+        return new Error("Dashboard URL must not include credentials.");
+    }
+    if (!isLocalDashboardHost(parsedUrl.hostname)) {
+        return new Error("Dashboard URL must point to localhost, 127.0.0.1, ::1, or 0.0.0.0.");
+    }
+    const dashboardUrl = parsedUrl.origin;
+    const apiUrl = new URL("/api/dashboard", dashboardUrl).toString();
+    const ignoredUnsafeParts = parsedUrl.pathname !== "/" || parsedUrl.search.length > 0 || parsedUrl.hash.length > 0;
+    return {
+        dashboardUrl,
+        apiUrl,
+        ignoredUnsafeParts,
+    };
+}
+function isLocalDashboardHost(hostname) {
+    return hostname === "localhost" ||
+        hostname === "127.0.0.1" ||
+        hostname === "0.0.0.0" ||
+        hostname === "::1" ||
+        hostname === "[::1]";
+}
+async function pathExists(path) {
+    try {
+        await stat(path);
+        return "yes";
+    }
+    catch (error) {
+        if (isNodeError(error) && error.code === "ENOENT") {
+            return "no";
+        }
+        return "unknown";
+    }
+}
+async function fetchDashboardApi(context, apiUrl, timeoutMs) {
+    const controller = new AbortController();
+    let timeout;
+    const fetchPromise = context.fetch(apiUrl, {
+        method: "GET",
+        headers: {
+            Accept: "application/json",
+        },
+        signal: controller.signal,
+    });
+    fetchPromise.catch(() => undefined);
+    const timeoutPromise = new Promise((_resolve, reject) => {
+        timeout = setTimeout(() => {
+            controller.abort();
+            reject(new DashboardCheckTimeoutError(timeoutMs));
+        }, timeoutMs);
+    });
+    try {
+        return await Promise.race([fetchPromise, timeoutPromise]);
+    }
+    finally {
+        if (timeout !== undefined) {
+            clearTimeout(timeout);
+        }
+    }
+}
+function parseDashboardPayload(payload) {
+    if (!isRecord(payload)) {
+        return undefined;
+    }
+    const source = payload.source;
+    const generatedAt = payload.generatedAt;
+    const database = payload.database;
+    const summary = payload.summary;
+    if ((source !== "sqlite" && source !== "empty") || !isSafeIsoTimestamp(generatedAt)) {
+        return undefined;
+    }
+    if (!isRecord(database) || !isRecord(summary)) {
+        return undefined;
+    }
+    const databaseAvailable = database.available;
+    const databaseReason = database.reason;
+    const providerCount = summary.providerCount;
+    if (typeof databaseAvailable !== "boolean" ||
+        (databaseReason !== "ok" && databaseReason !== "missing") ||
+        typeof providerCount !== "number" ||
+        !Number.isSafeInteger(providerCount) ||
+        providerCount < 0) {
+        return undefined;
+    }
+    return {
+        source,
+        generatedAt,
+        providerCount,
+        databaseAvailable,
+        databaseReason,
+    };
+}
+function isSafeEmptyDashboardState(payload) {
+    return payload.source === "empty" &&
+        payload.providerCount === 0 &&
+        !payload.databaseAvailable &&
+        payload.databaseReason === "missing";
+}
+function isSafeIsoTimestamp(value) {
+    return typeof value === "string" &&
+        value.length <= 40 &&
+        /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d{3})?Z$/.test(value) &&
+        !Number.isNaN(Date.parse(value));
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isNodeError(error) {
+    return error instanceof Error && "code" in error;
+}
+function writeDashboardDevGuidance(context) {
+    context.stderr("Next step: start the local dashboard from the repo root:");
+    context.stderr("  pnpm --filter @moneysiren/web dev");
+    context.stderr("Then re-run:");
+    context.stderr("  pnpm --filter moneysiren dev -- dashboard check");
+}
+function writeDashboardSuccessGuidance(context, payload) {
+    if (isSafeEmptyDashboardState(payload)) {
+        context.stdout("Next step: sync mock data if you want a populated dashboard review:");
+        context.stdout("  pnpm --filter moneysiren dev -- sync --provider mock");
+        return;
+    }
+    context.stdout("Next step: open the dashboard URL above in your browser.");
+}
+//# sourceMappingURL=dashboard.js.map

package/dist/apps/cli/src/commands/doctor.d.ts

@@ -0,0 +1,3 @@
+import type { CliExecutionContext } from "../cli.js";
+export declare function runDoctorCommand(args: readonly string[], context: CliExecutionContext): Promise<number>;
+//# sourceMappingURL=doctor.d.ts.map

package/dist/apps/cli/src/commands/doctor.js

@@ -0,0 +1,25 @@
+import { loadCliConfig } from "./shared.js";
+const PROVIDER_ORDER = ["aws", "openai", "supabase", "cloudflare"];
+export async function runDoctorCommand(args, context) {
+    if (args.length > 0) {
+        context.stderr("Usage: moneysiren doctor");
+        return 1;
+    }
+    const config = loadCliConfig(context.env);
+    context.stdout("MoneySiren doctor");
+    context.stdout(`DB path: ${config.dbPath}`);
+    context.stdout(`telemetry: ${config.telemetryEnabled ? "enabled" : "disabled"}`);
+    context.stdout("mock provider: available");
+    for (const provider of PROVIDER_ORDER) {
+        context.stdout(`${provider}: ${formatProviderReadiness(config.providers[provider])}`);
+    }
+    context.stdout(`slack: ${config.slack.webhookConfigured ? "configured" : "not configured"}`);
+    return 0;
+}
+function formatProviderReadiness(providerConfig) {
+    if (providerConfig.configured) {
+        return "configured";
+    }
+    return `missing ${providerConfig.missingEnvKeys.join(", ")}`;
+}
+//# sourceMappingURL=doctor.js.map