@neetru/cli 1.0.1 → 2.1.0

package/dist/lib/auth.js

@@ -0,0 +1,98 @@
+/**
+ * Token storage for `neetru` CLI — `~/.config/neetru-cli/auth.json`.
+ *
+ * Sprint 1 — Device Code OAuth (RFC 8628). Replaces the legacy `Conf`-based
+ * `neetruApiKey` storage with a dedicated file we can chmod 0600 explicitly.
+ *
+ * File shape:
+ * ```json
+ * {
+ *   "token": "nrt_<keyId>_<secret>",
+ *   "email": "owner@neetru.com",
+ *   "savedAt": "2026-05-05T12:00:00.000Z"
+ * }
+ * ```
+ */
+import { promises as fs, existsSync } from 'node:fs';
+import { dirname, join } from 'node:path';
+import { homedir } from 'node:os';
+export function getAuthFilePath() {
+    // XDG-ish location; works on Linux, macOS, and Windows (homedir resolves
+    // %USERPROFILE%). We deliberately don't honor $XDG_CONFIG_HOME — keeps the
+    // path stable for `neetru logout` and docs.
+    return join(homedir(), '.config', 'neetru-cli', 'auth.json');
+}
+export class AuthFileMissingError extends Error {
+    constructor() {
+        super('Não autenticado. Execute: neetru login');
+        this.name = 'AuthFileMissingError';
+    }
+}
+export class AuthFileInvalidError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'AuthFileInvalidError';
+    }
+}
+export async function loadToken() {
+    const path = getAuthFilePath();
+    if (!existsSync(path)) {
+        throw new AuthFileMissingError();
+    }
+    let raw;
+    try {
+        raw = await fs.readFile(path, 'utf8');
+    }
+    catch (err) {
+        throw new AuthFileInvalidError(`Falha ao ler ${path}: ${err.message}`);
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch {
+        throw new AuthFileInvalidError(`Arquivo ${path} corrompido. Execute: neetru logout && neetru login`);
+    }
+    const data = parsed;
+    if (!data ||
+        typeof data.token !== 'string' ||
+        typeof data.email !== 'string' ||
+        typeof data.savedAt !== 'string') {
+        throw new AuthFileInvalidError(`Arquivo ${path} incompleto. Execute: neetru logout && neetru login`);
+    }
+    return { token: data.token, email: data.email, savedAt: data.savedAt };
+}
+export async function saveToken(token, email) {
+    const path = getAuthFilePath();
+    const dir = dirname(path);
+    // Garante diretório (mode 0700 é redundante em Windows mas é o intent).
+    await fs.mkdir(dir, { recursive: true, mode: 0o700 });
+    const payload = {
+        token,
+        email,
+        savedAt: new Date().toISOString(),
+    };
+    // Escreve com mode restritivo. Em Windows, fs.chmod no-ops em parte mas o
+    // arquivo continua visível só pra owner via NTFS herdado de %USERPROFILE%.
+    await fs.writeFile(path, JSON.stringify(payload, null, 2), {
+        encoding: 'utf8',
+        mode: 0o600,
+    });
+    // Defensive chmod — writeFile mode acima é só a cria; se já existia, força.
+    try {
+        await fs.chmod(path, 0o600);
+    }
+    catch {
+        // Em Windows alguns runtimes tratam mode 0600 como read-only flag;
+        // ignoramos erro silenciosamente.
+    }
+    return path;
+}
+export async function clearToken() {
+    const path = getAuthFilePath();
+    if (!existsSync(path))
+        return false;
+    await fs.unlink(path);
+    return true;
+}
+//# sourceMappingURL=auth.js.map

package/dist/lib/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAAE,QAAQ,IAAI,EAAE,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAQlC,MAAM,UAAU,eAAe;IAC7B,yEAAyE;IACzE,2EAA2E;IAC3E,4CAA4C;IAC5C,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;AAC/D,CAAC;AAED,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7C;QACE,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAChD,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,KAAK;IAC7C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,sBAAsB,CAAC;IACrC,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,SAAS;IAC7B,MAAM,IAAI,GAAG,eAAe,EAAE,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,oBAAoB,EAAE,CAAC;IACnC,CAAC;IAED,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,oBAAoB,CAC5B,gBAAgB,IAAI,KAAM,GAAa,CAAC,OAAO,EAAE,CAClD,CAAC;IACJ,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,oBAAoB,CAC5B,WAAW,IAAI,qDAAqD,CACrE,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,MAA6B,CAAC;IAC3C,IACE,CAAC,IAAI;QACL,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;QAC9B,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ;QAC9B,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,EAChC,CAAC;QACD,MAAM,IAAI,oBAAoB,CAC5B,WAAW,IAAI,qDAAqD,CACrE,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;AACzE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,KAAa,EAAE,KAAa;IAC1D,MAAM,IAAI,GAAG,eAAe,EAAE,CAAC;IAC/B,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1B,wEAAwE;IACxE,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAEtD,MAAM,OAAO,GAAe;QAC1B,KAAK;QACL,KAAK;QACL,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KAClC,CAAC;IAEF,0EAA0E;IAC1E,2EAA2E;IAC3E,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;QACzD,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;KACZ,CAAC,CAAC;IAEH,4EAA4E;IAC5E,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,mEAAmE;QACnE,kCAAkC;IACpC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU;IAC9B,MAAM,IAAI,GAAG,eAAe,EAAE,CAAC;IAC/B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACpC,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACtB,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/lib/cli-read.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Resolve o Bearer token corrente. Retorna `null` se não houver sessão.
+ */
+export declare function resolveToken(): Promise<string | null>;
+/**
+ * Exige token; encerra com exit(1) se ausente. Honra `--json`.
+ */
+export declare function requireToken(json?: boolean): Promise<string>;
+/**
+ * Tratamento padronizado de erro de API para comandos de leitura.
+ * Imprime a mensagem adequada e encerra o processo — nunca retorna.
+ */
+export declare function handleApiError(error: unknown, json?: boolean): never;

package/dist/lib/cli-read.js

@@ -0,0 +1,103 @@
+/**
+ * Helpers compartilhados pelos comandos de LEITURA do control plane
+ * (`tenants`, `audit`, `billing`, `servers`, `products`, `status`).
+ *
+ * Centraliza: resolução do token (auth.json + fallback Conf legado) e o
+ * tratamento padronizado de erros de API → exit codes consistentes.
+ *
+ * Exit codes (convenção do CLI):
+ *   1 — não autenticado / não encontrado (4xx semântico do usuário)
+ *   2 — token inválido/revogado, erro de rede, erro de servidor
+ */
+import { config } from './config.js';
+import { loadToken, AuthFileMissingError, AuthFileInvalidError, } from './auth.js';
+import { CliApiError, CliNetworkError } from './api-client.js';
+import { log } from '../utils/logger.js';
+/**
+ * Resolve o Bearer token corrente. Retorna `null` se não houver sessão.
+ */
+export async function resolveToken() {
+    try {
+        const auth = await loadToken();
+        return auth.token;
+    }
+    catch (err) {
+        if (err instanceof AuthFileMissingError) {
+            // Fallback: Conf storage (legacy `neetru login --token <nrt_...>`).
+            return config.get('neetruApiKey') ?? null;
+        }
+        if (err instanceof AuthFileInvalidError) {
+            log.error(err.message);
+            return null;
+        }
+        throw err;
+    }
+}
+/**
+ * Exige token; encerra com exit(1) se ausente. Honra `--json`.
+ */
+export async function requireToken(json) {
+    const token = await resolveToken();
+    if (!token) {
+        if (json) {
+            console.log(JSON.stringify({ ok: false, error: 'unauthenticated' }));
+        }
+        else {
+            log.error('Nenhuma sessão ativa. Execute: neetru login');
+        }
+        process.exit(1);
+    }
+    return token;
+}
+/**
+ * Tratamento padronizado de erro de API para comandos de leitura.
+ * Imprime a mensagem adequada e encerra o processo — nunca retorna.
+ */
+export function handleApiError(error, json) {
+    if (error instanceof CliApiError) {
+        if (error.status === 401 || error.status === 403) {
+            if (json) {
+                console.log(JSON.stringify({ ok: false, error: 'forbidden', status: error.status, message: error.message }));
+            }
+            else {
+                log.error(error.status === 401
+                    ? 'Token inválido ou revogado. Execute: neetru login'
+                    : `Acesso negado: ${error.message}`);
+            }
+            process.exit(error.status === 401 ? 1 : 2);
+        }
+        if (error.status === 404) {
+            if (json) {
+                console.log(JSON.stringify({ ok: false, error: 'not_found', message: error.message }));
+            }
+            else {
+                log.error(error.message || 'Recurso não encontrado.');
+            }
+            process.exit(1);
+        }
+        if (json) {
+            console.log(JSON.stringify({ ok: false, error: error.code, status: error.status, message: error.message }));
+        }
+        else {
+            log.error(`Erro do servidor (${error.status}): ${error.message}`);
+        }
+        process.exit(2);
+    }
+    if (error instanceof CliNetworkError) {
+        if (json) {
+            console.log(JSON.stringify({ ok: false, error: 'network', message: error.message }));
+        }
+        else {
+            log.error(error.message);
+        }
+        process.exit(2);
+    }
+    if (json) {
+        console.log(JSON.stringify({ ok: false, error: 'unknown', message: error.message }));
+    }
+    else {
+        log.error(error.message);
+    }
+    process.exit(2);
+}
+//# sourceMappingURL=cli-read.js.map

package/dist/lib/cli-read.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-read.js","sourceRoot":"","sources":["../../src/lib/cli-read.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EACL,SAAS,EACT,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,WAAW,CAAC;AACnB,OAAO,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAC/D,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAEzC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY;IAChC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,SAAS,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,oBAAoB,EAAE,CAAC;YACxC,oEAAoE;YACpE,OAAO,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC;QAC5C,CAAC;QACD,IAAI,GAAG,YAAY,oBAAoB,EAAE,CAAC;YACxC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAc;IAC/C,MAAM,KAAK,GAAG,MAAM,YAAY,EAAE,CAAC;IACnC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,KAAc,EAAE,IAAc;IAC3D,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;QACjC,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACjD,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAChG,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,KAAK,CACP,KAAK,CAAC,MAAM,KAAK,GAAG;oBAClB,CAAC,CAAC,mDAAmD;oBACrD,CAAC,CAAC,kBAAkB,KAAK,CAAC,OAAO,EAAE,CACtC,CAAC;YACJ,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACzB,IAAI,IAAI,EAAE,CAAC;gBACT,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACzF,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,IAAI,yBAAyB,CAAC,CAAC;YACxD,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAC/F,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,KAAK,CAAC,qBAAqB,KAAK,CAAC,MAAM,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACpE,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,KAAK,YAAY,eAAe,EAAE,CAAC;QACrC,IAAI,IAAI,EAAE,CAAC;YACT,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QACvF,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC3B,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAG,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IAClG,CAAC;SAAM,CAAC;QACN,GAAG,CAAC,KAAK,CAAE,KAAe,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC"}

package/dist/lib/cli-write.d.ts

@@ -0,0 +1,47 @@
+import { requireToken, handleApiError } from './cli-read.js';
+export { requireToken, handleApiError };
+export interface ConfirmOptions {
+    /** `--yes` / `--force` — pula a confirmação (modo script/CI). */
+    yes?: boolean;
+    force?: boolean;
+    /** Saída em JSON — não imprime prompt humano. */
+    json?: boolean;
+}
+/**
+ * Gate de confirmação pra operações DESTRUTIVAS (suspend, deactivate, delete,
+ * rollback, archive, yank). Se `--yes`/`--force` foi passado, retorna sem
+ * bloquear. Caso contrário, prompta `y/N` — se o operador não confirmar (ou se
+ * o terminal não é interativo), encerra o processo com exit code 1.
+ *
+ * Uso:
+ *   await confirmDestructive(
+ *     `Suspender o tenant ${id}? Esta ação é reversível mas afeta produção.`,
+ *     opts,
+ *   );
+ *   // ... só chega aqui se confirmou ou --yes
+ */
+export declare function confirmDestructive(message: string, opts: ConfirmOptions): Promise<void>;
+export interface StepUpOptions extends ConfirmOptions {
+    /** `--mfa-token <code>` — código TOTP pra step-up (pula o prompt interativo). */
+    mfaToken?: string;
+    /** `--dry-run` — servidor valida e retorna o efeito SEM aplicar. */
+    dryRun?: boolean;
+}
+/**
+ * Resolve o que uma operação destrutiva TOP-TIER precisa mandar pro servidor:
+ *  - `headers`: `X-Neetru-MFA-Token` (step-up MFA) e/ou `X-Neetru-Dry-Run`;
+ *  - `query`: sufixo `?dryRun=true`/`&dryRun=true` quando aplicável.
+ *
+ * Em dry-run NÃO exige MFA (nada é aplicado). Fora de dry-run exige o código
+ * TOTP — do flag `--mfa-token` ou prompt interativo. Se não houver como obter
+ * (terminal não-interativo sem `--mfa-token`), encerra com instrução clara —
+ * o servidor recusaria de qualquer forma (fail-closed).
+ */
+export declare function resolveStepUp(opts: StepUpOptions): Promise<{
+    headers: Record<string, string>;
+}>;
+/**
+ * Imprime o resultado de um comando de escrita — JSON cru ou linha humana.
+ * Reconhece a resposta de dry-run (`{ dryRun: true }`) e a sinaliza.
+ */
+export declare function printWriteResult(result: Record<string, unknown>, humanMessage: string, json?: boolean): void;

package/dist/lib/cli-write.js

@@ -0,0 +1,137 @@
+/**
+ * Helpers compartilhados pelos comandos de ESCRITA do control plane
+ * (`tenants create|update|...`, `servers provision|...`, `workspaces`,
+ * `deployments`, `cloud-run`, `agent yank|canary`, `api-catalog`, `products`).
+ *
+ * Centraliza:
+ *  - resolução de token (reusa `requireToken` de `cli-read.ts`);
+ *  - confirmação interativa pra operações destrutivas (`confirmDestructive`),
+ *    com bypass via `--yes`/`--force` pra scripts/CI;
+ *  - tratamento de erro de API → exit codes consistentes (reusa `handleApiError`).
+ */
+import { createInterface } from 'node:readline';
+import { requireToken, handleApiError } from './cli-read.js';
+import { log } from '../utils/logger.js';
+export { requireToken, handleApiError };
+/**
+ * Pede uma confirmação interativa `y/N` no terminal. Resolve `true` se o
+ * operador digitou `y`/`yes` (case-insensitive); `false` caso contrário.
+ *
+ * Em terminal não-interativo (`!process.stdin.isTTY`) resolve `false` —
+ * o caller deve então orientar o uso de `--yes`.
+ */
+function promptYesNo(question) {
+    if (!process.stdin.isTTY)
+        return Promise.resolve(false);
+    return new Promise((resolve) => {
+        const rl = createInterface({ input: process.stdin, output: process.stdout });
+        rl.question(`  ${question} [y/N] `, (answer) => {
+            rl.close();
+            const a = answer.trim().toLowerCase();
+            resolve(a === 'y' || a === 'yes');
+        });
+    });
+}
+/**
+ * Gate de confirmação pra operações DESTRUTIVAS (suspend, deactivate, delete,
+ * rollback, archive, yank). Se `--yes`/`--force` foi passado, retorna sem
+ * bloquear. Caso contrário, prompta `y/N` — se o operador não confirmar (ou se
+ * o terminal não é interativo), encerra o processo com exit code 1.
+ *
+ * Uso:
+ *   await confirmDestructive(
+ *     `Suspender o tenant ${id}? Esta ação é reversível mas afeta produção.`,
+ *     opts,
+ *   );
+ *   // ... só chega aqui se confirmou ou --yes
+ */
+export async function confirmDestructive(message, opts) {
+    if (opts.yes || opts.force)
+        return;
+    if (opts.json) {
+        // Em modo JSON não há como promptar — exige flag explícita.
+        console.log(JSON.stringify({
+            ok: false,
+            error: 'confirmation_required',
+            message: 'Operação destrutiva em modo --json exige --yes.',
+        }));
+        process.exit(1);
+    }
+    log.warn(message);
+    const confirmed = await promptYesNo('Confirmar?');
+    if (!confirmed) {
+        if (!process.stdin.isTTY) {
+            log.error('Terminal não-interativo: use --yes (ou --force) para confirmar operações destrutivas.');
+        }
+        else {
+            log.dim('Operação cancelada.');
+        }
+        process.exit(1);
+    }
+}
+/** Prompt interativo de uma linha (sem máscara — código TOTP não é segredo persistente). */
+function promptLine(question) {
+    if (!process.stdin.isTTY)
+        return Promise.resolve('');
+    return new Promise((resolve) => {
+        const rl = createInterface({ input: process.stdin, output: process.stdout });
+        rl.question(`  ${question} `, (answer) => {
+            rl.close();
+            resolve(answer.trim());
+        });
+    });
+}
+/**
+ * Resolve o que uma operação destrutiva TOP-TIER precisa mandar pro servidor:
+ *  - `headers`: `X-Neetru-MFA-Token` (step-up MFA) e/ou `X-Neetru-Dry-Run`;
+ *  - `query`: sufixo `?dryRun=true`/`&dryRun=true` quando aplicável.
+ *
+ * Em dry-run NÃO exige MFA (nada é aplicado). Fora de dry-run exige o código
+ * TOTP — do flag `--mfa-token` ou prompt interativo. Se não houver como obter
+ * (terminal não-interativo sem `--mfa-token`), encerra com instrução clara —
+ * o servidor recusaria de qualquer forma (fail-closed).
+ */
+export async function resolveStepUp(opts) {
+    const headers = {};
+    if (opts.dryRun) {
+        headers['X-Neetru-Dry-Run'] = 'true';
+        return { headers };
+    }
+    let code = (opts.mfaToken ?? '').trim();
+    if (!code) {
+        if (!process.stdin.isTTY) {
+            const msg = 'Operação destrutiva top-tier exige step-up MFA: passe --mfa-token <código TOTP> (terminal não-interativo).';
+            if (opts.json) {
+                console.log(JSON.stringify({ ok: false, error: 'mfa_required', message: msg }));
+            }
+            else {
+                log.error(msg);
+            }
+            process.exit(1);
+        }
+        code = await promptLine('Código MFA (TOTP) para confirmar:');
+    }
+    if (!code) {
+        log.error('Código MFA não fornecido — operação cancelada.');
+        process.exit(1);
+    }
+    headers['X-Neetru-MFA-Token'] = code;
+    return { headers };
+}
+/**
+ * Imprime o resultado de um comando de escrita — JSON cru ou linha humana.
+ * Reconhece a resposta de dry-run (`{ dryRun: true }`) e a sinaliza.
+ */
+export function printWriteResult(result, humanMessage, json) {
+    const isDryRun = result.dryRun === true;
+    if (json) {
+        console.log(JSON.stringify({ ok: true, ...result }));
+        return;
+    }
+    if (isDryRun) {
+        log.warn(`[dry-run] Nada foi aplicado. Efeito que SERIA aplicado: ${JSON.stringify(result.wouldApply ?? {})}`);
+        return;
+    }
+    log.success(humanMessage);
+}
+//# sourceMappingURL=cli-write.js.map

package/dist/lib/cli-write.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-write.js","sourceRoot":"","sources":["../../src/lib/cli-write.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAEzC,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,CAAC;AAExC;;;;;;GAMG;AACH,SAAS,WAAW,CAAC,QAAgB;IACnC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACxD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7E,EAAE,CAAC,QAAQ,CAAC,KAAK,QAAQ,SAAS,EAAE,CAAC,MAAM,EAAE,EAAE;YAC7C,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YACtC,OAAO,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,KAAK,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAUD;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,OAAe,EACf,IAAoB;IAEpB,IAAI,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,KAAK;QAAE,OAAO;IAEnC,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACd,4DAA4D;QAC5D,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CAAC;YACb,EAAE,EAAE,KAAK;YACT,KAAK,EAAE,uBAAuB;YAC9B,OAAO,EAAE,iDAAiD;SAC3D,CAAC,CACH,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAClB,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,CAAC;IAClD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACzB,GAAG,CAAC,KAAK,CACP,uFAAuF,CACxF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACjC,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,4FAA4F;AAC5F,SAAS,UAAU,CAAC,QAAgB;IAClC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK;QAAE,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACrD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,MAAM,EAAE,GAAG,eAAe,CAAC,EAAE,KAAK,EAAE,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QAC7E,EAAE,CAAC,QAAQ,CAAC,KAAK,QAAQ,GAAG,EAAE,CAAC,MAAM,EAAE,EAAE;YACvC,EAAE,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AASD;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAAmB;IAEnB,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,OAAO,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QACrC,OAAO,EAAE,OAAO,EAAE,CAAC;IACrB,CAAC;IACD,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACxC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACzB,MAAM,GAAG,GACP,4GAA4G,CAAC;YAC/G,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;YAClF,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACjB,CAAC;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,IAAI,GAAG,MAAM,UAAU,CAAC,mCAAmC,CAAC,CAAC;IAC/D,CAAC;IACD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,GAAG,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC5D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,OAAO,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC;IACrC,OAAO,EAAE,OAAO,EAAE,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAA+B,EAC/B,YAAoB,EACpB,IAAc;IAEd,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC;IACxC,IAAI,IAAI,EAAE,CAAC;QACT,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC;QACrD,OAAO;IACT,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,GAAG,CAAC,IAAI,CACN,2DAA2D,IAAI,CAAC,SAAS,CACvE,MAAM,CAAC,UAAU,IAAI,EAAE,CACxB,EAAE,CACJ,CAAC;QACF,OAAO;IACT,CAAC;IACD,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;AAC5B,CAAC"}

package/dist/lib/config-schema.d.ts

@@ -0,0 +1,165 @@
+import { z } from 'zod';
+export declare const PUBLIC_PRODUCT_ICON_KEYS: readonly ["activity", "factory", "chart", "shield", "spark", "target", "trending"];
+export declare const PUBLIC_PRODUCT_STATUSES: readonly ["live", "soon", "beta"];
+export declare const RUNTIMES: readonly ["nextjs", "node-api"];
+export declare const slugSchema: z.ZodString;
+export declare const publishBlockSchema: z.ZodObject<{
+    tagline: z.ZodString;
+    description: z.ZodString;
+    iconKey: z.ZodEnum<["activity", "factory", "chart", "shield", "spark", "target", "trending"]>;
+    status: z.ZodEnum<["live", "soon", "beta"]>;
+    order: z.ZodOptional<z.ZodNumber>;
+    ctaHref: z.ZodOptional<z.ZodString>;
+    ctaLabel: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    description: string;
+    status: "soon" | "beta" | "live";
+    tagline: string;
+    iconKey: "spark" | "target" | "activity" | "factory" | "chart" | "shield" | "trending";
+    order?: number | undefined;
+    ctaHref?: string | undefined;
+    ctaLabel?: string | undefined;
+}, {
+    description: string;
+    status: "soon" | "beta" | "live";
+    tagline: string;
+    iconKey: "spark" | "target" | "activity" | "factory" | "chart" | "shield" | "trending";
+    order?: number | undefined;
+    ctaHref?: string | undefined;
+    ctaLabel?: string | undefined;
+}>;
+export declare const deployBlockSchema: z.ZodObject<{
+    region: z.ZodOptional<z.ZodString>;
+    serviceName: z.ZodOptional<z.ZodString>;
+}, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+    region: z.ZodOptional<z.ZodString>;
+    serviceName: z.ZodOptional<z.ZodString>;
+}, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+    region: z.ZodOptional<z.ZodString>;
+    serviceName: z.ZodOptional<z.ZodString>;
+}, z.ZodTypeAny, "passthrough">>;
+export declare const neetruConfigSchema: z.ZodObject<{
+    $schema: z.ZodOptional<z.ZodString>;
+    slug: z.ZodString;
+    name: z.ZodString;
+    runtime: z.ZodEnum<["nextjs", "node-api"]>;
+    tenantId: z.ZodOptional<z.ZodString>;
+    publish: z.ZodOptional<z.ZodObject<{
+        tagline: z.ZodString;
+        description: z.ZodString;
+        iconKey: z.ZodEnum<["activity", "factory", "chart", "shield", "spark", "target", "trending"]>;
+        status: z.ZodEnum<["live", "soon", "beta"]>;
+        order: z.ZodOptional<z.ZodNumber>;
+        ctaHref: z.ZodOptional<z.ZodString>;
+        ctaLabel: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        description: string;
+        status: "soon" | "beta" | "live";
+        tagline: string;
+        iconKey: "spark" | "target" | "activity" | "factory" | "chart" | "shield" | "trending";
+        order?: number | undefined;
+        ctaHref?: string | undefined;
+        ctaLabel?: string | undefined;
+    }, {
+        description: string;
+        status: "soon" | "beta" | "live";
+        tagline: string;
+        iconKey: "spark" | "target" | "activity" | "factory" | "chart" | "shield" | "trending";
+        order?: number | undefined;
+        ctaHref?: string | undefined;
+        ctaLabel?: string | undefined;
+    }>>;
+    deploy: z.ZodOptional<z.ZodObject<{
+        region: z.ZodOptional<z.ZodString>;
+        serviceName: z.ZodOptional<z.ZodString>;
+    }, "passthrough", z.ZodTypeAny, z.objectOutputType<{
+        region: z.ZodOptional<z.ZodString>;
+        serviceName: z.ZodOptional<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough">, z.objectInputType<{
+        region: z.ZodOptional<z.ZodString>;
+        serviceName: z.ZodOptional<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough">>>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    slug: string;
+    runtime: "nextjs" | "node-api";
+    $schema?: string | undefined;
+    tenantId?: string | undefined;
+    publish?: {
+        description: string;
+        status: "soon" | "beta" | "live";
+        tagline: string;
+        iconKey: "spark" | "target" | "activity" | "factory" | "chart" | "shield" | "trending";
+        order?: number | undefined;
+        ctaHref?: string | undefined;
+        ctaLabel?: string | undefined;
+    } | undefined;
+    deploy?: z.objectOutputType<{
+        region: z.ZodOptional<z.ZodString>;
+        serviceName: z.ZodOptional<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough"> | undefined;
+}, {
+    name: string;
+    slug: string;
+    runtime: "nextjs" | "node-api";
+    $schema?: string | undefined;
+    tenantId?: string | undefined;
+    publish?: {
+        description: string;
+        status: "soon" | "beta" | "live";
+        tagline: string;
+        iconKey: "spark" | "target" | "activity" | "factory" | "chart" | "shield" | "trending";
+        order?: number | undefined;
+        ctaHref?: string | undefined;
+        ctaLabel?: string | undefined;
+    } | undefined;
+    deploy?: z.objectInputType<{
+        region: z.ZodOptional<z.ZodString>;
+        serviceName: z.ZodOptional<z.ZodString>;
+    }, z.ZodTypeAny, "passthrough"> | undefined;
+}>;
+export type NeetruConfig = z.infer<typeof neetruConfigSchema>;
+export type PublishBlock = z.infer<typeof publishBlockSchema>;
+export declare const catalogUpsertPayloadSchema: z.ZodObject<{
+    slug: z.ZodString;
+    name: z.ZodString;
+    tagline: z.ZodString;
+    description: z.ZodString;
+    iconKey: z.ZodEnum<["activity", "factory", "chart", "shield", "spark", "target", "trending"]>;
+    status: z.ZodEnum<["live", "soon", "beta"]>;
+    order: z.ZodNumber;
+    published: z.ZodBoolean;
+    ctaHref: z.ZodOptional<z.ZodString>;
+    ctaLabel: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    description: string;
+    name: string;
+    status: "soon" | "beta" | "live";
+    slug: string;
+    published: boolean;
+    tagline: string;
+    iconKey: "spark" | "target" | "activity" | "factory" | "chart" | "shield" | "trending";
+    order: number;
+    ctaHref?: string | undefined;
+    ctaLabel?: string | undefined;
+}, {
+    description: string;
+    name: string;
+    status: "soon" | "beta" | "live";
+    slug: string;
+    published: boolean;
+    tagline: string;
+    iconKey: "spark" | "target" | "activity" | "factory" | "chart" | "shield" | "trending";
+    order: number;
+    ctaHref?: string | undefined;
+    ctaLabel?: string | undefined;
+}>;
+export type CatalogUpsertPayload = z.infer<typeof catalogUpsertPayloadSchema>;
+export declare const catalogUnpublishPayloadSchema: z.ZodObject<{
+    slug: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    slug: string;
+}, {
+    slug: string;
+}>;
+export type CatalogUnpublishPayload = z.infer<typeof catalogUnpublishPayloadSchema>;

package/dist/lib/config-schema.js

@@ -0,0 +1,57 @@
+import { z } from 'zod';
+export const PUBLIC_PRODUCT_ICON_KEYS = [
+    'activity',
+    'factory',
+    'chart',
+    'shield',
+    'spark',
+    'target',
+    'trending',
+];
+export const PUBLIC_PRODUCT_STATUSES = ['live', 'soon', 'beta'];
+export const RUNTIMES = ['nextjs', 'node-api'];
+export const slugSchema = z
+    .string()
+    .min(2, 'slug deve ter pelo menos 2 caracteres')
+    .max(64, 'slug deve ter no máximo 64 caracteres')
+    .regex(/^[a-z0-9]+(?:-[a-z0-9]+)*$/, 'slug deve estar em kebab-case (lowercase, dígitos, hífens)');
+export const publishBlockSchema = z.object({
+    tagline: z.string().min(2).max(120),
+    description: z.string().min(10).max(2000),
+    iconKey: z.enum(PUBLIC_PRODUCT_ICON_KEYS),
+    status: z.enum(PUBLIC_PRODUCT_STATUSES),
+    order: z.number().int().nonnegative().optional(),
+    ctaHref: z.string().url().optional(),
+    ctaLabel: z.string().min(1).max(60).optional(),
+});
+export const deployBlockSchema = z
+    .object({
+    region: z.string().optional(),
+    serviceName: z.string().optional(),
+})
+    .passthrough();
+export const neetruConfigSchema = z.object({
+    $schema: z.string().optional(),
+    slug: slugSchema,
+    name: z.string().min(2).max(80),
+    runtime: z.enum(RUNTIMES),
+    tenantId: z.string().optional(),
+    publish: publishBlockSchema.optional(),
+    deploy: deployBlockSchema.optional(),
+});
+export const catalogUpsertPayloadSchema = z.object({
+    slug: slugSchema,
+    name: z.string().min(2).max(80),
+    tagline: z.string().min(2).max(120),
+    description: z.string().min(10).max(2000),
+    iconKey: z.enum(PUBLIC_PRODUCT_ICON_KEYS),
+    status: z.enum(PUBLIC_PRODUCT_STATUSES),
+    order: z.number().int().nonnegative(),
+    published: z.boolean(),
+    ctaHref: z.string().url().optional(),
+    ctaLabel: z.string().min(1).max(60).optional(),
+});
+export const catalogUnpublishPayloadSchema = z.object({
+    slug: slugSchema,
+});
+//# sourceMappingURL=config-schema.js.map

package/dist/lib/config-schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-schema.js","sourceRoot":"","sources":["../../src/lib/config-schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,UAAU;IACV,SAAS;IACT,OAAO;IACP,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,UAAU;CACF,CAAC;AAEX,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAU,CAAC;AAEzE,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAU,CAAC;AAExD,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC;KACxB,MAAM,EAAE;KACR,GAAG,CAAC,CAAC,EAAE,uCAAuC,CAAC;KAC/C,GAAG,CAAC,EAAE,EAAE,uCAAuC,CAAC;KAChD,KAAK,CACJ,4BAA4B,EAC5B,4DAA4D,CAC7D,CAAC;AAEJ,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACnC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IACzC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC;IACzC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC;IACvC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAChD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC/C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC;KAC/B,MAAM,CAAC;IACN,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACnC,CAAC;KACD,WAAW,EAAE,CAAC;AAEjB,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IACzC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,IAAI,EAAE,UAAU;IAChB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAC/B,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC;IACzB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,OAAO,EAAE,kBAAkB,CAAC,QAAQ,EAAE;IACtC,MAAM,EAAE,iBAAiB,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAC;AAKH,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,IAAI,EAAE,UAAU;IAChB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;IAC/B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IACnC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;IACzC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC;IACzC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC;IACvC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE;IACrC,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE;IACtB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC/C,CAAC,CAAC;AAIH,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC;IACpD,IAAI,EAAE,UAAU;CACjB,CAAC,CAAC"}

package/dist/lib/config.d.ts

@@ -0,0 +1,15 @@
+import Conf from 'conf';
+interface NeetruConfig {
+    anthropicApiKey?: string;
+    openaiApiKey?: string;
+    geminiApiKey?: string;
+    neetruApiKey?: string;
+    neetruApiUrl: string;
+    defaultModel: 'claude' | 'openai' | 'gemini' | 'auto';
+    projectName?: string;
+    'telemetry.enabled'?: boolean;
+}
+export declare const config: Conf<NeetruConfig>;
+export declare function getKey(name: keyof NeetruConfig): string | boolean | undefined;
+export declare function requireKey(name: 'anthropicApiKey' | 'openaiApiKey' | 'geminiApiKey' | 'neetruApiKey'): string;
+export {};