npm - @newpeak/barista-cli - Versions diffs - 0.1.0 - Mend

@newpeak/barista-cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/.eslintrc.json +23 -0
package/.prettierrc +9 -0
package/.sisyphus/notepads/liberica-employees/learnings.md +73 -0
package/AGENTS.md +270 -0
package/CONTRIBUTING.md +291 -0
package/README.md +707 -0
package/bin/barista +6 -0
package/bin/barista.js +3 -0
package/docs/ARCHITECTURE.md +184 -0
package/docs/COMMANDS.md +352 -0
package/docs/COMMAND_DESIGN_SPEC.md +811 -0
package/docs/INTEGRATION_NOTES.md +270 -0
package/docs/commands/REFERENCE.md +297 -0
package/docs/commands/arabica/auth/index.md +296 -0
package/docs/commands/liberica/auth/index.md +133 -0
package/docs/commands/liberica/context/index.md +60 -0
package/docs/commands/liberica/employees/create.md +185 -0
package/docs/commands/liberica/employees/disable.md +138 -0
package/docs/commands/liberica/employees/enable.md +137 -0
package/docs/commands/liberica/employees/get.md +153 -0
package/docs/commands/liberica/employees/list.md +168 -0
package/docs/commands/liberica/employees/update.md +180 -0
package/docs/commands/liberica/orgs/list.md +62 -0
package/docs/commands/liberica/positions/list.md +61 -0
package/docs/commands/liberica/roles/list.md +67 -0
package/docs/commands/liberica/users/create.md +170 -0
package/docs/commands/liberica/users/get.md +151 -0
package/docs/commands/liberica/users/list.md +175 -0
package/package.json +37 -0
package/src/commands/arabica/auth/index.ts +277 -0
package/src/commands/arabica/auth/login.ts +5 -0
package/src/commands/arabica/auth/logout.ts +5 -0
package/src/commands/arabica/auth/register.ts +5 -0
package/src/commands/arabica/auth/status.ts +5 -0
package/src/commands/arabica/index.ts +23 -0
package/src/commands/auth.ts +107 -0
package/src/commands/context.ts +60 -0
package/src/commands/liberica/auth/index.ts +170 -0
package/src/commands/liberica/context/index.ts +43 -0
package/src/commands/liberica/employees/create.ts +275 -0
package/src/commands/liberica/employees/delete.ts +122 -0
package/src/commands/liberica/employees/disable.ts +97 -0
package/src/commands/liberica/employees/enable.ts +97 -0
package/src/commands/liberica/employees/get.ts +115 -0
package/src/commands/liberica/employees/index.ts +23 -0
package/src/commands/liberica/employees/list.ts +131 -0
package/src/commands/liberica/employees/update.ts +157 -0
package/src/commands/liberica/index.ts +36 -0
package/src/commands/liberica/orgs/index.ts +35 -0
package/src/commands/liberica/positions/index.ts +30 -0
package/src/commands/liberica/roles/index.ts +59 -0
package/src/commands/liberica/users/create.ts +132 -0
package/src/commands/liberica/users/delete.ts +49 -0
package/src/commands/liberica/users/disable.ts +41 -0
package/src/commands/liberica/users/enable.ts +30 -0
package/src/commands/liberica/users/get.ts +46 -0
package/src/commands/liberica/users/index.ts +27 -0
package/src/commands/liberica/users/list.ts +68 -0
package/src/commands/liberica/users/me.ts +42 -0
package/src/commands/liberica/users/reset-password.ts +42 -0
package/src/commands/liberica/users/update.ts +48 -0
package/src/core/api/client.ts +825 -0
package/src/core/auth/token-manager.ts +183 -0
package/src/core/config/manager.ts +164 -0
package/src/index.ts +37 -0
package/src/types/employee.ts +102 -0
package/src/types/index.ts +75 -0
package/src/types/org.ts +25 -0
package/src/types/position.ts +24 -0
package/src/types/user.ts +64 -0
package/tests/unit/commands/arabica/auth.test.ts +230 -0
package/tests/unit/commands/liberica/auth.test.ts +175 -0
package/tests/unit/commands/liberica/context.test.ts +98 -0
package/tests/unit/commands/liberica/employees/create.test.ts +463 -0
package/tests/unit/commands/liberica/employees/disable.test.ts +82 -0
package/tests/unit/commands/liberica/employees/enable.test.ts +82 -0
package/tests/unit/commands/liberica/employees/get.test.ts +111 -0
package/tests/unit/commands/liberica/employees/list.test.ts +294 -0
package/tests/unit/commands/liberica/employees/update.test.ts +210 -0
package/tests/unit/config.test.ts +141 -0
package/tests/unit/types.test.ts +195 -0
package/tsconfig.json +20 -0

package/docs/commands/liberica/users/list.md ADDED Viewed

@@ -0,0 +1,175 @@
+# barista liberica users list
+分页查询用户列表。
+## 2.1 命令元数据
+| 字段 | 值 |
+|------|-----|
+| 完整命令 | `barista liberica users list` |
+| 功能描述 | 分页查询用户列表 |
+| HTTP方法 | GET |
+| 是否需要认证 | ✅ 是 |
+| 是否支持dry-run | ⬜ 否 |
+## 2.2 后端接口引用
+### Controller位置
+```
+coffee-liberica-end/
+└── facade/liberica-facade-enterprise/
+    └── src/main/java/com/newpeak/liberica/facade/enterprise/controller/
+        └── EnterpriseSysUserController.java
+            └── page(@GetResource(name = "分页查询-用户信息", path = "/page"))
+                └── public ResponseData<PageResult<SysUserDto>> page(
+                        ErpSysUserRequest erpSysUserRequest
+                    )
+```
+### Request DTO位置
+```
+coffee-liberica-end/
+└── business/liberica-business-auth/
+    └── src/main/java/com/newpeak/liberica/business/auth/pojo/request/
+        └── ErpSysUserRequest.java
+            ├── userId: Long (@NotNull on edit/delete/detail/updateStatus/resetPassword)
+            ├── realName: String (@NotBlank on add/edit/updateInfo)
+            ├── account: String (@NotBlank on add/edit, unique validation)
+            ├── newPassword: String (@NotBlank on updatePwd)
+            ├── avatar: Long (@NotNull on updateAvatar)
+            ├── email: String (@Email validation)
+            ├── roleIdList: Set<Long> (@NotEmpty on add/edit)
+            ├── userIdList: Set<Long> (@NotEmpty on batchDelete)
+            └── employeeId: Long
+```
+### Response DTO位置
+```
+coffee-liberica-end/
+└── business/liberica-business-auth/
+    └── src/main/java/com/newpeak/liberica/business/auth/pojo/
+        └── SysUserDto.java
+            ├── userId: Long
+            ├── realName: String
+            ├── account: String
+            ├── email: String
+            ├── employeeId: Long
+            ├── employeeNumber: String
+            ├── employeeName: String
+            ├── roleNameList: List<String>
+            ├── statusFlag: Integer (1=enable, 2=disable)
+            ├── createTime: Date
+            └── readOnly: Boolean
+```
+### 分页包装器
+```
+cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult
+    ├── total: long
+    ├── size: long
+    ├── current: long
+    └── records: List<SysUserDto>
+```
+## 2.3 CLI参数设计
+### 命令结构
+```
+barista liberica users list [options]
+```
+### 全局选项
+| 选项 | 类型 | 说明 |
+|------|------|------|
+| `--env` | string | 目标环境(dev\|test\|prod-cn\|prod-jp) |
+| `--tenant` | string | 租户代码 |
+| `--json` | boolean | JSON输出 |
+### 命令选项
+| 选项 | 短选项 | 类型 | 必填 | 默认值 | 说明 | 对应DTO字段 |
+|------|--------|------|------|--------|------|-------------|
+| --page | -p | number | ⬜ | 1 | 页码 | pageNo (0-based in API) |
+| --size | -s | number | ⬜ | 20 | 每页条数 | pageSize |
+| --account | -a | string | ⬜ | - | 账号模糊查询 | account |
+| --name | -n | string | ⬜ | - | 姓名模糊查询 | realName |
+| --status | — | string | ⬜ | - | 状态(enable/disable) | statusFlag |
+## 2.4 字段映射表
+| CLI参数 | DTO字段/Query参数 | 类型转换 | 验证规则 |
+|---------|---------|----------|----------|
+| --page / -p | pageNo | number→Long, CLI page 1 → API page 0 | >= 1 |
+| --size / -s | pageSize | number→Long | 1-100 |
+| --account / -a | account | 直接传递 | 模糊查询 |
+| --name / -n | realName | 直接传递 | 模糊查询 |
+| --status | statusFlag | string→Integer | enable=1, disable=2 |
+## 2.5 错误码引用
+### ExceptionEnum位置
+```
+coffee-liberica-end/
+└── business/liberica-business-auth/
+    └── src/main/java/com/newpeak/liberica/business/auth/enums/exception/
+        └── ErpUserExceptionEnum.java
+            ├── UPDATE_SELF_PSW_FORBIDDEN("010011510001", "不能重置自己的密码")
+            ├── DEL_SELF_FORBIDDEN("010011510002", "不能删除自己的账号")
+            ├── UPDATE_ADMIN_FORBIDDEN("010011510003", "不能更新管理员账号")
+            ├── UPDATE_SELF_ACCOUNT("010011510004", "不能更新自己的账号")
+            ├── WRONG_STATUS_FLAG("010011510005", "错误的statusFlag")
+            ├── WRONG_ACCOUNT("010011510006", "错误的账号")
+            ├── TOKEN_EXPIRED("010011510007", "链接已过期")
+            ├── EMAIL_INCONSISTENT("010011510008", "账号不一致")
+            ├── ACCOUNT_DUPLICATED("010011510009", "已存在相同账号")
+            ├── SEND_EMAIL_FAILED("010011510010", "发送邮件失败")
+            ├── BOUND_USER_DEL_FORBID("010011510011", "已绑定用户职员不能被删除")
+            └── ERP_NOT_EXIST("010011510012", "对应erp不存在")
+```
+### 已知错误码
+| 错误码 | 错误消息 | 触发条件 |
+|--------|----------|----------|
+| 010011510005 | 错误的statusFlag | 状态参数无效 |
+## 2.6 权限检查
+| 检查项 | 位置 | 说明 |
+|--------|------|------|
+| 注解 | `@GetResource(path = "/page")` | 无 requiredPermission（无需权限码） |
+**注意**：page 接口在 Controller 层无需权限校验，数据范围通过 tenantId 隔离。
+## 2.7 实现要点
+1. **分页默认值**：page=1, size=20
+2. **分页转换**：CLI页码从1开始，API页码从0开始（CLI page 1 → API page 0）
+3. **模糊查询**：account 和 realName 支持模糊查询
+4. **状态映射**：statusFlag 1=启用(enable), 2=禁用(disable)
+5. **无结果处理**：返回空列表，不抛出异常
+6. **tenantId来源**：来自JWT token
+7. **输出格式**：表格形式展示，分页信息在底部显示
+## 2.8 示例用法
+```bash
+# 默认分页
+barista liberica users list
+# 指定页码和每页条数
+barista liberica users list --page 2 --size 50
+# 按账号模糊搜索
+barista liberica users list --account "zhang"
+# 按姓名模糊搜索
+barista liberica users list --name "张三"
+# 按状态筛选
+barista liberica users list --status enable
+# 组合筛选
+barista liberica users list --page 1 --size 10 --status enable --name "张"
+# JSON 输出（便于脚本处理）
+barista liberica users list --page 1 --size 20 --json
+```

package/package.json ADDED Viewed

@@ -0,0 +1,37 @@
+{
+  "name": "@newpeak/barista-cli",
+  "version": "0.1.0",
+  "description": "AI Tools CLI for Liberica and Arabica services",
+  "type": "module",
+  "bin": {
+    "barista": "./bin/barista.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node ./bin/barista.js",
+    "test": "vitest",
+    "test:unit": "vitest run",
+    "lint": "eslint src --ext .ts,.js",
+    "format": "prettier --write src"
+  },
+  "dependencies": {
+    "commander": "^12.0.0",
+    "axios": "^1.6.8",
+    "keytar": "^7.9.0",
+    "yaml": "^2.4.0",
+    "chalk": "^5.3.0",
+    "inquirer": "^9.2.12",
+    "cli-table3": "^0.6.3"
+  },
+  "devDependencies": {
+    "typescript": "^5.4.5",
+    "@types/node": "^20.0.0",
+    "@types/inquirer": "^9.0.7",
+    "vitest": "^1.5.0",
+    "eslint": "^8.57.0",
+    "@typescript-eslint/eslint-plugin": "^7.0.0",
+    "@typescript-eslint/parser": "^7.0.0",
+    "prettier": "^3.2.0"
+  }
+}

package/src/commands/arabica/auth/index.ts ADDED Viewed

@@ -0,0 +1,277 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { configManager } from '../../../core/config/manager.js';
+import { tokenManager } from '../../../core/auth/token-manager.js';
+import { apiClient } from '../../../core/api/client.js';
+import { Environment } from '../../../types/index.js';
+export function createArabicaAuthCommand(): Command {
+  const authCommand = new Command('auth');
+  authCommand.description('Manage Arabica authentication');
+  authCommand.action(async () => {
+    await authCommand.help();
+  });
+  authCommand
+    .command('login')
+    .description('Login to Arabica')
+    .arguments('<env> [account] [password]')
+    .option('--env <environment>', 'Environment (dev|test|prod-cn|prod-jp)')
+    .option('--account <account>', 'Account (username or email)')
+    .option('--password <password>', 'Password')
+    .option('--remember', 'Remember login status')
+    .action(async (env: string, account: string, password: string, options: Record<string, any>) => {
+      const context = configManager.getCurrentContext();
+      const environment = (options.env as Environment) || env || context.environment;
+      const rememberMe = options.remember || false;
+      console.log(chalk.bold(`\n🔐 Login to Arabica (${environment})\n`));
+      let resolvedAccount = options.account || account;
+      let resolvedPassword = options.password || password;
+      if (!resolvedAccount) {
+        const { account: inputAccount } = await inquirer.prompt([
+          {
+            type: 'input',
+            name: 'account',
+            message: 'Enter account (username or email):',
+            validate: (input: string) => input.length > 0 || 'Account is required',
+          },
+        ]);
+        resolvedAccount = inputAccount;
+      }
+      if (!resolvedPassword) {
+        const { password: inputPassword } = await inquirer.prompt([
+          {
+            type: 'password',
+            name: 'password',
+            message: 'Enter password:',
+            validate: (input: string) => input.length > 0 || 'Password is required',
+          },
+        ]);
+        resolvedPassword = inputPassword;
+      }
+      try {
+        const response = await apiClient.loginArabica(environment, resolvedAccount, resolvedPassword, rememberMe);
+        if (response.success && response.data) {
+          try {
+            await tokenManager.setToken(
+              {
+                service: 'arabica',
+                environment,
+              },
+              response.data.token
+            );
+          } catch (keytarError) {
+            console.error(chalk.red(`\n✗ Failed to save token to keychain: ${keytarError instanceof Error ? keytarError.message : 'Unknown error'}`));
+            console.error(chalk.gray('  This may occur in headless environments without D-Bus/X11.'));
+            console.error(chalk.gray('  The login was successful but the token could not be persisted.\n'));
+            process.exit(1);
+          }
+          console.log(chalk.green('\n✓ Login successful'));
+          if (response.data.expiresAt) {
+            console.log(chalk.gray(`  Token expires: ${response.data.expiresAt}`));
+          }
+          console.log();
+        } else {
+          console.error(chalk.red(`\n✗ Login failed: ${response.error?.message || 'Unknown error'}`));
+          if (response.error?.code) {
+            console.error(chalk.gray(`  Error code: ${response.error.code}`));
+          }
+          console.error();
+          process.exit(1);
+        }
+      } catch (error) {
+        console.error(chalk.red(`\n✗ Login error: ${error instanceof Error ? error.message : 'Unknown error'}\n`));
+        process.exit(1);
+      }
+    });
+  authCommand
+    .command('register')
+    .description('Register new Arabica account')
+    .arguments('[env] [email] [password] [phone] [username]')
+    .option('--env <environment>', 'Environment (dev|test|prod-cn|prod-jp)')
+    .option('--email <email>', 'Email address')
+    .option('--password <password>', 'Password')
+    .option('--phone <phone>', 'Phone number')
+    .option('--username <username>', 'User name')
+    .option('--policy <policy>', 'Policy agreement (e.g., Y)')
+    .option('--privacy <privacy>', 'Privacy agreement (e.g., Y)')
+    .action(async (env: string, email: string, password: string, phone: string, username: string, options: Record<string, any>) => {
+      const context = configManager.getCurrentContext();
+      const environment = (options.env as Environment) || env || context.environment;
+      console.log(chalk.bold(`\n📝 Register to Arabica (${environment})\n`));
+      let resolvedEmail = options.email || email;
+      let resolvedPassword = options.password || password;
+      let resolvedPhone = options.phone || phone;
+      let resolvedUsername = options.username || username;
+      let resolvedPolicy = options.policy;
+      let resolvedPrivacy = options.privacy;
+      if (!resolvedEmail) {
+        const { email: inputEmail } = await inquirer.prompt([
+          {
+            type: 'input',
+            name: 'email',
+            message: 'Enter email address:',
+            validate: (input: string) => input.length > 0 || 'Email is required',
+          },
+        ]);
+        resolvedEmail = inputEmail;
+      }
+      if (!resolvedPassword) {
+        const { password: inputPassword } = await inquirer.prompt([
+          {
+            type: 'password',
+            name: 'password',
+            message: 'Enter password:',
+            validate: (input: string) => input.length > 0 || 'Password is required',
+          },
+        ]);
+        resolvedPassword = inputPassword;
+      }
+      if (!resolvedPhone) {
+        const { phone: inputPhone } = await inquirer.prompt([
+          {
+            type: 'input',
+            name: 'phone',
+            message: 'Enter phone number:',
+            validate: (input: string) => input.length > 0 || 'Phone is required',
+          },
+        ]);
+        resolvedPhone = inputPhone;
+      }
+      if (!resolvedUsername) {
+        const { username: inputUsername } = await inquirer.prompt([
+          {
+            type: 'input',
+            name: 'username',
+            message: 'Enter user name:',
+            validate: (input: string) => input.length > 0 || 'User name is required',
+          },
+        ]);
+        resolvedUsername = inputUsername;
+      }
+      if (!resolvedPolicy) {
+        const { policy: inputPolicy } = await inquirer.prompt([
+          {
+            type: 'input',
+            name: 'policy',
+            message: 'Policy agreement (press Enter for Y):',
+            default: 'Y',
+          },
+        ]);
+        resolvedPolicy = inputPolicy || 'Y';
+      }
+      if (!resolvedPrivacy) {
+        const { privacy: inputPrivacy } = await inquirer.prompt([
+          {
+            type: 'input',
+            name: 'privacy',
+            message: 'Privacy agreement (press Enter for Y):',
+            default: 'Y',
+          },
+        ]);
+        resolvedPrivacy = inputPrivacy || 'Y';
+      }
+      try {
+        const response = await apiClient.registerArabica(
+          environment,
+          resolvedEmail,
+          resolvedEmail,
+          resolvedPassword,
+          resolvedPhone,
+          resolvedUsername,
+          resolvedPolicy,
+          resolvedPrivacy
+        );
+        if (response.success && response.data) {
+          console.log(chalk.green('\n✓ Registration successful'));
+          if (response.data.userId) {
+            console.log(chalk.gray(`  User ID: ${response.data.userId}`));
+          }
+          console.log();
+        } else {
+          console.error(chalk.red(`\n✗ Registration failed: ${response.error?.message || 'Unknown error'}`));
+          if (response.error?.code) {
+            console.error(chalk.gray(`  Error code: ${response.error.code}`));
+          }
+          console.error();
+          process.exit(1);
+        }
+      } catch (error) {
+        console.error(chalk.red(`\n✗ Registration error: ${error instanceof Error ? error.message : 'Unknown error'}\n`));
+        process.exit(1);
+      }
+    });
+  authCommand
+    .command('status')
+    .description('Check Arabica authentication status')
+    .action(async () => {
+      const environments: Environment[] = ['dev', 'test', 'prod-cn', 'prod-jp'];
+      console.log(chalk.bold('\n🔐 Arabica Authentication Status\n'));
+      for (const env of environments) {
+        const token = await tokenManager.getToken({ service: 'arabica', environment: env });
+        const statusIcon = token ? chalk.green('✓') : chalk.red('✗');
+        const statusText = token ? 'Logged in' : 'Not logged in';
+        console.log(`  ${statusIcon} ${chalk.gray('arabica')} (${env}): ${statusText}`);
+      }
+      console.log();
+    });
+  authCommand
+    .command('logout')
+    .description('Logout from Arabica and clear token')
+    .option('--env <environment>', 'Environment (dev|test|prod-cn|prod-jp)')
+    .option('--all', 'Clear all Arabica tokens')
+    .action(async (options) => {
+      if (options.all) {
+        const allTokens = await tokenManager.findAllTokens();
+        for (const cred of allTokens) {
+          const parts = cred.account.split(':');
+          if (parts[0] === 'arabica') {
+            await tokenManager.deleteToken({
+              service: 'arabica',
+              environment: parts[1] as Environment,
+            });
+          }
+        }
+        console.log(chalk.green('\n✓ All Arabica tokens cleared\n'));
+      } else {
+        const environment = (options.env as Environment) || configManager.getCurrentContext().environment;
+        const deleted = await tokenManager.deleteToken({
+          service: 'arabica',
+          environment,
+        });
+        if (deleted) {
+          console.log(chalk.green(`\n✓ Token cleared for Arabica (${environment})\n`));
+        } else {
+          console.log(chalk.gray(`\nNo token found for Arabica (${environment})\n`));
+        }
+      }
+    });
+  return authCommand;
+}

package/src/commands/arabica/auth/login.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { Command } from 'commander';
+export function createArabicaLoginCommand(): Command {
+  return new Command('login');
+}

package/src/commands/arabica/auth/logout.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { Command } from 'commander';
+export function createArabicaLogoutCommand(): Command {
+  return new Command('logout');
+}

package/src/commands/arabica/auth/register.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { Command } from 'commander';
+export function createArabicaRegisterCommand(): Command {
+  return new Command('register');
+}

package/src/commands/arabica/auth/status.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { Command } from 'commander';
+export function createArabicaStatusCommand(): Command {
+  return new Command('status');
+}

package/src/commands/arabica/index.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import { createArabicaAuthCommand } from './auth/index.js';
+export function createArabicaCommand(): Command {
+  const arabicaCommand = new Command('arabica');
+  arabicaCommand.description('Arabica SaaS platform operations');
+  arabicaCommand.addCommand(createArabicaAuthCommand());
+  arabicaCommand.action(() => {
+    console.log(chalk.bold('\n🛒 Arabica Commands\n'));
+    console.log('  Use "barista arabica auth <command>" for authentication');
+    console.log('  Use "barista arabica members <command>" for member operations');
+    console.log('  Use "barista arabica enterprises <command>" for enterprise operations');
+    console.log('  Use "barista arabica products <command>" for product operations');
+    console.log('  Use "barista arabica subscriptions <command>" for subscription operations');
+    console.log('  Use "barista arabica access <command>" for access management');
+    console.log('\n  Run "barista arabica <command> --help" for more details\n');
+  });
+  return arabicaCommand;
+}

package/src/commands/auth.ts ADDED Viewed

@@ -0,0 +1,107 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import inquirer from 'inquirer';
+import { configManager } from '../core/config/manager.js';
+import { tokenManager } from '../core/auth/token-manager.js';
+import { Service } from '../types/index.js';
+export function createAuthCommand(): Command {
+  const authCommand = new Command('auth');
+  authCommand.description('Manage authentication tokens');
+  authCommand.action(async () => {
+    await authCommand.help();
+  });
+  authCommand
+    .command('login')
+    .description('Login with token')
+    .option('--service <service>', 'Service (liberica|arabica)')
+    .option('--env <environment>', 'Environment (dev|test|prod-cn|prod-jp)')
+    .action(async (options) => {
+      const context = configManager.getCurrentContext();
+      const service = (options.service as Service) || context.service;
+      const environment = options.env || context.environment;
+      console.log(chalk.bold(`\n🔐 Login to ${service} (${environment})\n`));
+      const answers = await inquirer.prompt([
+        {
+          type: 'password',
+          name: 'token',
+          message: 'Enter your token:',
+          validate: (input: string) => input.length > 0 || 'Token is required',
+        },
+      ]);
+      await tokenManager.setToken(
+        {
+          service,
+          environment: environment as 'dev' | 'test' | 'prod-cn' | 'prod-jp',
+          tenant: context.tenant,
+        },
+        answers.token
+      );
+      console.log(chalk.green('\n✓ Token saved successfully\n'));
+    });
+  authCommand
+    .command('status')
+    .description('Check authentication status')
+    .action(async () => {
+      const services: Service[] = ['liberica', 'arabica'];
+      const environments = ['dev', 'test', 'prod-cn', 'prod-jp'] as const;
+      console.log(chalk.bold('\n🔐 Authentication Status\n'));
+      for (const service of services) {
+        for (const env of environments) {
+          const token = await tokenManager.getToken({ service, environment: env });
+          const statusIcon = token ? chalk.green('✓') : chalk.red('✗');
+          const statusText = token ? 'Logged in' : 'Not logged in';
+          console.log(`  ${statusIcon} ${chalk.gray(service)} (${env}): ${statusText}`);
+        }
+      }
+      console.log();
+    });
+  authCommand
+    .command('logout')
+    .description('Logout and clear token')
+    .option('--service <service>', 'Service (liberica|arabica)')
+    .option('--env <environment>', 'Environment (dev|test|prod-cn|prod-jp)')
+    .option('--all', 'Clear all tokens')
+    .action(async (options) => {
+      if (options.all) {
+        const allTokens = await tokenManager.findAllTokens();
+        for (const cred of allTokens) {
+          const parts = cred.account.split(':');
+          await tokenManager.deleteToken({
+            service: parts[0] as Service,
+            environment: parts[1] as 'dev' | 'test' | 'prod-cn' | 'prod-jp',
+            tenant: parts[2],
+          });
+        }
+        console.log(chalk.green('\n✓ All tokens cleared\n'));
+      } else {
+        const context = configManager.getCurrentContext();
+        const service = (options.service as Service) || context.service;
+        const environment = options.env || context.environment;
+        const deleted = await tokenManager.deleteToken({
+          service,
+          environment: environment as 'dev' | 'test' | 'prod-cn' | 'prod-jp',
+          tenant: context.tenant,
+        });
+        if (deleted) {
+          console.log(chalk.green(`\n✓ Token cleared for ${service} (${environment})\n`));
+        } else {
+          console.log(chalk.gray(`\nNo token found for ${service} (${environment})\n`));
+        }
+      }
+    });
+  return authCommand;
+}