@odeva/cli 0.0.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Odeva
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,150 @@
+# @odeva/cli
+
+> Build apps on the Odeva booking platform — scaffold, develop, deploy.
+
+The `odeva` CLI is the developer toolkit for the [Odeva](https://odeva.app) booking platform. It is to Odeva what `shopify` is to Shopify and `wrangler` is to Cloudflare: scaffold a project, run it locally with a public tunnel and live webhook delivery, then ship it.
+
+## Install
+
+```sh
+npm install -g @odeva/cli
+# or
+bun add -g @odeva/cli
+```
+
+You'll also need `cloudflared` on your PATH for the dev tunnel:
+
+```sh
+# macOS
+brew install cloudflared
+
+# Debian/Ubuntu
+sudo apt install cloudflared
+
+# Other platforms: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/
+```
+
+## Quickstart
+
+```sh
+odeva auth login          # paste a personal access token
+odeva app init my-app     # scaffold a new app (default template: hono-bun)
+cd my-app
+bun install
+odeva app config link     # register the app on Odeva, write client_id to toml
+odeva app dev             # local server + tunnel + webhook auto-registration
+```
+
+In another terminal:
+
+```sh
+odeva webhook trigger reservation.created
+```
+
+You should see the fixture payload arrive in your dev server's logs, signed and ready to handle.
+
+## How `odeva app dev` works
+
+```
+              ┌─────────────────────────────────────────────┐
+              │  Odeva platform                             │
+              │   (creates webhook subscriptions, signs     │
+              │    payloads, delivers events)               │
+              └────────────────────┬────────────────────────┘
+                                   │  POST https://<id>.trycloudflare.com/webhooks/...
+                                   ▼
+                ┌──────────────────────────────────┐
+                │  cloudflared quick tunnel        │
+                │  (started by `odeva app dev`)    │
+                └────────────────┬─────────────────┘
+                                 │  http://localhost:3000
+                                 ▼
+                ┌──────────────────────────────────┐
+                │  Your Hono/Bun/Express app       │
+                │  Verify signature with the       │
+                │  ODEVA_WEBHOOK_SECRET injected   │
+                │  into the dev process.           │
+                └──────────────────────────────────┘
+```
+
+On Ctrl-C, the CLI tears down the tunnel **and deletes the webhook subscriptions it created**, so your production endpoints aren't polluted with dev URLs.
+
+## Commands
+
+| Command | What it does |
+| --- | --- |
+| `odeva auth login` | Authenticate the CLI with a personal access token |
+| `odeva auth logout` | Remove stored credentials from this machine |
+| `odeva auth whoami` | Show the currently authenticated session |
+| `odeva app init [name]` | Scaffold a new app from a template (default: `hono-bun`) |
+| `odeva app config link` | Register the local app on Odeva, write `client_id` back to toml |
+| `odeva app dev` | Run the app locally with a public tunnel + webhook auto-registration |
+| `odeva webhook list` | List active subscriptions on the current org (`--available` shows event types) |
+| `odeva webhook trigger <event>` | Fire a signed sample payload at your local handler |
+
+Run `odeva help <command>` for full flags on any command.
+
+## Config: `odeva.app.toml`
+
+Each Odeva app has an `odeva.app.toml` at its root. Example:
+
+```toml
+name = "Cabin Manager"
+slug = "cabin-manager"
+client_id = "app_..."        # written by `odeva app config link`
+description = "A booking add-on for Foo Holiday Park."
+
+[build]
+dev = "bun run dev"
+port = 3000
+
+[access_scopes]
+scopes = ["reservations:read", "reservations:write"]
+
+[webhooks]
+api_version = "2026-01"
+
+[[webhooks.subscriptions]]
+topic = "reservation.created"
+uri = "/webhooks/reservation.created"
+
+[[webhooks.subscriptions]]
+topic = "payment.succeeded"
+uri = "/webhooks/payment.succeeded"
+```
+
+This file is the source of truth for app config. `odeva app config link` pushes it to the platform; `odeva app dev` reads webhook subscriptions from it to wire up the tunnel.
+
+## Templates
+
+Bundled templates live under `templates/` in this repo:
+
+- **`hono-bun`** (default) — Hono on Bun, runtime-agnostic. Deploys later to Node, Bun, Cloudflare Workers, or Deno without rewrites.
+
+More templates (Next.js, Express, Fresh, WordPress) are on the roadmap — drop a directory into `templates/` and it's available via `odeva app init --template <name>`.
+
+## Authentication
+
+For now, the CLI authenticates with a **personal access token** (PAT). Generate one from the Odeva admin panel and paste it into `odeva auth login`. The token is stored at `~/.config/odeva/credentials.json` with mode `0600`.
+
+Browser-based OAuth (device-code flow) lands once the developer dashboard ships.
+
+## Status
+
+Pre-1.0. The command surface and `odeva.app.toml` schema are stabilizing. Expect breaking changes between minor versions until 1.0.
+
+## Development
+
+```sh
+git clone https://codeberg.org/odeva/odeva-cli
+cd odeva-cli
+bun install
+bun run test
+bun run typecheck
+bun run build
+node ./bin/run.js --help
+```
+
+## License
+
+MIT — see [LICENSE](./LICENSE).

package/bin/dev.js

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+// Dev entrypoint — runs TS sources directly via tsx/bun without a build step.
+import { execute } from "@oclif/core";
+
+process.env.NODE_ENV = "development";
+
+await execute({ development: true, dir: import.meta.url });

package/bin/run.js

@@ -0,0 +1,4 @@
+#!/usr/bin/env node
+import { execute } from "@oclif/core";
+
+await execute({ dir: import.meta.url });

package/dist/commands/app/config/link.js

@@ -0,0 +1,93 @@
+import { Command, Flags } from "@oclif/core";
+import * as p from "@clack/prompts";
+import { OdevaApi } from "../../../lib/api.js";
+import { loadAppConfig, saveAppConfig } from "../../../lib/config.js";
+import { saveAppEnv } from "../../../lib/app-env.js";
+import { withErrorHandling } from "../../../lib/run.js";
+import { ui } from "../../../lib/ui.js";
+class AppConfigLink extends Command {
+  static description = "Register the local app on Odeva and sync its client_id back to odeva.app.toml";
+  static examples = ["$ odeva app config link"];
+  static flags = {
+    "dry-run": Flags.boolean({
+      description: "Show what would be sent to the API without making changes",
+      default: false
+    })
+  };
+  async run() {
+    const { flags } = await this.parse(AppConfigLink);
+    await withErrorHandling(this, async () => {
+      const loaded = loadAppConfig();
+      p.intro(ui.brand("odeva app config link"));
+      p.note(
+        [
+          `${ui.dim("name:")}        ${loaded.config.name}`,
+          `${ui.dim("slug:")}        ${loaded.config.slug}`,
+          `${ui.dim("client_id:")}   ${loaded.config.client_id ?? ui.dim("(new)")}`,
+          `${ui.dim("homepage:")}    ${loaded.config.homepage_url ?? ui.dim("(none)")}`,
+          `${ui.dim("scopes:")}      ${(loaded.config.access_scopes?.scopes ?? []).join(", ") || ui.dim("(none)")}`
+        ].join("\n"),
+        "Will register this app"
+      );
+      if (flags["dry-run"]) {
+        p.outro(ui.warn("Dry run \u2014 no API call made."));
+        return;
+      }
+      const api = new OdevaApi();
+      const spinner = p.spinner();
+      spinner.start("Looking up existing app");
+      let existingId;
+      if (loaded.config.client_id) {
+        const apps = await api.listDeveloperApps();
+        const match = apps.find((a) => a.clientId === loaded.config.client_id);
+        if (match) existingId = match.id;
+      }
+      spinner.message(existingId ? "Updating app on Odeva" : "Creating app on Odeva");
+      const { app, rawClientSecret } = await api.upsertDeveloperApp({
+        id: existingId,
+        name: loaded.config.name,
+        slug: loaded.config.slug,
+        description: loaded.config.description,
+        homepageUrl: loaded.config.homepage_url,
+        installUrl: loaded.config.install_url,
+        privacyUrl: loaded.config.privacy_url,
+        requestedScopes: loaded.config.access_scopes?.scopes
+        // `webhookUrl` is the install-time URL recorded on the App; per-event
+        // subscriptions are managed separately by `odeva app dev` against the
+        // tunnel URL.
+      });
+      spinner.stop(`${existingId ? "Updated" : "Registered"} app ${ui.code(app.slug)} (client_id ${ui.code(app.clientId)})`);
+      loaded.config.client_id = app.clientId;
+      saveAppConfig(loaded);
+      let envPath = null;
+      if (rawClientSecret) {
+        envPath = saveAppEnv(loaded.path, {
+          ODEVA_APP_CLIENT_ID: app.clientId,
+          ODEVA_APP_CLIENT_SECRET: rawClientSecret
+        });
+        p.note(
+          [
+            "This is the only time the secret is shown.",
+            "",
+            `  ${ui.code(rawClientSecret)}`,
+            "",
+            `Saved to ${ui.code(envPath)} (mode 0600). Keep it out of git.`,
+            "If you ever lose it, run `odeva app config rotate-secret` to mint a new one."
+          ].join("\n"),
+          "client_secret"
+        );
+      }
+      p.outro(
+        [
+          ui.ok(`Wrote client_id to ${ui.code(loaded.path)}`),
+          envPath ? ui.ok(`Wrote client_secret to ${ui.code(envPath)}`) : null,
+          "",
+          `  Next: ${ui.code("odeva app dev")} to run the app locally with a public tunnel.`
+        ].filter((line) => line !== null).join("\n")
+      );
+    });
+  }
+}
+export {
+  AppConfigLink as default
+};

package/dist/commands/app/config/rotate-secret.js

@@ -0,0 +1,74 @@
+import { Command } from "@oclif/core";
+import * as p from "@clack/prompts";
+import { OdevaApi } from "../../../lib/api.js";
+import { loadAppConfig } from "../../../lib/config.js";
+import { saveAppEnv } from "../../../lib/app-env.js";
+import { CliError } from "../../../lib/errors.js";
+import { withErrorHandling } from "../../../lib/run.js";
+import { ui } from "../../../lib/ui.js";
+class AppConfigRotateSecret extends Command {
+  static description = "Mint a new client_secret for the app and overwrite .odeva.env. The previous secret stops working immediately.";
+  static examples = ["$ odeva app config rotate-secret"];
+  async run() {
+    await this.parse(AppConfigRotateSecret);
+    await withErrorHandling(this, async () => {
+      const loaded = loadAppConfig();
+      if (!loaded.config.client_id) {
+        throw new CliError("App has not been registered yet.", {
+          hint: "Run `odeva app config link` first."
+        });
+      }
+      p.intro(ui.brand("odeva app config rotate-secret"));
+      p.note(
+        [
+          `client_id: ${ui.code(loaded.config.client_id)}`,
+          "",
+          "Rotating invalidates the previous secret immediately.",
+          "Any deployed app instance still holding the old secret will start failing the install handshake."
+        ].join("\n"),
+        "About to rotate"
+      );
+      const confirm = await p.confirm({
+        message: "Rotate now?",
+        initialValue: false
+      });
+      if (p.isCancel(confirm) || !confirm) {
+        this.log(ui.warn("Cancelled."));
+        return;
+      }
+      const api = new OdevaApi();
+      const lookup = p.spinner();
+      lookup.start("Looking up app");
+      const existing = await api.findAppByClientId(loaded.config.client_id);
+      if (!existing) {
+        lookup.stop("Not found.");
+        throw new CliError(
+          `No app with client_id ${loaded.config.client_id} is owned by your active organization.`,
+          { hint: "If you registered against a different org, run `odeva auth select-org`." }
+        );
+      }
+      lookup.message("Rotating secret");
+      const { rawClientSecret } = await api.rotateDeveloperAppSecret(existing.id);
+      lookup.stop("Rotated.");
+      const envPath = saveAppEnv(loaded.path, {
+        ODEVA_APP_CLIENT_ID: existing.clientId,
+        ODEVA_APP_CLIENT_SECRET: rawClientSecret
+      });
+      p.note(
+        [
+          "This is the only time the secret is shown.",
+          "",
+          `  ${ui.code(rawClientSecret)}`,
+          "",
+          `Saved to ${ui.code(envPath)} (mode 0600).`,
+          "Redeploy any environments that hold the old secret."
+        ].join("\n"),
+        "new client_secret"
+      );
+      p.outro(ui.ok("Done."));
+    });
+  }
+}
+export {
+  AppConfigRotateSecret as default
+};

package/dist/commands/app/dev.js

@@ -0,0 +1,127 @@
+import { Command, Flags } from "@oclif/core";
+import * as p from "@clack/prompts";
+import { OdevaApi } from "../../lib/api.js";
+import { loadAppConfig } from "../../lib/config.js";
+import { loadAppEnv } from "../../lib/app-env.js";
+import { startQuickTunnel } from "../../lib/cloudflared.js";
+import {
+  cleanupSubscriptions,
+  preflightChecks,
+  registerWebhookSubscriptions,
+  spawnDevServer,
+  writeDevEnvFile
+} from "../../lib/dev-runner.js";
+import { CliError } from "../../lib/errors.js";
+import { withErrorHandling } from "../../lib/run.js";
+import { ui } from "../../lib/ui.js";
+class AppDev extends Command {
+  static description = "Run the app locally with a public Cloudflare tunnel and auto-registered webhook subscriptions";
+  static flags = {
+    port: Flags.integer({
+      description: "Local port the app listens on (overrides odeva.app.toml [build].port)"
+    }),
+    "no-tunnel": Flags.boolean({
+      description: "Skip the tunnel and webhook registration; just run the dev server.",
+      default: false
+    })
+  };
+  async run() {
+    const { flags } = await this.parse(AppDev);
+    await withErrorHandling(this, async () => {
+      const loaded = loadAppConfig();
+      const appEnv = loadAppEnv(loaded.path);
+      const port = flags.port ?? loaded.config.build?.port ?? 3e3;
+      const subscriptions = loaded.config.webhooks?.subscriptions ?? [];
+      for (const warning of preflightChecks(loaded.root).warnings) {
+        this.log(ui.warn(warning));
+      }
+      if (flags["no-tunnel"]) {
+        this.log(ui.warn("Skipping tunnel and webhook registration (--no-tunnel)"));
+        const server2 = spawnDevServer({
+          cwd: loaded.root,
+          config: loaded.config,
+          env: { ...appEnv, PORT: String(port) }
+        });
+        installShutdownHandler(async () => {
+          await server2.stop();
+        });
+        await server2.waitForExit();
+        return;
+      }
+      const api = new OdevaApi();
+      const tunnelSpinner = p.spinner();
+      tunnelSpinner.start("Starting Cloudflare tunnel");
+      const tunnel = await startQuickTunnel(port);
+      tunnelSpinner.stop(`Tunnel ready at ${ui.code(tunnel.url)}`);
+      let registered = [];
+      if (subscriptions.length > 0) {
+        const whSpinner = p.spinner();
+        whSpinner.start(`Registering ${subscriptions.length} webhook subscription${subscriptions.length === 1 ? "" : "s"}`);
+        try {
+          registered = await registerWebhookSubscriptions(api, loaded.config.name, tunnel.url, subscriptions);
+          whSpinner.stop(`Registered ${registered.length} subscription${registered.length === 1 ? "" : "s"}`);
+        } catch (err) {
+          whSpinner.stop(ui.err("Webhook registration failed"));
+          await tunnel.stop();
+          throw err instanceof CliError ? err : new CliError(`Webhook registration failed: ${err.message}`);
+        }
+        const envPath = writeDevEnvFile(loaded.root, registered);
+        if (envPath) {
+          this.log(ui.ok(`Wrote ${ui.code(envPath)} (add to .gitignore \u2014 it contains secrets)`));
+        }
+      } else {
+        this.log(ui.dim("No webhook subscriptions in odeva.app.toml \u2014 skipping registration."));
+      }
+      this.log("");
+      this.log(`${ui.bold("Tunnel:")}     ${tunnel.url}`);
+      this.log(`${ui.bold("Local:")}      http://localhost:${port}`);
+      for (const reg of registered) {
+        this.log(`  ${ui.dim("\u2192")} ${reg.config.topic.padEnd(28)} ${reg.fullUrl}`);
+      }
+      this.log("");
+      this.log(ui.dim("Press Ctrl-C to stop. Subscriptions will be cleaned up on exit."));
+      this.log("");
+      const server = spawnDevServer({
+        cwd: loaded.root,
+        config: loaded.config,
+        env: {
+          ...appEnv,
+          PORT: String(port),
+          ODEVA_TUNNEL_URL: tunnel.url,
+          ...registered[0] ? { ODEVA_WEBHOOK_SECRET: registered[0].secret } : {}
+        }
+      });
+      installShutdownHandler(async () => {
+        this.log("\n" + ui.dim("Cleaning up..."));
+        await Promise.allSettled([
+          server.stop(),
+          tunnel.stop(),
+          cleanupSubscriptions(api, registered)
+        ]);
+        this.log(ui.ok("Done."));
+      });
+      await server.waitForExit();
+      await Promise.allSettled([tunnel.stop(), cleanupSubscriptions(api, registered)]);
+    });
+  }
+}
+let shutdownInstalled = false;
+function installShutdownHandler(handler) {
+  if (shutdownInstalled) return;
+  shutdownInstalled = true;
+  let cleaning = false;
+  const cleanup = async (signal) => {
+    if (cleaning) return;
+    cleaning = true;
+    try {
+      await handler();
+    } finally {
+      process.exit(signal === "SIGINT" ? 130 : 0);
+    }
+  };
+  process.on("SIGINT", () => void cleanup("SIGINT"));
+  process.on("SIGTERM", () => void cleanup("SIGTERM"));
+}
+export {
+  AppDev as default
+};

package/dist/commands/app/init.js

@@ -0,0 +1,124 @@
+import { Args, Command, Flags } from "@oclif/core";
+import * as p from "@clack/prompts";
+import { existsSync } from "node:fs";
+import { basename, resolve } from "node:path";
+import { CliError } from "../../lib/errors.js";
+import { withErrorHandling } from "../../lib/run.js";
+import { isValidSlug, slugify } from "../../lib/slug.js";
+import { listTemplates, renderTemplate } from "../../lib/templates.js";
+import { ui } from "../../lib/ui.js";
+const DEFAULT_TEMPLATE = "hono-bun";
+class AppInit extends Command {
+  static description = "Scaffold a new Odeva app";
+  static examples = [
+    "$ odeva app init",
+    "$ odeva app init my-cabin-app",
+    "$ odeva app init my-cabin-app --template hono-bun"
+  ];
+  static args = {
+    name: Args.string({
+      description: "Directory name and default slug for the new app",
+      required: false
+    })
+  };
+  static flags = {
+    template: Flags.string({
+      description: "Template to scaffold from",
+      default: DEFAULT_TEMPLATE
+    }),
+    "display-name": Flags.string({
+      description: "Human-readable app name (defaults to a Title Case of the directory name)"
+    }),
+    slug: Flags.string({
+      description: "App slug (defaults to the directory name)"
+    }),
+    yes: Flags.boolean({
+      char: "y",
+      description: "Skip interactive prompts and use defaults",
+      default: false
+    })
+  };
+  async run() {
+    const { args, flags } = await this.parse(AppInit);
+    await withErrorHandling(this, async () => {
+      p.intro(ui.brand("odeva app init"));
+      const directory = await this.resolveDirectory(args.name, flags.yes);
+      const slug = this.resolveSlug(flags.slug ?? slugify(basename(directory)));
+      const displayName = flags["display-name"] ?? toTitleCase(basename(directory));
+      const template = flags.template;
+      if (!listTemplates().includes(template)) {
+        throw new CliError(`Unknown template: '${template}'.`, {
+          hint: `Available templates: ${listTemplates().join(", ")}`
+        });
+      }
+      const spinner = p.spinner();
+      spinner.start(`Scaffolding ${ui.bold(displayName)} into ${ui.code(directory)}`);
+      const { filesWritten } = renderTemplate({
+        template,
+        destination: directory,
+        variables: {
+          name: displayName,
+          slug
+        }
+      });
+      spinner.stop(`Wrote ${filesWritten} file${filesWritten === 1 ? "" : "s"} from template '${template}'.`);
+      p.outro(
+        [
+          ui.ok(`Created ${ui.bold(displayName)}`),
+          "",
+          "  Next steps:",
+          `    ${ui.code(`cd ${basename(directory)}`)}`,
+          `    ${ui.code("bun install")}`,
+          `    ${ui.code("odeva app config link")}    ${ui.dim("# register on Odeva")}`,
+          `    ${ui.code("odeva app dev")}             ${ui.dim("# start local dev with a tunnel")}`
+        ].join("\n")
+      );
+    });
+  }
+  async resolveDirectory(nameArg, skipPrompts) {
+    let name = nameArg;
+    if (!name) {
+      if (skipPrompts) {
+        throw new CliError("A directory name is required when using --yes.", {
+          hint: "Run `odeva app init <name>` or omit --yes to prompt."
+        });
+      }
+      const result = await p.text({
+        message: "Directory name for your app",
+        placeholder: "my-odeva-app",
+        validate: (v) => {
+          const trimmed = v.trim();
+          if (!trimmed) return "Directory name cannot be empty";
+          if (trimmed.includes("/") || trimmed.includes("\\")) return "Use a single directory name, not a path";
+          return void 0;
+        }
+      });
+      if (p.isCancel(result)) {
+        throw new CliError("init cancelled.");
+      }
+      name = result.trim();
+    }
+    const directory = resolve(process.cwd(), name);
+    if (existsSync(directory)) {
+      throw new CliError(`Directory '${name}' already exists.`, {
+        hint: "Choose a different name or remove the existing directory."
+      });
+    }
+    return directory;
+  }
+  resolveSlug(candidate) {
+    const slug = candidate.trim();
+    if (!isValidSlug(slug)) {
+      throw new CliError(`Invalid slug '${slug}'.`, {
+        hint: "Slugs are lowercase letters, digits, and hyphens (e.g. 'cabin-manager')."
+      });
+    }
+    return slug;
+  }
+}
+function toTitleCase(input) {
+  return input.split(/[-_\s]+/).filter(Boolean).map((part) => part[0].toUpperCase() + part.slice(1).toLowerCase()).join(" ");
+}
+export {
+  AppInit as default
+};

package/dist/commands/app/status.js

@@ -0,0 +1,59 @@
+import { Command } from "@oclif/core";
+import { OdevaApi } from "../../lib/api.js";
+import { loadAppConfig } from "../../lib/config.js";
+import { CliError } from "../../lib/errors.js";
+import { withErrorHandling } from "../../lib/run.js";
+import { ui } from "../../lib/ui.js";
+const STATUS_LABEL = {
+  draft: ui.dim("draft"),
+  submitted: "submitted",
+  published: ui.ok("published"),
+  rejected: ui.err("rejected")
+};
+class AppStatus extends Command {
+  static description = "Show the review status of the local app";
+  static examples = ["$ odeva app status"];
+  async run() {
+    await this.parse(AppStatus);
+    await withErrorHandling(this, async () => {
+      const loaded = loadAppConfig();
+      if (!loaded.config.client_id) {
+        throw new CliError("App has not been registered yet.", {
+          hint: "Run `odeva app config link` first."
+        });
+      }
+      const api = new OdevaApi();
+      const app = await api.findAppWithReviewByClientId(loaded.config.client_id);
+      if (!app) {
+        throw new CliError(
+          `No app with client_id ${loaded.config.client_id} is owned by your active organization.`,
+          { hint: "Run `odeva auth select-org` if you registered against a different org." }
+        );
+      }
+      const status = STATUS_LABEL[app.publicationStatus] ?? app.publicationStatus;
+      this.log(ui.bold(app.name));
+      this.log(`  ${ui.dim("Slug:")}      ${app.slug}`);
+      this.log(`  ${ui.dim("Status:")}    ${status}`);
+      if (app.verifiedAt) {
+        this.log(`  ${ui.dim("Verified:")}  ${app.verifiedAt}`);
+      }
+      if (app.updatedAt) {
+        this.log(`  ${ui.dim("Updated:")}   ${app.updatedAt}`);
+      }
+      if (app.reviewNotes) {
+        this.log("");
+        this.log(ui.bold("Reviewer notes:"));
+        for (const line of app.reviewNotes.split("\n")) {
+          this.log(`  ${line}`);
+        }
+      }
+      if (app.publicationStatus === "rejected") {
+        this.log("");
+        this.log(ui.dim("Address the feedback above, then run `odeva app submit` to resubmit."));
+      }
+    });
+  }
+}
+export {
+  AppStatus as default
+};