@oodarun/cli 0.1.12 → 0.1.14

package/dist/cli.js

@@ -298,7 +298,7 @@ createRoot(document.getElementById("root")!).render(
 });
 
 // src/cli/index.ts
-import path9 from "path";
+import path11 from "path";
 import readline2 from "readline";
 import { select as select3, confirm, Separator as Separator3 } from "@inquirer/prompts";
 
@@ -460,6 +460,7 @@ function parseConfig(jsonString) {
   }
   return {
     name: userConfig.name,
+    slug: userConfig.slug,
     description: userConfig.description,
     tools: mergedTools,
     claude: userConfig.claude || DEFAULT_CONFIG.claude
@@ -1036,22 +1037,13 @@ function promptToken(question) {
     process.stdin.on("data", onData);
   });
 }
-async function projectSubMenu(project, isOwner = true) {
+async function projectSubMenu(project, isOwner = true, publishedUrl = null) {
   const icon = statusIcon(project.status);
   const ownerLabel = project.owner ? ` ${c.gray}(${project.owner})${c.reset}` : "";
   if (!isOwner) {
-    let publishedUrl2 = null;
-    try {
-      const res = await fetch(`https://ooda.run/api/publish/${project.name}`);
-      if (res.ok) {
-        const info = await res.json();
-        publishedUrl2 = info.latestUrl;
-      }
-    } catch {
-    }
     const choices2 = [];
-    if (publishedUrl2) {
-      choices2.push({ name: `Open published site  ${c.gray}${publishedUrl2}${c.reset}`, value: "open-published" });
+    if (publishedUrl) {
+      choices2.push({ name: `Open published site  ${c.gray}${publishedUrl}${c.reset}`, value: "open-published" });
     }
     choices2.push(
       new Separator(`  ${c.gray}You don't have access to manage this project${c.reset}`),
@@ -1068,15 +1060,6 @@ async function projectSubMenu(project, isOwner = true) {
       throw err;
     }
   }
-  let publishedUrl = null;
-  try {
-    const res = await fetch(`https://ooda.run/api/publish/${project.name}`);
-    if (res.ok) {
-      const info = await res.json();
-      publishedUrl = info.latestUrl;
-    }
-  } catch {
-  }
   const choices = [
     { name: "Connect (launch Claude)", value: "connect" },
     { name: "Re-upload files from local folder", value: "reupload" }
@@ -1234,7 +1217,8 @@ async function completeJwtLogin(result) {
   console.log("");
   return "org";
 }
-async function ensureAuth() {
+async function ensureAuth(opts = {}) {
+  const requireClaudeToken = opts.requireClaudeToken !== false;
   let apiToken = null;
   const orgClaude = isOrgMode() ? getOrgClaudeConfig() : null;
   let claudeToken = getClaudeToken(orgClaude?.apiKeyHelper || void 0);
@@ -1253,6 +1237,9 @@ async function ensureAuth() {
 `);
     apiToken = await handleEmailPasswordAuth();
   }
+  if (!requireClaudeToken) {
+    return { apiToken, claudeToken: "", claudeSource: "" };
+  }
   async function promptForClaudeToken() {
     const tokenType = await select2({
       message: "Claude token type:",
@@ -1946,19 +1933,27 @@ import path from 'path';
 
 const MAX_FILE_SIZE = 10 * 1024 * 1024;
 
-// Resolve publish URL and auth \u2014 org mode uses JWT via org proxy
-let PUBLISH_URL = 'https://ooda.run/api/publish';
-let publishToken = process.env.PUBLISH_TOKEN || '';
+// Resolve publish URL and auth. Publishing goes exclusively through the
+// authenticated org proxy (POST /org/{orgId}/publish), which records the site
+// in D1 and materializes its access-control policy. The old unauthenticated
+// loader endpoint is retired, so org credentials are REQUIRED.
+let PUBLISH_URL = '';
+let publishToken = '';
 let orgProjectName = '';
 try {
   const orgCreds = JSON.parse(fs.readFileSync('/tmp/ooda-org.json', 'utf-8'));
+  const apiBase = orgCreds.apiBase || 'https://api.ooda.run';
   if (orgCreds.orgId && orgCreds.jwt) {
-    PUBLISH_URL = 'https://api.ooda.run/org/' + orgCreds.orgId + '/publish';
+    PUBLISH_URL = apiBase + '/org/' + orgCreds.orgId + '/publish';
     publishToken = orgCreds.jwt;
   }
   if (orgCreds.projectName) orgProjectName = orgCreds.projectName;
 } catch {
-  // No org credentials \u2014 use default publish endpoint
+  // handled below
+}
+if (!PUBLISH_URL || !publishToken) {
+  console.error('ERROR: Missing ooda org credentials (/tmp/ooda-org.json). Reconnect the project with the ooda CLI to refresh credentials, then publish again.');
+  process.exit(1);
 }
 
 const projectDir = process.argv[2] || process.cwd();
@@ -2658,103 +2653,6 @@ export default function designBrowserSource() {
   };
 }
 `.trim();
-var PUBLISH_SCRIPT2 = `
-import fs from 'fs';
-import path from 'path';
-import { execSync } from 'child_process';
-
-const PUBLISH_URL = 'https://ooda.run/api/publish';
-const publishToken = process.env.PUBLISH_TOKEN || '';
-const MAX_FILE_SIZE = 10 * 1024 * 1024;
-
-// Find the project directory (first arg or cwd)
-const projectDir = process.argv[2] || process.cwd();
-
-// Detect build output directory
-const candidates = ['dist', 'build', 'out', '.output/public', '.next/static'];
-let outputDir = null;
-for (const c of candidates) {
-  const p = path.join(projectDir, c);
-  if (fs.existsSync(p) && fs.statSync(p).isDirectory()) {
-    outputDir = p;
-    break;
-  }
-}
-
-if (!outputDir) {
-  console.error('ERROR: No build output directory found. Run your build command first.');
-  console.error('Looked for: ' + candidates.join(', '));
-  process.exit(1);
-}
-
-console.log('Found build output: ' + outputDir);
-
-// Derive slug from project name (hostname)
-let slug;
-try {
-  slug = execSync('hostname', { encoding: 'utf-8' }).trim();
-} catch {
-  slug = path.basename(projectDir);
-}
-// Clean slug to match requirements
-slug = slug.toLowerCase().replace(/[^a-z0-9-]/g, '-').replace(/-+/g, '-').replace(/^-|-$/g, '');
-if (slug.length < 3) slug = slug + '-site';
-if (slug.length > 64) slug = slug.slice(0, 64);
-
-console.log('Publishing as: ' + slug);
-
-// Collect all files recursively
-function collectFiles(dir, base) {
-  const results = [];
-  for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
-    const full = path.join(dir, entry.name);
-    if (entry.isDirectory()) {
-      results.push(...collectFiles(full, base));
-    } else if (entry.isFile()) {
-      const stat = fs.statSync(full);
-      if (stat.size <= MAX_FILE_SIZE) {
-        const rel = path.relative(base, full);
-        const content = fs.readFileSync(full).toString('base64');
-        results.push({ path: rel, content });
-      } else {
-        console.log('Skipping large file: ' + path.relative(base, full));
-      }
-    }
-  }
-  return results;
-}
-
-const files = collectFiles(outputDir, outputDir);
-console.log('Collected ' + files.length + ' files');
-
-if (files.length === 0) {
-  console.error('ERROR: No files found in ' + outputDir);
-  process.exit(1);
-}
-
-// Upload
-const body = JSON.stringify({ slug, files });
-console.log('Uploading (' + (body.length / 1024 / 1024).toFixed(1) + 'MB)...');
-
-const res = await fetch(PUBLISH_URL, {
-  method: 'POST',
-  headers: { 'Content-Type': 'application/json', ...(publishToken ? { 'Authorization': 'Bearer ' + publishToken } : {}) },
-  body,
-});
-
-const result = await res.json();
-if (result.ok) {
-  console.log('');
-  console.log('Published successfully!');
-  console.log('URL: ' + result.url);
-  console.log('Version: ' + result.version);
-  console.log('Files: ' + result.fileCount);
-  console.log('Size: ' + (result.totalSize / 1024).toFixed(1) + 'KB');
-} else {
-  console.error('Publish failed: ' + (result.error || JSON.stringify(result)));
-  process.exit(1);
-}
-`.trim();
 var CONFIG_PATCH_SCRIPT = `
 import fs from 'fs';
 import path from 'path';
@@ -3028,7 +2926,7 @@ async function provisionFromFolder(localPath, projectName, token, onProgress, br
       await setupClaudeAuth(projectName, token, effectiveClaudeToken, progress, claudeEnv);
     }
     await deployClaudeConfig(projectName, token, projectRoot, project.framework, progress, gitInfo || null, branchName || null);
-    await writeRemoteFile("/home/user/.ooda/publish.mjs", PUBLISH_SCRIPT2);
+    await writeRemoteFile("/home/user/.ooda/publish.mjs", PUBLISH_SCRIPT);
     await patchServerConfig(projectName, token, projectRoot, progress);
     await installSourcePlugin(projectName, token, projectRoot, project.framework, progress);
     try {
@@ -3276,7 +3174,7 @@ async function provisionFromGitHub(parsed, projectName, token, onProgress, githu
       gitWorkflowPatch.trim() + "\n"
     );
     await writeRemoteFile(`${projectRoot}/CLAUDE.md`, updatedClaudeMd);
-    await writeRemoteFile(`${homeDir}/.ooda/publish.mjs`, PUBLISH_SCRIPT2);
+    await writeRemoteFile(`${homeDir}/.ooda/publish.mjs`, PUBLISH_SCRIPT);
     await patchServerConfig(projectName, token, projectRoot, progress);
     await installSourcePlugin(projectName, token, projectRoot, project.framework, progress);
     try {
@@ -3379,7 +3277,7 @@ async function provisionFromTemplate(projectName, templateId, token, onProgress,
       await setupClaudeAuth(projectName, token, effectiveClaudeToken, progress, claudeEnv);
     }
     await deployClaudeConfig(projectName, token, projectRoot, "vite", progress);
-    await writeFile("/home/user/.ooda/publish.mjs", PUBLISH_SCRIPT2);
+    await writeFile("/home/user/.ooda/publish.mjs", PUBLISH_SCRIPT);
     try {
       await deployToolsViaRest(projectName, token, projectRoot, (msg) => {
         progress({ step: msg });
@@ -3719,14 +3617,14 @@ async function pullChangesFromProject(projectName, token, projectRoot, localProj
     }
     execSync3(`git checkout -b "${localBranch}"`, localOpts);
     try {
-      const fs7 = await import("fs");
+      const fs9 = await import("fs");
       const os2 = await import("os");
-      const path10 = await import("path");
-      const patchFile = path10.join(os2.tmpdir(), `ooda-patch-${Date.now()}.patch`);
-      fs7.writeFileSync(patchFile, patchContent, "utf-8");
+      const path12 = await import("path");
+      const patchFile = path12.join(os2.tmpdir(), `ooda-patch-${Date.now()}.patch`);
+      fs9.writeFileSync(patchFile, patchContent, "utf-8");
       execSync3(`git am "${patchFile}"`, localOpts);
       try {
-        fs7.unlinkSync(patchFile);
+        fs9.unlinkSync(patchFile);
       } catch {
       }
     } catch (amError) {
@@ -4087,6 +3985,85 @@ function startServer(opts) {
   });
 }
 
+// src/cli/sites-client.ts
+function buildSitesUrl(apiBase, orgId) {
+  return `${apiBase}/org/${encodeURIComponent(orgId)}/dashboard/sites`;
+}
+function buildSiteUrl(apiBase, orgId, slug, sub) {
+  const base = `${buildSitesUrl(apiBase, orgId)}/${encodeURIComponent(slug)}`;
+  return sub ? `${base}/${sub}` : base;
+}
+var SitesApiError = class extends Error {
+  constructor(status, message) {
+    super(message);
+    this.status = status;
+    this.name = "SitesApiError";
+  }
+};
+async function readJson(res) {
+  const text = await res.text();
+  let data;
+  try {
+    data = text ? JSON.parse(text) : {};
+  } catch {
+    data = {};
+  }
+  if (!res.ok) {
+    const msg = data?.error || `Request failed (${res.status})`;
+    throw new SitesApiError(res.status, msg);
+  }
+  return data;
+}
+function authHeaders(jwt, json = false) {
+  return {
+    Authorization: `Bearer ${jwt}`,
+    ...json ? { "Content-Type": "application/json" } : {}
+  };
+}
+async function listSites(auth) {
+  const res = await fetch(buildSitesUrl(auth.apiBase, auth.orgId), {
+    headers: authHeaders(auth.jwt)
+  });
+  const data = await readJson(res);
+  return data.sites ?? [];
+}
+async function updateSiteAccess(auth, slug, body) {
+  const res = await fetch(buildSiteUrl(auth.apiBase, auth.orgId, slug), {
+    method: "PATCH",
+    headers: authHeaders(auth.jwt, true),
+    body: JSON.stringify(body)
+  });
+  return readJson(res);
+}
+async function revealSitePassword(auth, slug) {
+  const res = await fetch(buildSiteUrl(auth.apiBase, auth.orgId, slug, "password"), {
+    headers: authHeaders(auth.jwt)
+  });
+  return readJson(res);
+}
+async function deleteSite(auth, slug) {
+  const res = await fetch(buildSiteUrl(auth.apiBase, auth.orgId, slug), {
+    method: "DELETE",
+    headers: authHeaders(auth.jwt)
+  });
+  return readJson(res);
+}
+async function fetchPublishedSiteUrl(opts) {
+  try {
+    const res = await fetch(buildSitesUrl(opts.apiBase, opts.orgId), {
+      headers: { Authorization: `Bearer ${opts.jwt}` }
+    });
+    if (!res.ok) return null;
+    const data = await res.json();
+    const match = (data.sites ?? []).find(
+      (s) => s.projectName === opts.projectName || s.slug === opts.projectName
+    );
+    return match?.url ?? null;
+  } catch {
+    return null;
+  }
+}
+
 // src/urls.ts
 function parseLoaderBase() {
   const raw = process.env.OODA_LOADER_BASE;
@@ -4135,10 +4112,9 @@ function buildSelectorChoices(state) {
   } else {
     projectChoices = state.projects.map((p) => {
       const icon = statusIcon(p.status);
-      const url = p.url ? `  ${c.gray}${toPublicUrl(p.url)}${c.reset}` : "";
       const owner = p.owner ? ` ${c.gray}(${p.owner})${c.reset}` : "";
       return {
-        name: `  ${p.name}${owner}  ${icon} ${p.status}${url}`,
+        name: `  ${p.name}${owner}  ${icon} ${p.status}`,
         value: { kind: "project", project: p }
       };
     });
@@ -4644,8 +4620,42 @@ function mergeOnboardingConfig(existing, projectRoot) {
   return d;
 }
 
+// src/cli/backup-client.ts
+function buildBackupUrl(apiBase, orgId, projectName) {
+  return `${apiBase}/org/${encodeURIComponent(orgId)}/project/${encodeURIComponent(projectName)}/backup`;
+}
+function buildRestoreUrl(apiBase, orgId, projectName) {
+  return `${apiBase}/org/${encodeURIComponent(orgId)}/project/${encodeURIComponent(projectName)}/restore`;
+}
+async function restoreProject(opts) {
+  try {
+    const res = await fetch(buildRestoreUrl(opts.apiBase, opts.orgId, opts.projectName), {
+      method: "POST",
+      headers: { Authorization: `Bearer ${opts.jwt}` }
+    });
+    if (!res.ok) return { restored: false, reason: `http-${res.status}` };
+    const data = await res.json();
+    return { restored: Boolean(data.restored), reason: data.reason, dir: data.dir };
+  } catch {
+    return { restored: false, reason: "network-error" };
+  }
+}
+async function backupProject(opts) {
+  try {
+    const res = await fetch(buildBackupUrl(opts.apiBase, opts.orgId, opts.projectName), {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Authorization: `Bearer ${opts.jwt}` },
+      body: JSON.stringify({ projectRoot: opts.projectRoot })
+    });
+    return res.ok;
+  } catch {
+    return false;
+  }
+}
+
 // src/cli/session.ts
 var IDLE_TIMEOUT_MS = 30 * 60 * 1e3;
+var BACKUP_INTERVAL_MS = 3 * 60 * 1e3;
 var IDLE_WARNING_MS = 25 * 60 * 1e3;
 var IDLE_CHECK_INTERVAL_MS = 60 * 1e3;
 var _activeProject = null;
@@ -4715,8 +4725,27 @@ async function connectAndRunClaude(projectName, apiToken, claudeToken, projectUr
 `);
     return;
   }
-  const projectRoot = await findProjectRoot(projectName, apiToken);
   console.log(`  ${c.green}${c.bold}\u2713${c.reset} Connected ${c.gray}${elapsed()}${c.reset}`);
+  const backupApiBase = process.env.OODA_API_BASE || "https://api.ooda.run";
+  const backupOrgId = isOrgMode() ? getOrgId() : null;
+  if (backupOrgId) {
+    const r = await restoreProject({
+      apiBase: backupApiBase,
+      orgId: backupOrgId,
+      projectName,
+      jwt: getAccessToken() ?? ""
+    });
+    if (r.restored) {
+      const where = r.dir ? ` ${c.gray}(${r.dir})${c.reset}` : "";
+      console.log(`  ${c.green}${c.bold}\u2713${c.reset} ${c.gray}Restored project files from last snapshot${c.reset}${where}`);
+    } else if (r.reason === "no-backup") {
+      console.log(`  ${c.gray}\xB7 No snapshot to restore yet${c.reset}`);
+    } else {
+      console.log(`  ${c.yellow}!${c.reset} ${c.gray}Snapshot restore failed (${r.reason ?? "unknown"})${c.reset}`);
+    }
+  }
+  const projectRoot = await findProjectRoot(projectName, apiToken);
+  const canBackup = !!backupOrgId && projectRoot !== "/home/user" && projectRoot !== "/root";
   pushPhase("setup", "Writing config files");
   try {
     const memRaw = await client.exec("free -m 2>/dev/null || cat /proc/meminfo 2>/dev/null | head -3");
@@ -4753,7 +4782,11 @@ async function connectAndRunClaude(projectName, apiToken, claudeToken, projectUr
     const orgId = getOrgId();
     const jwt = getAccessToken();
     if (orgId && jwt) {
-      await client.writeFile("/tmp/ooda-org.json", JSON.stringify({ orgId, jwt, projectName }));
+      const apiBase = process.env.OODA_API_BASE;
+      await client.writeFile(
+        "/tmp/ooda-org.json",
+        JSON.stringify({ orgId, jwt, projectName, ...apiBase ? { apiBase } : {} })
+      );
     }
   }
   const tokenType = getClaudeTokenType(claudeToken);
@@ -4996,6 +5029,23 @@ ${text}`;
       claudeExec
     ].join("; ");
   }
+  let backupTimer = null;
+  let backupInFlight = false;
+  if (canBackup) {
+    backupTimer = setInterval(() => {
+      if (backupInFlight) return;
+      backupInFlight = true;
+      void backupProject({
+        apiBase: backupApiBase,
+        orgId: backupOrgId,
+        projectName,
+        projectRoot,
+        jwt: getAccessToken() ?? ""
+      }).finally(() => {
+        backupInFlight = false;
+      });
+    }, BACKUP_INTERVAL_MS);
+  }
   let tokenRefreshTimer = null;
   const orgApiKey = claudeEnv?.ANTHROPIC_API_KEY;
   const useServerRefresh = !apiKeyHelper && orgApiKey && isOrgMode();
@@ -5144,6 +5194,22 @@ ${text}`;
   currentCmdAlive = false;
   _activeProject = null;
   if (tokenRefreshTimer) clearInterval(tokenRefreshTimer);
+  if (backupTimer) clearInterval(backupTimer);
+  if (canBackup) {
+    console.log(`  ${c.gray}Saving project snapshot...${c.reset}`);
+    const saved = await backupProject({
+      apiBase: backupApiBase,
+      orgId: backupOrgId,
+      projectName,
+      projectRoot,
+      jwt: getAccessToken() ?? ""
+    });
+    if (saved) {
+      console.log(`  ${c.green}${c.bold}\u2713${c.reset} ${c.gray}Snapshot saved${c.reset}`);
+    } else {
+      console.log(`  ${c.yellow}!${c.reset} ${c.gray}Snapshot save failed (project not backed up)${c.reset}`);
+    }
+  }
   console.log(`  ${c.gray}Stopping project processes...${c.reset}`);
   const result = await stopProject(projectName, apiToken);
   if (result.ok) {
@@ -5372,8 +5438,382 @@ async function deployFromGitHubFlow(target, apiToken, claudeToken) {
   }
 }
 
+// src/cli/publish.ts
+import fs8 from "fs";
+import path10 from "path";
+
+// src/publish-core.ts
+import fs7 from "fs";
+import path9 from "path";
+var MAX_FILE_SIZE2 = 10 * 1024 * 1024;
+var BUILD_DIR_CANDIDATES = [
+  "dist",
+  "build",
+  "out",
+  ".output/public",
+  ".next/static"
+];
+function detectBuildDir(projectDir) {
+  for (const candidate of BUILD_DIR_CANDIDATES) {
+    const full = path9.join(projectDir, candidate);
+    try {
+      if (fs7.existsSync(full) && fs7.statSync(full).isDirectory()) {
+        return full;
+      }
+    } catch {
+    }
+  }
+  return null;
+}
+function deriveSlug(rawName) {
+  let slug = rawName.toLowerCase().replace(/[^a-z0-9-]/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "");
+  if (slug.length < 3) slug = `${slug}-site`;
+  if (slug.length > 64) slug = slug.slice(0, 64);
+  return slug;
+}
+function collectFiles2(dir, onSkip) {
+  const results = [];
+  const walk = (current) => {
+    for (const entry of fs7.readdirSync(current, { withFileTypes: true })) {
+      const full = path9.join(current, entry.name);
+      if (entry.isDirectory()) {
+        walk(full);
+      } else if (entry.isFile()) {
+        const rel = path9.relative(dir, full);
+        if (fs7.statSync(full).size > MAX_FILE_SIZE2) {
+          onSkip?.(rel);
+          continue;
+        }
+        results.push({ path: rel, content: fs7.readFileSync(full).toString("base64") });
+      }
+    }
+  };
+  walk(dir);
+  return results;
+}
+function appendSuffix(base, suffix) {
+  const maxBase = 64 - suffix.length - 1;
+  const trimmed = base.length > maxBase ? base.slice(0, maxBase).replace(/-+$/, "") : base;
+  return `${trimmed}-${suffix}`;
+}
+function randomSlugSuffix() {
+  let s = "";
+  const bytes = crypto.getRandomValues(new Uint8Array(4));
+  for (const b of bytes) s += (b % 36).toString(36);
+  return s;
+}
+function buildPublishBody(opts) {
+  return {
+    slug: opts.slug,
+    ...opts.projectName ? { projectName: opts.projectName } : {},
+    files: opts.files
+  };
+}
+
+// src/cli/publish.ts
+var MAX_SLUG_ATTEMPTS = 5;
+async function publishLocalDir(opts) {
+  const { projectDir, slugOverride, json } = opts;
+  if (!isOrgMode()) {
+    fail(json, "Publishing requires an organisation login. Run `ooda` and log in first.");
+    return;
+  }
+  const orgId = getOrgId();
+  const jwt = getAccessToken();
+  if (!orgId || !jwt) {
+    fail(json, "No active org session. Run `ooda` and log in first.");
+    return;
+  }
+  const apiBase = process.env.OODA_API_BASE || "https://api.ooda.run";
+  const auth = { apiBase, orgId, jwt };
+  const outputDir = detectBuildDir(projectDir);
+  if (!outputDir) {
+    fail(
+      json,
+      `No build output found in ${projectDir}. Run your build command first.
+  Looked for: ${BUILD_DIR_CANDIDATES.join(", ")}`
+    );
+    return;
+  }
+  const config = loadConfig(projectDir);
+  const explicit = Boolean(slugOverride && slugOverride.trim());
+  const persisted = !explicit && Boolean(config.slug);
+  const base = deriveSlug(
+    explicit ? slugOverride : config.slug || config.name || path10.basename(projectDir)
+  );
+  const allowSuffix = !explicit && !persisted;
+  const skipped = [];
+  const files = collectFiles2(outputDir, (rel) => skipped.push(rel));
+  if (files.length === 0) {
+    fail(json, `No files found in ${outputDir}.`);
+    return;
+  }
+  let candidate = base;
+  if (allowSuffix) {
+    try {
+      const taken = new Set((await listSites(auth)).map((s) => s.slug));
+      if (taken.has(candidate)) candidate = appendSuffix(base, randomSlugSuffix());
+    } catch {
+    }
+  }
+  if (!json) {
+    console.log(`  ${c.gray}Build output: ${outputDir}${c.reset}`);
+    for (const rel of skipped) console.log(`  ${c.yellow}!${c.reset} ${c.gray}Skipped large file: ${rel}${c.reset}`);
+  }
+  let result = null;
+  let finalSlug = candidate;
+  let lastClashError = "";
+  for (let attempt = 0; attempt < (allowSuffix ? MAX_SLUG_ATTEMPTS : 1); attempt++) {
+    if (!json) console.log(`  ${c.gray}Publishing ${files.length} files as ${c.reset}${c.bold}${candidate}${c.reset}${c.gray}...${c.reset}`);
+    const { status, data } = await postPublish(apiBase, orgId, jwt, candidate, files);
+    if (status >= 200 && status < 300 && data.ok) {
+      result = data;
+      finalSlug = candidate;
+      break;
+    }
+    if (status === 403 && allowSuffix) {
+      lastClashError = data.error || "slug taken";
+      candidate = appendSuffix(base, randomSlugSuffix());
+      continue;
+    }
+    if (status === 403) {
+      fail(json, `Slug "${candidate}" is taken by another organisation. Choose another with --slug.`);
+      return;
+    }
+    fail(json, data.error || `Publish failed (${status})`);
+    return;
+  }
+  if (!result) {
+    fail(json, `Couldn't find a free slug after ${MAX_SLUG_ATTEMPTS} attempts (last: ${lastClashError}).`);
+    return;
+  }
+  const wrote = persistSlug(projectDir, finalSlug);
+  const suffixed = finalSlug !== base;
+  const publicUrl = result.url ? toPublicUrl(result.url) : "";
+  if (json) {
+    console.log(JSON.stringify({ ...result, slug: finalSlug, url: publicUrl || result.url, savedToConfig: wrote }, null, 2));
+    return;
+  }
+  console.log(`
+  ${c.green}${c.bold}\u2713${c.reset} Published`);
+  console.log(`  ${c.cyan}${publicUrl}${c.reset}`);
+  if (result.version !== void 0) console.log(`  ${c.gray}Version ${result.version} \xB7 ${result.fileCount} files \xB7 ${((result.totalSize ?? 0) / 1024).toFixed(1)}KB${c.reset}`);
+  if (suffixed) console.log(`  ${c.gray}Slug auto-suffixed to avoid a collision.${c.reset}`);
+  if (wrote) console.log(`  ${c.gray}Saved slug to ooda.json so re-publishes reuse this URL.${c.reset}`);
+  console.log("");
+}
+async function postPublish(apiBase, orgId, jwt, slug, files) {
+  try {
+    const res = await fetch(`${apiBase}/org/${encodeURIComponent(orgId)}/publish`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Authorization: `Bearer ${jwt}` },
+      body: JSON.stringify(buildPublishBody({ slug, files }))
+    });
+    const data = await res.json().catch(() => ({}));
+    return { status: res.status, data };
+  } catch (err) {
+    return { status: 0, data: { error: `Could not reach the server: ${err instanceof Error ? err.message : String(err)}` } };
+  }
+}
+function persistSlug(projectDir, slug) {
+  const p = path10.join(projectDir, "ooda.json");
+  let obj = {};
+  if (fs8.existsSync(p)) {
+    try {
+      const parsed = JSON.parse(fs8.readFileSync(p, "utf-8"));
+      if (parsed && typeof parsed === "object") obj = parsed;
+      else return false;
+    } catch {
+      return false;
+    }
+  }
+  if (obj.slug === slug) return false;
+  obj.slug = slug;
+  fs8.writeFileSync(p, JSON.stringify(obj, null, 2) + "\n");
+  return true;
+}
+function fail(json, message) {
+  if (json) {
+    console.log(JSON.stringify({ ok: false, error: message }));
+  } else {
+    console.log(`
+  ${c.red}${message}${c.reset}
+`);
+  }
+  process.exitCode = 1;
+}
+
+// src/cli/sites.ts
+var ACCESS_MODES = ["public", "password", "login"];
+async function runSitesCommand(args) {
+  if (!isOrgMode()) return fail2(args.json, "Managing sites requires an organisation login. Run `ooda` and log in first.");
+  const orgId = getOrgId();
+  const jwt = getAccessToken();
+  if (!orgId || !jwt) return fail2(args.json, "No active org session. Run `ooda` and log in first.");
+  const apiBase = process.env.OODA_API_BASE || "https://api.ooda.run";
+  const auth = { apiBase, orgId, jwt };
+  const sub = args.subcommand || "list";
+  try {
+    switch (sub) {
+      case "list":
+        return await listCmd(auth, args.json);
+      case "access":
+        return await accessCmd(auth, args);
+      case "password":
+        return await passwordCmd(auth, args);
+      case "delete":
+      case "unpublish":
+        return await deleteCmd(auth, args);
+      default:
+        return fail2(args.json, `Unknown sites subcommand: ${sub}. Use list | access | password | delete.`);
+    }
+  } catch (err) {
+    if (err instanceof SitesApiError) return fail2(args.json, err.message);
+    return fail2(args.json, err instanceof Error ? err.message : String(err));
+  }
+}
+async function listCmd(auth, json) {
+  const sites = await listSites(auth);
+  if (json) {
+    console.log(JSON.stringify(sites.map((s) => ({ ...s, url: toPublicUrl(s.url) })), null, 2));
+    return;
+  }
+  if (sites.length === 0) {
+    console.log(`  ${c.gray}No published sites.${c.reset}
+`);
+    return;
+  }
+  console.log("");
+  for (const s of sites) {
+    const own = s.isOwn ? `${c.green}*${c.reset}` : " ";
+    console.log(`  ${own} ${c.bold}${s.slug}${c.reset}  ${c.gray}${s.effectiveMode}${c.reset}`);
+    console.log(`    ${c.cyan}${toPublicUrl(s.url)}${c.reset}  ${c.gray}${s.publishedByName}${c.reset}`);
+  }
+  console.log("");
+}
+async function accessCmd(auth, args) {
+  if (!args.slug) return fail2(args.json, "Usage: ooda sites access <slug> --mode <public|password|login>");
+  const body = {};
+  if (args.clearMode) {
+    body.accessMode = null;
+  } else if (args.mode !== void 0) {
+    if (!ACCESS_MODES.includes(args.mode)) {
+      return fail2(args.json, `Invalid --mode. Must be one of: ${ACCESS_MODES.join(", ")}`);
+    }
+    body.accessMode = args.mode;
+  }
+  if (args.clearPassword) {
+    body.password = null;
+  } else if (args.password !== void 0) {
+    body.password = args.password;
+  }
+  if (Object.keys(body).length === 0) {
+    return fail2(args.json, "Nothing to change. Pass --mode, --password, --clear-password, or --clear-mode.");
+  }
+  const result = await updateSiteAccess(auth, args.slug, body);
+  if (args.json) {
+    console.log(JSON.stringify(result, null, 2));
+    return;
+  }
+  console.log(`
+  ${c.green}${c.bold}\u2713${c.reset} ${c.bold}${args.slug}${c.reset} \u2192 ${c.cyan}${result.effectiveMode}${c.reset}${c.gray}${result.accessMode === null ? " (inherits org default)" : ""}${c.reset}
+`);
+}
+async function passwordCmd(auth, args) {
+  if (!args.slug) return fail2(args.json, "Usage: ooda sites password <slug>");
+  const result = await revealSitePassword(auth, args.slug);
+  if (args.json) {
+    console.log(JSON.stringify(result, null, 2));
+    return;
+  }
+  if (!result.password) {
+    console.log(`
+  ${c.gray}No password set for ${args.slug} (not password-protected).${c.reset}
+`);
+    return;
+  }
+  console.log(`
+  ${c.bold}${args.slug}${c.reset} password: ${c.cyan}${result.password}${c.reset} ${c.gray}(source: ${result.source})${c.reset}
+`);
+}
+async function deleteCmd(auth, args) {
+  if (!args.slug) return fail2(args.json, "Usage: ooda sites delete <slug>");
+  await deleteSite(auth, args.slug);
+  if (args.json) {
+    console.log(JSON.stringify({ ok: true, slug: args.slug }));
+    return;
+  }
+  console.log(`
+  ${c.green}${c.bold}\u2713${c.reset} Unpublished ${c.bold}${args.slug}${c.reset}
+`);
+}
+function fail2(json, message) {
+  if (json) {
+    console.log(JSON.stringify({ ok: false, error: message }));
+  } else {
+    console.log(`
+  ${c.red}${message}${c.reset}
+`);
+  }
+  process.exitCode = 1;
+}
+
+// src/cli/help.ts
+function buildHelpText(version) {
+  return `ooda v${version} \u2014 Cloud dev environments for Claude Code
+
+Usage:
+  ooda [command] [options]
+
+Commands:
+  (no command)                 Open the interactive project menu
+  list, ls                     List your projects
+  connect <project>            Connect to a project and run Claude (interactive)
+  deploy [path|github-url]     Deploy a local folder or GitHub repo as a project
+  publish [path]               Publish a built static site to {slug}-p.ooda.run
+  sites [list]                 List your org's published sites
+  sites access <slug>          Change a published site's access policy
+  sites password <slug>        Reveal a site's effective password
+  sites delete <slug>          Unpublish a site
+  help, --help, -h             Show this help
+
+publish [path]
+  Publishes an already-built static site (no build is run). Looks for a build
+  output dir (dist, build, out, .output/public, .next/static) in [path] (default:
+  current dir). Requires an org login.
+    --slug <slug>              Override the slug (default: ooda.json name, else folder name)
+    --json                     Machine-readable JSON output
+
+sites access <slug>
+    --mode <public|password|login>  Set the access mode
+    --password <pw>            Set a per-site password (use with --mode password)
+    --clear-password           Remove the per-site password
+    --clear-mode               Clear the override (inherit the org default)
+    --json                     Machine-readable JSON output
+
+sites list | password | delete
+    --json                     Machine-readable JSON output
+
+Global:
+    --port <n>                 Dashboard port for the interactive menu (default 4444)
+
+Headless auth (for agents/CI):
+  Set OODA_ACCESS_TOKEN and OODA_ORG_ID to skip interactive login. publish and
+  sites then run fully non-interactively and exit 0 on success, non-zero on error.
+
+Local dev:
+  Set OODA_API_BASE (server) and OODA_LOADER_BASE (loader) to target a local
+  stack instead of production.
+
+Examples:
+  ooda publish ./dist --slug my-app
+  ooda sites list --json
+  ooda sites access my-app --mode password --password hunter2
+  ooda sites delete my-app --json`;
+}
+
 // src/cli/index.ts
-var CLI_VERSION = "0.1.11";
+var CLI_VERSION = "0.1.14";
 function formatMutationError(result) {
   const parts = [];
   if (result.status !== void 0) parts.push(String(result.status));
@@ -5411,27 +5851,59 @@ function waitForEventOrCancel(emitter, event) {
 }
 var DEFAULT_PORT = 4444;
 function parseArgs(argv) {
-  let port = DEFAULT_PORT;
+  const rest = argv.slice(2);
+  const first = rest[0];
   let command = "menu";
-  let connectTarget;
-  let deployTarget;
-  const firstArg = argv[2];
-  if (firstArg === "connect") {
-    command = "connect";
-    connectTarget = argv[3];
-  } else if (firstArg === "list" || firstArg === "ls") {
-    command = "list";
-  } else if (firstArg === "deploy") {
-    command = "deploy";
-    deployTarget = argv[3];
-  }
-  for (let i = 2; i < argv.length; i++) {
-    if (argv[i] === "--port" && argv[i + 1]) {
-      port = parseInt(argv[i + 1], 10) || DEFAULT_PORT;
+  if (first === "connect") command = "connect";
+  else if (first === "list" || first === "ls") command = "list";
+  else if (first === "deploy") command = "deploy";
+  else if (first === "publish") command = "publish";
+  else if (first === "sites") command = "sites";
+  else if (first === "help") command = "help";
+  if (rest.includes("--help") || rest.includes("-h")) command = "help";
+  const positionals = [];
+  const flags = {};
+  let port = DEFAULT_PORT;
+  const startIdx = command === "menu" ? 0 : 1;
+  for (let i = startIdx; i < rest.length; i++) {
+    const arg = rest[i];
+    if (arg === "--port" && rest[i + 1]) {
+      port = parseInt(rest[i + 1], 10) || DEFAULT_PORT;
       i++;
-    }
+    } else if (arg === "--slug" && rest[i + 1]) {
+      flags.slug = rest[i + 1];
+      i++;
+    } else if (arg === "--mode" && rest[i + 1]) {
+      flags.mode = rest[i + 1];
+      i++;
+    } else if (arg === "--password" && rest[i + 1] !== void 0) {
+      flags.password = rest[i + 1];
+      i++;
+    } else if (arg === "--clear-password") flags.clearPassword = true;
+    else if (arg === "--clear-mode") flags.clearMode = true;
+    else if (arg === "--json") flags.json = true;
+    else if (!arg.startsWith("--")) positionals.push(arg);
+  }
+  const args = { port, command, json: Boolean(flags.json) };
+  if (command === "connect") {
+    args.connectTarget = positionals[0];
+  } else if (command === "deploy") {
+    args.deployTarget = positionals[0];
+  } else if (command === "publish") {
+    args.publishTarget = positionals[0];
+    args.publishSlug = flags.slug;
+  } else if (command === "sites") {
+    args.sites = {
+      subcommand: positionals[0],
+      slug: positionals[1],
+      mode: flags.mode,
+      password: flags.password,
+      clearPassword: Boolean(flags.clearPassword),
+      clearMode: Boolean(flags.clearMode),
+      json: Boolean(flags.json)
+    };
   }
-  return { port, command, connectTarget, deployTarget };
+  return args;
 }
 function eraseRenderedPrompt(visibleLines) {
   const total = visibleLines + 2;
@@ -5560,14 +6032,24 @@ async function selectorLoop(apiToken, claudeToken, dashboardUrl, cwd) {
         const project = action.project;
         const currentUserName = isOrgMode() ? getOrgDisplayName() : null;
         const isOwner = !isOrgMode() || !project.owner || project.owner === currentUserName;
-        const subAction = await projectSubMenu(project, isOwner);
+        let publishedUrl = null;
+        const subOrgId = isOrgMode() ? getOrgId() : null;
+        if (subOrgId) {
+          const apiBase = process.env.OODA_API_BASE || "https://api.ooda.run";
+          publishedUrl = await fetchPublishedSiteUrl({
+            apiBase,
+            orgId: subOrgId,
+            projectName: project.name,
+            jwt: getAccessToken() ?? ""
+          });
+        }
+        const subAction = await projectSubMenu(project, isOwner, publishedUrl);
         switch (subAction) {
           case "connect":
             await connectAndRunClaude(project.name, apiToken, claudeToken, project.url, void 0, project.previewUrl);
             break;
           case "open-published": {
-            const publishUrl = `https://${project.name}-p.ooda.run`;
-            await openUrl(publishUrl);
+            await openUrl(publishedUrl ?? `https://${project.name}-p.ooda.run`);
             break;
           }
           case "reupload": {
@@ -5841,6 +6323,10 @@ async function main() {
   const args = parseArgs(process.argv);
   const cwd = process.cwd();
   printLogo(CLI_VERSION);
+  if (args.command === "help") {
+    console.log(buildHelpText(CLI_VERSION));
+    process.exit(0);
+  }
   if (args.command === "list") {
     await listProjectsCmd();
     process.exit(0);
@@ -5851,11 +6337,22 @@ async function main() {
     if (target && isGitHubTarget(target)) {
       await deployFromGitHubFlow(target, apiToken, claudeToken);
     } else {
-      const deployPath = target ? path9.resolve(target) : cwd;
+      const deployPath = target ? path11.resolve(target) : cwd;
       await deployCurrentDir(deployPath, apiToken, claudeToken);
     }
     process.exit(0);
   }
+  if (args.command === "publish") {
+    await ensureAuth({ requireClaudeToken: false });
+    const dir = args.publishTarget ? path11.resolve(args.publishTarget) : cwd;
+    await publishLocalDir({ projectDir: dir, slugOverride: args.publishSlug, json: args.json });
+    process.exit(process.exitCode ?? 0);
+  }
+  if (args.command === "sites") {
+    await ensureAuth({ requireClaudeToken: false });
+    await runSitesCommand(args.sites ?? {});
+    process.exit(process.exitCode ?? 0);
+  }
   if (args.command === "connect") {
     if (!args.connectTarget) {
       console.log(`  ${c.red}Usage: ooda connect <project-name>${c.reset}`);