@opencode-manager/ocm-cli 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Chris Scott
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/ocm.js

@@ -0,0 +1,716 @@
+#!/usr/bin/env node
+// bin/ocm.ts
+import { spawn as spawn2, spawnSync as spawnSync4 } from "child_process";
+import { basename } from "path";
+
+// src/state.ts
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { homedir } from "os";
+import { dirname, join } from "path";
+var STATE_DIR = join(homedir(), ".config", "opencode-manager");
+var STATE_FILE = join(STATE_DIR, "state.json");
+function getStatePath() {
+  return STATE_FILE;
+}
+function readState() {
+  if (!existsSync(STATE_FILE))
+    return null;
+  try {
+    const raw = readFileSync(STATE_FILE, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (!parsed.managerUrl)
+      return null;
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+function writeState(state) {
+  mkdirSync(dirname(STATE_FILE), { recursive: true });
+  const next = { ...state, updatedAt: Date.now() };
+  writeFileSync(STATE_FILE, JSON.stringify(next, null, 2), { mode: 384 });
+}
+function clearState() {
+  if (existsSync(STATE_FILE)) {
+    writeFileSync(STATE_FILE, "{}", { mode: 384 });
+  }
+}
+
+// src/keychain.ts
+import { spawnSync } from "child_process";
+var SERVICE = "opencode-manager";
+
+class KeychainError extends Error {
+  exitCode;
+  constructor(message, exitCode) {
+    super(message);
+    this.exitCode = exitCode;
+    this.name = "KeychainError";
+  }
+}
+function runSecurity(args, input) {
+  const res = spawnSync("security", args, {
+    input,
+    encoding: "utf-8"
+  });
+  return { stdout: res.stdout ?? "", stderr: res.stderr ?? "", code: res.status };
+}
+function setToken(account, token) {
+  const res = runSecurity([
+    "add-generic-password",
+    "-s",
+    SERVICE,
+    "-a",
+    account,
+    "-w",
+    token,
+    "-U"
+  ]);
+  if (res.code !== 0) {
+    throw new KeychainError(`Failed to store token in Keychain: ${res.stderr.trim()}`, res.code);
+  }
+}
+function getToken(account) {
+  const res = runSecurity([
+    "find-generic-password",
+    "-s",
+    SERVICE,
+    "-a",
+    account,
+    "-w"
+  ]);
+  if (res.code !== 0)
+    return null;
+  return res.stdout.trim() || null;
+}
+function deleteToken(account) {
+  const res = runSecurity([
+    "delete-generic-password",
+    "-s",
+    SERVICE,
+    "-a",
+    account
+  ]);
+  return res.code === 0;
+}
+
+// src/manager-api.ts
+class ManagerApi {
+  baseUrl;
+  token;
+  constructor(baseUrl, token) {
+    this.baseUrl = baseUrl;
+    this.token = token;
+  }
+  headers(extra = {}) {
+    return { Authorization: `Bearer ${this.token}`, ...extra };
+  }
+  async mirrorUp(repoId, body, opts) {
+    const params = new URLSearchParams;
+    if (opts.force)
+      params.set("force", "1");
+    if (opts.create) {
+      params.set("create", "1");
+      params.set("name", opts.create.name);
+      if (opts.create.originUrl)
+        params.set("originUrl", opts.create.originUrl);
+      if (opts.create.branch)
+        params.set("branch", opts.create.branch);
+    }
+    const qs = params.toString() ? `?${params.toString()}` : "";
+    const url = `${this.baseUrl}/api/internal/repos/${repoId}/mirror${qs}`;
+    const res = await fetch(url, {
+      method: "POST",
+      headers: {
+        ...this.headers(),
+        "Content-Type": "application/x-tar"
+      },
+      body,
+      duplex: "half"
+    });
+    if (!res.ok)
+      throw new Error(`mirror ${res.status}: ${await res.text()}`);
+    return await res.json();
+  }
+  async mirrorDown(repoId) {
+    const res = await fetch(`${this.baseUrl}/api/internal/repos/${repoId}/mirror`, {
+      headers: this.headers()
+    });
+    if (!res.ok)
+      throw new Error(`mirror ${res.status}: ${await res.text()}`);
+    return res.body;
+  }
+}
+
+// src/mirror.ts
+import { spawnSync as spawnSync3, spawn } from "child_process";
+import { existsSync as existsSync2 } from "fs";
+import * as fsp from "fs/promises";
+import { Readable } from "stream";
+import { join as join2 } from "path";
+import { tmpdir } from "os";
+
+// src/local-repo.ts
+import { spawnSync as spawnSync2 } from "child_process";
+function git(cwd, args) {
+  const res = spawnSync2("git", args, { cwd, encoding: "utf-8" });
+  if (res.status !== 0)
+    return null;
+  return (res.stdout ?? "").trim();
+}
+function getRepoRoot(cwd) {
+  return git(cwd, ["rev-parse", "--show-toplevel"]);
+}
+function getOriginUrl(dir) {
+  return git(dir, ["remote", "get-url", "origin"]);
+}
+function getDirtyPaths(dir) {
+  const out = git(dir, ["status", "--porcelain", "-z", "--untracked-files=all"]);
+  if (!out)
+    return new Set;
+  const paths = new Set;
+  for (const record of out.split("\x00")) {
+    if (!record)
+      continue;
+    const path = record.slice(3);
+    if (path)
+      paths.add(path);
+  }
+  return paths;
+}
+function normalizeUrl(url) {
+  return url.trim().replace(/\.git$/, "").replace(/^git@([^:]+):/, "ssh://git@$1/").replace(/\/+$/, "").toLowerCase();
+}
+function getBranchName(dir) {
+  return git(dir, ["rev-parse", "--abbrev-ref", "HEAD"]);
+}
+function urlsEqual(a, b) {
+  if (!a || !b)
+    return false;
+  return normalizeUrl(a) === normalizeUrl(b);
+}
+
+// src/mirror.ts
+var HARDCODED_EXCLUDES = ["node_modules", "dist", ".next", ".venv", "__pycache__", ".turbo"];
+function getGitignoreExclusions(repoRoot) {
+  const res = spawnSync3("git", ["ls-files", "--others", "--ignored", "--exclude-standard", "--directory"], {
+    cwd: repoRoot,
+    encoding: "utf-8"
+  });
+  if (res.status !== 0)
+    return [];
+  return (res.stdout ?? "").split(`
+`).filter((line) => line.length > 0);
+}
+
+class MirrorAbort extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "MirrorAbort";
+  }
+}
+function prepareMirror(cwd, remotes) {
+  const repoRoot = getRepoRoot(cwd);
+  if (!repoRoot)
+    throw new MirrorAbort("not in a git repository");
+  const localOrigin = getOriginUrl(repoRoot);
+  if (!localOrigin)
+    throw new MirrorAbort("no origin URL found");
+  const matched = remotes.filter((r) => urlsEqual(localOrigin, r.originUrl));
+  return { repoRoot, localOrigin, matched };
+}
+async function mirrorUp(plan, opts) {
+  const tarArgs = ["-c", "-C", plan.repoRoot];
+  for (const dir of HARDCODED_EXCLUDES)
+    tarArgs.push("--exclude", dir);
+  const ignoredPaths = getGitignoreExclusions(plan.repoRoot);
+  let excludeFile = null;
+  if (ignoredPaths.length > 0) {
+    excludeFile = join2(tmpdir(), `ocm-exclude-${Date.now()}-${Math.random().toString(36).slice(2)}.txt`);
+    await fsp.writeFile(excludeFile, ignoredPaths.join(`
+`));
+    tarArgs.push("--exclude-from", excludeFile);
+  }
+  tarArgs.push(".");
+  const child = spawn("tar", tarArgs, { stdio: ["pipe", "pipe", "pipe"] });
+  const stderrChunks = [];
+  child.stderr.on("data", (chunk) => stderrChunks.push(chunk));
+  const tarExit = new Promise((resolve, reject) => {
+    child.on("close", (code) => {
+      if (code === 0)
+        resolve();
+      else {
+        const stderr = Buffer.concat(stderrChunks).toString("utf-8").trim();
+        reject(new Error(`tar exited with code ${code}${stderr ? `: ${stderr}` : ""}`));
+      }
+    });
+    child.on("error", reject);
+  });
+  const body = Readable.toWeb(child.stdout);
+  const repoId = opts.create ? 0 : plan.matched[0].repoId;
+  try {
+    const [result] = await Promise.all([
+      opts.api.mirrorUp(repoId, body, {
+        force: opts.force,
+        create: opts.create
+      }),
+      tarExit
+    ]);
+    return result;
+  } finally {
+    if (excludeFile) {
+      await fsp.rm(excludeFile, { force: true }).catch(() => {});
+    }
+  }
+}
+async function mirrorDown(repoId, repoRoot, api, opts = { force: false }) {
+  if (!opts.force && getDirtyPaths(repoRoot).size > 0) {
+    throw new MirrorAbort("working tree has uncommitted changes; rerun with --force");
+  }
+  const staging = `${repoRoot}.ocm-recv-${Date.now()}`;
+  await fsp.mkdir(staging, { recursive: true });
+  try {
+    const tarball = await api.mirrorDown(repoId);
+    const child = spawn("tar", ["-x", "-f", "-", "-C", staging], { stdio: ["pipe", "pipe", "pipe"] });
+    const stderrChunks = [];
+    child.stderr.on("data", (chunk) => stderrChunks.push(chunk));
+    const tarDone = new Promise((resolve, reject) => {
+      child.on("close", (code) => {
+        if (code === 0)
+          resolve();
+        else {
+          const stderr = Buffer.concat(stderrChunks).toString("utf-8").trim();
+          reject(new Error(`tar exited with code ${code}${stderr ? `: ${stderr}` : ""}`));
+        }
+      });
+      child.on("error", reject);
+    });
+    const stdinWritable = Readable.fromWeb(tarball);
+    stdinWritable.pipe(child.stdin);
+    await tarDone;
+    const backupDir = `${repoRoot}.ocm-backup-${Date.now()}`;
+    await fsp.mkdir(backupDir, { recursive: true });
+    if (existsSync2(repoRoot)) {
+      const entries = await fsp.readdir(repoRoot);
+      for (const entry of entries) {
+        await fsp.rename(join2(repoRoot, entry), join2(backupDir, entry));
+      }
+    }
+    try {
+      const stagingEntries = await fsp.readdir(staging);
+      for (const entry of stagingEntries) {
+        await fsp.rename(join2(staging, entry), join2(repoRoot, entry));
+      }
+      await fsp.rm(backupDir, { recursive: true, force: true }).catch(() => {});
+      await fsp.rm(staging, { recursive: true, force: true }).catch(() => {});
+    } catch (swapError) {
+      const backupEntries = await fsp.readdir(backupDir).catch(() => []);
+      for (const entry of backupEntries) {
+        await fsp.rename(join2(backupDir, entry), join2(repoRoot, entry)).catch(() => {});
+      }
+      await fsp.rm(backupDir, { recursive: true, force: true }).catch(() => {});
+      throw swapError;
+    }
+  } catch (error) {
+    await fsp.rm(staging, { recursive: true, force: true }).catch(() => {});
+    throw error;
+  }
+}
+
+// src/resolve-target.ts
+function resolveTarget(input) {
+  const repoRoot = getRepoRoot(input.cwd);
+  const localOrigin = repoRoot ? getOriginUrl(repoRoot) : null;
+  if (repoRoot && localOrigin) {
+    const matches = input.repos.filter((r) => urlsEqual(localOrigin, r.originUrl));
+    if (matches.length === 1) {
+      return { kind: "cwd-match", repo: matches[0], repoRoot };
+    }
+    if (matches.length > 1) {
+      return { kind: "cwd-ambiguous", matches, localOrigin, repoRoot };
+    }
+    return { kind: "local", reason: "no-match", repoRoot };
+  }
+  if (input.last) {
+    return { kind: "last", repo: toTarget(input.last) };
+  }
+  return { kind: "local", reason: "no-target", repoRoot };
+}
+function toTarget(last) {
+  return {
+    repoId: last.repoId,
+    name: last.name,
+    branch: last.branch,
+    directory: last.directory
+  };
+}
+
+// bin/ocm.ts
+var USAGE = `ocm - OpenCode Manager workspace launcher
+
+Usage:
+  ocm                       Attach to the Manager repo matching $PWD's git origin,
+                            fall back to the last selected repo, or launch local
+                            opencode when no Manager target applies
+  ocm login <url> [token]   Save manager URL + token (token via stdin if omitted)
+  ocm logout                Forget saved token (Keychain) and state
+  ocm status                Show current manager URL, repo, and whether token is set
+  ocm list                  List ready repos from the manager
+  ocm use <repoId|name>     Attach to a specific repo and remember it as last
+  ocm push [--force] [--create] [--yes]   Mirror $PWD to the matching Manager repo (or create one)
+  ocm pull [--force]                      Mirror the matching Manager repo over $PWD
+  ocm --help                Show this help
+`;
+function die(msg, code = 1) {
+  process.stderr.write(`ocm: ${msg}
+`);
+  process.exit(code);
+}
+function info(msg) {
+  process.stdout.write(`${msg}
+`);
+}
+function requireState() {
+  const state = readState();
+  if (!state || !state.managerUrl) {
+    die(`no manager configured. Run \`ocm login <url>\` first.`);
+  }
+  return state;
+}
+function requireToken(state) {
+  const token = getToken(state.managerUrl);
+  if (!token) {
+    die(`no token in Keychain for ${state.managerUrl}. Run \`ocm login ${state.managerUrl}\`.`);
+  }
+  return token;
+}
+async function fetchRepos(managerUrl, token) {
+  const res = await fetch(`${managerUrl}/api/internal/opencode-workspaces`, {
+    headers: { Authorization: `Bearer ${token}` }
+  });
+  if (!res.ok) {
+    throw new Error(`manager responded ${res.status} ${res.statusText}`);
+  }
+  const data = await res.json();
+  return data.workspaces;
+}
+function attach(managerUrl, token, repo) {
+  const proxyUrl = `${managerUrl}/api/opencode-proxy`;
+  const args = [
+    "attach",
+    proxyUrl,
+    "--dir",
+    repo.directory,
+    "--password",
+    token,
+    "--username",
+    "opencode"
+  ];
+  const child = spawn2("opencode", args, { stdio: "inherit" });
+  child.on("close", (code) => process.exit(code ?? 0));
+  child.on("error", (err) => die(`failed to spawn opencode: ${err.message}`));
+  return;
+}
+function findRepo(repos, needle) {
+  if (typeof needle === "number") {
+    return repos.find((r) => r.repoId === needle);
+  }
+  const asNum = Number(needle);
+  if (!Number.isNaN(asNum)) {
+    const byId = repos.find((r) => r.repoId === asNum);
+    if (byId)
+      return byId;
+  }
+  return repos.find((r) => r.name === needle) ?? repos.find((r) => r.name.toLowerCase() === needle.toLowerCase());
+}
+async function cmdLogin(args) {
+  const url = args[0];
+  if (!url)
+    die("usage: ocm login <url> [token]");
+  const normalisedUrl = url.replace(/\/+$/, "");
+  let token = args[1];
+  if (!token) {
+    if (process.stdin.isTTY) {
+      process.stderr.write("Paste token (input hidden): ");
+      const res = spawnSync4("bash", ["-c", 'read -s LINE && printf "%s" "$LINE"'], {
+        stdio: ["inherit", "pipe", "inherit"],
+        encoding: "utf-8"
+      });
+      process.stderr.write(`
+`);
+      token = (res.stdout ?? "").trim();
+    } else {
+      token = await new Promise((resolve) => {
+        const chunks = [];
+        process.stdin.on("data", (c) => chunks.push(c));
+        process.stdin.on("end", () => resolve(Buffer.concat(chunks).toString("utf-8").trim()));
+      });
+    }
+  }
+  if (!token)
+    die("no token provided");
+  try {
+    setToken(normalisedUrl, token);
+  } catch (err) {
+    if (err instanceof KeychainError)
+      die(`Keychain error: ${err.message}`);
+    throw err;
+  }
+  const existing = readState();
+  writeState({
+    ...existing,
+    managerUrl: normalisedUrl
+  });
+  info(`Saved token for ${normalisedUrl} in Keychain.`);
+  info(`State file: ${getStatePath()}`);
+}
+async function cmdLogout() {
+  const state = readState();
+  if (!state || !state.managerUrl) {
+    info("Nothing to log out from.");
+    return;
+  }
+  const deleted = deleteToken(state.managerUrl);
+  clearState();
+  info(deleted ? `Removed Keychain entry for ${state.managerUrl}.` : `No Keychain entry found.`);
+  info("State cleared.");
+}
+async function cmdStatus() {
+  const state = readState();
+  if (!state) {
+    info("no state. run: ocm login <url>");
+    return;
+  }
+  info(`manager url:  ${state.managerUrl}`);
+  info(`token in kc:  ${getToken(state.managerUrl) ? "yes" : "no"}`);
+  if (state.lastRepoId !== undefined) {
+    info(`last repo:    ${state.lastRepoName} (id=${state.lastRepoId}, branch=${state.lastRepoBranch ?? "n/a"})`);
+    info(`last repo dir: ${state.lastRepoDir}`);
+  } else {
+    info("last repo:    (none)");
+  }
+  info(`state file:   ${getStatePath()}`);
+}
+async function cmdList() {
+  const state = requireState();
+  const token = requireToken(state);
+  const repos = await fetchRepos(state.managerUrl, token);
+  if (repos.length === 0) {
+    info("No ready repos.");
+    return;
+  }
+  const idWidth = Math.max(...repos.map((r) => String(r.repoId).length));
+  const nameWidth = Math.max(...repos.map((r) => r.name.length));
+  for (const r of repos) {
+    const id = String(r.repoId).padStart(idWidth);
+    const name = r.name.padEnd(nameWidth);
+    const branch = r.branch ? ` (${r.branch})` : "";
+    info(`${id}  ${name}  ${r.cloneStatus}${branch}`);
+  }
+}
+async function cmdUse(args) {
+  const needle = args[0];
+  if (!needle)
+    die("usage: ocm use <repoId|name>");
+  const state = requireState();
+  const token = requireToken(state);
+  const repos = await fetchRepos(state.managerUrl, token);
+  const repo = findRepo(repos, needle);
+  if (!repo)
+    die(`repo not found: ${needle}`);
+  writeState({
+    ...state,
+    lastRepoId: repo.repoId,
+    lastRepoName: repo.name,
+    lastRepoDir: repo.directory,
+    lastRepoBranch: repo.branch
+  });
+  attach(state.managerUrl, token, repo);
+}
+async function cmdDefault() {
+  const state = requireState();
+  const token = requireToken(state);
+  const last = state.lastRepoId !== undefined && state.lastRepoDir ? {
+    repoId: state.lastRepoId,
+    name: state.lastRepoName ?? `repo-${state.lastRepoId}`,
+    directory: state.lastRepoDir,
+    branch: state.lastRepoBranch ?? null
+  } : undefined;
+  const repos = await fetchRepos(state.managerUrl, token);
+  const result = resolveTarget({ cwd: process.cwd(), repos, last });
+  switch (result.kind) {
+    case "cwd-match": {
+      const repo = result.repo;
+      info(`attaching to ${repo.name} (matched $PWD origin)`);
+      writeState({
+        ...state,
+        lastRepoId: repo.repoId,
+        lastRepoName: repo.name,
+        lastRepoDir: repo.directory,
+        lastRepoBranch: repo.branch
+      });
+      attach(state.managerUrl, token, toManagerRepo(repo));
+      return;
+    }
+    case "last":
+      attach(state.managerUrl, token, toManagerRepo(result.repo));
+      return;
+    case "cwd-ambiguous": {
+      const names = result.matches.map((r) => `${r.name} (id=${r.repoId})`).join(", ");
+      die(`multiple Manager repos match origin ${result.localOrigin}: ${names}; disambiguate with \`ocm use <repoId>\``);
+    }
+    case "local":
+      runLocalOpencode(result.reason);
+      return;
+  }
+}
+function runLocalOpencode(reason) {
+  const message = reason === "no-match" ? "no Manager repo matches $PWD; launching local opencode" : "no last repo; launching local opencode";
+  process.stderr.write(`ocm: ${message}
+`);
+  const child = spawn2("opencode", [], { stdio: "inherit" });
+  child.on("close", (code) => process.exit(code ?? 0));
+  child.on("error", (err) => die(`failed to spawn opencode: ${err.message}`));
+  return;
+}
+function toManagerRepo(repo) {
+  return {
+    repoId: repo.repoId,
+    name: repo.name,
+    branch: repo.branch,
+    cloneStatus: "ready",
+    directory: repo.directory,
+    extra: { repoId: repo.repoId, localPath: "", fullPath: repo.directory }
+  };
+}
+async function cmdPush(args) {
+  let force = false;
+  let create = false;
+  let yes = false;
+  for (const arg of args) {
+    if (arg === "--force")
+      force = true;
+    else if (arg === "--create")
+      create = true;
+    else if (arg === "--yes")
+      yes = true;
+  }
+  const state = requireState();
+  const token = requireToken(state);
+  const api = new ManagerApi(state.managerUrl, token);
+  const repos = await fetchRepos(state.managerUrl, token);
+  const remotes = repos.map((r) => ({
+    repoId: r.repoId,
+    name: r.name,
+    originUrl: r.originUrl ?? null,
+    branch: r.branch
+  }));
+  const plan = prepareMirror(process.cwd(), remotes);
+  if (plan.matched.length === 0) {
+    if (!create) {
+      die(`no matching Manager repo for origin ${plan.localOrigin}. Re-run with --create to create one.`);
+    }
+    const name = basename(plan.repoRoot);
+    const branch = getBranchName(plan.repoRoot);
+    if (process.stdin.isTTY && !yes) {
+      process.stderr.write(`Create Manager repo "${name}" by uploading ${plan.repoRoot} (origin: ${plan.localOrigin})? [y/N] `);
+      const res = spawnSync4("bash", ["-c", 'read LINE && printf "%s" "$LINE"'], {
+        stdio: ["inherit", "pipe", "inherit"],
+        encoding: "utf-8"
+      });
+      const answer = (res.stdout ?? "").trim().toLowerCase();
+      if (answer !== "y" && answer !== "yes") {
+        die("aborted");
+      }
+    } else if (!process.stdin.isTTY && !yes) {
+      die("stdin is not a TTY; pass --yes to confirm creation");
+    }
+    const result = await mirrorUp(plan, {
+      api,
+      force,
+      create: { name, originUrl: plan.localOrigin, branch }
+    });
+    info(`pushed ${plan.repoRoot} -> ${result.created ? "created" : "updated"} (repoId=${result.repoId}, branch=${result.branch})`);
+  } else if (plan.matched.length === 1) {
+    const result = await mirrorUp(plan, { api, force });
+    info(`pushed ${plan.repoRoot} -> ${plan.matched[0].name} (repoId=${result.repoId}, branch=${result.branch})`);
+  } else {
+    const names = plan.matched.map((r) => `${r.name} (id=${r.repoId})`).join(", ");
+    die(`multiple Manager repos match origin ${plan.localOrigin}: ${names}; disambiguate with \`ocm push <repoId>\``);
+  }
+}
+async function cmdPull(args) {
+  let force = false;
+  for (const arg of args) {
+    if (arg === "--force")
+      force = true;
+  }
+  const state = requireState();
+  const token = requireToken(state);
+  const api = new ManagerApi(state.managerUrl, token);
+  const repos = await fetchRepos(state.managerUrl, token);
+  const remotes = repos.map((r) => ({
+    repoId: r.repoId,
+    name: r.name,
+    originUrl: r.originUrl ?? null,
+    branch: r.branch
+  }));
+  const plan = prepareMirror(process.cwd(), remotes);
+  if (plan.matched.length === 0) {
+    die(`no matching Manager repo for origin ${plan.localOrigin}.`);
+  }
+  if (plan.matched.length > 1) {
+    const names = plan.matched.map((r) => `${r.name} (id=${r.repoId})`).join(", ");
+    die(`multiple Manager repos match origin ${plan.localOrigin}: ${names}; disambiguate with \`ocm pull <repoId>\``);
+  }
+  await mirrorDown(plan.matched[0].repoId, plan.repoRoot, api, { force });
+  info(`pulled ${plan.matched[0].name} -> ${plan.repoRoot}`);
+}
+async function main() {
+  const [, , cmd, ...rest] = process.argv;
+  if (cmd === "--help" || cmd === "-h" || cmd === "help") {
+    process.stdout.write(USAGE);
+    return;
+  }
+  try {
+    switch (cmd) {
+      case undefined:
+        await cmdDefault();
+        break;
+      case "login":
+        await cmdLogin(rest);
+        break;
+      case "logout":
+        await cmdLogout();
+        break;
+      case "status":
+        await cmdStatus();
+        break;
+      case "list":
+      case "ls":
+        await cmdList();
+        break;
+      case "use":
+      case "attach":
+        await cmdUse(rest);
+        break;
+      case "push":
+        await cmdPush(rest);
+        break;
+      case "pull":
+        await cmdPull(rest);
+        break;
+      default:
+        die(`unknown command: ${cmd}. run \`ocm --help\``);
+    }
+  } catch (err) {
+    die(err instanceof Error ? err.message : String(err));
+  }
+}
+var entryUrl = process.argv[1] ? `file://${process.argv[1]}` : "";
+if (entryUrl === import.meta.url || process.argv[1]?.endsWith("/ocm.js") || process.argv[1]?.endsWith("/ocm")) {
+  main();
+}
+export {
+  cmdPush
+};

package/dist/plugin.js

@@ -0,0 +1,51 @@
+// src/plugin.ts
+import { mkdirSync, symlinkSync, lstatSync, readlinkSync, unlinkSync, existsSync, chmodSync } from "node:fs";
+import { homedir } from "node:os";
+import { dirname, join, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+var PACKAGE_ROOT = resolve(dirname(fileURLToPath(import.meta.url)), "..");
+var OCM_TARGET = join(PACKAGE_ROOT, "dist", "ocm.js");
+var BIN_DIR = join(homedir(), ".local", "bin");
+var BIN_LINK = join(BIN_DIR, "ocm");
+function ensureSymlink() {
+  if (!existsSync(OCM_TARGET)) {
+    return { installed: false, message: `ocm-cli: missing ${OCM_TARGET}, skipping bin install` };
+  }
+  try {
+    chmodSync(OCM_TARGET, 493);
+  } catch {}
+  try {
+    mkdirSync(BIN_DIR, { recursive: true });
+  } catch (err) {
+    return { installed: false, message: `ocm-cli: cannot create ${BIN_DIR}: ${err.message}` };
+  }
+  try {
+    const stat = lstatSync(BIN_LINK);
+    if (stat.isSymbolicLink()) {
+      if (readlinkSync(BIN_LINK) === OCM_TARGET) {
+        return { installed: false };
+      }
+      unlinkSync(BIN_LINK);
+    } else {
+      return { installed: false, message: `ocm-cli: ${BIN_LINK} exists and is not a symlink; leaving alone` };
+    }
+  } catch {}
+  try {
+    symlinkSync(OCM_TARGET, BIN_LINK);
+  } catch (err) {
+    return { installed: false, message: `ocm-cli: failed to symlink ${BIN_LINK}: ${err.message}` };
+  }
+  const onPath = (process.env.PATH ?? "").split(":").includes(BIN_DIR);
+  const pathHint = onPath ? "" : ` (add "${BIN_DIR}" to your PATH to run \`ocm\`)`;
+  return { installed: true, message: `ocm-cli: installed \`ocm\` at ${BIN_LINK}${pathHint}` };
+}
+var result = ensureSymlink();
+if (result.message) {
+  process.stderr.write(`${result.message}
+`);
+}
+var plugin = async () => ({});
+var plugin_default = plugin;
+export {
+  plugin_default as default
+};

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "@opencode-manager/ocm-cli",
+  "version": "0.1.0",
+  "description": "OpenCode Manager CLI: attach a local OpenCode TUI to a Manager-hosted repo.",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/chriswritescode-dev/opencode-manager.git",
+    "directory": "ocm-cli"
+  },
+  "type": "module",
+  "main": "./dist/plugin.js",
+  "exports": {
+    ".": {
+      "import": "./dist/plugin.js"
+    }
+  },
+  "bin": {
+    "ocm": "dist/ocm.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "dependencies": {},
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "typescript": "^5.5.0",
+    "vitest": "^3.1.0"
+  },
+  "scripts": {
+    "build": "bun scripts/build.ts",
+    "postinstall": "node scripts/postinstall.mjs || true",
+    "typecheck": "tsc --noEmit",
+    "test": "bun scripts/build.ts && vitest run",
+    "test:watch": "vitest"
+  }
+}