@pensar/apex 0.0.93 → 0.0.96-canary.11229b88

package/bin/pensar.js

@@ -98,7 +98,9 @@ if (command === "benchmark") {
   console.log(
     "  pensar swarm        Run parallel pentests on multiple targets"
   );
-  console.log("  pensar auth         Authenticate to a target application");
+  console.log(
+    "  pensar auth         Connect to Pensar Console for managed inference"
+  );
   console.log();
   console.log("Options:");
   console.log("  -h, --help         Show this help message");
@@ -172,24 +174,12 @@ if (command === "benchmark") {
   );
   console.log();
   console.log("Auth Usage:");
-  console.log("  pensar auth --target <url> [options]");
-  console.log();
-  console.log("Auth Options:");
-  console.log(
-    "  --target <url>           Target URL to authenticate against (required)"
-  );
-  console.log("  --username <user>        Username for login");
-  console.log("  --password <pass>        Password for login");
-  console.log("  --api-key <key>          API key for authentication");
-  console.log("  --bearer <token>         Bearer token to verify");
-  console.log("  --cookies <string>       Existing cookies to verify");
-  console.log(
-    "  --model <model>          AI model to use (default: claude-sonnet-4-5)"
-  );
-  console.log("  --no-browser             Disable browser tools");
   console.log(
-    "  --discover-only          Only discover auth requirements, don't authenticate"
+    "  pensar auth              Login to Pensar Console (or show status if connected)"
   );
+  console.log("  pensar auth login        Login to Pensar Console");
+  console.log("  pensar auth logout       Disconnect from Pensar Console");
+  console.log("  pensar auth status       Show connection status");
   console.log();
   console.log("Header Modes (for quicktest, pentest, swarm):");
   console.log("  none                     No custom headers added to requests");
@@ -217,15 +207,9 @@ if (command === "benchmark") {
   );
   console.log("  pensar swarm targets.json");
   console.log("  pensar swarm targets.json --headers none");
-  console.log(
-    "  pensar auth --target http://localhost:3000 --discover-only"
-  );
-  console.log(
-    "  pensar auth --target http://localhost:3000 --username admin --password admin123"
-  );
-  console.log(
-    '  pensar auth --target http://localhost:3000 --bearer "eyJ..."'
-  );
+  console.log("  pensar auth");
+  console.log("  pensar auth status");
+  console.log("  pensar auth logout");
 } else if (args.length === 0) {
   // No command specified, run the TUI
   const appPath = join(__dirname, "..", "build", "index.js");

package/build/auth.js

@@ -0,0 +1,603 @@
+#!/usr/bin/env bun
+// @bun
+
+// src/core/config/config.ts
+import os from "os";
+import path from "path";
+import fs from "fs/promises";
+// package.json
+var package_default = {
+  name: "@pensar/apex",
+  version: "0.0.96-canary.11229b88",
+  description: "AI-powered penetration testing CLI tool with terminal UI",
+  module: "src/tui/index.tsx",
+  main: "build/index.js",
+  type: "module",
+  repository: {
+    type: "git",
+    url: "https://github.com/pensarai/apex.git"
+  },
+  bin: {
+    pensar: "./bin/pensar.js"
+  },
+  files: [
+    "build",
+    "bin",
+    "src/core/installation",
+    "pensar.svg",
+    "LICENSE"
+  ],
+  scripts: {
+    build: "bun build src/tui/index.tsx --outdir build --target node --format esm --external sharp && bun build src/cli/auth.ts --outdir build --target node --format esm",
+    "generate:ascii": "bun run scripts/generate-ascii-art.ts",
+    "generate:models": "bun run scripts/generate-models.ts",
+    "build:binary": "bun run generate:ascii && bun build src/cli.ts --compile --outfile pensar",
+    "build:binary:macos-arm64": "bun build src/cli.ts --compile --target=bun-darwin-arm64 --outfile dist/pensar-darwin-arm64",
+    "build:binary:macos-x64": "bun build src/cli.ts --compile --target=bun-darwin-x64 --outfile dist/pensar-darwin-x64",
+    "build:binary:linux-x64": "bun build src/cli.ts --compile --target=bun-linux-x64 --outfile dist/pensar-linux-x64",
+    "build:binary:linux-arm64": "bun build src/cli.ts --compile --target=bun-linux-arm64 --outfile dist/pensar-linux-arm64",
+    "build:binaries": "bun run generate:ascii && mkdir -p dist && bun run build:binary:macos-arm64 && bun run build:binary:macos-x64 && bun run build:binary:linux-x64 && bun run build:binary:linux-arm64",
+    dev: "bun run scripts/watch.ts",
+    "dev:debug": "SHOW_CONSOLE=true bun run scripts/watch.ts",
+    start: "bun run src/tui/index.tsx",
+    pensar: "node bin/pensar.js",
+    tsc: "tsc --noEmit",
+    "daytona-benchmark": "bun run scripts/daytona-benchmark.ts",
+    "local-benchmark": "bun run scripts/local-benchmark.ts",
+    test: "vitest run",
+    "test:watch": "vitest",
+    lint: "eslint src/",
+    format: "prettier --write .",
+    "format:check": "prettier --check .",
+    prepublishOnly: "npm run build"
+  },
+  keywords: [
+    "penetration-testing",
+    "security",
+    "pentesting",
+    "ai",
+    "cli",
+    "terminal",
+    "tui"
+  ],
+  author: "Pensar",
+  license: "MIT",
+  engines: {
+    node: ">=18.0.0",
+    bun: ">=1.0.0"
+  },
+  devDependencies: {
+    "@eslint/js": "^10.0.1",
+    "@playwright/mcp": "^0.0.54",
+    "@types/bun": "^1.3.0",
+    "@types/mailparser": "^3.4.6",
+    "@types/react": "^19.2.6",
+    "@typescript-eslint/eslint-plugin": "^8.55.0",
+    "@typescript-eslint/parser": "^8.55.0",
+    dotenv: "^17.2.3",
+    eslint: "^10.0.0",
+    "eslint-config-prettier": "^10.1.8",
+    "eslint-plugin-unused-imports": "^4.4.1",
+    prettier: "^3.8.1",
+    "typescript-eslint": "^8.55.0",
+    vitest: "^2.1.8"
+  },
+  peerDependencies: {
+    typescript: "^5.9.3"
+  },
+  dependencies: {
+    "@ai-sdk/amazon-bedrock": "^4.0.69",
+    "@ai-sdk/anthropic": "^3.0.50",
+    "@ai-sdk/google": "^3.0.37",
+    "@ai-sdk/openai": "^3.0.37",
+    "@ai-sdk/openai-compatible": "^2.0.35",
+    "@daytonaio/sdk": "^0.112.1",
+    "@googleapis/gmail": "^16.1.1",
+    "@microsoft/microsoft-graph-client": "^3.0.7",
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "@openrouter/ai-sdk-provider": "^2.2.3",
+    "@opentui/core": "^0.1.80",
+    "@opentui/react": "^0.1.80",
+    ai: "^6.0.105",
+    glob: "^13.0.0",
+    "google-auth-library": "^10.6.1",
+    "highlight.js": "^11.11.1",
+    ignore: "^7.0.5",
+    imapflow: "^1.2.10",
+    mailparser: "^3.9.3",
+    marked: "^16.4.0",
+    nanoid: "^5.1.6",
+    "p-limit": "^7.2.0",
+    react: "^19.2.0",
+    sharp: "^0.34.4",
+    yaml: "^2.8.2",
+    zod: "^3.25.76"
+  },
+  packageManager: "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"
+};
+
+// src/core/installation/index.ts
+function getCurrentVersion() {
+  return package_default.version;
+}
+
+// src/core/config/config.ts
+var DEFAULT_CONFIG = {
+  responsibleUseAccepted: false
+};
+async function init() {
+  const folder = path.join(os.homedir(), ".pensar");
+  const file = path.join(folder, "config.json");
+  const dirExists = await fs.access(folder).then(() => true).catch(() => false);
+  if (!dirExists) {
+    await fs.mkdir(folder, { recursive: true });
+  }
+  const fileExists = await fs.access(file).then(() => true).catch(() => false);
+  if (!fileExists) {
+    await fs.writeFile(file, JSON.stringify(DEFAULT_CONFIG));
+  }
+  const version = getCurrentVersion();
+  return { ...DEFAULT_CONFIG, version };
+}
+async function get() {
+  const folder = path.join(os.homedir(), ".pensar");
+  const file = path.join(folder, "config.json");
+  const exists = await fs.access(file).then(() => true).catch(() => false);
+  if (!exists) {
+    return await init();
+  }
+  const config = await fs.readFile(file, "utf8");
+  const parsedConfig = JSON.parse(config);
+  const version = getCurrentVersion();
+  return {
+    ...parsedConfig,
+    version,
+    openAiAPIKey: process.env.OPENAI_API_KEY ?? parsedConfig.openAiAPIKey,
+    anthropicAPIKey: process.env.ANTHROPIC_API_KEY ?? parsedConfig.anthropicAPIKey,
+    googleAPIKey: process.env.GOOGLE_GENERATIVE_AI_API_KEY ?? parsedConfig.googleAPIKey,
+    openRouterAPIKey: process.env.OPENROUTER_API_KEY ?? parsedConfig.openRouterAPIKey,
+    inceptionAPIKey: process.env.INCEPTION_API_KEY ?? parsedConfig.inceptionAPIKey,
+    bedrockAPIKey: process.env.BEDROCK_API_KEY ?? parsedConfig.bedrockAPIKey,
+    pensarAPIKey: process.env.PENSAR_API_KEY ?? parsedConfig.pensarAPIKey,
+    daytonaAPIKey: process.env.DAYTONA_API_KEY ?? parsedConfig.daytonaAPIKey,
+    daytonaOrgId: process.env.DAYTONA_ORG_ID ?? parsedConfig.daytonaOrgId,
+    runloopAPIKey: process.env.RUNLOOP_API_KEY ?? parsedConfig.runloopAPIKey
+  };
+}
+async function update(config) {
+  const currentConfig = await get();
+  const newConfig = { ...currentConfig, ...config };
+  const folder = path.join(os.homedir(), ".pensar");
+  const file = path.join(folder, "config.json");
+  await fs.writeFile(file, JSON.stringify(newConfig));
+}
+
+// src/core/config/index.ts
+var config = {
+  get,
+  init,
+  update
+};
+
+// src/core/api/constants.ts
+var PENSAR_API_BASE_URL = "https://api.pensar.dev";
+var PENSAR_CONSOLE_BASE_URL = "https://console.pensar.dev";
+function getPensarApiUrl() {
+  return PENSAR_API_BASE_URL;
+}
+function getPensarConsoleUrl() {
+  return process.env.PENSAR_CONSOLE_URL || PENSAR_CONSOLE_BASE_URL;
+}
+// src/core/config/index.ts
+var config2 = {
+  get,
+  init,
+  update
+};
+
+// src/core/api/constants.ts
+var PENSAR_API_BASE_URL2 = "https://api.pensar.dev";
+function getPensarApiUrl2() {
+  return PENSAR_API_BASE_URL2;
+}
+// src/core/auth/device-flow.ts
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function startDeviceFlow(apiUrl) {
+  const url = apiUrl ?? getPensarApiUrl2();
+  try {
+    const configResponse = await fetch(`${url}/api/cli/config`);
+    if (configResponse.ok) {
+      const cliConfig = await configResponse.json();
+      const response2 = await fetch("https://api.workos.com/user_management/authorize/device", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ client_id: cliConfig.workosClientId })
+      });
+      if (response2.ok) {
+        const deviceInfo2 = await response2.json();
+        return {
+          mode: "workos",
+          clientId: cliConfig.workosClientId,
+          deviceInfo: deviceInfo2
+        };
+      }
+    }
+  } catch {}
+  const response = await fetch(`${url}/auth/device/code`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" }
+  });
+  if (!response.ok) {
+    throw new Error("Failed to start device authorization");
+  }
+  const deviceInfo = await response.json();
+  return { mode: "legacy", deviceInfo };
+}
+async function pollWorkOSToken(params) {
+  const { clientId, deviceCode, interval, expiresIn, signal } = params;
+  const deadline = Date.now() + expiresIn * 1000;
+  while (Date.now() < deadline) {
+    if (signal?.aborted)
+      throw new Error("Authorization cancelled");
+    await sleep(interval * 1000);
+    if (signal?.aborted)
+      throw new Error("Authorization cancelled");
+    try {
+      const response = await fetch("https://api.workos.com/user_management/authenticate", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          client_id: clientId,
+          grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+          device_code: deviceCode
+        })
+      });
+      if (response.status === 400) {
+        continue;
+      }
+      if (!response.ok) {
+        throw new Error("Authentication failed");
+      }
+      const data = await response.json();
+      return {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token
+      };
+    } catch (err) {
+      if (err instanceof Error && (err.message === "Authentication failed" || err.message === "Authorization cancelled")) {
+        throw err;
+      }
+    }
+  }
+  throw new Error("Authorization timed out. Please try again.");
+}
+async function pollLegacyToken(params) {
+  const { apiUrl, deviceCode, interval, expiresIn, signal } = params;
+  const deadline = Date.now() + expiresIn * 1000;
+  while (Date.now() < deadline) {
+    if (signal?.aborted)
+      throw new Error("Authorization cancelled");
+    await sleep(interval * 1000);
+    if (signal?.aborted)
+      throw new Error("Authorization cancelled");
+    try {
+      const response = await fetch(`${apiUrl}/auth/device/token`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ deviceCode })
+      });
+      if (!response.ok)
+        continue;
+      const data = await response.json();
+      if (data.status === "complete" && data.apiKey) {
+        return data;
+      }
+      if (data.status === "expired") {
+        throw new Error("Authorization expired. Please try again.");
+      }
+      if (data.status === "not_found") {
+        throw new Error("Invalid authorization session. Please try again.");
+      }
+    } catch (err) {
+      if (signal?.aborted) {
+        throw new Error("Authorization cancelled", { cause: err });
+      }
+      if (err instanceof Error && err.message.includes("Please try again")) {
+        throw err;
+      }
+    }
+  }
+  throw new Error("Authorization timed out. Please try again.");
+}
+// src/core/auth/workspaces.ts
+function sleep2(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function fetchWorkspaces(apiUrl, accessToken) {
+  const response = await fetch(`${apiUrl}/api/cli/workspaces`, {
+    headers: { Authorization: `Bearer ${accessToken}` }
+  });
+  if (!response.ok) {
+    throw new Error(`Failed to fetch workspaces (${response.status})`);
+  }
+  const data = await response.json();
+  return data.workspaces;
+}
+async function pollForWorkspaceCreation(apiUrl, accessToken, signal) {
+  const POLL_INTERVAL = 3000;
+  const TIMEOUT = 5 * 60 * 1000;
+  const deadline = Date.now() + TIMEOUT;
+  while (Date.now() < deadline) {
+    if (signal?.aborted)
+      throw new Error("Cancelled");
+    await sleep2(POLL_INTERVAL);
+    if (signal?.aborted)
+      throw new Error("Cancelled");
+    try {
+      const response = await fetch(`${apiUrl}/api/cli/workspaces`, {
+        headers: { Authorization: `Bearer ${accessToken}` }
+      });
+      if (!response.ok)
+        continue;
+      const data = await response.json();
+      if (data.workspaces.length > 0) {
+        return data.workspaces;
+      }
+    } catch {}
+  }
+  throw new Error("Workspace creation timed out. Please try again.");
+}
+async function selectWorkspace(apiUrl, accessToken, workspaceId) {
+  const response = await fetch(`${apiUrl}/api/cli/select-workspace`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${accessToken}`
+    },
+    body: JSON.stringify({ workspaceId })
+  });
+  if (!response.ok) {
+    throw new Error("Failed to select workspace");
+  }
+  return await response.json();
+}
+// src/core/auth/connection.ts
+function isConnected(cfg) {
+  return !!(cfg.accessToken || cfg.pensarAPIKey);
+}
+async function disconnect() {
+  await config2.update({
+    pensarAPIKey: null,
+    accessToken: null,
+    refreshToken: null,
+    workspaceId: null,
+    workspaceSlug: null,
+    gatewaySigningKey: null
+  });
+}
+// src/cli/auth.ts
+import * as readline from "readline";
+function openUrl(url) {
+  try {
+    const platform = process.platform;
+    if (platform === "darwin") {
+      Bun.spawn(["open", url]);
+    } else if (platform === "win32") {
+      Bun.spawn(["cmd", "/c", "start", url]);
+    } else {
+      Bun.spawn(["xdg-open", url]);
+    }
+  } catch {}
+}
+function prompt(question) {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+  });
+}
+async function promptWorkspaceSelection(workspaces) {
+  console.log(`
+Select a workspace:
+`);
+  workspaces.forEach((ws, i) => {
+    console.log(`  ${i + 1}. ${ws.name} (${ws.slug}) \u2014 $${ws.balance.toFixed(2)}`);
+  });
+  const answer = await prompt(`
+Enter number (1-${workspaces.length}): `);
+  const index = parseInt(answer, 10) - 1;
+  if (isNaN(index) || index < 0 || index >= workspaces.length) {
+    console.error("Invalid selection.");
+    process.exit(1);
+  }
+  return workspaces[index];
+}
+async function login() {
+  const appConfig = await config.get();
+  if (isConnected(appConfig)) {
+    console.log("Already connected to Pensar Console.");
+    if (appConfig.workspaceSlug) {
+      console.log(`  Workspace: ${appConfig.workspaceSlug}`);
+    }
+    const answer = await prompt(`
+Reconnect? (y/N): `);
+    if (answer.toLowerCase() !== "y") {
+      return;
+    }
+  }
+  console.log(`
+Pensar Console \u2014 Managed Inference`);
+  console.log(`Connect for usage-based AI inference. No API keys needed.
+`);
+  const apiUrl = getPensarApiUrl();
+  const flowInfo = await startDeviceFlow(apiUrl);
+  if (flowInfo.mode === "workos") {
+    const { clientId, deviceInfo } = flowInfo;
+    openUrl(deviceInfo.verification_uri_complete);
+    console.log("A browser window should have opened.");
+    console.log(`If not, open this URL:
+  ${deviceInfo.verification_uri_complete}
+`);
+    console.log(`Your code: ${deviceInfo.user_code}
+`);
+    console.log("Waiting for browser authorization...");
+    const tokens = await pollWorkOSToken({
+      clientId,
+      deviceCode: deviceInfo.device_code,
+      interval: deviceInfo.interval,
+      expiresIn: deviceInfo.expires_in
+    });
+    await config.update({
+      accessToken: tokens.accessToken,
+      refreshToken: tokens.refreshToken
+    });
+    console.log(`
+Authenticated successfully. Fetching workspaces...`);
+    await handleWorkspaces(apiUrl, tokens.accessToken);
+  } else {
+    const { deviceInfo } = flowInfo;
+    openUrl(deviceInfo.verificationUriComplete);
+    console.log("A browser window should have opened.");
+    console.log(`If not, open this URL:
+  ${deviceInfo.verificationUriComplete}
+`);
+    console.log(`Your code: ${deviceInfo.userCode}
+`);
+    console.log("Waiting for browser authorization...");
+    const data = await pollLegacyToken({
+      apiUrl,
+      deviceCode: deviceInfo.deviceCode,
+      interval: deviceInfo.interval,
+      expiresIn: deviceInfo.expiresIn
+    });
+    await config.update({
+      pensarAPIKey: data.apiKey,
+      gatewaySigningKey: data.signingKey ?? null
+    });
+    if (data.workspace) {
+      await config.update({
+        workspaceId: data.workspace.id,
+        workspaceSlug: data.workspace.slug
+      });
+    }
+    console.log(`
+\u2713 Connected to Pensar Console`);
+    if (data.workspace) {
+      console.log(`  Workspace: ${data.workspace.name} (${data.workspace.slug})`);
+    }
+    if (data.credits) {
+      console.log(`  Credits: $${data.credits.balance.toFixed(2)}`);
+    }
+  }
+}
+async function handleWorkspaces(apiUrl, accessToken) {
+  let workspaces = await fetchWorkspaces(apiUrl, accessToken);
+  if (workspaces.length === 0) {
+    const consoleUrl = getPensarConsoleUrl();
+    console.log(`
+No workspaces found. Opening browser to create one...`);
+    console.log(`If the browser didn't open, visit: ${consoleUrl}/credits
+`);
+    openUrl(`${consoleUrl}/credits`);
+    console.log("Waiting for workspace creation...");
+    workspaces = await pollForWorkspaceCreation(apiUrl, accessToken);
+  }
+  let workspace;
+  if (workspaces.length === 1) {
+    workspace = workspaces[0];
+  } else {
+    workspace = await promptWorkspaceSelection(workspaces);
+  }
+  const result = await selectWorkspace(apiUrl, accessToken, workspace.id);
+  await config.update({
+    workspaceId: workspace.id,
+    workspaceSlug: workspace.slug,
+    gatewaySigningKey: result.signingKey ?? null
+  });
+  console.log(`
+\u2713 Connected to Pensar Console`);
+  console.log(`  Workspace: ${workspace.name} (${workspace.slug})`);
+  console.log(`  Credits: $${result.billing.balance.toFixed(2)}`);
+  if (!result.confirmed && result.billingUrl) {
+    console.log(`
+\u26A0 Your workspace needs credits. Add them at:
+  ${result.billingUrl}`);
+  } else if (result.billing.balance < 1) {
+    const billingUrl = `${getPensarConsoleUrl()}/${workspace.slug}/settings/billing`;
+    console.log(`
+\u26A0 Low credit balance. We recommend at least $30 for uninterrupted pentests.
+  Add credits: ${billingUrl}`);
+  }
+  console.log("\nPensar models are now available. Run `pensar` to get started.");
+}
+async function logout() {
+  const appConfig = await config.get();
+  if (!isConnected(appConfig)) {
+    console.log("Not currently connected to Pensar Console.");
+    return;
+  }
+  await disconnect();
+  console.log("\u2713 Disconnected from Pensar Console.");
+}
+async function status() {
+  const appConfig = await config.get();
+  if (!isConnected(appConfig)) {
+    console.log("Not connected to Pensar Console.");
+    console.log("\nRun `pensar auth login` to connect.");
+    return;
+  }
+  console.log("\u2713 Connected to Pensar Console");
+  if (appConfig.workspaceSlug) {
+    console.log(`  Workspace: ${appConfig.workspaceSlug}`);
+  }
+  if (appConfig.accessToken) {
+    console.log("  Auth: WorkOS (modern)");
+  } else {
+    console.log("  Auth: API key (legacy)");
+  }
+}
+function showHelp() {
+  console.log(`Pensar Auth \u2014 Connect to Pensar Console
+`);
+  console.log("Usage:");
+  console.log("  pensar auth              Login to Pensar Console (or show status if connected)");
+  console.log("  pensar auth login        Login to Pensar Console");
+  console.log("  pensar auth logout       Disconnect from Pensar Console");
+  console.log("  pensar auth status       Show connection status");
+  console.log();
+  console.log("Options:");
+  console.log("  -h, --help               Show this help message");
+}
+async function main() {
+  const args = process.argv.slice(2);
+  const subcommand = args[0];
+  if (subcommand === "help" || subcommand === "--help" || subcommand === "-h") {
+    showHelp();
+    return;
+  }
+  try {
+    if (!subcommand || subcommand === "login") {
+      await login();
+    } else if (subcommand === "logout") {
+      await logout();
+    } else if (subcommand === "status") {
+      await status();
+    } else {
+      console.error(`Unknown auth subcommand: ${subcommand}`);
+      console.error("Run 'pensar auth --help' for usage information");
+      process.exit(1);
+    }
+  } catch (err) {
+    console.error(`
+Error: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(1);
+  }
+}
+main();