@pkgseer/cli 0.1.1 → 0.1.3

package/dist/cli.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   version
-} from "./shared/chunk-3ne7e7xh.js";
+} from "./shared/chunk-8dn0z2ja.js";
 
 // src/cli.ts
 import { Command } from "commander";
@@ -202,7 +202,7 @@ var CliDocsListDocument = gql`
     packageName
     version
     pages {
-      slug
+      id
       title
       words
     }
@@ -465,6 +465,28 @@ var FetchPackageDocDocument = gql`
   }
 }
     `;
+var GetDocPageDocument = gql`
+    query GetDocPage($pageId: String!) {
+  getDocPage(pageId: $pageId) {
+    schemaVersion
+    page {
+      id
+      title
+      content
+      contentFormat
+      breadcrumbs
+      linkName
+      linkTargets
+      lastUpdatedAt
+      source {
+        url
+        label
+      }
+      baseUrl
+    }
+  }
+}
+    `;
 var SearchPackageDocsDocument = gql`
     query SearchPackageDocs($registry: Registry!, $packageName: String!, $keywords: [String!], $query: String, $includeSnippets: Boolean, $limit: Int, $version: String) {
   searchPackageDocs(
@@ -548,6 +570,7 @@ var PackageQualityDocumentString = print(PackageQualityDocument);
 var ComparePackagesDocumentString = print(ComparePackagesDocument);
 var ListPackageDocsDocumentString = print(ListPackageDocsDocument);
 var FetchPackageDocDocumentString = print(FetchPackageDocDocument);
+var GetDocPageDocumentString = print(GetDocPageDocument);
 var SearchPackageDocsDocumentString = print(SearchPackageDocsDocument);
 var SearchProjectDocsDocumentString = print(SearchProjectDocsDocument);
 function getSdk(client, withWrapper = defaultWrapper) {
@@ -603,6 +626,9 @@ function getSdk(client, withWrapper = defaultWrapper) {
     FetchPackageDoc(variables, requestHeaders) {
       return withWrapper((wrappedRequestHeaders) => client.rawRequest(FetchPackageDocDocumentString, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "FetchPackageDoc", "query", variables);
     },
+    GetDocPage(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.rawRequest(GetDocPageDocumentString, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "GetDocPage", "query", variables);
+    },
     SearchPackageDocs(variables, requestHeaders) {
       return withWrapper((wrappedRequestHeaders) => client.rawRequest(SearchPackageDocsDocumentString, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "SearchPackageDocs", "query", variables);
     },
@@ -824,7 +850,7 @@ class AuthStorageImpl {
     const normalizedUrl = normalizeBaseUrl(baseUrl);
     stored.tokens[normalizedUrl] = token;
     stored.version = CURRENT_VERSION;
-    await this.fs.ensureDir(this.authPath, DIR_MODE);
+    await this.fs.ensureDir(this.configDir, DIR_MODE);
     await this.fs.writeFile(this.authPath, JSON.stringify(stored, null, 2), FILE_MODE);
   }
   async clear(baseUrl) {
@@ -900,29 +926,18 @@ function migrateV2ToV3(legacy) {
 }
 // src/services/auth-utils.ts
 var PROJECT_MANIFEST_UPLOAD_SCOPE = "project_manifest_upload";
-async function checkProjectWriteScope(authStorage, baseUrl) {
-  const envToken = process.env.PKGSEER_API_TOKEN;
-  if (envToken) {
-    return {
-      token: envToken,
-      tokenName: "PKGSEER_API_TOKEN",
-      scopes: [],
-      createdAt: new Date().toISOString(),
-      expiresAt: null,
-      apiKeyId: 0
-    };
-  }
-  const auth = await authStorage.load(baseUrl);
-  if (!auth) {
+async function checkProjectWriteScope(configService, baseUrl) {
+  const tokenData = await configService.getApiToken(baseUrl);
+  if (!tokenData) {
     return null;
   }
-  if (auth.expiresAt && new Date(auth.expiresAt) < new Date) {
-    return null;
+  if (tokenData.scopes.length === 0) {
+    return tokenData;
   }
-  if (!auth.scopes.includes(PROJECT_MANIFEST_UPLOAD_SCOPE)) {
+  if (!tokenData.scopes.includes(PROJECT_MANIFEST_UPLOAD_SCOPE)) {
     return null;
   }
-  return auth;
+  return tokenData;
 }
 // src/services/browser-service.ts
 import open from "open";
@@ -971,11 +986,14 @@ var MergedConfigSchema = z.object({
   project: z.string().optional(),
   manifests: z.array(ManifestGroupSchema).optional()
 });
+var PKGSEER_API_TOKEN = "PKGSEER_API_TOKEN";
 
 class ConfigServiceImpl {
   fs;
-  constructor(fs) {
+  authStorage;
+  constructor(fs, authStorage) {
     this.fs = fs;
+    this.authStorage = authStorage;
   }
   getGlobalConfigPath() {
     return this.fs.joinPath(this.fs.getHomeDir(), CONFIG_DIR2, GLOBAL_CONFIG_FILE);
@@ -1059,6 +1077,27 @@ class ConfigServiceImpl {
       return null;
     }
   }
+  async getApiToken(baseUrl) {
+    const envToken = process.env[PKGSEER_API_TOKEN];
+    if (envToken) {
+      return {
+        token: envToken,
+        tokenName: "PKGSEER_API_TOKEN",
+        scopes: [],
+        createdAt: new Date().toISOString(),
+        expiresAt: null,
+        apiKeyId: 0
+      };
+    }
+    const stored = await this.authStorage.load(baseUrl);
+    if (!stored) {
+      return null;
+    }
+    if (stored.expiresAt && new Date(stored.expiresAt) < new Date) {
+      return null;
+    }
+    return stored;
+  }
 }
 // src/services/filesystem-service.ts
 import {
@@ -1097,7 +1136,7 @@ class FileSystemServiceImpl {
     }
   }
   async ensureDir(path, mode) {
-    await mkdir(dirname(path), { recursive: true, mode });
+    await mkdir(path, { recursive: true, mode });
   }
   getHomeDir() {
     return homedir();
@@ -1207,6 +1246,10 @@ class PkgseerServiceImpl {
     });
     return { data: result.data, errors: result.errors };
   }
+  async getDocPage(pageId) {
+    const result = await this.client.GetDocPage({ pageId });
+    return { data: result.data, errors: result.errors };
+  }
   async searchPackageDocs(registry, packageName, options) {
     const result = await this.client.SearchPackageDocs({
       registry,
@@ -1523,27 +1566,17 @@ class ShellServiceImpl {
   }
 }
 // src/container.ts
-async function resolveApiToken(authStorage, baseUrl) {
-  const envToken = process.env.PKGSEER_API_TOKEN;
-  if (envToken) {
-    return envToken;
-  }
-  const stored = await authStorage.load(baseUrl);
-  if (stored) {
-    if (stored.expiresAt && new Date(stored.expiresAt) < new Date) {
-      return;
-    }
-    return stored.token;
-  }
-  return;
+async function resolveApiToken(configService, baseUrl) {
+  const tokenData = await configService.getApiToken(baseUrl);
+  return tokenData?.token;
 }
 async function createContainer() {
   const baseUrl = getBaseUrl();
   const fileSystemService = new FileSystemServiceImpl;
   const authStorage = new AuthStorageImpl(fileSystemService);
-  const configService = new ConfigServiceImpl(fileSystemService);
+  const configService = new ConfigServiceImpl(fileSystemService, authStorage);
   const [apiToken, configResult] = await Promise.all([
-    resolveApiToken(authStorage, baseUrl),
+    resolveApiToken(configService, baseUrl),
     configService.loadMergedConfig()
   ]);
   const client = createClient(apiToken);
@@ -1789,10 +1822,11 @@ function formatScore(score) {
 // src/commands/docs/get.ts
 function parsePackageRef(ref) {
   if (!ref.includes("/")) {
-    throw new Error(`Invalid format: "${ref}". Expected format:
-` + `  Full form: <registry>/<package>/<version>/<document>
-` + `  Short form: <package>/<document>
-` + `Examples: npm/express/4.18.2/readme or express/readme`);
+    return {
+      pageId: ref,
+      originalRef: ref,
+      isGlobalId: true
+    };
   }
   const parts = ref.split("/");
   if (parts.length < 2) {
@@ -1821,7 +1855,7 @@ function parsePackageRef(ref) {
   }
   return { packageName, pageId, originalRef: ref };
 }
-function formatDocPage(data, ref) {
+function formatDocPage(data, ref, verbose = false) {
   const lines = [];
   const page = data.page;
   if (!page) {
@@ -1829,6 +1863,49 @@ function formatDocPage(data, ref) {
   }
   lines.push(`[${ref}]`);
   lines.push("");
+  if (verbose) {
+    const metadata = [];
+    if (data.schemaVersion) {
+      metadata.push(`Schema Version: ${data.schemaVersion}`);
+    }
+    if (page.id) {
+      metadata.push(`Page ID: ${page.id}`);
+    }
+    if (page.contentFormat) {
+      metadata.push(`Format: ${page.contentFormat}`);
+    }
+    if (page.lastUpdatedAt) {
+      metadata.push(`Last Updated: ${page.lastUpdatedAt}`);
+    }
+    if (page.source) {
+      const sourceParts = [];
+      if (page.source.url) {
+        sourceParts.push(page.source.url);
+      }
+      if (page.source.label) {
+        sourceParts.push(`(${page.source.label})`);
+      }
+      if (sourceParts.length > 0) {
+        metadata.push(`Source: ${sourceParts.join(" ")}`);
+      }
+    }
+    if (page.baseUrl) {
+      metadata.push(`Base URL: ${page.baseUrl}`);
+    }
+    if (page.linkName) {
+      metadata.push(`Link Name: ${page.linkName}`);
+    }
+    if (page.linkTargets && page.linkTargets.length > 0) {
+      metadata.push(`Link Targets: ${page.linkTargets.join(", ")}`);
+    }
+    if (metadata.length > 0) {
+      lines.push("Metadata:");
+      for (const meta of metadata) {
+        lines.push(`  ${meta}`);
+      }
+      lines.push("");
+    }
+  }
   if (page.breadcrumbs && page.breadcrumbs.length > 0) {
     lines.push(page.breadcrumbs.join(" > "));
     lines.push("");
@@ -1858,13 +1935,66 @@ function extractErrorMessage(error) {
 }
 async function fetchPage(ref, defaultRegistry, defaultVersion, pkgseerService) {
   try {
+    if (ref.isGlobalId) {
+      const result2 = await pkgseerService.getDocPage(ref.pageId);
+      if (result2.errors && result2.errors.length > 0) {
+        const errorMsg = result2.errors.map((e) => {
+          if (typeof e === "object" && e !== null) {
+            const parts = [];
+            if ("message" in e) {
+              parts.push(String(e.message));
+            }
+            if ("extensions" in e && e.extensions) {
+              const ext = e.extensions;
+              if (typeof ext === "object" && "code" in ext) {
+                parts.push(`Code: ${ext.code}`);
+              }
+            }
+            return parts.length > 0 ? parts.join(" ") : JSON.stringify(e);
+          }
+          return String(e);
+        }).join("; ");
+        return { ref: ref.originalRef, result: null, error: errorMsg };
+      }
+      if (!result2.data.getDocPage) {
+        return {
+          ref: ref.originalRef,
+          result: null,
+          error: `Page not found: ${ref.pageId}`
+        };
+      }
+      return {
+        ref: ref.originalRef,
+        result: {
+          schemaVersion: result2.data.getDocPage?.schemaVersion ?? null,
+          page: result2.data.getDocPage?.page ?? null
+        }
+      };
+    }
     const registry = ref.registry ? toGraphQLRegistry(ref.registry) : defaultRegistry;
     const version2 = ref.version ?? defaultVersion;
+    if (!ref.packageName) {
+      return {
+        ref: ref.originalRef,
+        result: null,
+        error: `Package name required for reference: ${ref.originalRef}`
+      };
+    }
     const result = await pkgseerService.cliDocsGet(registry, ref.packageName, ref.pageId, version2);
     if (result.errors && result.errors.length > 0) {
       const errorMsg = result.errors.map((e) => {
-        if (typeof e === "object" && e !== null && "message" in e) {
-          return String(e.message);
+        if (typeof e === "object" && e !== null) {
+          const parts = [];
+          if ("message" in e) {
+            parts.push(String(e.message));
+          }
+          if ("extensions" in e && e.extensions) {
+            const ext = e.extensions;
+            if (typeof ext === "object" && "code" in ext) {
+              parts.push(`Code: ${ext.code}`);
+            }
+          }
+          return parts.length > 0 ? parts.join(" ") : JSON.stringify(e);
         }
         return String(e);
       }).join("; ");
@@ -1877,7 +2007,12 @@ async function fetchPage(ref, defaultRegistry, defaultVersion, pkgseerService) {
         error: `Page not found: ${ref.pageId} for ${ref.packageName}`
       };
     }
-    return { ref: ref.originalRef, result: result.data.fetchPackageDoc };
+    return {
+      ref: ref.originalRef,
+      result: result.data.fetchPackageDoc ? {
+        page: result.data.fetchPackageDoc.page ?? null
+      } : null
+    };
   } catch (error) {
     return {
       ref: ref.originalRef,
@@ -1888,7 +2023,7 @@ async function fetchPage(ref, defaultRegistry, defaultVersion, pkgseerService) {
 }
 async function docsGetAction(refs, options, deps) {
   if (refs.length === 0) {
-    outputError("At least one page reference required. Format: <package>/<slug>", options.json ?? false);
+    outputError("At least one page reference required. Format: <globally-unique-id> or <package>/<document>", options.json ?? false);
     return;
   }
   const { pkgseerService } = deps;
@@ -1926,17 +2061,24 @@ ${errorMessages}`, options.json ?? false);
       if (r.error) {
         return { ref: r.ref, error: r.error };
       }
+      if (options.verbose) {
+        return {
+          ref: r.ref,
+          ...r.result
+        };
+      }
       const page = r.result?.page;
       return {
         ref: r.ref,
         title: page?.title,
-        content: page?.content
+        content: page?.content,
+        breadcrumbs: page?.breadcrumbs
       };
     });
     output(jsonResults, true);
   } else {
     if (successes.length > 0) {
-      const pages = successes.filter((r) => r.result !== null).map((r) => formatDocPage(r.result, r.ref));
+      const pages = successes.filter((r) => r.result !== null).map((r) => formatDocPage(r.result, r.ref, options.verbose));
       console.log(pages.join(`
 
 ---
@@ -1953,29 +2095,28 @@ var GET_DESCRIPTION = `Fetch one or more documentation pages.
 Retrieves the full content of documentation pages including
 title, breadcrumbs, content (markdown), and source URL.
 
-Use 'pkgseer docs list' first to discover available page IDs, or
-use the output format from 'pkgseer docs search --refs-only'.
+Use 'pkgseer docs list' first to discover available page IDs.
 
-Format: <registry>/<package>/<version>/<document> (full form)
+Format: <globally-unique-id> (preferred)
+        or <registry>/<package>/<version>/<document> (full form)
         or <package>/<document> (short form, requires --registry/--pkg-version)
 
 Examples:
-  # Full form (from search output)
+  # Globally unique ID (from list output)
+  pkgseer docs get 24293-shared-plugins-during-build-2
+
+  # Full form
   pkgseer docs get npm/express/4.18.2/readme
   pkgseer docs get hex/postgrex/1.15.0/readme
 
-  # Short form (backward compatibility)
+  # Short form
   pkgseer docs get express/readme --registry npm --pkg-version 4.18.2
   pkgseer docs get postgrex/readme --registry hex
 
   # Multiple pages
-  pkgseer docs get npm/express/4.18.2/readme npm/express/4.18.2/writing-middleware
-
-  # Pipe from search (full form works seamlessly)
-  pkgseer docs search log --package express --refs-only | \\
-    xargs pkgseer docs get`;
+  pkgseer docs get 24293-shared-plugins-during-build-2 npm/express/4.18.2/readme`;
 function registerDocsGetCommand(program) {
-  program.command("get <refs...>").summary("Fetch documentation page(s)").description(GET_DESCRIPTION).option("-r, --registry <registry>", "Package registry", "npm").option("-v, --pkg-version <version>", "Package version").option("--json", "Output as JSON").action(async (refs, options) => {
+  program.command("get <refs...>").summary("Fetch documentation page(s)").description(GET_DESCRIPTION).option("-r, --registry <registry>", "Package registry", "npm").option("-v, --pkg-version <version>", "Package version").option("--json", "Output as JSON").option("--verbose", "Include metadata (ID, format, source, links, etc.)").action(async (refs, options) => {
     await withCliErrorHandling(options.json ?? false, async () => {
       const deps = await createContainer();
       await docsGetAction(refs, options, deps);
@@ -1995,11 +2136,11 @@ function formatDocsList(docs) {
   lines.push(`Found ${docs.pages.length} pages:`);
   lines.push("");
   for (const page of docs.pages) {
-    if (!page)
+    if (!page || !page.id)
       continue;
     const words = page.words ? ` (${formatNumber(page.words)} words)` : "";
     lines.push(`  ${page.title}${words}`);
-    lines.push(`    ID: ${page.slug}`);
+    lines.push(`    ID: ${page.id}`);
     lines.push("");
   }
   lines.push("Use 'pkgseer docs get <package>/<page-id>' to fetch a page.");
@@ -2017,10 +2158,14 @@ async function docsListAction(packageName, options, deps) {
   }
   if (options.json) {
     const pages = result.data.listPackageDocs.pages?.filter((p) => p) ?? [];
-    const slim = pages.map((p) => ({
-      slug: p.slug,
-      title: p.title
-    }));
+    const slim = pages.map((p) => {
+      if (!p || !p.id)
+        return null;
+      return {
+        id: p.id,
+        title: p.title
+      };
+    }).filter((p) => p !== null);
     output(slim, true);
   } else {
     console.log(formatDocsList(result.data.listPackageDocs));
@@ -2028,7 +2173,7 @@ async function docsListAction(packageName, options, deps) {
 }
 var LIST_DESCRIPTION = `List available documentation pages for a package.
 
-Shows all documentation pages with titles, page IDs (slugs),
+Shows all documentation pages with titles, globally unique page IDs,
 word counts, and descriptions. Use the page ID with 'docs get'
 to fetch the full content of a specific page.
 
@@ -2305,1906 +2450,2422 @@ function registerDocsSearchCommand(program) {
     });
   });
 }
-// src/commands/login.ts
-import { hostname } from "node:os";
-var TIMEOUT_MS = 5 * 60 * 1000;
-function randomPort() {
-  return Math.floor(Math.random() * 2000) + 8000;
+// src/commands/shared-colors.ts
+var colors2 = {
+  reset: "\x1B[0m",
+  bold: "\x1B[1m",
+  dim: "\x1B[2m",
+  green: "\x1B[32m",
+  yellow: "\x1B[33m",
+  blue: "\x1B[34m",
+  magenta: "\x1B[35m",
+  cyan: "\x1B[36m",
+  red: "\x1B[31m"
+};
+function shouldUseColors2(noColor) {
+  if (noColor)
+    return false;
+  if (process.env.NO_COLOR !== undefined)
+    return false;
+  return process.stdout.isTTY ?? false;
 }
-async function loginAction(options, deps) {
-  const { authService, authStorage, browserService, baseUrl } = deps;
-  const existing = await authStorage.load(baseUrl);
-  if (existing && !options.force) {
-    const isExpired = existing.expiresAt && new Date(existing.expiresAt) < new Date;
-    if (!isExpired) {
-      console.log(`Already logged in.
-`);
-      console.log(`  Environment: ${baseUrl}`);
-      console.log(`  Token: ${existing.tokenName}
-`);
-      console.log("To switch accounts, run `pkgseer logout` first.");
-      console.log("To re-authenticate with different scopes, use `pkgseer login --force`.");
-      return;
-    }
-    console.log(`Token expired. Starting new login...
-`);
-  } else if (existing && options.force) {
-    console.log(`Re-authenticating (--force flag)...
-`);
+function success(text, useColors) {
+  const checkmark = useColors ? `${colors2.green}✓${colors2.reset}` : "✓";
+  return `${checkmark} ${text}`;
+}
+function error(text, useColors) {
+  const cross = useColors ? `${colors2.red}✗${colors2.reset}` : "✗";
+  return `${cross} ${text}`;
+}
+function highlight(text, useColors) {
+  if (!useColors)
+    return text;
+  return `${colors2.bold}${colors2.cyan}${text}${colors2.reset}`;
+}
+function dim(text, useColors) {
+  if (!useColors)
+    return text;
+  return `${colors2.dim}${text}${colors2.reset}`;
+}
+
+// src/commands/mcp-init.ts
+function getCursorConfigPaths(fs, scope) {
+  if (scope === "project") {
+    const cwd = fs.getCwd();
+    const configPath2 = fs.joinPath(cwd, ".cursor", "mcp.json");
+    const backupPath2 = fs.joinPath(cwd, ".cursor", "mcp.json.bak");
+    return { configPath: configPath2, backupPath: backupPath2 };
+  }
+  const platform = process.platform;
+  let configPath;
+  let backupPath;
+  if (platform === "win32") {
+    const appData = process.env.APPDATA || fs.joinPath(fs.getHomeDir(), "AppData", "Roaming");
+    configPath = fs.joinPath(appData, "Cursor", "mcp.json");
+    backupPath = fs.joinPath(appData, "Cursor", "mcp.json.bak");
+  } else {
+    const home = fs.getHomeDir();
+    configPath = fs.joinPath(home, ".cursor", "mcp.json");
+    backupPath = fs.joinPath(home, ".cursor", "mcp.json.bak");
+  }
+  return { configPath, backupPath };
+}
+function getCodexConfigPaths(fs, scope) {
+  if (scope === "project") {
+    const cwd = fs.getCwd();
+    const configPath2 = fs.joinPath(cwd, ".codex", "config.toml");
+    const backupPath2 = fs.joinPath(cwd, ".codex", "config.toml.bak");
+    return { configPath: configPath2, backupPath: backupPath2 };
+  }
+  const home = fs.getHomeDir();
+  const configPath = fs.joinPath(home, ".codex", "config.toml");
+  const backupPath = fs.joinPath(home, ".codex", "config.toml.bak");
+  return { configPath, backupPath };
+}
+function getClaudeCodeConfigPaths(fs, scope) {
+  if (scope === "project") {
+    const cwd = fs.getCwd();
+    const configPath2 = fs.joinPath(cwd, ".claude-code", "mcp.json");
+    const backupPath2 = fs.joinPath(cwd, ".claude-code", "mcp.json.bak");
+    return { configPath: configPath2, backupPath: backupPath2 };
+  }
+  const platform = process.platform;
+  let configPath;
+  let backupPath;
+  if (platform === "win32") {
+    const appData = process.env.APPDATA || fs.joinPath(fs.getHomeDir(), "AppData", "Roaming");
+    configPath = fs.joinPath(appData, "Claude Code", "mcp.json");
+    backupPath = fs.joinPath(appData, "Claude Code", "mcp.json.bak");
+  } else {
+    const home = fs.getHomeDir();
+    configPath = fs.joinPath(home, ".claude-code", "mcp.json");
+    backupPath = fs.joinPath(home, ".claude-code", "mcp.json.bak");
   }
-  const { verifier, challenge, state } = authService.generatePkceParams();
-  const port = options.port ?? randomPort();
-  const authUrl = authService.buildAuthUrl({
-    state,
-    port,
-    codeChallenge: challenge,
-    hostname: hostname()
-  });
-  const serverPromise = authService.startCallbackServer(port);
-  if (options.browser === false) {
-    console.log(`Open this URL in your browser:
+  return { configPath, backupPath };
+}
+async function parseConfigFile(fs, path) {
+  const exists = await fs.exists(path);
+  if (!exists) {
+    return null;
+  }
+  try {
+    const content = await fs.readFile(path);
+    const parsed = JSON.parse(content);
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+async function writeConfigFile(fs, path, config) {
+  const content = JSON.stringify(config, null, 2);
+  await fs.writeFile(path, content);
+}
+async function backupConfigFile(fs, configPath, backupPath) {
+  const exists = await fs.exists(configPath);
+  if (!exists) {
+    return;
+  }
+  const content = await fs.readFile(configPath);
+  await fs.writeFile(backupPath, content);
+}
+async function canSafelyEdit(fs, configPath) {
+  const exists = await fs.exists(configPath);
+  if (!exists) {
+    return { safe: true };
+  }
+  const config = await parseConfigFile(fs, configPath);
+  if (config === null) {
+    return {
+      safe: false,
+      reason: "Config file exists but cannot be parsed as valid JSON"
+    };
+  }
+  if (config.mcpServers?.pkgseer) {
+    return {
+      safe: false,
+      reason: "PkgSeer MCP server is already configured"
+    };
+  }
+  return { safe: true };
+}
+function addPkgseerToConfig(config) {
+  const updated = { ...config };
+  if (!updated.mcpServers) {
+    updated.mcpServers = {};
+  }
+  updated.mcpServers.pkgseer = {
+    command: "npx",
+    args: ["-y", "@pkgseer/cli", "mcp", "start"]
+  };
+  return updated;
+}
+function showManualInstructions(tool, scope, configPath, useColors) {
+  console.log(`
+Manual Setup Instructions`);
+  console.log(`─────────────────────────
 `);
-    console.log(`  ${authUrl}
+  console.log(`Config file: ${highlight(configPath, useColors)}
+`);
+  console.log(`Add the following to your configuration:
 `);
+  if (tool === "codex") {
+    const tomlConfig = `[mcp_servers.pkgseer]
+command = "npx"
+args = ["-y", "@pkgseer/cli", "mcp", "start"]`;
+    console.log(tomlConfig);
   } else {
-    console.log("Opening browser...");
-    await browserService.open(authUrl);
+    const configExample = {
+      mcpServers: {
+        pkgseer: {
+          command: "npx",
+          args: ["-y", "@pkgseer/cli", "mcp", "start"]
+        }
+      }
+    };
+    console.log(JSON.stringify(configExample, null, 2));
   }
-  console.log(`Waiting for authentication...
-`);
-  let timeoutId;
-  const timeoutPromise = new Promise((_, reject) => {
-    timeoutId = setTimeout(() => reject(new Error("Authentication timed out")), TIMEOUT_MS);
-  });
-  let callback;
-  try {
-    callback = await Promise.race([serverPromise, timeoutPromise]);
-    clearTimeout(timeoutId);
-  } catch (error) {
-    clearTimeout(timeoutId);
-    if (error instanceof Error) {
-      console.log(`${error.message}.
-`);
-      console.log("Run `pkgseer login` to try again.");
-    }
-    process.exit(1);
+  if ((tool === "cursor" || tool === "codex" || tool === "claude-code") && scope === "project") {
+    const dirName = tool === "cursor" ? ".cursor" : tool === "codex" ? ".codex" : ".claude-code";
+    console.log(dim(`
+Note: Create the ${dirName} directory if it doesn't exist.`, useColors));
   }
-  if (callback.state !== state) {
-    console.error(`Security error: authentication state mismatch.
+  console.log(dim(`
+After editing, restart your AI assistant to activate the MCP server.`, useColors));
+}
+async function mcpInitAction(deps) {
+  const { fileSystemService: fs, promptService, hasProject } = deps;
+  const useColors = shouldUseColors2();
+  console.log("MCP Server Setup");
+  console.log(`────────────────
 `);
-    console.log("This could indicate a security issue. Please try again.");
-    process.exit(1);
-  }
-  let tokenResponse;
-  try {
-    tokenResponse = await authService.exchangeCodeForToken({
-      code: callback.code,
-      codeVerifier: verifier,
-      state
-    });
-  } catch (error) {
-    console.error(`Failed to complete authentication: ${error instanceof Error ? error.message : error}
+  console.log(`Configure PkgSeer as an MCP server for your AI assistant.
 `);
-    console.log("Run `pkgseer login` to try again.");
-    process.exit(1);
-  }
-  await authStorage.save(baseUrl, {
-    token: tokenResponse.token,
-    tokenName: tokenResponse.tokenName,
-    scopes: tokenResponse.scopes,
-    createdAt: new Date().toISOString(),
-    expiresAt: tokenResponse.expiresAt,
-    apiKeyId: tokenResponse.apiKeyId
-  });
-  console.log(`✓ Logged in
+  if (!hasProject) {
+    console.log(dim(`Note: No pkgseer.yml found in this directory.
+`, useColors));
+    console.log(dim(`Without it, search_project_docs won't work (searches your project's packages).
+`, useColors));
+    const setupProject = await promptService.confirm("Set up project configuration first?", false);
+    if (setupProject) {
+      console.log(`
+Run ${highlight("pkgseer project init", useColors)} first, then ${highlight("pkgseer mcp init", useColors)} again.
 `);
-  console.log(`  Environment: ${baseUrl}`);
-  console.log(`  Token: ${tokenResponse.tokenName}`);
-  if (tokenResponse.expiresAt) {
-    const days = Math.ceil((new Date(tokenResponse.expiresAt).getTime() - Date.now()) / (1000 * 60 * 60 * 24));
-    console.log(`  Expires: in ${days} days`);
+      return;
+    }
   }
-  console.log(`
-You're ready to use pkgseer with your AI assistant.`);
-}
-var LOGIN_DESCRIPTION = `Authenticate with your PkgSeer account via browser.
-
-Opens your browser to complete authentication securely. The CLI receives
-a token that's stored locally and used for API requests.
-
-Use --no-browser in environments without a display (CI, SSH sessions)
-to get a URL you can open on another device.`;
-function registerLoginCommand(program) {
-  program.command("login").summary("Authenticate with your PkgSeer account").description(LOGIN_DESCRIPTION).option("--no-browser", "Print URL instead of opening browser").option("--port <port>", "Port for local callback server", parseInt).option("--force", "Re-authenticate even if already logged in").action(async (options) => {
-    const deps = await createContainer();
-    await loginAction(options, deps);
-  });
-}
-
-// src/commands/logout.ts
-async function logoutAction(deps) {
-  const { authService, authStorage, baseUrl } = deps;
-  const auth = await authStorage.load(baseUrl);
-  if (!auth) {
-    console.log(`Not currently logged in.
-`);
-    console.log(`  Environment: ${baseUrl}`);
+  const tool = await promptService.select("Which AI tool would you like to configure?", [
+    {
+      value: "cursor",
+      name: "Cursor IDE",
+      description: "Project-level or global configuration"
+    },
+    {
+      value: "codex",
+      name: "Codex CLI",
+      description: "Project-level or global configuration"
+    },
+    {
+      value: "claude-code",
+      name: "Claude Code",
+      description: "Project-level or global configuration"
+    },
+    {
+      value: "other",
+      name: "Other",
+      description: "Show manual setup instructions"
+    }
+  ]);
+  if (tool === "other") {
+    const configPath2 = fs.joinPath(fs.getCwd(), "mcp-config.json");
+    showManualInstructions("other", undefined, configPath2, useColors);
+    return;
+  }
+  let scope;
+  if (tool === "cursor" || tool === "codex" || tool === "claude-code") {
+    const projectPath = tool === "cursor" ? ".cursor/mcp.json" : tool === "codex" ? ".codex/config.toml" : ".claude-code/mcp.json";
+    const globalPath = tool === "cursor" ? "~/.cursor/mcp.json" : tool === "codex" ? "~/.codex/config.toml" : "~/.claude-code/mcp.json";
+    if (hasProject) {
+      scope = await promptService.select("Where should the MCP config be created?", [
+        {
+          value: "project",
+          name: `Project (${projectPath}) – recommended`,
+          description: "Uses project token; enables docs search for your packages"
+        },
+        {
+          value: "global",
+          name: `Global (${globalPath})`,
+          description: "Works everywhere but without project-specific features"
+        }
+      ]);
+    } else {
+      console.log(dim(`
+Using global config (no pkgseer.yml found).
+`, useColors));
+      scope = "global";
+    }
+  }
+  let configPath;
+  let backupPath;
+  if (tool === "cursor") {
+    if (!scope) {
+      scope = "global";
+    }
+    const paths = getCursorConfigPaths(fs, scope);
+    configPath = paths.configPath;
+    backupPath = paths.backupPath;
+  } else if (tool === "codex") {
+    if (!scope) {
+      scope = hasProject ? "project" : "global";
+    }
+    const paths = getCodexConfigPaths(fs, scope);
+    showManualInstructions("codex", scope, paths.configPath, useColors);
+    return;
+  } else if (tool === "claude-code") {
+    if (!scope) {
+      scope = "global";
+    }
+    const paths = getClaudeCodeConfigPaths(fs, scope);
+    configPath = paths.configPath;
+    backupPath = paths.backupPath;
+  } else {
+    const configPath2 = fs.joinPath(fs.getCwd(), "mcp-config.json");
+    showManualInstructions("other", undefined, configPath2, useColors);
+    return;
+  }
+  const safetyCheck = await canSafelyEdit(fs, configPath);
+  if (!safetyCheck.safe) {
+    console.log(error(`Cannot safely edit config file: ${safetyCheck.reason}`, useColors));
+    showManualInstructions(tool, scope, configPath, useColors);
     return;
   }
+  const configExists = await fs.exists(configPath);
+  if (configExists) {
+    console.log(`
+Found existing config at: ${highlight(configPath, useColors)}`);
+    const proceed = await promptService.confirm("Add PkgSeer to this configuration?", true);
+    if (!proceed) {
+      console.log(dim(`
+Setup cancelled.`, useColors));
+      return;
+    }
+  } else {
+    console.log(`
+Will create config at: ${highlight(configPath, useColors)}`);
+    const proceed = await promptService.confirm("Proceed?", true);
+    if (!proceed) {
+      console.log(dim(`
+Setup cancelled.`, useColors));
+      return;
+    }
+  }
+  const existingConfig = await parseConfigFile(fs, configPath);
+  const config = existingConfig ?? {};
+  if (configExists) {
+    try {
+      await backupConfigFile(fs, configPath, backupPath);
+      console.log(dim(`
+Backup created: ${backupPath}`, useColors));
+    } catch (backupError) {
+      console.log(error(`Warning: Could not create backup: ${backupError instanceof Error ? backupError.message : String(backupError)}`, useColors));
+    }
+  }
+  const updatedConfig = addPkgseerToConfig(config);
   try {
-    await authService.revokeToken(auth.token);
-  } catch {}
-  await authStorage.clear(baseUrl);
-  console.log(`✓ Logged out
-`);
-  console.log(`  Environment: ${baseUrl}`);
-}
-var LOGOUT_DESCRIPTION = `Remove stored credentials and revoke the token.
+    const dirPath = fs.getDirname(configPath);
+    await fs.ensureDir(dirPath);
+  } catch (dirError) {
+    console.log(error(`Failed to create directory: ${dirError instanceof Error ? dirError.message : String(dirError)}`, useColors));
+    showManualInstructions(tool, scope, configPath, useColors);
+    return;
+  }
+  try {
+    await writeConfigFile(fs, configPath, updatedConfig);
+  } catch (writeError) {
+    console.log(error(`Failed to write config file: ${writeError instanceof Error ? writeError.message : String(writeError)}`, useColors));
+    showManualInstructions(tool, scope, configPath, useColors);
+    return;
+  }
+  const toolNames = {
+    cursor: "Cursor IDE",
+    codex: "Codex CLI",
+    "claude-code": "Claude Code",
+    other: "MCP"
+  };
+  console.log(success(`PkgSeer MCP server configured for ${toolNames[tool]}!`, useColors));
+  console.log(`
+Config file: ${highlight(configPath, useColors)}`);
+  if (configExists) {
+    console.log(`Backup saved: ${highlight(backupPath, useColors)}`);
+  }
+  console.log(dim(`
+Next steps:
+  1. Restart your AI assistant to activate the MCP server
+  2. Test by asking your assistant about packages`, useColors));
+  console.log(`
+Available MCP tools:`);
+  console.log("  • package_summary - Get package overview");
+  console.log("  • package_vulnerabilities - Check for security issues");
+  console.log("  • package_quality - Get quality score");
+  console.log("  • package_dependencies - List dependencies");
+  console.log("  • compare_packages - Compare multiple packages");
+  console.log("  • list_package_docs - List documentation pages");
+  console.log("  • fetch_package_doc - Fetch documentation content");
+  console.log("  • search_package_docs - Search package documentation");
+  if (hasProject) {
+    console.log("  • search_project_docs - Search your project's docs");
+  }
+}
+var MCP_INIT_DESCRIPTION = `Configure PkgSeer's MCP server for your AI assistant.
 
-Clears the locally stored authentication token and notifies the server
-to revoke it. Use this when switching accounts or on shared machines.`;
-function registerLogoutCommand(program) {
-  program.command("logout").summary("Remove stored credentials").description(LOGOUT_DESCRIPTION).action(async () => {
+Guides you through:
+  • Selecting your AI tool (Cursor IDE, Codex CLI, Claude Code)
+  • Choosing configuration location (project or global)
+  • Safely editing config files with automatic backup
+
+Project-level config (recommended):
+  • Uses your project token for authenticated features
+  • Enables search_project_docs (search your project's packages)
+  • Portable with your project`;
+function registerMcpInitCommand(mcpCommand) {
+  mcpCommand.command("init").summary("Configure MCP server for AI assistants").description(MCP_INIT_DESCRIPTION).action(async () => {
     const deps = await createContainer();
-    await logoutAction(deps);
+    const hasProject = deps.config.project !== undefined;
+    await mcpInitAction({
+      fileSystemService: deps.fileSystemService,
+      promptService: deps.promptService,
+      configService: deps.configService,
+      baseUrl: deps.baseUrl,
+      hasProject
+    });
   });
 }
 
-// src/commands/mcp.ts
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-
-// src/tools/compare-packages.ts
-import { z as z3 } from "zod";
-
-// src/tools/shared.ts
-import { z as z2 } from "zod";
-
-// src/tools/types.ts
-function textResult(text) {
-  return {
-    content: [{ type: "text", text }]
-  };
-}
-function errorResult(message) {
+// src/services/gitignore-parser.ts
+function parseGitIgnoreLine(line) {
+  const trimmed = line.trimEnd();
+  if (!trimmed || trimmed.startsWith("#")) {
+    return null;
+  }
+  const isNegation = trimmed.startsWith("!");
+  const pattern = isNegation ? trimmed.slice(1) : trimmed;
+  const isRootOnly = pattern.startsWith("/");
+  const patternWithoutRoot = isRootOnly ? pattern.slice(1) : pattern;
+  const isDirectory = patternWithoutRoot.endsWith("/");
+  const cleanPattern = isDirectory ? patternWithoutRoot.slice(0, -1) : patternWithoutRoot;
   return {
-    content: [{ type: "text", text: message }],
-    isError: true
-  };
-}
-
-// src/tools/shared.ts
-function toGraphQLRegistry2(registry) {
-  const map = {
-    npm: "NPM",
-    pypi: "PYPI",
-    hex: "HEX"
+    pattern: cleanPattern,
+    isNegation,
+    isDirectory,
+    isRootOnly
   };
-  return map[registry.toLowerCase()] || "NPM";
 }
-var schemas = {
-  registry: z2.enum(["npm", "pypi", "hex"]).describe("Package registry (npm, pypi, or hex)"),
-  packageName: z2.string().max(255).describe("Name of the package"),
-  version: z2.string().max(100).optional().describe("Specific version (defaults to latest)")
-};
-function handleGraphQLErrors(errors) {
-  if (errors && errors.length > 0) {
-    return errorResult(`Error: ${errors.map((e) => e.message).join(", ")}`);
+function matchesPattern(path, pattern) {
+  const { pattern: p, isDirectory, isRootOnly } = pattern;
+  let regexStr = p.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*\*/g, "___DOUBLE_STAR___").replace(/\*/g, "[^/]*").replace(/\?/g, "[^/]").replace(/___DOUBLE_STAR___/g, ".*");
+  if (isRootOnly) {
+    if (isDirectory) {
+      regexStr = `^${regexStr}(/|$)`;
+    } else {
+      regexStr = `^${regexStr}(/|$)`;
+    }
+  } else {
+    if (isDirectory) {
+      regexStr = `(^|/)${regexStr}(/|$)`;
+    } else {
+      regexStr = `(^|/)${regexStr}(/|$)`;
+    }
   }
-  return null;
+  const regex = new RegExp(regexStr);
+  return regex.test(path);
 }
-async function withErrorHandling(operation, fn) {
+async function parseGitIgnore(gitignorePath, fs) {
   try {
-    return await fn();
-  } catch (error) {
-    const message = error instanceof Error ? error.message : "Unknown error";
-    return errorResult(`Failed to ${operation}: ${message}`);
+    const content = await fs.readFile(gitignorePath);
+    const lines = content.split(`
+`);
+    const patterns = [];
+    for (const line of lines) {
+      const pattern = parseGitIgnoreLine(line);
+      if (pattern) {
+        patterns.push(pattern);
+      }
+    }
+    return patterns.length > 0 ? patterns : null;
+  } catch {
+    return null;
   }
 }
-function notFoundError(packageName, registry) {
-  return errorResult(`Package not found: ${packageName} in ${registry}`);
-}
-
-// src/tools/compare-packages.ts
-var packageInputSchema = z3.object({
-  registry: z3.enum(["npm", "pypi", "hex"]),
-  name: z3.string().max(255),
-  version: z3.string().max(100).optional()
-});
-var argsSchema = {
-  packages: z3.array(packageInputSchema).min(2).max(10).describe("List of packages to compare (2-10 packages)")
-};
-function createComparePackagesTool(pkgseerService) {
-  return {
-    name: "compare_packages",
-    description: "Compares multiple packages across metadata, quality, and security dimensions",
-    schema: argsSchema,
-    handler: async ({ packages }, _extra) => {
-      return withErrorHandling("compare packages", async () => {
-        const input2 = packages.map((pkg) => ({
-          registry: toGraphQLRegistry2(pkg.registry),
-          name: pkg.name,
-          version: pkg.version
-        }));
-        const result = await pkgseerService.comparePackages(input2);
-        const graphqlError = handleGraphQLErrors(result.errors);
-        if (graphqlError)
-          return graphqlError;
-        if (!result.data.comparePackages) {
-          return errorResult("Comparison failed: no results returned");
-        }
-        return textResult(JSON.stringify(result.data.comparePackages, null, 2));
-      });
+function shouldIgnorePath(relativePath, patterns) {
+  const normalized = relativePath.replace(/\\/g, "/");
+  let ignored = false;
+  for (const pattern of patterns) {
+    if (matchesPattern(normalized, pattern)) {
+      if (pattern.isNegation) {
+        ignored = false;
+      } else {
+        ignored = true;
+      }
     }
-  };
+  }
+  return ignored;
 }
-// src/tools/fetch-package-doc.ts
-import { z as z4 } from "zod";
-var argsSchema2 = {
-  registry: schemas.registry,
-  package_name: schemas.packageName.describe("Name of the package to fetch documentation for"),
-  page_id: z4.string().max(500).describe("Documentation page identifier (from list_package_docs)"),
-  version: schemas.version
-};
-function createFetchPackageDocTool(pkgseerService) {
-  return {
-    name: "fetch_package_doc",
-    description: "Fetches the full content of a specific documentation page. Returns page title, content (markdown/HTML), breadcrumbs, and source attribution. Use list_package_docs first to get available page IDs.",
-    schema: argsSchema2,
-    handler: async ({ registry, package_name, page_id, version: version2 }, _extra) => {
-      return withErrorHandling("fetch documentation page", async () => {
-        const result = await pkgseerService.fetchPackageDoc(toGraphQLRegistry2(registry), package_name, page_id, version2);
-        const graphqlError = handleGraphQLErrors(result.errors);
-        if (graphqlError)
-          return graphqlError;
-        if (!result.data.fetchPackageDoc) {
-          return errorResult(`Documentation page not found: ${page_id} for ${package_name} in ${registry}`);
-        }
-        return textResult(JSON.stringify(result.data.fetchPackageDoc, null, 2));
-      });
-    }
-  };
+function shouldIgnoreDirectory(relativeDirPath, patterns) {
+  const normalized = relativeDirPath.replace(/\\/g, "/").replace(/\/$/, "") + "/";
+  return shouldIgnorePath(normalized, patterns);
 }
-// src/tools/list-package-docs.ts
-var argsSchema3 = {
-  registry: schemas.registry,
-  package_name: schemas.packageName.describe("Name of the package to list documentation for"),
-  version: schemas.version
-};
-function createListPackageDocsTool(pkgseerService) {
-  return {
-    name: "list_package_docs",
-    description: "Lists documentation pages for a package version. Returns page titles, slugs, and metadata. Use this to discover available documentation before fetching specific pages.",
-    schema: argsSchema3,
-    handler: async ({ registry, package_name, version: version2 }, _extra) => {
-      return withErrorHandling("list package documentation", async () => {
-        const result = await pkgseerService.listPackageDocs(toGraphQLRegistry2(registry), package_name, version2);
-        const graphqlError = handleGraphQLErrors(result.errors);
-        if (graphqlError)
-          return graphqlError;
-        if (!result.data.listPackageDocs) {
-          return notFoundError(package_name, registry);
-        }
-        return textResult(JSON.stringify(result.data.listPackageDocs, null, 2));
-      });
-    }
-  };
+
+// src/services/manifest-detector.ts
+var DEFAULT_EXCLUDED_DIRS = [
+  "node_modules",
+  "vendor",
+  ".git",
+  "dist",
+  "build",
+  "__pycache__",
+  ".venv",
+  "venv",
+  ".next"
+];
+var MANIFEST_TYPES = [
+  {
+    type: "npm",
+    filenames: [
+      "package.json",
+      "package-lock.json",
+      "yarn.lock",
+      "pnpm-lock.yaml"
+    ]
+  },
+  {
+    type: "pypi",
+    filenames: ["requirements.txt", "pyproject.toml", "Pipfile", "poetry.lock"]
+  },
+  {
+    type: "hex",
+    filenames: ["mix.exs", "mix.lock"]
+  }
+];
+function suggestLabel(relativePath) {
+  const normalized = relativePath.replace(/\\/g, "/");
+  const parts = normalized.split("/").filter((p) => p.length > 0);
+  if (parts.length === 1) {
+    return "root";
+  }
+  return parts[parts.length - 2];
 }
-// src/tools/package-dependencies.ts
-import { z as z5 } from "zod";
-var argsSchema4 = {
-  registry: schemas.registry,
-  package_name: schemas.packageName.describe("Name of the package to retrieve dependencies for"),
-  version: schemas.version,
-  include_transitive: z5.boolean().optional().describe("Whether to include transitive dependency DAG"),
-  max_depth: z5.number().int().min(1).max(10).optional().describe("Maximum depth for transitive traversal (1-10)")
-};
-function createPackageDependenciesTool(pkgseerService) {
-  return {
-    name: "package_dependencies",
-    description: "Retrieves direct and transitive dependencies for a package version",
-    schema: argsSchema4,
-    handler: async ({ registry, package_name, version: version2, include_transitive, max_depth }, _extra) => {
-      return withErrorHandling("fetch package dependencies", async () => {
-        const result = await pkgseerService.getPackageDependencies(toGraphQLRegistry2(registry), package_name, version2, include_transitive, max_depth);
-        const graphqlError = handleGraphQLErrors(result.errors);
-        if (graphqlError)
-          return graphqlError;
-        if (!result.data.packageDependencies) {
-          return notFoundError(package_name, registry);
+async function scanDirectoryRecursive(directory, fs, rootDir, options, currentDepth = 0, gitignorePatterns = null) {
+  const detected = [];
+  if (currentDepth > options.maxDepth) {
+    return detected;
+  }
+  const relativeDirPath = directory === rootDir ? "." : directory.replace(rootDir, "").replace(/^[/\\]/, "");
+  const baseName = directory.split(/[/\\]/).pop() ?? "";
+  if (options.excludedDirs.includes(baseName)) {
+    return detected;
+  }
+  if (gitignorePatterns && shouldIgnoreDirectory(relativeDirPath, gitignorePatterns)) {
+    return detected;
+  }
+  for (const manifestType of MANIFEST_TYPES) {
+    for (const filename of manifestType.filenames) {
+      const filePath = fs.joinPath(directory, filename);
+      const exists = await fs.exists(filePath);
+      if (exists) {
+        const relativePath = directory === rootDir ? filename : fs.joinPath(directory.replace(rootDir, "").replace(/^[/\\]/, ""), filename);
+        if (gitignorePatterns && shouldIgnorePath(relativePath, gitignorePatterns)) {
+          continue;
         }
-        return textResult(JSON.stringify(result.data.packageDependencies, null, 2));
-      });
+        detected.push({
+          filename,
+          relativePath,
+          absolutePath: filePath,
+          type: manifestType.type,
+          suggestedLabel: suggestLabel(relativePath)
+        });
+      }
     }
-  };
-}
-// src/tools/package-quality.ts
-var argsSchema5 = {
-  registry: schemas.registry,
-  package_name: schemas.packageName.describe("Name of the package to analyze"),
-  version: schemas.version
-};
-function createPackageQualityTool(pkgseerService) {
-  return {
-    name: "package_quality",
-    description: "Retrieves quality score and rule-level breakdown for a package",
-    schema: argsSchema5,
-    handler: async ({ registry, package_name, version: version2 }, _extra) => {
-      return withErrorHandling("fetch package quality", async () => {
-        const result = await pkgseerService.getPackageQuality(toGraphQLRegistry2(registry), package_name, version2);
-        const graphqlError = handleGraphQLErrors(result.errors);
-        if (graphqlError)
-          return graphqlError;
-        if (!result.data.packageQuality) {
-          return notFoundError(package_name, registry);
+  }
+  try {
+    const entries = await fs.readdir(directory);
+    for (const entry of entries) {
+      const entryPath = fs.joinPath(directory, entry);
+      const isDir = await fs.isDirectory(entryPath);
+      if (isDir && !options.excludedDirs.includes(entry)) {
+        const subRelativePath = fs.joinPath(relativeDirPath, entry);
+        if (!gitignorePatterns || !shouldIgnoreDirectory(subRelativePath, gitignorePatterns)) {
+          const subDetected = await scanDirectoryRecursive(entryPath, fs, rootDir, options, currentDepth + 1, gitignorePatterns);
+          detected.push(...subDetected);
         }
-        return textResult(JSON.stringify(result.data.packageQuality, null, 2));
-      });
+      }
     }
+  } catch {}
+  return detected;
+}
+async function scanForManifests(directory, fs, options) {
+  const opts = {
+    maxDepth: options?.maxDepth ?? 3,
+    excludedDirs: options?.excludedDirs ?? DEFAULT_EXCLUDED_DIRS
   };
+  const gitignorePath = fs.joinPath(directory, ".gitignore");
+  const gitignorePatterns = await parseGitIgnore(gitignorePath, fs);
+  return scanDirectoryRecursive(directory, fs, directory, opts, 0, gitignorePatterns);
 }
-// src/tools/package-summary.ts
-var argsSchema6 = {
-  registry: schemas.registry,
-  package_name: schemas.packageName.describe("Name of the package to retrieve summary for")
-};
-function createPackageSummaryTool(pkgseerService) {
-  return {
-    name: "package_summary",
-    description: "Retrieves comprehensive package summary including metadata, versions, security advisories, and quickstart information",
-    schema: argsSchema6,
-    handler: async ({ registry, package_name }, _extra) => {
-      return withErrorHandling("fetch package summary", async () => {
-        const result = await pkgseerService.getPackageSummary(toGraphQLRegistry2(registry), package_name);
-        const graphqlError = handleGraphQLErrors(result.errors);
-        if (graphqlError)
-          return graphqlError;
-        if (!result.data.packageSummary) {
-          return notFoundError(package_name, registry);
-        }
-        return textResult(JSON.stringify(result.data.packageSummary, null, 2));
-      });
+function filterRedundantPackageJson(manifests) {
+  const dirToManifests = new Map;
+  for (const manifest of manifests) {
+    const dir = manifest.relativePath.split(/[/\\]/).slice(0, -1).join("/") || ".";
+    if (!dirToManifests.has(dir)) {
+      dirToManifests.set(dir, []);
     }
-  };
+    dirToManifests.get(dir).push(manifest);
+  }
+  const filtered = [];
+  for (const [dir, dirManifests] of dirToManifests.entries()) {
+    const hasLockFile = dirManifests.some((m) => m.filename === "package-lock.json");
+    const hasPackageJson = dirManifests.some((m) => m.filename === "package.json");
+    for (const manifest of dirManifests) {
+      if (manifest.filename === "package.json" && hasLockFile) {
+        continue;
+      }
+      filtered.push(manifest);
+    }
+  }
+  return filtered;
 }
-// src/tools/package-vulnerabilities.ts
-var argsSchema7 = {
-  registry: schemas.registry,
-  package_name: schemas.packageName.describe("Name of the package to inspect for vulnerabilities"),
-  version: schemas.version
-};
-function createPackageVulnerabilitiesTool(pkgseerService) {
-  return {
-    name: "package_vulnerabilities",
-    description: "Retrieves vulnerability details for a package, including affected version ranges and upgrade guidance",
-    schema: argsSchema7,
-    handler: async ({ registry, package_name, version: version2 }, _extra) => {
-      return withErrorHandling("fetch package vulnerabilities", async () => {
-        const result = await pkgseerService.getPackageVulnerabilities(toGraphQLRegistry2(registry), package_name, version2);
-        const graphqlError = handleGraphQLErrors(result.errors);
-        if (graphqlError)
-          return graphqlError;
-        if (!result.data.packageVulnerabilities) {
-          return notFoundError(package_name, registry);
-        }
-        return textResult(JSON.stringify(result.data.packageVulnerabilities, null, 2));
-      });
+async function detectAndGroupManifests(directory, fs, options) {
+  const manifests = await scanForManifests(directory, fs, options);
+  const filteredManifests = filterRedundantPackageJson(manifests);
+  const groupsMap = new Map;
+  for (const manifest of filteredManifests) {
+    const existing = groupsMap.get(manifest.suggestedLabel) ?? [];
+    existing.push(manifest);
+    groupsMap.set(manifest.suggestedLabel, existing);
+  }
+  const groups = [];
+  for (const [label, manifests2] of groupsMap.entries()) {
+    const ecosystems = new Set(manifests2.map((m) => m.type));
+    if (ecosystems.size > 1) {
+      const ecosystemGroups = new Map;
+      for (const manifest of manifests2) {
+        const ecosystemLabel = `${label}-${manifest.type}`;
+        const existing = ecosystemGroups.get(ecosystemLabel) ?? [];
+        existing.push(manifest);
+        ecosystemGroups.set(ecosystemLabel, existing);
+      }
+      for (const [
+        ecosystemLabel,
+        ecosystemManifests
+      ] of ecosystemGroups.entries()) {
+        groups.push({ label: ecosystemLabel, manifests: ecosystemManifests });
+      }
+    } else {
+      groups.push({ label, manifests: manifests2 });
     }
-  };
+  }
+  groups.sort((a, b) => {
+    if (a.label.startsWith("root")) {
+      if (b.label.startsWith("root")) {
+        return a.label.localeCompare(b.label);
+      }
+      return -1;
+    }
+    if (b.label.startsWith("root")) {
+      return 1;
+    }
+    return a.label.localeCompare(b.label);
+  });
+  return groups;
 }
-// src/tools/search-package-docs.ts
-import { z as z6 } from "zod";
-var argsSchema8 = {
-  registry: schemas.registry,
-  package_name: schemas.packageName.describe("Name of the package to search documentation for"),
-  keywords: z6.array(z6.string()).optional().describe("Keywords to search for; combined into a single query"),
-  query: z6.string().max(500).optional().describe("Freeform search query (alternative to keywords)"),
-  include_snippets: z6.boolean().optional().describe("Include content excerpts around matches"),
-  limit: z6.number().int().min(1).max(100).optional().describe("Maximum number of results to return"),
-  version: schemas.version
-};
-function createSearchPackageDocsTool(pkgseerService) {
-  return {
-    name: "search_package_docs",
-    description: "Searches package documentation with keyword or freeform query support. Returns ranked results with relevance scores. Use include_snippets=true to get content excerpts showing match context.",
-    schema: argsSchema8,
-    handler: async ({
-      registry,
-      package_name,
-      keywords,
-      query,
-      include_snippets,
-      limit,
-      version: version2
-    }, _extra) => {
-      return withErrorHandling("search package documentation", async () => {
-        if (!keywords?.length && !query) {
-          return errorResult("Either keywords or query must be provided for search");
-        }
-        const result = await pkgseerService.searchPackageDocs(toGraphQLRegistry2(registry), package_name, {
-          keywords,
-          query,
-          includeSnippets: include_snippets,
-          limit,
-          version: version2
-        });
-        const graphqlError = handleGraphQLErrors(result.errors);
-        if (graphqlError)
-          return graphqlError;
-        if (!result.data.searchPackageDocs) {
-          return errorResult(`No documentation found for ${package_name} in ${registry}`);
-        }
-        return textResult(JSON.stringify(result.data.searchPackageDocs, null, 2));
-      });
+
+// src/commands/project/manifest-upload-utils.ts
+async function processManifestFiles(params) {
+  const {
+    files,
+    basePath,
+    hasHexManifests,
+    allowMixDeps,
+    fileSystemService,
+    shellService
+  } = params;
+  const hexFiles = files.filter((f) => f.endsWith("mix.exs") || f.endsWith("mix.lock"));
+  let generatedHexFiles = [];
+  if (hasHexManifests && allowMixDeps && hexFiles.length > 0) {
+    const firstHexFile = hexFiles[0];
+    if (!firstHexFile) {
+      throw new Error("No hex files found");
     }
-  };
-}
-// src/tools/search-project-docs.ts
-import { z as z7 } from "zod";
-var argsSchema9 = {
-  project: z7.string().optional().describe("Project name to search. Optional if configured in pkgseer.yml; only needed to search a different project."),
-  keywords: z7.array(z7.string()).optional().describe("Keywords to search for; combined into a single query"),
-  query: z7.string().max(500).optional().describe("Freeform search query (alternative to keywords)"),
-  include_snippets: z7.boolean().optional().describe("Include content excerpts around matches"),
-  limit: z7.number().int().min(1).max(100).optional().describe("Maximum number of results to return")
-};
-function createSearchProjectDocsTool(deps) {
-  const { pkgseerService, config } = deps;
-  return {
-    name: "search_project_docs",
-    description: "Searches documentation across all dependencies in a PkgSeer project. Returns ranked results from multiple packages. Uses project from pkgseer.yml config by default.",
-    schema: argsSchema9,
-    handler: async ({ project, keywords, query, include_snippets, limit }, _extra) => {
-      return withErrorHandling("search project documentation", async () => {
-        const resolvedProject = project ?? config.project;
-        if (!resolvedProject) {
-          return errorResult("No project provided and none configured in pkgseer.yml. " + "Either pass project parameter or add project to your config.");
-        }
-        if (!keywords?.length && !query) {
-          return errorResult("Either keywords or query must be provided for search");
-        }
-        const result = await pkgseerService.searchProjectDocs(resolvedProject, {
-          keywords,
-          query,
-          includeSnippets: include_snippets,
-          limit
-        });
-        const graphqlError = handleGraphQLErrors(result.errors);
-        if (graphqlError)
-          return graphqlError;
-        if (!result.data.searchProjectDocs) {
-          return errorResult(`Project not found: ${resolvedProject}`);
+    const absolutePath = fileSystemService.joinPath(basePath, firstHexFile);
+    const manifestDir = fileSystemService.getDirname(absolutePath);
+    try {
+      const [depsContent, depsTreeContent] = await Promise.all([
+        shellService.execute("mix deps --all", manifestDir),
+        shellService.execute("mix deps.tree", manifestDir)
+      ]);
+      generatedHexFiles = [
+        {
+          filename: "deps.txt",
+          path: absolutePath,
+          content: depsContent
+        },
+        {
+          filename: "deps-tree.txt",
+          path: absolutePath,
+          content: depsTreeContent
         }
-        return textResult(JSON.stringify(result.data.searchProjectDocs, null, 2));
-      });
+      ];
+    } catch (error2) {
+      const errorMessage = error2 instanceof Error ? error2.message : String(error2);
+      throw new Error(`Failed to generate dependencies for hex manifest: ${firstHexFile}
+` + `  Error: ${errorMessage}
+` + `  Make sure 'mix' is installed and the directory contains a valid Elixir project.`);
     }
-  };
-}
-// src/commands/mcp.ts
-var TOOL_FACTORIES = {
-  package_summary: ({ pkgseerService }) => createPackageSummaryTool(pkgseerService),
-  package_vulnerabilities: ({ pkgseerService }) => createPackageVulnerabilitiesTool(pkgseerService),
-  package_dependencies: ({ pkgseerService }) => createPackageDependenciesTool(pkgseerService),
-  package_quality: ({ pkgseerService }) => createPackageQualityTool(pkgseerService),
-  compare_packages: ({ pkgseerService }) => createComparePackagesTool(pkgseerService),
-  list_package_docs: ({ pkgseerService }) => createListPackageDocsTool(pkgseerService),
-  fetch_package_doc: ({ pkgseerService }) => createFetchPackageDocTool(pkgseerService),
-  search_package_docs: ({ pkgseerService }) => createSearchPackageDocsTool(pkgseerService),
-  search_project_docs: ({ pkgseerService, config }) => createSearchProjectDocsTool({ pkgseerService, config })
-};
-var PUBLIC_READ_TOOLS = [
-  "package_summary",
-  "package_vulnerabilities",
-  "package_dependencies",
-  "package_quality",
-  "compare_packages",
-  "list_package_docs",
-  "fetch_package_doc",
-  "search_package_docs"
-];
-var PROJECT_READ_TOOLS = ["search_project_docs"];
-var ALL_TOOLS = [...PUBLIC_READ_TOOLS, ...PROJECT_READ_TOOLS];
-function createMcpServer(deps) {
-  const { pkgseerService, config } = deps;
-  const server = new McpServer({
-    name: "pkgseer",
-    version: "0.1.0"
-  });
-  const enabledToolNames = config.enabled_tools ?? ALL_TOOLS;
-  const toolsToRegister = enabledToolNames.filter((name) => ALL_TOOLS.includes(name));
-  for (const toolName of toolsToRegister) {
-    const factory = TOOL_FACTORIES[toolName];
-    const tool = factory({ pkgseerService, config });
-    server.registerTool(tool.name, { description: tool.description, inputSchema: tool.schema }, tool.handler);
   }
-  return server;
-}
-function requireAuth(deps) {
-  if (deps.hasValidToken) {
-    return;
-  }
-  console.log(`Authentication required to start MCP server.
-`);
-  if (deps.baseUrl !== "https://pkgseer.dev") {
-    console.log(`  Environment: ${deps.baseUrl}`);
-    console.log(`  You're using a custom environment.
-`);
+  const filePromises = files.map(async (relativePath) => {
+    const isHexFile = relativePath.endsWith("mix.exs") || relativePath.endsWith("mix.lock");
+    if (isHexFile) {
+      if (!allowMixDeps) {
+        return null;
+      }
+      return null;
+    }
+    const absolutePath = fileSystemService.joinPath(basePath, relativePath);
+    const exists = await fileSystemService.exists(absolutePath);
+    if (!exists) {
+      throw new Error(`File not found: ${relativePath}
+  Make sure the file exists and the path in pkgseer.yml is correct.`);
+    }
+    const content = await fileSystemService.readFile(absolutePath);
+    const filename = relativePath.split(/[/\\]/).pop() ?? relativePath;
+    return {
+      filename,
+      path: absolutePath,
+      content
+    };
+  });
+  const regularFiles = await Promise.all(filePromises);
+  const result = [];
+  let hexFilesInserted = false;
+  for (let i = 0;i < files.length; i++) {
+    const relativePath = files[i];
+    if (!relativePath) {
+      continue;
+    }
+    const isHexFile = relativePath.endsWith("mix.exs") || relativePath.endsWith("mix.lock");
+    if (isHexFile && !hexFilesInserted && generatedHexFiles.length > 0) {
+      result.push(...generatedHexFiles);
+      hexFilesInserted = true;
+    } else if (!isHexFile) {
+      const regularFile = regularFiles[i];
+      if (regularFile !== undefined) {
+        result.push(regularFile);
+      }
+    } else {
+      result.push(null);
+    }
   }
-  console.log("To authenticate:");
-  console.log(`  pkgseer login
-`);
-  console.log("Or set PKGSEER_API_TOKEN environment variable.");
-  process.exit(1);
-}
-async function startMcpServer(deps) {
-  requireAuth(deps);
-  const server = createMcpServer(deps);
-  const transport = new StdioServerTransport;
-  await server.connect(transport);
+  return result;
 }
-function registerMcpCommand(program) {
-  program.command("mcp").summary("Start MCP server for AI assistants").description(`Start the Model Context Protocol (MCP) server using STDIO transport.
-
-This allows AI assistants like Claude, Cursor, and others to query package
-information directly. Add this to your assistant's MCP configuration:
 
-  "pkgseer": {
-    "command": "pkgseer",
-    "args": ["mcp"]
+// src/commands/project/init.ts
+async function projectInitAction(options, deps) {
+  const {
+    projectService,
+    configService,
+    fileSystemService,
+    gitService,
+    promptService,
+    shellService,
+    baseUrl
+  } = deps;
+  const useColors = shouldUseColors2();
+  const auth = await checkProjectWriteScope(configService, baseUrl);
+  if (!auth) {
+    console.error(error(`Authentication required with ${highlight(PROJECT_MANIFEST_UPLOAD_SCOPE, useColors)} scope`, useColors));
+    console.log(`
+  Your current token doesn't have the required permissions for creating projects and uploading manifests.`);
+    console.log(`
+  To fix this:`);
+    console.log(`    1. Run: ${highlight(`pkgseer login --force`, useColors)}`);
+    console.log(`    2. Make sure to grant ${highlight(PROJECT_MANIFEST_UPLOAD_SCOPE, useColors)} scope during authentication`);
+    console.log(`
+  Or check your current scopes with: ${highlight(`pkgseer auth status`, useColors)}`);
+    process.exit(1);
   }
-
-Available tools: package_summary, package_vulnerabilities,
-package_dependencies, package_quality, compare_packages,
-list_package_docs, fetch_package_doc, search_package_docs,
-search_project_docs`).action(async () => {
-    const deps = await createContainer();
-    await startMcpServer(deps);
-  });
-}
-
-// src/commands/pkg/compare.ts
-function parsePackageSpec(spec) {
-  let registry = "npm";
-  let rest = spec;
-  if (spec.includes(":")) {
-    const colonIndex = spec.indexOf(":");
-    const potentialRegistry = spec.slice(0, colonIndex).toLowerCase();
-    if (["npm", "pypi", "hex"].includes(potentialRegistry)) {
-      registry = potentialRegistry;
-      rest = spec.slice(colonIndex + 1);
-    }
-  }
-  const atIndex = rest.lastIndexOf("@");
-  if (atIndex > 0) {
-    return {
-      registry,
-      name: rest.slice(0, atIndex),
-      version: rest.slice(atIndex + 1)
-    };
-  }
-  return { registry, name: rest };
-}
-function formatPackageComparison(comparison) {
-  const lines = [];
-  lines.push("\uD83D\uDCCA Package Comparison");
-  lines.push("");
-  if (!comparison.packages || comparison.packages.length === 0) {
-    lines.push("No packages to compare.");
-    return lines.join(`
-`);
-  }
-  const packages = comparison.packages.filter((p) => p != null);
-  const maxNameLen = Math.max(...packages.map((p) => `${p.packageName}@${p.version}`.length));
-  const header = "Package".padEnd(maxNameLen + 2);
-  lines.push(`  ${header}  Quality     Downloads/mo  Vulns`);
-  lines.push(`  ${"─".repeat(maxNameLen + 2)}  ${"─".repeat(10)}  ${"─".repeat(12)}  ${"─".repeat(5)}`);
-  for (const pkg of packages) {
-    const name = `${pkg.packageName}@${pkg.version}`.padEnd(maxNameLen + 2);
-    const scoreValue = pkg.quality?.score;
-    const quality = scoreValue != null ? `${Math.round(scoreValue > 1 ? scoreValue : scoreValue * 100)}%`.padEnd(10) : "N/A".padEnd(10);
-    const downloads = pkg.downloadsLastMonth ? formatNumber(pkg.downloadsLastMonth).padEnd(12) : "N/A".padEnd(12);
-    const vulns = pkg.vulnerabilityCount != null ? pkg.vulnerabilityCount === 0 ? "✅ 0" : `⚠️  ${pkg.vulnerabilityCount}` : "N/A";
-    lines.push(`  ${name}  ${quality}  ${downloads}  ${vulns}`);
-  }
-  return lines.join(`
-`);
-}
-async function pkgCompareAction(packages, options, deps) {
-  const { pkgseerService } = deps;
-  if (packages.length < 2) {
-    outputError("At least 2 packages required for comparison", options.json ?? false);
-    return;
-  }
-  if (packages.length > 10) {
-    outputError("Maximum 10 packages can be compared at once", options.json ?? false);
-    return;
-  }
-  const input2 = packages.map((spec) => {
-    const parsed = parsePackageSpec(spec);
-    return {
-      registry: toGraphQLRegistry(parsed.registry),
-      name: parsed.name,
-      version: parsed.version
-    };
-  });
-  const result = await pkgseerService.cliComparePackages(input2);
-  handleErrors(result.errors, options.json ?? false);
-  if (!result.data.comparePackages) {
-    outputError("Comparison failed", options.json ?? false);
-    return;
+  const existingConfig = await configService.loadProjectConfig();
+  if (existingConfig?.config.project) {
+    console.error(error(`A project is already configured in pkgseer.yml: ${highlight(existingConfig.config.project, useColors)}`, useColors));
+    console.log(dim(`
+  To reinitialize, either remove pkgseer.yml or edit it manually.`, useColors));
+    console.log(dim(`  To update manifest files, use: `, useColors) + highlight(`pkgseer project detect`, useColors));
+    process.exit(1);
   }
-  if (options.json) {
-    const pkgs = result.data.comparePackages.packages?.filter((p) => p) ?? [];
-    const slim = pkgs.map((p) => ({
-      package: `${p.packageName}@${p.version}`,
-      quality: p.quality?.score,
-      downloads: p.downloadsLastMonth,
-      vulnerabilities: p.vulnerabilityCount
-    }));
-    output(slim, true);
-  } else {
-    console.log(formatPackageComparison(result.data.comparePackages));
+  let projectName = options.name?.trim();
+  if (!projectName) {
+    const cwd2 = fileSystemService.getCwd();
+    const basename = cwd2.split(/[/\\]/).pop() ?? "project";
+    const input2 = await promptService.input(`Project name:`, basename);
+    projectName = input2.trim();
   }
-}
-var COMPARE_DESCRIPTION = `Compare multiple packages.
-
-Compares packages across quality, security, and popularity metrics.
-Supports cross-registry comparison.
-
-Package format: [registry:]name[@version]
-  - lodash (npm, latest)
-  - pypi:requests (pypi, latest)
-  - npm:express@4.18.0 (npm, specific version)
-
-Examples:
-  pkgseer pkg compare lodash underscore ramda
-  pkgseer pkg compare npm:axios pypi:requests
-  pkgseer pkg compare express@4.18.0 express@5.0.0 --json`;
-function registerPkgCompareCommand(program) {
-  program.command("compare <packages...>").summary("Compare multiple packages").description(COMPARE_DESCRIPTION).option("--json", "Output as JSON").action(async (packages, options) => {
-    await withCliErrorHandling(options.json ?? false, async () => {
-      const deps = await createContainer();
-      await pkgCompareAction(packages, options, deps);
+  console.log(`
+Creating project ${highlight(projectName, useColors)}...`);
+  let createResult;
+  let projectAlreadyExists = false;
+  try {
+    createResult = await projectService.createProject({
+      name: projectName
     });
-  });
-}
-// src/commands/pkg/deps.ts
-function formatPackageDependencies(data) {
-  const lines = [];
-  const pkg = data.package;
-  const deps = data.dependencies;
-  if (!pkg) {
-    return "No package data available.";
-  }
-  lines.push(`\uD83D\uDCE6 ${pkg.name}@${pkg.version}`);
-  lines.push("");
-  if (deps?.summary) {
-    lines.push("Summary:");
-    lines.push(`  Direct dependencies: ${deps.summary.directCount ?? 0}`);
-    if (deps.summary.uniquePackagesCount) {
-      lines.push(`  Unique packages: ${deps.summary.uniquePackagesCount}`);
+  } catch (createError) {
+    const errorMessage = createError instanceof Error ? createError.message : String(createError);
+    if (createError instanceof Error && (errorMessage.includes("already been taken") || errorMessage.includes("already exists"))) {
+      console.log(dim(`
+  Project ${highlight(projectName, useColors)} already exists on the server.`, useColors));
+      console.log(dim(`  This might happen if you previously ran init but didn't complete the setup.`, useColors));
+      const useExisting = await promptService.confirm(`
+  Do you want to use the existing project and continue with manifest setup?`, true);
+      if (!useExisting) {
+        console.log(dim(`
+  Exiting. Please choose a different project name or use an existing project.`, useColors));
+        process.exit(0);
+      }
+      projectAlreadyExists = true;
+      createResult = {
+        project: {
+          name: projectName,
+          defaultBranch: "main"
+        },
+        errors: null
+      };
+    } else {
+      console.error(error(`Failed to create project: ${errorMessage}`, useColors));
+      if (createError instanceof Error && (errorMessage.includes("Insufficient permissions") || errorMessage.includes("Required scopes") || errorMessage.includes(PROJECT_MANIFEST_UPLOAD_SCOPE))) {
+        console.log(`
+  Your current token doesn't have the required permissions for creating projects.`);
+        console.log(`
+  To fix this:`);
+        console.log(`    1. Run: ${highlight(`pkgseer login --force`, useColors)}`);
+        console.log(`    2. Make sure to grant ${highlight(PROJECT_MANIFEST_UPLOAD_SCOPE, useColors)} scope during authentication`);
+        console.log(`
+  Or check your current scopes with: ${highlight(`pkgseer auth status`, useColors)}`);
+      } else if (createError instanceof Error && (errorMessage.includes("alphanumeric") || errorMessage.includes("hyphens") || errorMessage.includes("underscores"))) {
+        console.log(dim(`
+  Project name requirements:`, useColors));
+        console.log(dim(`    • Must start with an alphanumeric character (a-z, A-Z, 0-9)`, useColors));
+        console.log(dim(`    • Can contain letters, numbers, hyphens (-), and underscores (_)`, useColors));
+        console.log(dim(`    • Example valid names: ${highlight(`my-project`, useColors)}, ${highlight(`project_123`, useColors)}, ${highlight(`backend`, useColors)}`, useColors));
+      }
+      process.exit(1);
     }
-    lines.push("");
   }
-  if (deps?.direct && deps.direct.length > 0) {
-    lines.push(`Dependencies (${deps.direct.length}):`);
-    for (const dep of deps.direct) {
-      if (dep) {
-        const type = dep.type !== "RUNTIME" ? ` [${dep.type?.toLowerCase()}]` : "";
-        lines.push(`  ${dep.name} ${dep.versionConstraint}${type}`);
+  if (!createResult.project) {
+    if (createResult.errors && createResult.errors.length > 0) {
+      const firstError = createResult.errors[0];
+      console.error(error(`Failed to create project: ${firstError?.message ?? "Unknown error"}`, useColors));
+      if (firstError?.field) {
+        console.log(dim(`
+  Field: ${firstError.field}`, useColors));
       }
+      process.exit(1);
     }
-  } else {
-    lines.push("No direct dependencies.");
-  }
-  return lines.join(`
-`);
-}
-async function pkgDepsAction(packageName, options, deps) {
-  const { pkgseerService } = deps;
-  const registry = toGraphQLRegistry(options.registry);
-  const result = await pkgseerService.cliPackageDeps(registry, packageName, options.pkgVersion, options.transitive);
-  handleErrors(result.errors, options.json ?? false);
-  if (!result.data.packageDependencies) {
-    outputError(`Package not found: ${packageName} in ${options.registry}`, options.json ?? false);
-    return;
+    console.error(error(`Failed to create project`, useColors));
+    console.log(dim(`
+  Please try again or contact support if the issue persists.`, useColors));
+    process.exit(1);
   }
-  if (options.json) {
-    const data = result.data.packageDependencies;
-    const slim = {
-      package: `${data.package?.name}@${data.package?.version}`,
-      directCount: data.dependencies?.summary?.directCount ?? 0,
-      dependencies: data.dependencies?.direct?.filter((d) => d).map((d) => ({
-        name: d.name,
-        version: d.versionConstraint,
-        type: d.type
-      }))
-    };
-    output(slim, true);
+  if (projectAlreadyExists) {
+    console.log(success(`Using existing project ${highlight(createResult.project.name, useColors)}`, useColors));
   } else {
-    console.log(formatPackageDependencies(result.data.packageDependencies));
+    console.log(success(`Project ${highlight(createResult.project.name, useColors)} created successfully!`, useColors));
   }
-}
-var DEPS_DESCRIPTION = `Get package dependencies.
-
-Lists direct dependencies and shows version constraints and
-dependency types (runtime, dev, optional).
-
-Examples:
-  pkgseer pkg deps express
-  pkgseer pkg deps lodash --transitive
-  pkgseer pkg deps requests --registry pypi --json`;
-function registerPkgDepsCommand(program) {
-  program.command("deps <package>").summary("Get package dependencies").description(DEPS_DESCRIPTION).option("-r, --registry <registry>", "Package registry", "npm").option("-v, --pkg-version <version>", "Package version").option("-t, --transitive", "Include transitive dependencies").option("--json", "Output as JSON").action(async (packageName, options) => {
-    await withCliErrorHandling(options.json ?? false, async () => {
-      const deps = await createContainer();
-      await pkgDepsAction(packageName, options, deps);
-    });
-  });
-}
-// src/commands/pkg/info.ts
-function formatPackageSummary(data) {
-  const lines = [];
-  const pkg = data.package;
-  if (!pkg) {
-    return "No package data available.";
-  }
-  lines.push(`\uD83D\uDCE6 ${pkg.name}@${pkg.latestVersion}`);
-  lines.push("");
-  if (pkg.description) {
-    lines.push(pkg.description);
-    lines.push("");
-  }
-  lines.push("Package Info:");
-  lines.push(keyValueTable([
-    ["Registry", pkg.registry],
-    ["Version", pkg.latestVersion],
-    ["License", pkg.license]
-  ]));
-  lines.push("");
-  if (pkg.homepage || pkg.repositoryUrl) {
-    lines.push("Links:");
-    const links = [];
-    if (pkg.homepage)
-      links.push(["Homepage", pkg.homepage]);
-    if (pkg.repositoryUrl)
-      links.push(["Repository", pkg.repositoryUrl]);
-    lines.push(keyValueTable(links));
-    lines.push("");
-  }
-  const vulnCount = data.security?.vulnerabilityCount ?? 0;
-  if (vulnCount > 0) {
-    lines.push(`⚠️  Security: ${vulnCount} vulnerabilities`);
-    lines.push("");
-  }
-  if (data.quickstart?.installCommand) {
-    lines.push("Quick Start:");
-    lines.push(`  ${data.quickstart.installCommand}`);
-  }
-  return lines.join(`
+  const maxDepth = options.maxDepth ?? 3;
+  console.log(dim(`
+Scanning for manifest files (max depth: ${maxDepth})...`, useColors));
+  const cwd = fileSystemService.getCwd();
+  const manifestGroups = await detectAndGroupManifests(cwd, fileSystemService, {
+    maxDepth
+  });
+  const configToWrite = {
+    project: projectName
+  };
+  if (manifestGroups.length > 0) {
+    console.log(`
+Found ${highlight(`${manifestGroups.length}`, useColors)} manifest group${manifestGroups.length === 1 ? "" : "s"}:
 `);
-}
-async function pkgInfoAction(packageName, options, deps) {
-  const { pkgseerService } = deps;
-  const registry = toGraphQLRegistry(options.registry);
-  const result = await pkgseerService.cliPackageInfo(registry, packageName);
-  handleErrors(result.errors, options.json ?? false);
-  if (!result.data.packageSummary) {
-    outputError(`Package not found: ${packageName} in ${options.registry}`, options.json ?? false);
-    return;
+    for (const group of manifestGroups) {
+      console.log(`  Label: ${highlight(group.label, useColors)}`);
+      for (const manifest of group.manifests) {
+        console.log(`    ${highlight(manifest.relativePath, useColors)} ${dim(`(${manifest.type})`, useColors)}`);
+      }
+    }
+    const hasHexManifests = manifestGroups.some((group) => group.manifests.some((m) => m.type === "hex"));
+    let allowMixDeps = false;
+    if (hasHexManifests) {
+      console.log(dim(`
+  Note: Elixir/Hex manifest files (mix.exs, mix.lock) are Elixir code and cannot be directly uploaded.`, useColors));
+      console.log(dim(`  Instead, we need to run "mix deps --all" and "mix deps.tree" to generate dependency information.`, useColors));
+      allowMixDeps = await promptService.confirm(`
+  Allow running "mix deps --all" and "mix deps.tree" for hex manifests?`, true);
+    }
+    configToWrite.manifests = manifestGroups.map((group) => {
+      const hasHexInGroup = group.manifests.some((m) => m.type === "hex");
+      return {
+        label: group.label,
+        files: group.manifests.map((m) => m.relativePath),
+        ...hasHexInGroup && allowMixDeps ? { allow_mix_deps: true } : {}
+      };
+    });
+    const action = await promptService.select(`
+What would you like to do next?`, [
+      {
+        value: "upload",
+        name: "Save config and upload manifests now",
+        description: "Recommended: saves configuration and uploads files immediately"
+      },
+      {
+        value: "edit",
+        name: "Save config for manual editing",
+        description: "Saves configuration so you can customize labels before uploading"
+      },
+      {
+        value: "abort",
+        name: "Skip configuration for now",
+        description: "Project is created but no config saved (you can run init again later)"
+      }
+    ]);
+    if (action === "abort") {
+      if (projectAlreadyExists) {
+        console.log(`
+${success(`Using existing project ${highlight(projectName, useColors)}`, useColors)}`);
+      } else {
+        console.log(`
+${success(`Project ${highlight(projectName, useColors)} created successfully!`, useColors)}`);
+      }
+      console.log(dim(`
+  Configuration was not saved. To configure later, run:`, useColors));
+      console.log(`    ${highlight(`pkgseer project init --name ${projectName}`, useColors)}`);
+      console.log(dim(`
+  Or manually create pkgseer.yml and run: `, useColors) + highlight(`pkgseer project upload`, useColors));
+      process.exit(0);
+    }
+    if (action === "upload") {
+      await configService.writeProjectConfig(configToWrite);
+      console.log(success(`Configuration saved to ${highlight("pkgseer.yml", useColors)}`, useColors));
+      const branch = await gitService.getCurrentBranch() ?? createResult.project.defaultBranch;
+      console.log(`
+Uploading manifest files to branch ${highlight(branch, useColors)}...`);
+      const cwd2 = fileSystemService.getCwd();
+      for (const group of manifestGroups) {
+        try {
+          const hasHexManifests2 = group.manifests.some((m) => m.type === "hex");
+          const allowMixDeps2 = configToWrite.manifests?.find((m) => m.label === group.label)?.allow_mix_deps === true;
+          const allFiles = await processManifestFiles({
+            files: group.manifests.map((m) => m.relativePath),
+            basePath: cwd2,
+            hasHexManifests: hasHexManifests2,
+            allowMixDeps: allowMixDeps2 ?? false,
+            fileSystemService,
+            shellService
+          });
+          const validFiles = allFiles.filter((f) => f !== null);
+          if (validFiles.length === 0) {
+            console.log(`  ${dim(`(no files to upload for ${group.label})`, useColors)}`);
+            continue;
+          }
+          const uploadResult = await projectService.uploadManifests({
+            project: projectName,
+            branch,
+            label: group.label,
+            files: validFiles
+          });
+          for (const result of uploadResult.results) {
+            if (result.status === "success") {
+              const depsCount = result.dependencies_count ?? 0;
+              const labelText = highlight(group.label, useColors);
+              const fileText = highlight(result.filename, useColors);
+              const depsText = dim(`(${depsCount} dependencies)`, useColors);
+              console.log(`  ${success(`${labelText}: ${fileText}`, useColors)} ${depsText}`);
+            } else {
+              console.log(`  ${error(`${group.label}: ${result.filename} - ${result.error ?? "Unknown error"}`, useColors)}`);
+            }
+          }
+        } catch (uploadError) {
+          const errorMessage = uploadError instanceof Error ? uploadError.message : String(uploadError);
+          let userMessage = `Failed to upload ${group.label}: ${errorMessage}`;
+          if (hasHexManifests) {
+            if (errorMessage.includes("command not found") || errorMessage.includes("mix:")) {
+              userMessage = `Failed to process hex manifest files for ${group.label}.
+` + `  Error: ${errorMessage}
+` + `  Make sure Elixir and 'mix' are installed. Install Elixir from https://elixir-lang.org/install.html`;
+            } else if (errorMessage.includes("Failed to generate dependencies")) {
+              userMessage = errorMessage;
+            } else if (errorMessage.includes("Network") || errorMessage.includes("ECONNREFUSED")) {
+              userMessage = `Failed to upload ${group.label}: Network error.
+` + `  Error: ${errorMessage}
+` + `  Check your internet connection and try again.`;
+            }
+          } else if (errorMessage.includes("Network") || errorMessage.includes("ECONNREFUSED")) {
+            userMessage = `Failed to upload ${group.label}: Network error.
+` + `  Error: ${errorMessage}
+` + `  Check your internet connection and try again.`;
+          }
+          console.error(error(userMessage, useColors));
+        }
+      }
+      console.log(`
+${success(`Project initialization complete!`, useColors)}`);
+      console.log(dim(`
+  View your project: `, useColors) + highlight(`${deps.baseUrl}/projects/${projectName}`, useColors));
+      console.log(dim(`
+  To upload updated manifests later, run: `, useColors) + highlight(`pkgseer project upload`, useColors));
+      return;
+    }
+  } else {
+    console.log(dim(`
+No manifest files were found in the current directory.`, useColors));
   }
-  if (options.json) {
-    const data = result.data.packageSummary;
-    const pkg = data.package;
-    const slim = {
-      name: pkg?.name,
-      version: pkg?.latestVersion,
-      description: pkg?.description,
-      license: pkg?.license,
-      install: data.quickstart?.installCommand,
-      vulnerabilities: data.security?.vulnerabilityCount ?? 0
-    };
-    output(slim, true);
+  await configService.writeProjectConfig(configToWrite);
+  console.log(success(`Configuration saved to ${highlight("pkgseer.yml", useColors)}`, useColors));
+  if (manifestGroups.length > 0) {
+    console.log(dim(`
+  Next steps:`, useColors));
+    console.log(dim(`    1. Edit pkgseer.yml to customize manifest labels if needed`, useColors));
+    console.log(dim(`    2. Run: `, useColors) + highlight(`pkgseer project upload`, useColors));
+    console.log(dim(`
+  Tip: Use `, useColors) + highlight(`pkgseer project detect`, useColors) + dim(` to automatically update your config when you add new manifest files.`, useColors));
   } else {
-    console.log(formatPackageSummary(result.data.packageSummary));
+    console.log(dim(`
+  Next steps:`, useColors));
+    console.log(dim(`    1. Add manifest files to your project`, useColors));
+    console.log(dim(`    2. Edit pkgseer.yml to configure them:`, useColors));
+    console.log(dim(`
+       manifests:`, useColors));
+    console.log(dim(`         - label: backend`, useColors));
+    console.log(dim(`           files:`, useColors));
+    console.log(dim(`             - `, useColors) + highlight(`package-lock.json`, useColors));
+    console.log(dim(`
+    3. Run: `, useColors) + highlight(`pkgseer project upload`, useColors));
+    console.log(dim(`
+  Tip: Run `, useColors) + highlight(`pkgseer project detect`, useColors) + dim(` after adding manifest files to auto-configure them.`, useColors));
   }
 }
-var INFO_DESCRIPTION = `Get package summary and metadata.
+var INIT_DESCRIPTION = `Initialize a new project in the current directory.
 
-Displays comprehensive information about a package including:
-- Basic metadata (version, license, description)
-- Download statistics
-- Security advisories
-- Quick start instructions
+This command will:
+  1. Create a new project entry (or prompt for a project name)
+  2. Scan for manifest files (package.json, requirements.txt, etc.)
+  3. Suggest labels based on directory structure
+  4. Optionally upload manifests to the project
 
-Examples:
-  pkgseer pkg info lodash
-  pkgseer pkg info requests --registry pypi
-  pkgseer pkg info phoenix --registry hex --json`;
-function registerPkgInfoCommand(program) {
-  program.command("info <package>").summary("Get package summary and metadata").description(INFO_DESCRIPTION).option("-r, --registry <registry>", "Package registry", "npm").option("--json", "Output as JSON").action(async (packageName, options) => {
-    await withCliErrorHandling(options.json ?? false, async () => {
-      const deps = await createContainer();
-      await pkgInfoAction(packageName, options, deps);
-    });
-  });
-}
-// src/commands/pkg/quality.ts
-function formatPackageQuality(data) {
-  const lines = [];
-  const quality = data.quality;
-  if (!quality) {
-    return "No quality data available.";
-  }
-  lines.push(`\uD83D\uDCCA Quality Score: ${formatScore(quality.overallScore)} (Grade: ${quality.grade})`);
-  lines.push("");
-  if (quality.categories && quality.categories.length > 0) {
-    lines.push("Category Breakdown:");
-    for (const category of quality.categories) {
-      if (category) {
-        const name = (category.category || "Unknown").padEnd(20);
-        lines.push(`  ${name} ${formatScore(category.score)}`);
+The project name defaults to the current directory name, or you can
+specify it with --name. Manifest files are automatically detected
+and grouped by their directory structure.`;
+function registerProjectInitCommand(program) {
+  program.command("init").summary("Initialize a new project").description(INIT_DESCRIPTION).option("--name <name>", "Project name (alphanumeric, hyphens, underscores only)").option("--max-depth <depth>", "Maximum directory depth to scan for manifests", (val) => Number.parseInt(val, 10), 3).action(async (options) => {
+    const deps = await createContainer();
+    await projectInitAction({ name: options.name, maxDepth: options.maxDepth }, {
+      projectService: deps.projectService,
+      configService: deps.configService,
+      fileSystemService: deps.fileSystemService,
+      gitService: deps.gitService,
+      promptService: deps.promptService,
+      shellService: deps.shellService,
+      baseUrl: deps.baseUrl
+    });
+  });
+}
+
+// src/commands/init.ts
+async function initAction(options, deps) {
+  const useColors = shouldUseColors2();
+  console.log("Welcome to PkgSeer!");
+  console.log(`───────────────────
+`);
+  console.log(`Set up PkgSeer for your project:
+` + `  1. Project configuration – track dependencies and monitor vulnerabilities
+` + `  2. MCP server – enable AI assistant integration
+`);
+  console.log(dim(`Or run separately: pkgseer project init, pkgseer mcp init
+`, useColors));
+  let setupProject = !options.skipProject;
+  let setupMcp = !options.skipMcp;
+  if (options.skipProject && options.skipMcp) {
+    showCliUsage(useColors);
+    return;
+  }
+  if (!options.skipProject && !options.skipMcp) {
+    const choice = await deps.promptService.select("What would you like to set up?", [
+      {
+        value: "both",
+        name: "Both project and MCP server (recommended)",
+        description: "Full setup: dependency tracking + AI assistant integration"
+      },
+      {
+        value: "project",
+        name: "Project only",
+        description: "Track dependencies and monitor for vulnerabilities"
+      },
+      {
+        value: "mcp",
+        name: "MCP server only",
+        description: "Enable AI assistant integration"
+      },
+      {
+        value: "cli",
+        name: "CLI usage (no setup)",
+        description: "Use PkgSeer as a command-line tool"
       }
+    ]);
+    if (choice === "cli") {
+      showCliUsage(useColors);
+      return;
     }
-    lines.push("");
+    setupProject = choice === "both" || choice === "project";
+    setupMcp = choice === "both" || choice === "mcp";
   }
-  return lines.join(`
+  const projectInit = deps.projectInitAction ?? projectInitAction;
+  const mcpInit = deps.mcpInitAction ?? mcpInitAction;
+  if (setupProject) {
+    const existingConfig = await deps.configService.loadProjectConfig();
+    if (existingConfig?.config.project) {
+      console.log(`
+Project already configured: ${highlight(existingConfig.config.project, useColors)}`);
+      console.log(dim(`Skipping project setup. Run 'pkgseer project init' to reinitialize.
+`, useColors));
+      setupProject = false;
+    } else {
+      console.log(`
+` + "=".repeat(50));
+      console.log("Project Configuration Setup");
+      console.log("=".repeat(50) + `
 `);
-}
-async function pkgQualityAction(packageName, options, deps) {
-  const { pkgseerService } = deps;
-  const registry = toGraphQLRegistry(options.registry);
-  const result = await pkgseerService.cliPackageQuality(registry, packageName, options.pkgVersion);
-  handleErrors(result.errors, options.json ?? false);
-  if (!result.data.packageQuality) {
-    outputError(`Package not found: ${packageName} in ${options.registry}`, options.json ?? false);
-    return;
+      await projectInit({}, {
+        projectService: deps.projectService,
+        configService: deps.configService,
+        fileSystemService: deps.fileSystemService,
+        gitService: deps.gitService,
+        promptService: deps.promptService,
+        shellService: deps.shellService,
+        baseUrl: deps.baseUrl
+      });
+      const updatedConfig = await deps.configService.loadProjectConfig();
+      if (updatedConfig?.config.project) {
+        console.log(`
+${highlight("✓", useColors)} Project setup complete!
+`);
+      }
+    }
   }
-  if (options.json) {
-    const quality = result.data.packageQuality.quality;
-    const slim = {
-      package: `${result.data.packageQuality.package?.name}@${result.data.packageQuality.package?.version}`,
-      score: quality?.overallScore,
-      grade: quality?.grade,
-      categories: quality?.categories?.filter((c) => c).map((c) => ({
-        name: c.category,
-        score: c.score
-      }))
-    };
-    output(slim, true);
-  } else {
-    console.log(formatPackageQuality(result.data.packageQuality));
+  if (setupMcp) {
+    const currentConfig = await deps.configService.loadProjectConfig();
+    const hasProjectNow = currentConfig?.config.project !== undefined;
+    console.log(`
+` + "=".repeat(50));
+    console.log("MCP Server Setup");
+    console.log("=".repeat(50) + `
+`);
+    await mcpInit({
+      fileSystemService: deps.fileSystemService,
+      promptService: deps.promptService,
+      configService: deps.configService,
+      baseUrl: deps.baseUrl,
+      hasProject: hasProjectNow
+    });
+    console.log(`
+${highlight("✓", useColors)} MCP setup complete!
+`);
+  }
+  console.log("=".repeat(50));
+  console.log("Setup Complete!");
+  console.log("=".repeat(50) + `
+`);
+  if (setupProject) {
+    const finalConfig = await deps.configService.loadProjectConfig();
+    if (finalConfig?.config.project) {
+      console.log(`Project: ${highlight(finalConfig.config.project, useColors)}`);
+      console.log(dim(`  View at: ${deps.baseUrl}/projects/${finalConfig.config.project}`, useColors));
+    }
   }
+  if (setupMcp) {
+    console.log("MCP Server: Configured");
+    console.log(dim("  Restart your AI assistant to activate the MCP server.", useColors));
+  }
+  console.log(dim(`
+Next steps:
+` + `  • Use CLI commands: pkgseer pkg info <package>
+` + `  • Search docs: pkgseer docs search <query>
+` + "  • Quick reference: pkgseer quickstart", useColors));
+}
+function showCliUsage(useColors) {
+  console.log("Using PkgSeer via CLI");
+  console.log(`─────────────────────
+`);
+  console.log(`PkgSeer works great as a standalone CLI tool. Your AI assistant
+` + `can run these commands directly:
+`);
+  console.log("Package Commands:");
+  console.log(`  ${highlight("pkgseer pkg info <package>", useColors)}      Get package summary`);
+  console.log(`  ${highlight("pkgseer pkg vulns <package>", useColors)}     Check vulnerabilities`);
+  console.log(`  ${highlight("pkgseer pkg quality <package>", useColors)}   Get quality score`);
+  console.log(`  ${highlight("pkgseer pkg deps <package>", useColors)}      List dependencies`);
+  console.log(`  ${highlight("pkgseer pkg compare <pkg...>", useColors)}    Compare packages
+`);
+  console.log("Documentation Commands:");
+  console.log(`  ${highlight("pkgseer docs list <package>", useColors)}     List doc pages`);
+  console.log(`  ${highlight("pkgseer docs get <pkg>/<page>", useColors)}   Fetch doc content`);
+  console.log(`  ${highlight("pkgseer docs search <query>", useColors)}     Search documentation
+`);
+  console.log(dim(`All commands support --json for structured output.
+` + "Tip: Run 'pkgseer quickstart' for a quick reference guide.", useColors));
 }
-var QUALITY_DESCRIPTION = `Get package quality score and breakdown.
+function registerInitCommand(program) {
+  program.command("init").summary("Set up project and MCP server").description(`Set up PkgSeer for your project.
 
-Analyzes package quality across multiple dimensions:
-- Maintenance and activity
-- Documentation coverage
-- Security practices
-- Community engagement
+Guides you through:
+  • Project configuration – track dependencies, monitor vulnerabilities
+  • MCP server – enable AI assistant integration
 
-Examples:
-  pkgseer pkg quality lodash
-  pkgseer pkg quality express -v 4.18.0
-  pkgseer pkg quality requests --registry pypi --json`;
-function registerPkgQualityCommand(program) {
-  program.command("quality <package>").summary("Get package quality score").description(QUALITY_DESCRIPTION).option("-r, --registry <registry>", "Package registry", "npm").option("-v, --pkg-version <version>", "Package version").option("--json", "Output as JSON").action(async (packageName, options) => {
-    await withCliErrorHandling(options.json ?? false, async () => {
-      const deps = await createContainer();
-      await pkgQualityAction(packageName, options, deps);
-    });
+Run separately: pkgseer project init, pkgseer mcp init`).option("--skip-project", "Skip project setup").option("--skip-mcp", "Skip MCP setup").action(async (options) => {
+    const deps = await createContainer();
+    await initAction(options, deps);
   });
 }
-// src/commands/pkg/vulns.ts
-function getSeverityLabel(score) {
-  if (score == null)
-    return "UNKNOWN";
-  if (score >= 9)
-    return "CRITICAL";
-  if (score >= 7)
-    return "HIGH";
-  if (score >= 4)
-    return "MEDIUM";
-  return "LOW";
+
+// src/commands/login.ts
+import { hostname } from "node:os";
+var TIMEOUT_MS = 5 * 60 * 1000;
+function randomPort() {
+  return Math.floor(Math.random() * 2000) + 8000;
 }
-function formatPackageVulnerabilities(data) {
-  const lines = [];
-  const pkg = data.package;
-  const security = data.security;
-  if (!pkg) {
-    return "No package data available.";
+async function loginAction(options, deps) {
+  const { authService, authStorage, browserService, baseUrl } = deps;
+  const existing = await authStorage.load(baseUrl);
+  if (existing && !options.force) {
+    const isExpired = existing.expiresAt && new Date(existing.expiresAt) < new Date;
+    if (!isExpired) {
+      console.log(`Already logged in.
+`);
+      console.log(`  Environment: ${baseUrl}`);
+      console.log(`  Token: ${existing.tokenName}
+`);
+      console.log("To switch accounts, run `pkgseer logout` first.");
+      console.log("To re-authenticate with different scopes, use `pkgseer login --force`.");
+      return;
+    }
+    console.log(`Token expired. Starting new login...
+`);
+  } else if (existing && options.force) {
+    console.log(`Re-authenticating (--force flag)...
+`);
   }
-  lines.push(`\uD83D\uDD12 Security Report: ${pkg.name}@${pkg.version}`);
-  lines.push("");
-  if (!security?.vulnerabilities || security.vulnerabilities.length === 0) {
-    lines.push("✅ No known vulnerabilities!");
-    return lines.join(`
+  const { verifier, challenge, state } = authService.generatePkceParams();
+  const port = options.port ?? randomPort();
+  const authUrl = authService.buildAuthUrl({
+    state,
+    port,
+    codeChallenge: challenge,
+    hostname: hostname()
+  });
+  const serverPromise = authService.startCallbackServer(port);
+  if (options.browser === false) {
+    console.log(`Open this URL in your browser:
+`);
+    console.log(`  ${authUrl}
 `);
+  } else {
+    console.log("Opening browser...");
+    await browserService.open(authUrl);
   }
-  const bySeverity = security.vulnerabilities.reduce((acc, v) => {
-    if (v) {
-      const label = getSeverityLabel(v.severityScore);
-      acc[label] = (acc[label] || 0) + 1;
+  console.log(`Waiting for authentication...
+`);
+  let timeoutId;
+  const timeoutPromise = new Promise((_, reject) => {
+    timeoutId = setTimeout(() => reject(new Error("Authentication timed out")), TIMEOUT_MS);
+  });
+  let callback;
+  try {
+    callback = await Promise.race([serverPromise, timeoutPromise]);
+    clearTimeout(timeoutId);
+  } catch (error2) {
+    clearTimeout(timeoutId);
+    if (error2 instanceof Error) {
+      console.log(`${error2.message}.
+`);
+      console.log("Run `pkgseer login` to try again.");
     }
-    return acc;
-  }, {});
-  lines.push(`⚠️  Found ${security.vulnerabilityCount} vulnerabilities:`);
-  for (const [severity, count] of Object.entries(bySeverity)) {
-    lines.push(`  ${formatSeverity(severity)}: ${count}`);
+    process.exit(1);
   }
-  lines.push("");
-  lines.push("Details:");
-  for (const vuln of security.vulnerabilities) {
-    if (!vuln)
-      continue;
-    lines.push("");
-    lines.push(`  ${formatSeverity(getSeverityLabel(vuln.severityScore))}`);
-    lines.push(`  ${vuln.summary || vuln.osvId}`);
-    lines.push(`  ID: ${vuln.osvId}`);
-    if (vuln.fixedInVersions && vuln.fixedInVersions.length > 0) {
-      lines.push(`  Fixed in: ${vuln.fixedInVersions.join(", ")}`);
+  if (callback.state !== state) {
+    console.error(`Security error: authentication state mismatch.
+`);
+    console.log("This could indicate a security issue. Please try again.");
+    process.exit(1);
+  }
+  let tokenResponse;
+  try {
+    tokenResponse = await authService.exchangeCodeForToken({
+      code: callback.code,
+      codeVerifier: verifier,
+      state
+    });
+  } catch (error2) {
+    console.error(`Failed to complete authentication: ${error2 instanceof Error ? error2.message : error2}
+`);
+    console.log("Run `pkgseer login` to try again.");
+    process.exit(1);
+  }
+  await authStorage.save(baseUrl, {
+    token: tokenResponse.token,
+    tokenName: tokenResponse.tokenName,
+    scopes: tokenResponse.scopes,
+    createdAt: new Date().toISOString(),
+    expiresAt: tokenResponse.expiresAt,
+    apiKeyId: tokenResponse.apiKeyId
+  });
+  console.log(`✓ Logged in
+`);
+  console.log(`  Environment: ${baseUrl}`);
+  console.log(`  Token: ${tokenResponse.tokenName}`);
+  if (tokenResponse.expiresAt) {
+    const days = Math.ceil((new Date(tokenResponse.expiresAt).getTime() - Date.now()) / (1000 * 60 * 60 * 24));
+    console.log(`  Expires: in ${days} days`);
+  }
+  console.log(`
+You're ready to use pkgseer with your AI assistant.`);
+}
+var LOGIN_DESCRIPTION = `Authenticate with your PkgSeer account via browser.
+
+Opens your browser to complete authentication securely. The CLI receives
+a token that's stored locally and used for API requests.
+
+Use --no-browser in environments without a display (CI, SSH sessions)
+to get a URL you can open on another device.`;
+function registerLoginCommand(program) {
+  program.command("login").summary("Authenticate with your PkgSeer account").description(LOGIN_DESCRIPTION).option("--no-browser", "Print URL instead of opening browser").option("--port <port>", "Port for local callback server", parseInt).option("--force", "Re-authenticate even if already logged in").action(async (options) => {
+    const deps = await createContainer();
+    await loginAction(options, deps);
+  });
+}
+
+// src/commands/logout.ts
+async function logoutAction(deps) {
+  const { authService, authStorage, baseUrl } = deps;
+  const auth = await authStorage.load(baseUrl);
+  if (!auth) {
+    console.log(`Not currently logged in.
+`);
+    console.log(`  Environment: ${baseUrl}`);
+    return;
+  }
+  try {
+    await authService.revokeToken(auth.token);
+  } catch {}
+  await authStorage.clear(baseUrl);
+  console.log(`✓ Logged out
+`);
+  console.log(`  Environment: ${baseUrl}`);
+}
+var LOGOUT_DESCRIPTION = `Remove stored credentials and revoke the token.
+
+Clears the locally stored authentication token and notifies the server
+to revoke it. Use this when switching accounts or on shared machines.`;
+function registerLogoutCommand(program) {
+  program.command("logout").summary("Remove stored credentials").description(LOGOUT_DESCRIPTION).action(async () => {
+    const deps = await createContainer();
+    await logoutAction(deps);
+  });
+}
+
+// src/commands/mcp.ts
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+
+// src/tools/compare-packages.ts
+import { z as z3 } from "zod";
+
+// src/tools/shared.ts
+import { z as z2 } from "zod";
+
+// src/tools/types.ts
+function textResult(text) {
+  return {
+    content: [{ type: "text", text }]
+  };
+}
+function errorResult(message) {
+  return {
+    content: [{ type: "text", text: message }],
+    isError: true
+  };
+}
+
+// src/tools/shared.ts
+function toGraphQLRegistry2(registry) {
+  const map = {
+    npm: "NPM",
+    pypi: "PYPI",
+    hex: "HEX"
+  };
+  return map[registry.toLowerCase()] || "NPM";
+}
+var schemas = {
+  registry: z2.enum(["npm", "pypi", "hex"]).describe("Package registry (npm, pypi, or hex)"),
+  packageName: z2.string().max(255).describe("Name of the package"),
+  version: z2.string().max(100).optional().describe("Specific version (defaults to latest)")
+};
+function handleGraphQLErrors(errors) {
+  if (errors && errors.length > 0) {
+    return errorResult(`Error: ${errors.map((e) => e.message).join(", ")}`);
+  }
+  return null;
+}
+async function withErrorHandling(operation, fn) {
+  try {
+    return await fn();
+  } catch (error2) {
+    const message = error2 instanceof Error ? error2.message : "Unknown error";
+    return errorResult(`Failed to ${operation}: ${message}`);
+  }
+}
+function notFoundError(packageName, registry) {
+  return errorResult(`Package not found: ${packageName} in ${registry}`);
+}
+
+// src/tools/compare-packages.ts
+var packageInputSchema = z3.object({
+  registry: z3.enum(["npm", "pypi", "hex"]),
+  name: z3.string().max(255),
+  version: z3.string().max(100).optional()
+});
+var argsSchema = {
+  packages: z3.array(packageInputSchema).min(2).max(10).describe("List of packages to compare (2-10 packages)")
+};
+function createComparePackagesTool(pkgseerService) {
+  return {
+    name: "compare_packages",
+    description: "Compares multiple packages across metadata, quality, and security dimensions",
+    schema: argsSchema,
+    handler: async ({ packages }, _extra) => {
+      return withErrorHandling("compare packages", async () => {
+        const input2 = packages.map((pkg) => ({
+          registry: toGraphQLRegistry2(pkg.registry),
+          name: pkg.name,
+          version: pkg.version
+        }));
+        const result = await pkgseerService.comparePackages(input2);
+        const graphqlError = handleGraphQLErrors(result.errors);
+        if (graphqlError)
+          return graphqlError;
+        if (!result.data.comparePackages) {
+          return errorResult("Comparison failed: no results returned");
+        }
+        return textResult(JSON.stringify(result.data.comparePackages, null, 2));
+      });
+    }
+  };
+}
+// src/tools/fetch-package-doc.ts
+import { z as z4 } from "zod";
+var argsSchema2 = {
+  page_id: z4.string().max(500).describe("Globally unique documentation page identifier (from list_package_docs)")
+};
+function createFetchPackageDocTool(pkgseerService) {
+  return {
+    name: "fetch_package_doc",
+    description: "Fetches the full content of a specific documentation page using a globally unique page ID. Returns complete page metadata including title, content (markdown/HTML), content format, breadcrumbs, source attribution, link metadata, base URL, and last updated timestamp. Use list_package_docs first to get available page IDs.",
+    schema: argsSchema2,
+    handler: async ({ page_id }, _extra) => {
+      return withErrorHandling("fetch documentation page", async () => {
+        const result = await pkgseerService.getDocPage(page_id);
+        const graphqlError = handleGraphQLErrors(result.errors);
+        if (graphqlError)
+          return graphqlError;
+        if (!result.data.getDocPage) {
+          return errorResult(`Documentation page not found: ${page_id}`);
+        }
+        return textResult(JSON.stringify(result.data.getDocPage, null, 2));
+      });
+    }
+  };
+}
+// src/tools/list-package-docs.ts
+var argsSchema3 = {
+  registry: schemas.registry,
+  package_name: schemas.packageName.describe("Name of the package to list documentation for"),
+  version: schemas.version
+};
+function createListPackageDocsTool(pkgseerService) {
+  return {
+    name: "list_package_docs",
+    description: "Lists documentation pages for a package version. Returns page titles, globally unique IDs, and metadata. Use this to discover available documentation before fetching specific pages.",
+    schema: argsSchema3,
+    handler: async ({ registry, package_name, version: version2 }, _extra) => {
+      return withErrorHandling("list package documentation", async () => {
+        const result = await pkgseerService.listPackageDocs(toGraphQLRegistry2(registry), package_name, version2);
+        const graphqlError = handleGraphQLErrors(result.errors);
+        if (graphqlError)
+          return graphqlError;
+        if (!result.data.listPackageDocs) {
+          return notFoundError(package_name, registry);
+        }
+        return textResult(JSON.stringify(result.data.listPackageDocs, null, 2));
+      });
+    }
+  };
+}
+// src/tools/package-dependencies.ts
+import { z as z5 } from "zod";
+var argsSchema4 = {
+  registry: schemas.registry,
+  package_name: schemas.packageName.describe("Name of the package to retrieve dependencies for"),
+  version: schemas.version,
+  include_transitive: z5.boolean().optional().describe("Whether to include transitive dependency DAG"),
+  max_depth: z5.number().int().min(1).max(10).optional().describe("Maximum depth for transitive traversal (1-10)")
+};
+function createPackageDependenciesTool(pkgseerService) {
+  return {
+    name: "package_dependencies",
+    description: "Retrieves direct and transitive dependencies for a package version",
+    schema: argsSchema4,
+    handler: async ({ registry, package_name, version: version2, include_transitive, max_depth }, _extra) => {
+      return withErrorHandling("fetch package dependencies", async () => {
+        const result = await pkgseerService.getPackageDependencies(toGraphQLRegistry2(registry), package_name, version2, include_transitive, max_depth);
+        const graphqlError = handleGraphQLErrors(result.errors);
+        if (graphqlError)
+          return graphqlError;
+        if (!result.data.packageDependencies) {
+          return notFoundError(package_name, registry);
+        }
+        return textResult(JSON.stringify(result.data.packageDependencies, null, 2));
+      });
+    }
+  };
+}
+// src/tools/package-quality.ts
+var argsSchema5 = {
+  registry: schemas.registry,
+  package_name: schemas.packageName.describe("Name of the package to analyze"),
+  version: schemas.version
+};
+function createPackageQualityTool(pkgseerService) {
+  return {
+    name: "package_quality",
+    description: "Retrieves quality score and rule-level breakdown for a package",
+    schema: argsSchema5,
+    handler: async ({ registry, package_name, version: version2 }, _extra) => {
+      return withErrorHandling("fetch package quality", async () => {
+        const result = await pkgseerService.getPackageQuality(toGraphQLRegistry2(registry), package_name, version2);
+        const graphqlError = handleGraphQLErrors(result.errors);
+        if (graphqlError)
+          return graphqlError;
+        if (!result.data.packageQuality) {
+          return notFoundError(package_name, registry);
+        }
+        return textResult(JSON.stringify(result.data.packageQuality, null, 2));
+      });
+    }
+  };
+}
+// src/tools/package-summary.ts
+var argsSchema6 = {
+  registry: schemas.registry,
+  package_name: schemas.packageName.describe("Name of the package to retrieve summary for")
+};
+function createPackageSummaryTool(pkgseerService) {
+  return {
+    name: "package_summary",
+    description: "Retrieves comprehensive package summary including metadata, versions, security advisories, and quickstart information",
+    schema: argsSchema6,
+    handler: async ({ registry, package_name }, _extra) => {
+      return withErrorHandling("fetch package summary", async () => {
+        const result = await pkgseerService.getPackageSummary(toGraphQLRegistry2(registry), package_name);
+        const graphqlError = handleGraphQLErrors(result.errors);
+        if (graphqlError)
+          return graphqlError;
+        if (!result.data.packageSummary) {
+          return notFoundError(package_name, registry);
+        }
+        return textResult(JSON.stringify(result.data.packageSummary, null, 2));
+      });
+    }
+  };
+}
+// src/tools/package-vulnerabilities.ts
+var argsSchema7 = {
+  registry: schemas.registry,
+  package_name: schemas.packageName.describe("Name of the package to inspect for vulnerabilities"),
+  version: schemas.version
+};
+function createPackageVulnerabilitiesTool(pkgseerService) {
+  return {
+    name: "package_vulnerabilities",
+    description: "Retrieves vulnerability details for a package, including affected version ranges and upgrade guidance",
+    schema: argsSchema7,
+    handler: async ({ registry, package_name, version: version2 }, _extra) => {
+      return withErrorHandling("fetch package vulnerabilities", async () => {
+        const result = await pkgseerService.getPackageVulnerabilities(toGraphQLRegistry2(registry), package_name, version2);
+        const graphqlError = handleGraphQLErrors(result.errors);
+        if (graphqlError)
+          return graphqlError;
+        if (!result.data.packageVulnerabilities) {
+          return notFoundError(package_name, registry);
+        }
+        return textResult(JSON.stringify(result.data.packageVulnerabilities, null, 2));
+      });
+    }
+  };
+}
+// src/tools/search-package-docs.ts
+import { z as z6 } from "zod";
+var argsSchema8 = {
+  registry: schemas.registry,
+  package_name: schemas.packageName.describe("Name of the package to search documentation for"),
+  keywords: z6.array(z6.string()).optional().describe("Keywords to search for; combined into a single query"),
+  query: z6.string().max(500).optional().describe("Freeform search query (alternative to keywords)"),
+  include_snippets: z6.boolean().optional().describe("Include content excerpts around matches"),
+  limit: z6.number().int().min(1).max(100).optional().describe("Maximum number of results to return"),
+  version: schemas.version
+};
+function createSearchPackageDocsTool(pkgseerService) {
+  return {
+    name: "search_package_docs",
+    description: "Searches package documentation with keyword or freeform query support. Returns ranked results with relevance scores. Use include_snippets=true to get content excerpts showing match context.",
+    schema: argsSchema8,
+    handler: async ({
+      registry,
+      package_name,
+      keywords,
+      query,
+      include_snippets,
+      limit,
+      version: version2
+    }, _extra) => {
+      return withErrorHandling("search package documentation", async () => {
+        if (!keywords?.length && !query) {
+          return errorResult("Either keywords or query must be provided for search");
+        }
+        const result = await pkgseerService.searchPackageDocs(toGraphQLRegistry2(registry), package_name, {
+          keywords,
+          query,
+          includeSnippets: include_snippets,
+          limit,
+          version: version2
+        });
+        const graphqlError = handleGraphQLErrors(result.errors);
+        if (graphqlError)
+          return graphqlError;
+        if (!result.data.searchPackageDocs) {
+          return errorResult(`No documentation found for ${package_name} in ${registry}`);
+        }
+        return textResult(JSON.stringify(result.data.searchPackageDocs, null, 2));
+      });
+    }
+  };
+}
+// src/tools/search-project-docs.ts
+import { z as z7 } from "zod";
+var argsSchema9 = {
+  project: z7.string().optional().describe("Project name to search. Optional if configured in pkgseer.yml; only needed to search a different project."),
+  keywords: z7.array(z7.string()).optional().describe("Keywords to search for; combined into a single query"),
+  query: z7.string().max(500).optional().describe("Freeform search query (alternative to keywords)"),
+  include_snippets: z7.boolean().optional().describe("Include content excerpts around matches"),
+  limit: z7.number().int().min(1).max(100).optional().describe("Maximum number of results to return")
+};
+function createSearchProjectDocsTool(deps) {
+  const { pkgseerService, config } = deps;
+  return {
+    name: "search_project_docs",
+    description: "Searches documentation across all dependencies in a PkgSeer project. Returns ranked results from multiple packages. Uses project from pkgseer.yml config by default.",
+    schema: argsSchema9,
+    handler: async ({ project, keywords, query, include_snippets, limit }, _extra) => {
+      return withErrorHandling("search project documentation", async () => {
+        const resolvedProject = project ?? config.project;
+        if (!resolvedProject) {
+          return errorResult("No project provided and none configured in pkgseer.yml. " + "Either pass project parameter or add project to your config.");
+        }
+        if (!keywords?.length && !query) {
+          return errorResult("Either keywords or query must be provided for search");
+        }
+        const result = await pkgseerService.searchProjectDocs(resolvedProject, {
+          keywords,
+          query,
+          includeSnippets: include_snippets,
+          limit
+        });
+        const graphqlError = handleGraphQLErrors(result.errors);
+        if (graphqlError)
+          return graphqlError;
+        if (!result.data.searchProjectDocs) {
+          return errorResult(`Project not found: ${resolvedProject}`);
+        }
+        return textResult(JSON.stringify(result.data.searchProjectDocs, null, 2));
+      });
     }
+  };
+}
+// src/commands/mcp.ts
+var TOOL_FACTORIES = {
+  package_summary: ({ pkgseerService }) => createPackageSummaryTool(pkgseerService),
+  package_vulnerabilities: ({ pkgseerService }) => createPackageVulnerabilitiesTool(pkgseerService),
+  package_dependencies: ({ pkgseerService }) => createPackageDependenciesTool(pkgseerService),
+  package_quality: ({ pkgseerService }) => createPackageQualityTool(pkgseerService),
+  compare_packages: ({ pkgseerService }) => createComparePackagesTool(pkgseerService),
+  list_package_docs: ({ pkgseerService }) => createListPackageDocsTool(pkgseerService),
+  fetch_package_doc: ({ pkgseerService }) => createFetchPackageDocTool(pkgseerService),
+  search_package_docs: ({ pkgseerService }) => createSearchPackageDocsTool(pkgseerService),
+  search_project_docs: ({ pkgseerService, config }) => createSearchProjectDocsTool({ pkgseerService, config })
+};
+var PUBLIC_READ_TOOLS = [
+  "package_summary",
+  "package_vulnerabilities",
+  "package_dependencies",
+  "package_quality",
+  "compare_packages",
+  "list_package_docs",
+  "fetch_package_doc",
+  "search_package_docs"
+];
+var PROJECT_READ_TOOLS = ["search_project_docs"];
+var ALL_TOOLS = [...PUBLIC_READ_TOOLS, ...PROJECT_READ_TOOLS];
+function createMcpServer(deps) {
+  const { pkgseerService, config } = deps;
+  const server = new McpServer({
+    name: "pkgseer",
+    version: "0.1.0"
+  });
+  const enabledToolNames = config.enabled_tools ?? ALL_TOOLS;
+  const toolsToRegister = enabledToolNames.filter((name) => ALL_TOOLS.includes(name));
+  for (const toolName of toolsToRegister) {
+    const factory = TOOL_FACTORIES[toolName];
+    const tool = factory({ pkgseerService, config });
+    server.registerTool(tool.name, { description: tool.description, inputSchema: tool.schema }, tool.handler);
   }
-  return lines.join(`
-`);
+  return server;
 }
-async function pkgVulnsAction(packageName, options, deps) {
-  const { pkgseerService } = deps;
-  const registry = toGraphQLRegistry(options.registry);
-  const result = await pkgseerService.cliPackageVulns(registry, packageName, options.pkgVersion);
-  handleErrors(result.errors, options.json ?? false);
-  if (!result.data.packageVulnerabilities) {
-    outputError(`Package not found: ${packageName} in ${options.registry}`, options.json ?? false);
+function requireAuth(deps) {
+  if (deps.hasValidToken) {
     return;
   }
-  if (options.json) {
-    const data = result.data.packageVulnerabilities;
-    const vulns = data.security?.vulnerabilities ?? [];
-    const slim = {
-      package: `${data.package?.name}@${data.package?.version}`,
-      count: data.security?.vulnerabilityCount ?? 0,
-      vulnerabilities: vulns.filter((v) => v).map((v) => ({
-        id: v.osvId,
-        severity: v.severityScore,
-        summary: v.summary,
-        fixed: v.fixedInVersions
-      }))
-    };
-    output(slim, true);
-  } else {
-    console.log(formatPackageVulnerabilities(result.data.packageVulnerabilities));
+  console.log(`Authentication required to start MCP server.
+`);
+  if (deps.baseUrl !== "https://pkgseer.dev") {
+    console.log(`  Environment: ${deps.baseUrl}`);
+    console.log(`  You're using a custom environment.
+`);
   }
+  console.log("To authenticate:");
+  console.log(`  pkgseer login
+`);
+  console.log("Or set PKGSEER_API_TOKEN environment variable.");
+  process.exit(1);
 }
-var VULNS_DESCRIPTION = `Check package for security vulnerabilities.
-
-Scans for known security vulnerabilities and provides:
-- Severity ratings (critical, high, medium, low)
-- CVE identifiers
-- Affected version ranges
-- Upgrade recommendations
-
-Examples:
-  pkgseer pkg vulns lodash
-  pkgseer pkg vulns express -v 4.17.0
-  pkgseer pkg vulns requests --registry pypi --json`;
-function registerPkgVulnsCommand(program) {
-  program.command("vulns <package>").summary("Check for security vulnerabilities").description(VULNS_DESCRIPTION).option("-r, --registry <registry>", "Package registry", "npm").option("-v, --pkg-version <version>", "Package version").option("--json", "Output as JSON").action(async (packageName, options) => {
-    await withCliErrorHandling(options.json ?? false, async () => {
-      const deps = await createContainer();
-      await pkgVulnsAction(packageName, options, deps);
-    });
-  });
+async function startMcpServer(deps) {
+  requireAuth(deps);
+  const server = createMcpServer(deps);
+  const transport = new StdioServerTransport;
+  await server.connect(transport);
 }
-// src/services/gitignore-parser.ts
-function parseGitIgnoreLine(line) {
-  const trimmed = line.trimEnd();
-  if (!trimmed || trimmed.startsWith("#")) {
-    return null;
-  }
-  const isNegation = trimmed.startsWith("!");
-  const pattern = isNegation ? trimmed.slice(1) : trimmed;
-  const isRootOnly = pattern.startsWith("/");
-  const patternWithoutRoot = isRootOnly ? pattern.slice(1) : pattern;
-  const isDirectory = patternWithoutRoot.endsWith("/");
-  const cleanPattern = isDirectory ? patternWithoutRoot.slice(0, -1) : patternWithoutRoot;
-  return {
-    pattern: cleanPattern,
-    isNegation,
-    isDirectory,
-    isRootOnly
-  };
+function showMcpSetupInstructions(deps) {
+  const useColors = shouldUseColors2();
+  console.log("MCP Server Setup");
+  console.log(`────────────────
+`);
+  console.log(`Add PkgSeer to your AI assistant's MCP configuration.
+`);
+  console.log(`${highlight("pkgseer mcp init", useColors)}`);
+  console.log(dim(`  Interactive setup for Cursor, Codex, or Claude Code
+`, useColors));
+  console.log("Manual configuration:");
+  console.log(`  ${highlight(`${deps.baseUrl}/docs/mcp-server`, useColors)}
+`);
+  console.log("Alternative: Use CLI directly (no MCP setup needed)");
+  console.log(`  ${highlight("pkgseer quickstart", useColors)}`);
 }
-function matchesPattern(path, pattern) {
-  const { pattern: p, isDirectory, isRootOnly } = pattern;
-  let regexStr = p.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*\*/g, "___DOUBLE_STAR___").replace(/\*/g, "[^/]*").replace(/\?/g, "[^/]").replace(/___DOUBLE_STAR___/g, ".*");
-  if (isRootOnly) {
-    if (isDirectory) {
-      regexStr = `^${regexStr}(/|$)`;
-    } else {
-      regexStr = `^${regexStr}(/|$)`;
-    }
-  } else {
-    if (isDirectory) {
-      regexStr = `(^|/)${regexStr}(/|$)`;
-    } else {
-      regexStr = `(^|/)${regexStr}(/|$)`;
+function registerMcpCommand(program) {
+  const mcpCommand = program.command("mcp").summary("Show setup instructions or start MCP server").description(`Start the Model Context Protocol (MCP) server using STDIO transport.
+
+When run interactively (TTY), shows setup instructions.
+When run via stdio (non-TTY), starts the MCP server.
+
+Available tools: package_summary, package_vulnerabilities,
+package_dependencies, package_quality, compare_packages,
+list_package_docs, fetch_package_doc, search_package_docs,
+search_project_docs`).action(async () => {
+    const deps = await createContainer();
+    if (process.stdout.isTTY && process.stdin.isTTY) {
+      showMcpSetupInstructions(deps);
+      return;
     }
-  }
-  const regex = new RegExp(regexStr);
-  return regex.test(path);
+    await startMcpServer(deps);
+  });
+  mcpCommand.command("start").summary("Start MCP server (stdio mode)").description(`Start the MCP server using STDIO transport.
+
+This command explicitly starts the server and is intended for use
+in MCP configuration files. Use 'pkgseer mcp' for interactive setup.`).action(async () => {
+    const deps = await createContainer();
+    await startMcpServer(deps);
+  });
+  registerMcpInitCommand(mcpCommand);
 }
-async function parseGitIgnore(gitignorePath, fs) {
-  try {
-    const content = await fs.readFile(gitignorePath);
-    const lines = content.split(`
-`);
-    const patterns = [];
-    for (const line of lines) {
-      const pattern = parseGitIgnoreLine(line);
-      if (pattern) {
-        patterns.push(pattern);
-      }
+
+// src/commands/pkg/compare.ts
+function parsePackageSpec(spec) {
+  let registry = "npm";
+  let rest = spec;
+  if (spec.includes(":")) {
+    const colonIndex = spec.indexOf(":");
+    const potentialRegistry = spec.slice(0, colonIndex).toLowerCase();
+    if (["npm", "pypi", "hex"].includes(potentialRegistry)) {
+      registry = potentialRegistry;
+      rest = spec.slice(colonIndex + 1);
     }
-    return patterns.length > 0 ? patterns : null;
-  } catch {
-    return null;
   }
-}
-function shouldIgnorePath(relativePath, patterns) {
-  const normalized = relativePath.replace(/\\/g, "/");
-  let ignored = false;
-  for (const pattern of patterns) {
-    if (matchesPattern(normalized, pattern)) {
-      if (pattern.isNegation) {
-        ignored = false;
-      } else {
-        ignored = true;
-      }
-    }
+  const atIndex = rest.lastIndexOf("@");
+  if (atIndex > 0) {
+    return {
+      registry,
+      name: rest.slice(0, atIndex),
+      version: rest.slice(atIndex + 1)
+    };
   }
-  return ignored;
-}
-function shouldIgnoreDirectory(relativeDirPath, patterns) {
-  const normalized = relativeDirPath.replace(/\\/g, "/").replace(/\/$/, "") + "/";
-  return shouldIgnorePath(normalized, patterns);
+  return { registry, name: rest };
 }
-
-// src/services/manifest-detector.ts
-var DEFAULT_EXCLUDED_DIRS = [
-  "node_modules",
-  "vendor",
-  ".git",
-  "dist",
-  "build",
-  "__pycache__",
-  ".venv",
-  "venv",
-  ".next"
-];
-var MANIFEST_TYPES = [
-  {
-    type: "npm",
-    filenames: [
-      "package.json",
-      "package-lock.json",
-      "yarn.lock",
-      "pnpm-lock.yaml"
-    ]
-  },
-  {
-    type: "pypi",
-    filenames: ["requirements.txt", "pyproject.toml", "Pipfile", "poetry.lock"]
-  },
-  {
-    type: "hex",
-    filenames: ["mix.exs", "mix.lock"]
-  }
-];
-function suggestLabel(relativePath) {
-  const normalized = relativePath.replace(/\\/g, "/");
-  const parts = normalized.split("/").filter((p) => p.length > 0);
-  if (parts.length === 1) {
-    return "root";
+function formatPackageComparison(comparison) {
+  const lines = [];
+  lines.push("\uD83D\uDCCA Package Comparison");
+  lines.push("");
+  if (!comparison.packages || comparison.packages.length === 0) {
+    lines.push("No packages to compare.");
+    return lines.join(`
+`);
   }
-  return parts[parts.length - 2];
+  const packages = comparison.packages.filter((p) => p != null);
+  const maxNameLen = Math.max(...packages.map((p) => `${p.packageName}@${p.version}`.length));
+  const header = "Package".padEnd(maxNameLen + 2);
+  lines.push(`  ${header}  Quality     Downloads/mo  Vulns`);
+  lines.push(`  ${"─".repeat(maxNameLen + 2)}  ${"─".repeat(10)}  ${"─".repeat(12)}  ${"─".repeat(5)}`);
+  for (const pkg of packages) {
+    const name = `${pkg.packageName}@${pkg.version}`.padEnd(maxNameLen + 2);
+    const scoreValue = pkg.quality?.score;
+    const quality = scoreValue != null ? `${Math.round(scoreValue > 1 ? scoreValue : scoreValue * 100)}%`.padEnd(10) : "N/A".padEnd(10);
+    const downloads = pkg.downloadsLastMonth ? formatNumber(pkg.downloadsLastMonth).padEnd(12) : "N/A".padEnd(12);
+    const vulns = pkg.vulnerabilityCount != null ? pkg.vulnerabilityCount === 0 ? "✅ 0" : `⚠️  ${pkg.vulnerabilityCount}` : "N/A";
+    lines.push(`  ${name}  ${quality}  ${downloads}  ${vulns}`);
+  }
+  return lines.join(`
+`);
 }
-async function scanDirectoryRecursive(directory, fs, rootDir, options, currentDepth = 0, gitignorePatterns = null) {
-  const detected = [];
-  if (currentDepth > options.maxDepth) {
-    return detected;
+async function pkgCompareAction(packages, options, deps) {
+  const { pkgseerService } = deps;
+  if (packages.length < 2) {
+    outputError("At least 2 packages required for comparison", options.json ?? false);
+    return;
   }
-  const relativeDirPath = directory === rootDir ? "." : directory.replace(rootDir, "").replace(/^[/\\]/, "");
-  const baseName = directory.split(/[/\\]/).pop() ?? "";
-  if (options.excludedDirs.includes(baseName)) {
-    return detected;
+  if (packages.length > 10) {
+    outputError("Maximum 10 packages can be compared at once", options.json ?? false);
+    return;
   }
-  if (gitignorePatterns && shouldIgnoreDirectory(relativeDirPath, gitignorePatterns)) {
-    return detected;
+  const input2 = packages.map((spec) => {
+    const parsed = parsePackageSpec(spec);
+    return {
+      registry: toGraphQLRegistry(parsed.registry),
+      name: parsed.name,
+      version: parsed.version
+    };
+  });
+  const result = await pkgseerService.cliComparePackages(input2);
+  handleErrors(result.errors, options.json ?? false);
+  if (!result.data.comparePackages) {
+    outputError("Comparison failed", options.json ?? false);
+    return;
   }
-  for (const manifestType of MANIFEST_TYPES) {
-    for (const filename of manifestType.filenames) {
-      const filePath = fs.joinPath(directory, filename);
-      const exists = await fs.exists(filePath);
-      if (exists) {
-        const relativePath = directory === rootDir ? filename : fs.joinPath(directory.replace(rootDir, "").replace(/^[/\\]/, ""), filename);
-        if (gitignorePatterns && shouldIgnorePath(relativePath, gitignorePatterns)) {
-          continue;
-        }
-        detected.push({
-          filename,
-          relativePath,
-          absolutePath: filePath,
-          type: manifestType.type,
-          suggestedLabel: suggestLabel(relativePath)
-        });
-      }
-    }
+  if (options.json) {
+    const pkgs = result.data.comparePackages.packages?.filter((p) => p) ?? [];
+    const slim = pkgs.map((p) => ({
+      package: `${p.packageName}@${p.version}`,
+      quality: p.quality?.score,
+      downloads: p.downloadsLastMonth,
+      vulnerabilities: p.vulnerabilityCount
+    }));
+    output(slim, true);
+  } else {
+    console.log(formatPackageComparison(result.data.comparePackages));
   }
-  try {
-    const entries = await fs.readdir(directory);
-    for (const entry of entries) {
-      const entryPath = fs.joinPath(directory, entry);
-      const isDir = await fs.isDirectory(entryPath);
-      if (isDir && !options.excludedDirs.includes(entry)) {
-        const subRelativePath = fs.joinPath(relativeDirPath, entry);
-        if (!gitignorePatterns || !shouldIgnoreDirectory(subRelativePath, gitignorePatterns)) {
-          const subDetected = await scanDirectoryRecursive(entryPath, fs, rootDir, options, currentDepth + 1, gitignorePatterns);
-          detected.push(...subDetected);
-        }
-      }
-    }
-  } catch {}
-  return detected;
 }
-async function scanForManifests(directory, fs, options) {
-  const opts = {
-    maxDepth: options?.maxDepth ?? 3,
-    excludedDirs: options?.excludedDirs ?? DEFAULT_EXCLUDED_DIRS
-  };
-  const gitignorePath = fs.joinPath(directory, ".gitignore");
-  const gitignorePatterns = await parseGitIgnore(gitignorePath, fs);
-  return scanDirectoryRecursive(directory, fs, directory, opts, 0, gitignorePatterns);
+var COMPARE_DESCRIPTION = `Compare multiple packages.
+
+Compares packages across quality, security, and popularity metrics.
+Supports cross-registry comparison.
+
+Package format: [registry:]name[@version]
+  - lodash (npm, latest)
+  - pypi:requests (pypi, latest)
+  - npm:express@4.18.0 (npm, specific version)
+
+Examples:
+  pkgseer pkg compare lodash underscore ramda
+  pkgseer pkg compare npm:axios pypi:requests
+  pkgseer pkg compare express@4.18.0 express@5.0.0 --json`;
+function registerPkgCompareCommand(program) {
+  program.command("compare <packages...>").summary("Compare multiple packages").description(COMPARE_DESCRIPTION).option("--json", "Output as JSON").action(async (packages, options) => {
+    await withCliErrorHandling(options.json ?? false, async () => {
+      const deps = await createContainer();
+      await pkgCompareAction(packages, options, deps);
+    });
+  });
 }
-function filterRedundantPackageJson(manifests) {
-  const dirToManifests = new Map;
-  for (const manifest of manifests) {
-    const dir = manifest.relativePath.split(/[/\\]/).slice(0, -1).join("/") || ".";
-    if (!dirToManifests.has(dir)) {
-      dirToManifests.set(dir, []);
+// src/commands/pkg/deps.ts
+function formatPackageDependencies(data) {
+  const lines = [];
+  const pkg = data.package;
+  const deps = data.dependencies;
+  if (!pkg) {
+    return "No package data available.";
+  }
+  lines.push(`\uD83D\uDCE6 ${pkg.name}@${pkg.version}`);
+  lines.push("");
+  if (deps?.summary) {
+    lines.push("Summary:");
+    lines.push(`  Direct dependencies: ${deps.summary.directCount ?? 0}`);
+    if (deps.summary.uniquePackagesCount) {
+      lines.push(`  Unique packages: ${deps.summary.uniquePackagesCount}`);
     }
-    dirToManifests.get(dir).push(manifest);
+    lines.push("");
   }
-  const filtered = [];
-  for (const [dir, dirManifests] of dirToManifests.entries()) {
-    const hasLockFile = dirManifests.some((m) => m.filename === "package-lock.json");
-    const hasPackageJson = dirManifests.some((m) => m.filename === "package.json");
-    for (const manifest of dirManifests) {
-      if (manifest.filename === "package.json" && hasLockFile) {
-        continue;
+  if (deps?.direct && deps.direct.length > 0) {
+    lines.push(`Dependencies (${deps.direct.length}):`);
+    for (const dep of deps.direct) {
+      if (dep) {
+        const type = dep.type !== "RUNTIME" ? ` [${dep.type?.toLowerCase()}]` : "";
+        lines.push(`  ${dep.name} ${dep.versionConstraint}${type}`);
       }
-      filtered.push(manifest);
     }
+  } else {
+    lines.push("No direct dependencies.");
   }
-  return filtered;
+  return lines.join(`
+`);
 }
-async function detectAndGroupManifests(directory, fs, options) {
-  const manifests = await scanForManifests(directory, fs, options);
-  const filteredManifests = filterRedundantPackageJson(manifests);
-  const groupsMap = new Map;
-  for (const manifest of filteredManifests) {
-    const existing = groupsMap.get(manifest.suggestedLabel) ?? [];
-    existing.push(manifest);
-    groupsMap.set(manifest.suggestedLabel, existing);
+async function pkgDepsAction(packageName, options, deps) {
+  const { pkgseerService } = deps;
+  const registry = toGraphQLRegistry(options.registry);
+  const result = await pkgseerService.cliPackageDeps(registry, packageName, options.pkgVersion, options.transitive);
+  handleErrors(result.errors, options.json ?? false);
+  if (!result.data.packageDependencies) {
+    outputError(`Package not found: ${packageName} in ${options.registry}`, options.json ?? false);
+    return;
   }
-  const groups = [];
-  for (const [label, manifests2] of groupsMap.entries()) {
-    const ecosystems = new Set(manifests2.map((m) => m.type));
-    if (ecosystems.size > 1) {
-      const ecosystemGroups = new Map;
-      for (const manifest of manifests2) {
-        const ecosystemLabel = `${label}-${manifest.type}`;
-        const existing = ecosystemGroups.get(ecosystemLabel) ?? [];
-        existing.push(manifest);
-        ecosystemGroups.set(ecosystemLabel, existing);
-      }
-      for (const [
-        ecosystemLabel,
-        ecosystemManifests
-      ] of ecosystemGroups.entries()) {
-        groups.push({ label: ecosystemLabel, manifests: ecosystemManifests });
-      }
-    } else {
-      groups.push({ label, manifests: manifests2 });
-    }
+  if (options.json) {
+    const data = result.data.packageDependencies;
+    const slim = {
+      package: `${data.package?.name}@${data.package?.version}`,
+      directCount: data.dependencies?.summary?.directCount ?? 0,
+      dependencies: data.dependencies?.direct?.filter((d) => d).map((d) => ({
+        name: d.name,
+        version: d.versionConstraint,
+        type: d.type
+      }))
+    };
+    output(slim, true);
+  } else {
+    console.log(formatPackageDependencies(result.data.packageDependencies));
+  }
+}
+var DEPS_DESCRIPTION = `Get package dependencies.
+
+Lists direct dependencies and shows version constraints and
+dependency types (runtime, dev, optional).
+
+Examples:
+  pkgseer pkg deps express
+  pkgseer pkg deps lodash --transitive
+  pkgseer pkg deps requests --registry pypi --json`;
+function registerPkgDepsCommand(program) {
+  program.command("deps <package>").summary("Get package dependencies").description(DEPS_DESCRIPTION).option("-r, --registry <registry>", "Package registry", "npm").option("-v, --pkg-version <version>", "Package version").option("-t, --transitive", "Include transitive dependencies").option("--json", "Output as JSON").action(async (packageName, options) => {
+    await withCliErrorHandling(options.json ?? false, async () => {
+      const deps = await createContainer();
+      await pkgDepsAction(packageName, options, deps);
+    });
+  });
+}
+// src/commands/pkg/info.ts
+function formatPackageSummary(data) {
+  const lines = [];
+  const pkg = data.package;
+  if (!pkg) {
+    return "No package data available.";
+  }
+  lines.push(`\uD83D\uDCE6 ${pkg.name}@${pkg.latestVersion}`);
+  lines.push("");
+  if (pkg.description) {
+    lines.push(pkg.description);
+    lines.push("");
+  }
+  lines.push("Package Info:");
+  lines.push(keyValueTable([
+    ["Registry", pkg.registry],
+    ["Version", pkg.latestVersion],
+    ["License", pkg.license]
+  ]));
+  lines.push("");
+  if (pkg.homepage || pkg.repositoryUrl) {
+    lines.push("Links:");
+    const links = [];
+    if (pkg.homepage)
+      links.push(["Homepage", pkg.homepage]);
+    if (pkg.repositoryUrl)
+      links.push(["Repository", pkg.repositoryUrl]);
+    lines.push(keyValueTable(links));
+    lines.push("");
   }
-  groups.sort((a, b) => {
-    if (a.label.startsWith("root")) {
-      if (b.label.startsWith("root")) {
-        return a.label.localeCompare(b.label);
-      }
-      return -1;
-    }
-    if (b.label.startsWith("root")) {
-      return 1;
-    }
-    return a.label.localeCompare(b.label);
-  });
-  return groups;
+  const vulnCount = data.security?.vulnerabilityCount ?? 0;
+  if (vulnCount > 0) {
+    lines.push(`⚠️  Security: ${vulnCount} vulnerabilities`);
+    lines.push("");
+  }
+  if (data.quickstart?.installCommand) {
+    lines.push("Quick Start:");
+    lines.push(`  ${data.quickstart.installCommand}`);
+  }
+  return lines.join(`
+`);
 }
-
-// src/commands/project/detect.ts
-function matchManifestsWithConfig(detectedGroups, existingManifests) {
-  const fileToConfig = new Map;
-  for (const group of existingManifests) {
-    for (const file of group.files) {
-      fileToConfig.set(file, {
-        label: group.label,
-        allow_mix_deps: group.allow_mix_deps
-      });
-    }
+async function pkgInfoAction(packageName, options, deps) {
+  const { pkgseerService } = deps;
+  const registry = toGraphQLRegistry(options.registry);
+  const result = await pkgseerService.cliPackageInfo(registry, packageName);
+  handleErrors(result.errors, options.json ?? false);
+  if (!result.data.packageSummary) {
+    outputError(`Package not found: ${packageName} in ${options.registry}`, options.json ?? false);
+    return;
   }
-  const labelToFiles = new Map;
-  const labelToConfig = new Map;
-  for (const detectedGroup of detectedGroups) {
-    for (const manifest of detectedGroup.manifests) {
-      const existingConfig = fileToConfig.get(manifest.relativePath);
-      let label;
-      const hasEcosystemSuffix = detectedGroup.label.endsWith("-npm") || detectedGroup.label.endsWith("-hex") || detectedGroup.label.endsWith("-pypi");
-      if (hasEcosystemSuffix) {
-        label = detectedGroup.label;
-      } else {
-        label = existingConfig?.label ?? detectedGroup.label;
-      }
-      const allowMixDeps = existingConfig?.allow_mix_deps;
-      if (!labelToConfig.has(label)) {
-        labelToConfig.set(label, {
-          files: new Set,
-          allow_mix_deps: allowMixDeps
-        });
-      }
-      const config = labelToConfig.get(label);
-      config.files.add(manifest.relativePath);
-      if (allowMixDeps) {
-        config.allow_mix_deps = true;
-      }
-    }
+  if (options.json) {
+    const data = result.data.packageSummary;
+    const pkg = data.package;
+    const slim = {
+      name: pkg?.name,
+      version: pkg?.latestVersion,
+      description: pkg?.description,
+      license: pkg?.license,
+      install: data.quickstart?.installCommand,
+      vulnerabilities: data.security?.vulnerabilityCount ?? 0
+    };
+    output(slim, true);
+  } else {
+    console.log(formatPackageSummary(result.data.packageSummary));
   }
-  const result = [];
-  for (const [label, config] of labelToConfig.entries()) {
-    const fileArray = Array.from(config.files);
-    const hasNewFiles = fileArray.some((file) => !fileToConfig.has(file));
-    const hasChangedLabels = fileArray.some((file) => {
-      const oldConfig = fileToConfig.get(file);
-      return oldConfig !== undefined && oldConfig.label !== label;
-    });
-    result.push({
-      label,
-      files: fileArray.sort(),
-      isNew: hasNewFiles,
-      changedLabel: hasChangedLabels ? label : undefined,
-      allow_mix_deps: config.allow_mix_deps
+}
+var INFO_DESCRIPTION = `Get package summary and metadata.
+
+Displays comprehensive information about a package including:
+- Basic metadata (version, license, description)
+- Download statistics
+- Security advisories
+- Quick start instructions
+
+Examples:
+  pkgseer pkg info lodash
+  pkgseer pkg info requests --registry pypi
+  pkgseer pkg info phoenix --registry hex --json`;
+function registerPkgInfoCommand(program) {
+  program.command("info <package>").summary("Get package summary and metadata").description(INFO_DESCRIPTION).option("-r, --registry <registry>", "Package registry", "npm").option("--json", "Output as JSON").action(async (packageName, options) => {
+    await withCliErrorHandling(options.json ?? false, async () => {
+      const deps = await createContainer();
+      await pkgInfoAction(packageName, options, deps);
     });
+  });
+}
+// src/commands/pkg/quality.ts
+function formatPackageQuality(data) {
+  const lines = [];
+  const quality = data.quality;
+  if (!quality) {
+    return "No quality data available.";
   }
-  return result.sort((a, b) => {
-    if (a.label.startsWith("root")) {
-      if (b.label.startsWith("root")) {
-        return a.label.localeCompare(b.label);
+  lines.push(`\uD83D\uDCCA Quality Score: ${formatScore(quality.overallScore)} (Grade: ${quality.grade})`);
+  lines.push("");
+  if (quality.categories && quality.categories.length > 0) {
+    lines.push("Category Breakdown:");
+    for (const category of quality.categories) {
+      if (category) {
+        const name = (category.category || "Unknown").padEnd(20);
+        lines.push(`  ${name} ${formatScore(category.score)}`);
       }
-      return -1;
     }
-    if (b.label.startsWith("root")) {
-      return 1;
-    }
-    return a.label.localeCompare(b.label);
-  });
-}
-async function projectDetectAction(options, deps) {
-  const { configService, fileSystemService, promptService, shellService } = deps;
-  const projectConfig = await configService.loadProjectConfig();
-  if (!projectConfig?.config.project) {
-    console.error(`✗ No project is configured in pkgseer.yml`);
-    console.log(`
-  To get started, run: pkgseer project init`);
-    console.log(`  This will create a project and detect your manifest files.`);
-    process.exit(1);
+    lines.push("");
   }
-  const projectName = projectConfig.config.project;
-  const existingManifests = projectConfig.config.manifests ?? [];
-  console.log(`Scanning for manifest files in project "${projectName}"...
+  return lines.join(`
 `);
-  const cwd = fileSystemService.getCwd();
-  const detectedGroups = await detectAndGroupManifests(cwd, fileSystemService, {
-    maxDepth: options.maxDepth ?? 3
-  });
-  if (detectedGroups.length === 0) {
-    console.log("No manifest files were found in the current directory.");
-    if (existingManifests.length > 0) {
-      console.log(`
-  Your existing configuration in pkgseer.yml will remain unchanged.`);
-      console.log(`  Tip: Make sure you're running this command from the project root directory.`);
-    } else {
-      console.log(`
-  Tip: Manifest files like package.json, requirements.txt, or pyproject.toml should be in the current directory or subdirectories.`);
-    }
+}
+async function pkgQualityAction(packageName, options, deps) {
+  const { pkgseerService } = deps;
+  const registry = toGraphQLRegistry(options.registry);
+  const result = await pkgseerService.cliPackageQuality(registry, packageName, options.pkgVersion);
+  handleErrors(result.errors, options.json ?? false);
+  if (!result.data.packageQuality) {
+    outputError(`Package not found: ${packageName} in ${options.registry}`, options.json ?? false);
     return;
   }
-  const suggestedManifests = matchManifestsWithConfig(detectedGroups, existingManifests);
-  console.log("Current configuration in pkgseer.yml:");
-  if (existingManifests.length === 0) {
-    console.log("  (no manifests configured yet)");
+  if (options.json) {
+    const quality = result.data.packageQuality.quality;
+    const slim = {
+      package: `${result.data.packageQuality.package?.name}@${result.data.packageQuality.package?.version}`,
+      score: quality?.overallScore,
+      grade: quality?.grade,
+      categories: quality?.categories?.filter((c) => c).map((c) => ({
+        name: c.category,
+        score: c.score
+      }))
+    };
+    output(slim, true);
   } else {
-    for (const group of existingManifests) {
-      console.log(`  Label: ${group.label}`);
-      for (const file of group.files) {
-        console.log(`    ${file}`);
-      }
-    }
+    console.log(formatPackageQuality(result.data.packageQuality));
   }
-  console.log(`
-Suggested configuration:`);
-  for (const group of suggestedManifests) {
-    const markers = [];
-    if (group.isNew)
-      markers.push("new");
-    if (group.changedLabel)
-      markers.push("label changed");
-    const markerStr = markers.length > 0 ? ` (${markers.join(", ")})` : "";
-    console.log(`  Label: ${group.label}${markerStr}`);
-    for (const file of group.files) {
-      const wasInConfig = existingManifests.some((g) => g.files.includes(file));
-      const prefix = wasInConfig ? "    " : "  + ";
-      console.log(`${prefix}${file}`);
+}
+var QUALITY_DESCRIPTION = `Get package quality score and breakdown.
+
+Analyzes package quality across multiple dimensions:
+- Maintenance and activity
+- Documentation coverage
+- Security practices
+- Community engagement
+
+Examples:
+  pkgseer pkg quality lodash
+  pkgseer pkg quality express -v 4.18.0
+  pkgseer pkg quality requests --registry pypi --json`;
+function registerPkgQualityCommand(program) {
+  program.command("quality <package>").summary("Get package quality score").description(QUALITY_DESCRIPTION).option("-r, --registry <registry>", "Package registry", "npm").option("-v, --pkg-version <version>", "Package version").option("--json", "Output as JSON").action(async (packageName, options) => {
+    await withCliErrorHandling(options.json ?? false, async () => {
+      const deps = await createContainer();
+      await pkgQualityAction(packageName, options, deps);
+    });
+  });
+}
+// src/commands/pkg/vulns.ts
+function getSeverityLabel(score) {
+  if (score == null)
+    return "UNKNOWN";
+  if (score >= 9)
+    return "CRITICAL";
+  if (score >= 7)
+    return "HIGH";
+  if (score >= 4)
+    return "MEDIUM";
+  return "LOW";
+}
+function formatPackageVulnerabilities(data) {
+  const lines = [];
+  const pkg = data.package;
+  const security = data.security;
+  if (!pkg) {
+    return "No package data available.";
+  }
+  lines.push(`\uD83D\uDD12 Security Report: ${pkg.name}@${pkg.version}`);
+  lines.push("");
+  if (!security?.vulnerabilities || security.vulnerabilities.length === 0) {
+    lines.push("✅ No known vulnerabilities!");
+    return lines.join(`
+`);
+  }
+  const bySeverity = security.vulnerabilities.reduce((acc, v) => {
+    if (v) {
+      const label = getSeverityLabel(v.severityScore);
+      acc[label] = (acc[label] || 0) + 1;
     }
+    return acc;
+  }, {});
+  lines.push(`⚠️  Found ${security.vulnerabilityCount} vulnerabilities:`);
+  for (const [severity, count] of Object.entries(bySeverity)) {
+    lines.push(`  ${formatSeverity(severity)}: ${count}`);
   }
-  const hasHexManifests = detectedGroups.some((group) => group.manifests.some((m) => m.type === "hex"));
-  const hasHexInSuggested = suggestedManifests.some((g) => g.files.some((f) => f.endsWith("mix.exs") || f.endsWith("mix.lock")));
-  let allowMixDeps = false;
-  if (hasHexInSuggested) {
-    const existingHasMixDeps = existingManifests.some((g) => g.allow_mix_deps === true);
-    if (!existingHasMixDeps) {
-      console.log(`
-  Note: Elixir/Hex manifest files (mix.exs, mix.lock) are Elixir code and cannot be directly uploaded.`);
-      console.log(`  Instead, we need to run "mix deps --all" and "mix deps.tree" to generate dependency information.`);
-      allowMixDeps = await promptService.confirm(`
-  Allow running "mix deps --all" and "mix deps.tree" for hex manifests?`, true);
-    } else {
-      allowMixDeps = true;
+  lines.push("");
+  lines.push("Details:");
+  for (const vuln of security.vulnerabilities) {
+    if (!vuln)
+      continue;
+    lines.push("");
+    lines.push(`  ${formatSeverity(getSeverityLabel(vuln.severityScore))}`);
+    lines.push(`  ${vuln.summary || vuln.osvId}`);
+    lines.push(`  ID: ${vuln.osvId}`);
+    if (vuln.fixedInVersions && vuln.fixedInVersions.length > 0) {
+      lines.push(`  Fixed in: ${vuln.fixedInVersions.join(", ")}`);
     }
   }
-  const finalManifests = suggestedManifests.map((g) => {
-    const hasHexInGroup = g.files.some((f) => f.endsWith("mix.exs") || f.endsWith("mix.lock"));
-    return {
-      label: g.label,
-      files: g.files,
-      isNew: g.isNew,
-      changedLabel: g.changedLabel,
-      ...hasHexInGroup && allowMixDeps ? { allow_mix_deps: true } : {},
-      ...g.allow_mix_deps !== undefined ? { allow_mix_deps: g.allow_mix_deps } : {}
-    };
-  });
-  const hasChanges = finalManifests.length !== existingManifests.length || finalManifests.some((g) => g.isNew || g.changedLabel) || existingManifests.some((existing) => {
-    const suggested = finalManifests.find((s) => s.label === existing.label);
-    if (!suggested)
-      return true;
-    const existingFiles = new Set(existing.files);
-    const suggestedFiles = new Set(suggested.files);
-    return existingFiles.size !== suggestedFiles.size || !Array.from(existingFiles).every((f) => suggestedFiles.has(f));
-  }) || finalManifests.some((g) => {
-    const existing = existingManifests.find((e) => e.label === g.label);
-    return existing?.allow_mix_deps !== g.allow_mix_deps;
-  });
-  if (!hasChanges) {
-    console.log(`
-✓ Your configuration is already up to date!`);
-    console.log(`
-  All detected manifest files match your current pkgseer.yml configuration.`);
+  return lines.join(`
+`);
+}
+async function pkgVulnsAction(packageName, options, deps) {
+  const { pkgseerService } = deps;
+  const registry = toGraphQLRegistry(options.registry);
+  const result = await pkgseerService.cliPackageVulns(registry, packageName, options.pkgVersion);
+  handleErrors(result.errors, options.json ?? false);
+  if (!result.data.packageVulnerabilities) {
+    outputError(`Package not found: ${packageName} in ${options.registry}`, options.json ?? false);
     return;
   }
-  if (options.update) {
-    await configService.writeProjectConfig({
-      project: projectName,
-      manifests: finalManifests.map((g) => ({
-        label: g.label,
-        files: g.files,
-        ...g.allow_mix_deps ? { allow_mix_deps: g.allow_mix_deps } : {}
+  if (options.json) {
+    const data = result.data.packageVulnerabilities;
+    const vulns = data.security?.vulnerabilities ?? [];
+    const slim = {
+      package: `${data.package?.name}@${data.package?.version}`,
+      count: data.security?.vulnerabilityCount ?? 0,
+      vulnerabilities: vulns.filter((v) => v).map((v) => ({
+        id: v.osvId,
+        severity: v.severityScore,
+        summary: v.summary,
+        fixed: v.fixedInVersions
       }))
-    });
-    console.log(`
-✓ Configuration updated successfully!`);
-    console.log(`
-  Your pkgseer.yml has been updated with the detected manifest files.`);
-    console.log(`  Run 'pkgseer project upload' to upload them to your project.`);
+    };
+    output(slim, true);
   } else {
-    const shouldUpdate = await promptService.confirm(`
-Would you like to update pkgseer.yml with these changes?`, false);
-    if (shouldUpdate) {
-      await configService.writeProjectConfig({
-        project: projectName,
-        manifests: finalManifests.map((g) => ({
-          label: g.label,
-          files: g.files,
-          ...g.allow_mix_deps ? { allow_mix_deps: g.allow_mix_deps } : {}
-        }))
-      });
-      console.log(`
-✓ Configuration updated successfully!`);
-      console.log(`
-  Your pkgseer.yml has been updated. Run 'pkgseer project upload' to upload the manifests.`);
-    } else {
-      console.log(`
-  Configuration was not updated.`);
-      console.log(`  To apply these changes automatically, run: pkgseer project detect --update`);
-      console.log(`  Or manually edit pkgseer.yml and then run: pkgseer project upload`);
-    }
+    console.log(formatPackageVulnerabilities(result.data.packageVulnerabilities));
   }
 }
-var DETECT_DESCRIPTION = `Detect manifest files and update your project configuration.
-
-This command scans your project directory for manifest files (like
-package.json, requirements.txt, etc.) and compares them with your
-current pkgseer.yml configuration. It will:
+var VULNS_DESCRIPTION = `Check package for security vulnerabilities.
 
-  • Preserve existing labels for files you've already configured
-  • Suggest new labels for newly detected files
-  • Show you what would change before updating
+Scans for known security vulnerabilities and provides:
+- Severity ratings (critical, high, medium, low)
+- CVE identifiers
+- Affected version ranges
+- Upgrade recommendations
 
-Perfect for when you add new manifest files or reorganize your
-project structure. Run with --update to automatically apply changes.`;
-function registerProjectDetectCommand(program) {
-  program.command("detect").summary("Detect manifest files and suggest config updates").description(DETECT_DESCRIPTION).option("--max-depth <depth>", "Maximum directory depth to scan for manifests", (val) => Number.parseInt(val, 10), 3).option("--update", "Automatically update pkgseer.yml without prompting", false).action(async (options) => {
-    const deps = await createContainer();
-    await projectDetectAction({ maxDepth: options.maxDepth, update: options.update }, {
-      configService: deps.configService,
-      fileSystemService: deps.fileSystemService,
-      promptService: deps.promptService,
-      shellService: deps.shellService
+Examples:
+  pkgseer pkg vulns lodash
+  pkgseer pkg vulns express -v 4.17.0
+  pkgseer pkg vulns requests --registry pypi --json`;
+function registerPkgVulnsCommand(program) {
+  program.command("vulns <package>").summary("Check for security vulnerabilities").description(VULNS_DESCRIPTION).option("-r, --registry <registry>", "Package registry", "npm").option("-v, --pkg-version <version>", "Package version").option("--json", "Output as JSON").action(async (packageName, options) => {
+    await withCliErrorHandling(options.json ?? false, async () => {
+      const deps = await createContainer();
+      await pkgVulnsAction(packageName, options, deps);
     });
   });
 }
-// src/commands/shared-colors.ts
-var colors2 = {
-  reset: "\x1B[0m",
-  bold: "\x1B[1m",
-  dim: "\x1B[2m",
-  green: "\x1B[32m",
-  yellow: "\x1B[33m",
-  blue: "\x1B[34m",
-  magenta: "\x1B[35m",
-  cyan: "\x1B[36m",
-  red: "\x1B[31m"
-};
-function shouldUseColors2(noColor) {
-  if (noColor)
-    return false;
-  if (process.env.NO_COLOR !== undefined)
-    return false;
-  return process.stdout.isTTY ?? false;
-}
-function success(text, useColors) {
-  const checkmark = useColors ? `${colors2.green}✓${colors2.reset}` : "✓";
-  return `${checkmark} ${text}`;
-}
-function error(text, useColors) {
-  const cross = useColors ? `${colors2.red}✗${colors2.reset}` : "✗";
-  return `${cross} ${text}`;
-}
-function highlight(text, useColors) {
-  if (!useColors)
-    return text;
-  return `${colors2.bold}${colors2.cyan}${text}${colors2.reset}`;
-}
-function dim(text, useColors) {
-  if (!useColors)
-    return text;
-  return `${colors2.dim}${text}${colors2.reset}`;
-}
-
-// src/commands/project/manifest-upload-utils.ts
-async function processManifestFiles(params) {
-  const {
-    files,
-    basePath,
-    hasHexManifests,
-    allowMixDeps,
-    fileSystemService,
-    shellService
-  } = params;
-  const hexFiles = files.filter((f) => f.endsWith("mix.exs") || f.endsWith("mix.lock"));
-  let generatedHexFiles = [];
-  if (hasHexManifests && allowMixDeps && hexFiles.length > 0) {
-    const firstHexFile = hexFiles[0];
-    if (!firstHexFile) {
-      throw new Error("No hex files found");
+// src/commands/project/detect.ts
+function matchManifestsWithConfig(detectedGroups, existingManifests) {
+  const fileToConfig = new Map;
+  for (const group of existingManifests) {
+    for (const file of group.files) {
+      fileToConfig.set(file, {
+        label: group.label,
+        allow_mix_deps: group.allow_mix_deps
+      });
     }
-    const absolutePath = fileSystemService.joinPath(basePath, firstHexFile);
-    const manifestDir = fileSystemService.getDirname(absolutePath);
-    try {
-      const [depsContent, depsTreeContent] = await Promise.all([
-        shellService.execute("mix deps --all", manifestDir),
-        shellService.execute("mix deps.tree", manifestDir)
-      ]);
-      generatedHexFiles = [
-        {
-          filename: "deps.txt",
-          path: absolutePath,
-          content: depsContent
-        },
-        {
-          filename: "deps-tree.txt",
-          path: absolutePath,
-          content: depsTreeContent
-        }
-      ];
-    } catch (error2) {
-      const errorMessage = error2 instanceof Error ? error2.message : String(error2);
-      throw new Error(`Failed to generate dependencies for hex manifest: ${firstHexFile}
-` + `  Error: ${errorMessage}
-` + `  Make sure 'mix' is installed and the directory contains a valid Elixir project.`);
+  }
+  const labelToFiles = new Map;
+  const labelToConfig = new Map;
+  for (const detectedGroup of detectedGroups) {
+    for (const manifest of detectedGroup.manifests) {
+      const existingConfig = fileToConfig.get(manifest.relativePath);
+      let label;
+      const hasEcosystemSuffix = detectedGroup.label.endsWith("-npm") || detectedGroup.label.endsWith("-hex") || detectedGroup.label.endsWith("-pypi");
+      if (hasEcosystemSuffix) {
+        label = detectedGroup.label;
+      } else {
+        label = existingConfig?.label ?? detectedGroup.label;
+      }
+      const allowMixDeps = existingConfig?.allow_mix_deps;
+      if (!labelToConfig.has(label)) {
+        labelToConfig.set(label, {
+          files: new Set,
+          allow_mix_deps: allowMixDeps
+        });
+      }
+      const config = labelToConfig.get(label);
+      config.files.add(manifest.relativePath);
+      if (allowMixDeps) {
+        config.allow_mix_deps = true;
+      }
     }
   }
-  const filePromises = files.map(async (relativePath) => {
-    const isHexFile = relativePath.endsWith("mix.exs") || relativePath.endsWith("mix.lock");
-    if (isHexFile) {
-      if (!allowMixDeps) {
-        return null;
+  const result = [];
+  for (const [label, config] of labelToConfig.entries()) {
+    const fileArray = Array.from(config.files);
+    const hasNewFiles = fileArray.some((file) => !fileToConfig.has(file));
+    const hasChangedLabels = fileArray.some((file) => {
+      const oldConfig = fileToConfig.get(file);
+      return oldConfig !== undefined && oldConfig.label !== label;
+    });
+    result.push({
+      label,
+      files: fileArray.sort(),
+      isNew: hasNewFiles,
+      changedLabel: hasChangedLabels ? label : undefined,
+      allow_mix_deps: config.allow_mix_deps
+    });
+  }
+  return result.sort((a, b) => {
+    if (a.label.startsWith("root")) {
+      if (b.label.startsWith("root")) {
+        return a.label.localeCompare(b.label);
       }
-      return null;
+      return -1;
     }
-    const absolutePath = fileSystemService.joinPath(basePath, relativePath);
-    const exists = await fileSystemService.exists(absolutePath);
-    if (!exists) {
-      throw new Error(`File not found: ${relativePath}
-  Make sure the file exists and the path in pkgseer.yml is correct.`);
+    if (b.label.startsWith("root")) {
+      return 1;
     }
-    const content = await fileSystemService.readFile(absolutePath);
-    const filename = relativePath.split(/[/\\]/).pop() ?? relativePath;
-    return {
-      filename,
-      path: absolutePath,
-      content
-    };
+    return a.label.localeCompare(b.label);
   });
-  const regularFiles = await Promise.all(filePromises);
-  const result = [];
-  let hexFilesInserted = false;
-  for (let i = 0;i < files.length; i++) {
-    const relativePath = files[i];
-    if (!relativePath) {
-      continue;
-    }
-    const isHexFile = relativePath.endsWith("mix.exs") || relativePath.endsWith("mix.lock");
-    if (isHexFile && !hexFilesInserted && generatedHexFiles.length > 0) {
-      result.push(...generatedHexFiles);
-      hexFilesInserted = true;
-    } else if (!isHexFile) {
-      const regularFile = regularFiles[i];
-      if (regularFile !== undefined) {
-        result.push(regularFile);
-      }
-    } else {
-      result.push(null);
-    }
-  }
-  return result;
 }
-
-// src/commands/project/init.ts
-async function projectInitAction(options, deps) {
-  const {
-    projectService,
-    configService,
-    fileSystemService,
-    gitService,
-    promptService,
-    shellService,
-    authStorage,
-    baseUrl
-  } = deps;
-  const useColors = shouldUseColors2();
-  const auth = await checkProjectWriteScope(authStorage, baseUrl);
-  if (!auth) {
-    console.error(error(`Authentication required with ${highlight(PROJECT_MANIFEST_UPLOAD_SCOPE, useColors)} scope`, useColors));
-    console.log(`
-  Your current token doesn't have the required permissions for creating projects and uploading manifests.`);
-    console.log(`
-  To fix this:`);
-    console.log(`    1. Run: ${highlight(`pkgseer login --force`, useColors)}`);
-    console.log(`    2. Make sure to grant ${highlight(PROJECT_MANIFEST_UPLOAD_SCOPE, useColors)} scope during authentication`);
-    console.log(`
-  Or check your current scopes with: ${highlight(`pkgseer auth status`, useColors)}`);
-    process.exit(1);
-  }
-  const isEnvToken = auth.scopes.length === 0 && auth.tokenName === "PKGSEER_API_TOKEN";
-  if (isEnvToken) {} else if (!auth.scopes.includes(PROJECT_MANIFEST_UPLOAD_SCOPE)) {
-    console.error(error(`Token missing required scope: ${highlight(PROJECT_MANIFEST_UPLOAD_SCOPE, useColors)}`, useColors));
-    console.log(`
-  To fix this:`);
-    console.log(`    1. Run: ${highlight(`pkgseer login --force`, useColors)}`);
-    console.log(`    2. Make sure to grant ${highlight(PROJECT_MANIFEST_UPLOAD_SCOPE, useColors)} scope during authentication`);
+async function projectDetectAction(options, deps) {
+  const { configService, fileSystemService, promptService, shellService } = deps;
+  const projectConfig = await configService.loadProjectConfig();
+  if (!projectConfig?.config.project) {
+    console.error(`✗ No project is configured in pkgseer.yml`);
     console.log(`
-  Or check your current scopes with: ${highlight(`pkgseer auth status`, useColors)}`);
-    process.exit(1);
-  }
-  const existingConfig = await configService.loadProjectConfig();
-  if (existingConfig?.config.project) {
-    console.error(error(`A project is already configured in pkgseer.yml: ${highlight(existingConfig.config.project, useColors)}`, useColors));
-    console.log(dim(`
-  To reinitialize, either remove pkgseer.yml or edit it manually.`, useColors));
-    console.log(dim(`  To update manifest files, use: `, useColors) + highlight(`pkgseer project detect`, useColors));
+  To get started, run: pkgseer project init`);
+    console.log(`  This will create a project and detect your manifest files.`);
     process.exit(1);
   }
-  let projectName = options.name?.trim();
-  if (!projectName) {
-    const cwd2 = fileSystemService.getCwd();
-    const basename = cwd2.split(/[/\\]/).pop() ?? "project";
-    const input2 = await promptService.input(`Project name:`, basename);
-    projectName = input2.trim();
-  }
-  console.log(`
-Creating project ${highlight(projectName, useColors)}...`);
-  let createResult;
-  let projectAlreadyExists = false;
-  try {
-    createResult = await projectService.createProject({
-      name: projectName
-    });
-  } catch (createError) {
-    const errorMessage = createError instanceof Error ? createError.message : String(createError);
-    if (createError instanceof Error && (errorMessage.includes("already been taken") || errorMessage.includes("already exists"))) {
-      console.log(dim(`
-  Project ${highlight(projectName, useColors)} already exists on the server.`, useColors));
-      console.log(dim(`  This might happen if you previously ran init but didn't complete the setup.`, useColors));
-      const useExisting = await promptService.confirm(`
-  Do you want to use the existing project and continue with manifest setup?`, true);
-      if (!useExisting) {
-        console.log(dim(`
-  Exiting. Please choose a different project name or use an existing project.`, useColors));
-        process.exit(0);
-      }
-      projectAlreadyExists = true;
-      createResult = {
-        project: {
-          name: projectName,
-          defaultBranch: "main"
-        },
-        errors: null
-      };
+  const projectName = projectConfig.config.project;
+  const existingManifests = projectConfig.config.manifests ?? [];
+  console.log(`Scanning for manifest files in project "${projectName}"...
+`);
+  const cwd = fileSystemService.getCwd();
+  const detectedGroups = await detectAndGroupManifests(cwd, fileSystemService, {
+    maxDepth: options.maxDepth ?? 3
+  });
+  if (detectedGroups.length === 0) {
+    console.log("No manifest files were found in the current directory.");
+    if (existingManifests.length > 0) {
+      console.log(`
+  Your existing configuration in pkgseer.yml will remain unchanged.`);
+      console.log(`  Tip: Make sure you're running this command from the project root directory.`);
     } else {
-      console.error(error(`Failed to create project: ${errorMessage}`, useColors));
-      if (createError instanceof Error && (errorMessage.includes("Insufficient permissions") || errorMessage.includes("Required scopes") || errorMessage.includes(PROJECT_MANIFEST_UPLOAD_SCOPE))) {
-        console.log(`
-  Your current token doesn't have the required permissions for creating projects.`);
-        console.log(`
-  To fix this:`);
-        console.log(`    1. Run: ${highlight(`pkgseer login --force`, useColors)}`);
-        console.log(`    2. Make sure to grant ${highlight(PROJECT_MANIFEST_UPLOAD_SCOPE, useColors)} scope during authentication`);
-        console.log(`
-  Or check your current scopes with: ${highlight(`pkgseer auth status`, useColors)}`);
-      } else if (createError instanceof Error && (errorMessage.includes("alphanumeric") || errorMessage.includes("hyphens") || errorMessage.includes("underscores"))) {
-        console.log(dim(`
-  Project name requirements:`, useColors));
-        console.log(dim(`    • Must start with an alphanumeric character (a-z, A-Z, 0-9)`, useColors));
-        console.log(dim(`    • Can contain letters, numbers, hyphens (-), and underscores (_)`, useColors));
-        console.log(dim(`    • Example valid names: ${highlight(`my-project`, useColors)}, ${highlight(`project_123`, useColors)}, ${highlight(`backend`, useColors)}`, useColors));
-      }
-      process.exit(1);
+      console.log(`
+  Tip: Manifest files like package.json, requirements.txt, or pyproject.toml should be in the current directory or subdirectories.`);
     }
+    return;
   }
-  if (!createResult.project) {
-    if (createResult.errors && createResult.errors.length > 0) {
-      const firstError = createResult.errors[0];
-      console.error(error(`Failed to create project: ${firstError?.message ?? "Unknown error"}`, useColors));
-      if (firstError?.field) {
-        console.log(dim(`
-  Field: ${firstError.field}`, useColors));
+  const suggestedManifests = matchManifestsWithConfig(detectedGroups, existingManifests);
+  console.log("Current configuration in pkgseer.yml:");
+  if (existingManifests.length === 0) {
+    console.log("  (no manifests configured yet)");
+  } else {
+    for (const group of existingManifests) {
+      console.log(`  Label: ${group.label}`);
+      for (const file of group.files) {
+        console.log(`    ${file}`);
       }
-      process.exit(1);
     }
-    console.error(error(`Failed to create project`, useColors));
-    console.log(dim(`
-  Please try again or contact support if the issue persists.`, useColors));
-    process.exit(1);
-  }
-  if (projectAlreadyExists) {
-    console.log(success(`Using existing project ${highlight(createResult.project.name, useColors)}`, useColors));
-  } else {
-    console.log(success(`Project ${highlight(createResult.project.name, useColors)} created successfully!`, useColors));
   }
-  const maxDepth = options.maxDepth ?? 3;
-  console.log(dim(`
-Scanning for manifest files (max depth: ${maxDepth})...`, useColors));
-  const cwd = fileSystemService.getCwd();
-  const manifestGroups = await detectAndGroupManifests(cwd, fileSystemService, {
-    maxDepth
-  });
-  const configToWrite = {
-    project: projectName
-  };
-  if (manifestGroups.length > 0) {
-    console.log(`
-Found ${highlight(`${manifestGroups.length}`, useColors)} manifest group${manifestGroups.length === 1 ? "" : "s"}:
-`);
-    for (const group of manifestGroups) {
-      console.log(`  Label: ${highlight(group.label, useColors)}`);
-      for (const manifest of group.manifests) {
-        console.log(`    ${highlight(manifest.relativePath, useColors)} ${dim(`(${manifest.type})`, useColors)}`);
-      }
+  console.log(`
+Suggested configuration:`);
+  for (const group of suggestedManifests) {
+    const markers = [];
+    if (group.isNew)
+      markers.push("new");
+    if (group.changedLabel)
+      markers.push("label changed");
+    const markerStr = markers.length > 0 ? ` (${markers.join(", ")})` : "";
+    console.log(`  Label: ${group.label}${markerStr}`);
+    for (const file of group.files) {
+      const wasInConfig = existingManifests.some((g) => g.files.includes(file));
+      const prefix = wasInConfig ? "    " : "  + ";
+      console.log(`${prefix}${file}`);
     }
-    const hasHexManifests = manifestGroups.some((group) => group.manifests.some((m) => m.type === "hex"));
-    let allowMixDeps = false;
-    if (hasHexManifests) {
-      console.log(dim(`
-  Note: Elixir/Hex manifest files (mix.exs, mix.lock) are Elixir code and cannot be directly uploaded.`, useColors));
-      console.log(dim(`  Instead, we need to run "mix deps --all" and "mix deps.tree" to generate dependency information.`, useColors));
+  }
+  const hasHexManifests = detectedGroups.some((group) => group.manifests.some((m) => m.type === "hex"));
+  const hasHexInSuggested = suggestedManifests.some((g) => g.files.some((f) => f.endsWith("mix.exs") || f.endsWith("mix.lock")));
+  let allowMixDeps = false;
+  if (hasHexInSuggested) {
+    const existingHasMixDeps = existingManifests.some((g) => g.allow_mix_deps === true);
+    if (!existingHasMixDeps) {
+      console.log(`
+  Note: Elixir/Hex manifest files (mix.exs, mix.lock) are Elixir code and cannot be directly uploaded.`);
+      console.log(`  Instead, we need to run "mix deps --all" and "mix deps.tree" to generate dependency information.`);
       allowMixDeps = await promptService.confirm(`
   Allow running "mix deps --all" and "mix deps.tree" for hex manifests?`, true);
+    } else {
+      allowMixDeps = true;
     }
-    configToWrite.manifests = manifestGroups.map((group) => {
-      const hasHexInGroup = group.manifests.some((m) => m.type === "hex");
-      return {
-        label: group.label,
-        files: group.manifests.map((m) => m.relativePath),
-        ...hasHexInGroup && allowMixDeps ? { allow_mix_deps: true } : {}
-      };
+  }
+  const finalManifests = suggestedManifests.map((g) => {
+    const hasHexInGroup = g.files.some((f) => f.endsWith("mix.exs") || f.endsWith("mix.lock"));
+    return {
+      label: g.label,
+      files: g.files,
+      isNew: g.isNew,
+      changedLabel: g.changedLabel,
+      ...hasHexInGroup && allowMixDeps ? { allow_mix_deps: true } : {},
+      ...g.allow_mix_deps !== undefined ? { allow_mix_deps: g.allow_mix_deps } : {}
+    };
+  });
+  const hasChanges = finalManifests.length !== existingManifests.length || finalManifests.some((g) => g.isNew || g.changedLabel) || existingManifests.some((existing) => {
+    const suggested = finalManifests.find((s) => s.label === existing.label);
+    if (!suggested)
+      return true;
+    const existingFiles = new Set(existing.files);
+    const suggestedFiles = new Set(suggested.files);
+    return existingFiles.size !== suggestedFiles.size || !Array.from(existingFiles).every((f) => suggestedFiles.has(f));
+  }) || finalManifests.some((g) => {
+    const existing = existingManifests.find((e) => e.label === g.label);
+    return existing?.allow_mix_deps !== g.allow_mix_deps;
+  });
+  if (!hasChanges) {
+    console.log(`
+✓ Your configuration is already up to date!`);
+    console.log(`
+  All detected manifest files match your current pkgseer.yml configuration.`);
+    return;
+  }
+  if (options.update) {
+    await configService.writeProjectConfig({
+      project: projectName,
+      manifests: finalManifests.map((g) => ({
+        label: g.label,
+        files: g.files,
+        ...g.allow_mix_deps ? { allow_mix_deps: g.allow_mix_deps } : {}
+      }))
     });
-    const action = await promptService.select(`
-What would you like to do next?`, [
-      {
-        value: "upload",
-        name: "Save config and upload manifests now",
-        description: "Recommended: saves configuration and uploads files immediately"
-      },
-      {
-        value: "edit",
-        name: "Save config for manual editing",
-        description: "Saves configuration so you can customize labels before uploading"
-      },
-      {
-        value: "abort",
-        name: "Skip configuration for now",
-        description: "Project is created but no config saved (you can run init again later)"
-      }
-    ]);
-    if (action === "abort") {
-      if (projectAlreadyExists) {
-        console.log(`
-${success(`Using existing project ${highlight(projectName, useColors)}`, useColors)}`);
-      } else {
-        console.log(`
-${success(`Project ${highlight(projectName, useColors)} created successfully!`, useColors)}`);
-      }
-      console.log(dim(`
-  Configuration was not saved. To configure later, run:`, useColors));
-      console.log(`    ${highlight(`pkgseer project init --name ${projectName}`, useColors)}`);
-      console.log(dim(`
-  Or manually create pkgseer.yml and run: `, useColors) + highlight(`pkgseer project upload`, useColors));
-      process.exit(0);
-    }
-    if (action === "upload") {
-      await configService.writeProjectConfig(configToWrite);
-      console.log(success(`Configuration saved to ${highlight("pkgseer.yml", useColors)}`, useColors));
-      const branch = await gitService.getCurrentBranch() ?? createResult.project.defaultBranch;
+    console.log(`
+✓ Configuration updated successfully!`);
+    console.log(`
+  Your pkgseer.yml has been updated with the detected manifest files.`);
+    console.log(`  Run 'pkgseer project upload' to upload them to your project.`);
+  } else {
+    const shouldUpdate = await promptService.confirm(`
+Would you like to update pkgseer.yml with these changes?`, false);
+    if (shouldUpdate) {
+      await configService.writeProjectConfig({
+        project: projectName,
+        manifests: finalManifests.map((g) => ({
+          label: g.label,
+          files: g.files,
+          ...g.allow_mix_deps ? { allow_mix_deps: g.allow_mix_deps } : {}
+        }))
+      });
       console.log(`
-Uploading manifest files to branch ${highlight(branch, useColors)}...`);
-      const cwd2 = fileSystemService.getCwd();
-      for (const group of manifestGroups) {
-        try {
-          const hasHexManifests2 = group.manifests.some((m) => m.type === "hex");
-          const allowMixDeps2 = configToWrite.manifests?.find((m) => m.label === group.label)?.allow_mix_deps === true;
-          const allFiles = await processManifestFiles({
-            files: group.manifests.map((m) => m.relativePath),
-            basePath: cwd2,
-            hasHexManifests: hasHexManifests2,
-            allowMixDeps: allowMixDeps2 ?? false,
-            fileSystemService,
-            shellService
-          });
-          const validFiles = allFiles.filter((f) => f !== null);
-          if (validFiles.length === 0) {
-            console.log(`  ${dim(`(no files to upload for ${group.label})`, useColors)}`);
-            continue;
-          }
-          const uploadResult = await projectService.uploadManifests({
-            project: projectName,
-            branch,
-            label: group.label,
-            files: validFiles
-          });
-          for (const result of uploadResult.results) {
-            if (result.status === "success") {
-              const depsCount = result.dependencies_count ?? 0;
-              const labelText = highlight(group.label, useColors);
-              const fileText = highlight(result.filename, useColors);
-              const depsText = dim(`(${depsCount} dependencies)`, useColors);
-              console.log(`  ${success(`${labelText}: ${fileText}`, useColors)} ${depsText}`);
-            } else {
-              console.log(`  ${error(`${group.label}: ${result.filename} - ${result.error ?? "Unknown error"}`, useColors)}`);
-            }
-          }
-        } catch (uploadError) {
-          const errorMessage = uploadError instanceof Error ? uploadError.message : String(uploadError);
-          let userMessage = `Failed to upload ${group.label}: ${errorMessage}`;
-          if (hasHexManifests) {
-            if (errorMessage.includes("command not found") || errorMessage.includes("mix:")) {
-              userMessage = `Failed to process hex manifest files for ${group.label}.
-` + `  Error: ${errorMessage}
-` + `  Make sure Elixir and 'mix' are installed. Install Elixir from https://elixir-lang.org/install.html`;
-            } else if (errorMessage.includes("Failed to generate dependencies")) {
-              userMessage = errorMessage;
-            } else if (errorMessage.includes("Network") || errorMessage.includes("ECONNREFUSED")) {
-              userMessage = `Failed to upload ${group.label}: Network error.
-` + `  Error: ${errorMessage}
-` + `  Check your internet connection and try again.`;
-            }
-          } else if (errorMessage.includes("Network") || errorMessage.includes("ECONNREFUSED")) {
-            userMessage = `Failed to upload ${group.label}: Network error.
-` + `  Error: ${errorMessage}
-` + `  Check your internet connection and try again.`;
-          }
-          console.error(error(userMessage, useColors));
-        }
-      }
+✓ Configuration updated successfully!`);
       console.log(`
-${success(`Project initialization complete!`, useColors)}`);
-      console.log(dim(`
-  View your project: `, useColors) + highlight(`${deps.baseUrl}/projects/${projectName}`, useColors));
-      console.log(dim(`
-  To upload updated manifests later, run: `, useColors) + highlight(`pkgseer project upload`, useColors));
-      return;
+  Your pkgseer.yml has been updated. Run 'pkgseer project upload' to upload the manifests.`);
+    } else {
+      console.log(`
+  Configuration was not updated.`);
+      console.log(`  To apply these changes automatically, run: pkgseer project detect --update`);
+      console.log(`  Or manually edit pkgseer.yml and then run: pkgseer project upload`);
     }
-  } else {
-    console.log(dim(`
-No manifest files were found in the current directory.`, useColors));
-  }
-  await configService.writeProjectConfig(configToWrite);
-  console.log(success(`Configuration saved to ${highlight("pkgseer.yml", useColors)}`, useColors));
-  if (manifestGroups.length > 0) {
-    console.log(dim(`
-  Next steps:`, useColors));
-    console.log(dim(`    1. Edit pkgseer.yml to customize manifest labels if needed`, useColors));
-    console.log(dim(`    2. Run: `, useColors) + highlight(`pkgseer project upload`, useColors));
-    console.log(dim(`
-  Tip: Use `, useColors) + highlight(`pkgseer project detect`, useColors) + dim(` to automatically update your config when you add new manifest files.`, useColors));
-  } else {
-    console.log(dim(`
-  Next steps:`, useColors));
-    console.log(dim(`    1. Add manifest files to your project`, useColors));
-    console.log(dim(`    2. Edit pkgseer.yml to configure them:`, useColors));
-    console.log(dim(`
-       manifests:`, useColors));
-    console.log(dim(`         - label: backend`, useColors));
-    console.log(dim(`           files:`, useColors));
-    console.log(dim(`             - `, useColors) + highlight(`package-lock.json`, useColors));
-    console.log(dim(`
-    3. Run: `, useColors) + highlight(`pkgseer project upload`, useColors));
-    console.log(dim(`
-  Tip: Run `, useColors) + highlight(`pkgseer project detect`, useColors) + dim(` after adding manifest files to auto-configure them.`, useColors));
   }
 }
-var INIT_DESCRIPTION = `Initialize a new project in the current directory.
+var DETECT_DESCRIPTION = `Detect manifest files and update your project configuration.
 
-This command will:
-  1. Create a new project entry (or prompt for a project name)
-  2. Scan for manifest files (package.json, requirements.txt, etc.)
-  3. Suggest labels based on directory structure
-  4. Optionally upload manifests to the project
+This command scans your project directory for manifest files (like
+package.json, requirements.txt, etc.) and compares them with your
+current pkgseer.yml configuration. It will:
 
-The project name defaults to the current directory name, or you can
-specify it with --name. Manifest files are automatically detected
-and grouped by their directory structure.`;
-function registerProjectInitCommand(program) {
-  program.command("init").summary("Initialize a new project").description(INIT_DESCRIPTION).option("--name <name>", "Project name (alphanumeric, hyphens, underscores only)").option("--max-depth <depth>", "Maximum directory depth to scan for manifests", (val) => Number.parseInt(val, 10), 3).action(async (options) => {
+  • Preserve existing labels for files you've already configured
+  • Suggest new labels for newly detected files
+  • Show you what would change before updating
+
+Perfect for when you add new manifest files or reorganize your
+project structure. Run with --update to automatically apply changes.`;
+function registerProjectDetectCommand(program) {
+  program.command("detect").summary("Detect manifest files and suggest config updates").description(DETECT_DESCRIPTION).option("--max-depth <depth>", "Maximum directory depth to scan for manifests", (val) => Number.parseInt(val, 10), 3).option("--update", "Automatically update pkgseer.yml without prompting", false).action(async (options) => {
     const deps = await createContainer();
-    await projectInitAction({ name: options.name, maxDepth: options.maxDepth }, {
-      projectService: deps.projectService,
+    await projectDetectAction({ maxDepth: options.maxDepth, update: options.update }, {
       configService: deps.configService,
       fileSystemService: deps.fileSystemService,
-      gitService: deps.gitService,
       promptService: deps.promptService,
-      shellService: deps.shellService,
-      authStorage: deps.authStorage,
-      baseUrl: deps.baseUrl
+      shellService: deps.shellService
     });
   });
 }
@@ -4217,11 +4878,10 @@ async function projectUploadAction(options, deps) {
     gitService,
     shellService,
     promptService,
-    authStorage,
     baseUrl
   } = deps;
   const useColors = shouldUseColors2();
-  const tokenData = await checkProjectWriteScope(authStorage, baseUrl);
+  const tokenData = await checkProjectWriteScope(configService, baseUrl);
   if (!tokenData) {
     console.error(error(`Authentication required. Please run 'pkgseer login'.`, useColors));
     console.log(`
@@ -4232,17 +4892,6 @@ async function projectUploadAction(options, deps) {
   Or check your current scopes with: ${highlight(`pkgseer auth status`, useColors)}`);
     process.exit(1);
   }
-  const isEnvToken = tokenData.scopes.length === 0 && tokenData.tokenName === "PKGSEER_API_TOKEN";
-  if (isEnvToken) {} else if (!tokenData.scopes.includes(PROJECT_MANIFEST_UPLOAD_SCOPE)) {
-    console.error(error(`Token missing required scope: ${highlight(PROJECT_MANIFEST_UPLOAD_SCOPE, useColors)}`, useColors));
-    console.log(`
-  To fix this:`);
-    console.log(`    1. Run: ${highlight(`pkgseer login --force`, useColors)}`);
-    console.log(`    2. Make sure to grant ${highlight(PROJECT_MANIFEST_UPLOAD_SCOPE, useColors)} scope during authentication`);
-    console.log(`
-  Or check your current scopes with: ${highlight(`pkgseer auth status`, useColors)}`);
-    process.exit(1);
-  }
   const projectConfig = await configService.loadProjectConfig();
   if (!projectConfig?.config.project) {
     console.error(error(`No project is configured in pkgseer.yml`, useColors));
@@ -4411,7 +5060,6 @@ function registerProjectUploadCommand(program) {
       gitService: deps.gitService,
       shellService: deps.shellService,
       promptService: deps.promptService,
-      authStorage: deps.authStorage,
       baseUrl: deps.baseUrl
     });
   });
@@ -4510,9 +5158,9 @@ function registerQuickstartCommand(program) {
 var program = new Command;
 program.name("pkgseer").description("Package intelligence for your AI assistant").version(version).addHelpText("after", `
 Getting started:
-  pkgseer login      Authenticate with your account
-  pkgseer mcp        Start the MCP server for AI assistants
-  pkgseer quickstart Show quick reference for AI agents
+  pkgseer init         Interactive setup wizard (project + MCP)
+  pkgseer login        Authenticate with your account
+  pkgseer quickstart   Quick reference for AI agents
 
 Package commands:
   pkgseer pkg info <package>      Get package summary
@@ -4527,6 +5175,7 @@ Documentation commands:
   pkgseer docs search <query>     Search documentation
 
 Learn more at https://pkgseer.dev`);
+registerInitCommand(program);
 registerMcpCommand(program);
 registerLoginCommand(program);
 registerLogoutCommand(program);