@postplus/cli 0.1.7

package/LICENSE

@@ -0,0 +1,186 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship made available under
+      the License, as indicated by a copyright notice that is included in
+      or attached to the work (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean, as submitted to the Licensor for inclusion
+      in the Work by the copyright owner or by an individual or Legal Entity
+      authorized to submit on behalf of the copyright owner. For the purposes
+      of this definition, "submitted" means any form of electronic, verbal,
+      or written communication sent to the Licensor or its representatives,
+      including but not limited to communication on electronic mailing lists,
+      source code control systems, and issue tracking systems that are managed
+      by, or on behalf of, the Licensor for the purpose of discussing and
+      improving the Work, but excluding communication that is conspicuously
+      marked or designated in writing by the copyright owner as "Not a
+      Contribution."
+
+      "Contributor" shall mean Licensor and any Legal Entity on behalf of
+      whom a Contribution has been received by the Licensor and incorporated
+      within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a cross-claim
+      or counterclaim in a lawsuit) alleging that the Work or any
+      Contribution embodied within the Work constitutes direct or
+      contributory patent infringement, then any patent licenses granted
+      to You under this License for that Work shall terminate as of the
+      date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative
+          Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, You must include a readable copy of the
+          attribution notices contained within such NOTICE file, in
+          at least one of the following places: within a NOTICE text
+          file distributed as part of the Derivative Works; within
+          the Source form or documentation, if provided along with the
+          Derivative Works; or, within a display generated by the
+          Derivative Works, if and wherever such third-party notices
+          normally appear. The contents of the NOTICE file are for
+          informational purposes only and do not modify the License.
+          You may add Your own attribution notices within Derivative
+          Works that You distribute, alongside or as an addendum to
+          the NOTICE text from the Work, provided that such additional
+          attribution notices cannot be construed as modifying the
+          License.
+
+      You may add Your own license statement for Your modifications and
+      may provide additional grant of rights to use, reproduce, modify,
+      and distribute Your modifications, or for such Combined Works as a
+      whole, under terms of Your choice, provided Your use, reproduction,
+      modification, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or reproducing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or exemplary damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or all other
+      commercial damages or losses), even if such Contributor has been
+      advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2026 RealProductStudio
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/NOTICE

@@ -0,0 +1,14 @@
+PostPlus CLI
+Copyright 2026 RealProductStudio
+
+This product is licensed under the Apache License, Version 2.0.
+See the LICENSE file for the full text.
+
+Third-Party Notices
+-------------------
+
+This project has no runtime npm dependencies. The compiled release artifact
+contains only code authored in this repository.
+
+Development tooling (TypeScript, tsx, @types/node) is used at build time only
+and is not included in the distributed artifact.

package/README.md

@@ -0,0 +1,34 @@
+# PostPlus CLI
+
+`PostPlus CLI` signs you in to PostPlus Cloud and reports local account and
+hosted capability readiness. PostPlus skills are added from the public
+`postplus-skills` repository.
+
+## Install
+
+Requires Node.js `>=20.10.0` and npm.
+
+```bash
+npm install -g @postplus/cli
+postplus auth login
+npx -y skills add PostPlusAI/postplus-skills --all
+```
+
+## Commands
+
+- `postplus auth login`
+- `postplus auth status`
+- `postplus auth validate`
+- `postplus auth refresh`
+- `postplus auth revoke`
+- `postplus auth logout`
+- `postplus doctor`
+- `postplus list`
+- `postplus status`
+
+`postplus install`, `postplus update`, and `postplus uninstall` are not skill
+installation commands. Use:
+
+```bash
+npx -y skills add PostPlusAI/postplus-skills --all
+```

package/build/auth-lifecycle.js

@@ -0,0 +1,102 @@
+import { clearAuthState, generateAuthStatusReport } from './auth.js';
+import { requireHostedBaseUrl } from './hosted-release.js';
+import { resolveAccessTokenState, resolveRefreshTokenState, setLocalSession, } from './local-state.js';
+export async function refreshRemoteAuth() {
+    const [apiBaseUrl, accessTokenState, refreshTokenState] = await Promise.all([
+        requireHostedBaseUrl(),
+        resolveAccessTokenState(),
+        resolveRefreshTokenState(),
+    ]);
+    if (!refreshTokenState.present || !refreshTokenState.value) {
+        throw new Error('Run `postplus auth login` before refreshing PostPlus auth.');
+    }
+    const response = await fetch(`${apiBaseUrl}/api/postplus-cli/auth/refresh`, {
+        method: 'POST',
+        headers: {
+            accept: 'application/json',
+            ...(accessTokenState.value
+                ? { authorization: `Bearer ${accessTokenState.value}` }
+                : {}),
+            'content-type': 'application/json',
+        },
+        body: JSON.stringify({
+            refreshToken: refreshTokenState.value,
+        }),
+        signal: AbortSignal.timeout(15000),
+    });
+    const payload = (await response.json());
+    if (!response.ok) {
+        throw new Error('error' in payload && typeof payload.error === 'string'
+            ? payload.error
+            : 'Failed to refresh remote PostPlus auth.');
+    }
+    const successPayload = payload;
+    await setLocalSession({
+        accessToken: successPayload.accessToken,
+        accountId: successPayload.accountId,
+        apiBaseUrl,
+        refreshToken: successPayload.refreshToken,
+        sessionExpiresAt: successPayload.sessionExpiresAt,
+        userEmail: successPayload.userEmail,
+        userId: successPayload.userId,
+    });
+    return {
+        accessTokenExpiresAt: successPayload.sessionExpiresAt,
+        accountId: successPayload.accountId,
+        apiBaseUrl,
+        ok: true,
+        subscriptionStatus: successPayload.subscriptionStatus,
+        userEmail: successPayload.userEmail,
+        userId: successPayload.userId,
+    };
+}
+export function formatAuthRefreshReport(report) {
+    return [
+        'PostPlus CLI auth refresh',
+        '',
+        `Remote auth: ${report.ok ? 'OK' : 'FAILED'}`,
+        `PostPlus Cloud: ${report.apiBaseUrl}`,
+        `Account: ${report.accountId}`,
+        `User: ${report.userEmail ?? report.userId}`,
+        `Subscription: ${report.subscriptionStatus ?? 'unknown'}`,
+        `Session expires at: ${typeof report.accessTokenExpiresAt === 'number'
+            ? new Date(report.accessTokenExpiresAt * 1000).toISOString()
+            : 'unknown'}`,
+    ].join('\n');
+}
+export async function revokeRemoteAuth() {
+    const [apiBaseUrl, accessTokenState, refreshTokenState] = await Promise.all([
+        requireHostedBaseUrl(),
+        resolveAccessTokenState(),
+        resolveRefreshTokenState(),
+    ]);
+    if (!accessTokenState.present || !accessTokenState.value) {
+        throw new Error('Run `postplus auth login` before revoking PostPlus auth.');
+    }
+    if (!refreshTokenState.present || !refreshTokenState.value) {
+        throw new Error('Run `postplus auth login` before revoking PostPlus auth.');
+    }
+    const response = await fetch(`${apiBaseUrl}/api/postplus-cli/auth/revoke`, {
+        method: 'POST',
+        headers: {
+            accept: 'application/json',
+            authorization: `Bearer ${accessTokenState.value}`,
+            'content-type': 'application/json',
+        },
+        body: JSON.stringify({
+            refreshToken: refreshTokenState.value,
+        }),
+        signal: AbortSignal.timeout(15000),
+    });
+    const payload = (await response.json());
+    if (!response.ok) {
+        throw new Error('error' in payload && typeof payload.error === 'string'
+            ? payload.error
+            : 'Failed to revoke remote PostPlus auth.');
+    }
+    return clearAuthState();
+}
+export async function revokeRemoteAuthAndReport() {
+    await revokeRemoteAuth();
+    return generateAuthStatusReport();
+}

package/build/auth-login.js

@@ -0,0 +1,207 @@
+import { randomUUID } from 'node:crypto';
+import { createServer } from 'node:http';
+import { requireHostedBaseUrl } from './hosted-release.js';
+import { setLocalSession } from './local-state.js';
+export async function loginWithBrowserHandoff() {
+    const baseUrl = await requireHostedBaseUrl();
+    const handoff = await createCliAuthHandoffServer({
+        allowedOrigin: new URL(baseUrl).origin,
+    });
+    const loginUrl = buildCliLoginUrl({
+        baseUrl,
+        bridgeUrl: handoff.bridgeUrl,
+        requestId: handoff.requestId,
+    });
+    process.stdout.write([
+        'PostPlus CLI login',
+        '',
+        'Open this URL in your browser to continue:',
+        loginUrl,
+        '',
+        'Waiting for browser sign-in...',
+        '',
+    ].join('\n'));
+    try {
+        const handoffPayload = await handoff.waitForPayload();
+        if ('error' in handoffPayload) {
+            throw new Error(handoffPayload.error);
+        }
+        const validated = await validateCliSession({
+            accessToken: handoffPayload.accessToken,
+            apiBaseUrl: baseUrl,
+        });
+        await setLocalSession({
+            accessToken: handoffPayload.accessToken,
+            accountId: validated.accountId,
+            apiBaseUrl: baseUrl,
+            refreshToken: handoffPayload.refreshToken,
+            sessionExpiresAt: validated.sessionExpiresAt ?? handoffPayload.expiresAt ?? null,
+            userEmail: validated.userEmail,
+            userId: validated.userId,
+        });
+        return {
+            accountId: validated.accountId,
+            apiBaseUrl: baseUrl,
+            ok: true,
+            sessionExpiresAt: validated.sessionExpiresAt ?? handoffPayload.expiresAt ?? null,
+            userEmail: validated.userEmail,
+            userId: validated.userId,
+        };
+    }
+    finally {
+        await handoff.close();
+    }
+}
+function buildCliLoginUrl(input) {
+    const nextPath = `/auth/cli-callback?bridgeUrl=${encodeURIComponent(input.bridgeUrl)}&requestId=${encodeURIComponent(input.requestId)}`;
+    return `${input.baseUrl}/auth/sign-in?next=${encodeURIComponent(nextPath)}`;
+}
+export async function validateCliSession(input) {
+    const response = await fetch(`${input.apiBaseUrl}/api/postplus-cli/auth/whoami`, {
+        method: 'GET',
+        headers: {
+            accept: 'application/json',
+            authorization: `Bearer ${input.accessToken}`,
+        },
+        signal: AbortSignal.timeout(15000),
+    });
+    const payload = (await response.json());
+    if (!response.ok) {
+        throw new Error(formatCliSessionAuthError(payload));
+    }
+    return payload;
+}
+export function formatCliSessionAuthError(payload) {
+    if (payload.code === 'postplus_cli_auth_not_initialized') {
+        return [
+            'PostPlus CLI auth is not initialized on this environment yet.',
+            'Finish the PostPlus CLI server registration flow, then run `postplus auth login` again.',
+            'Once the environment is ready, the CLI will automatically obtain and store its session.',
+        ].join(' ');
+    }
+    if (typeof payload.error === 'string' && payload.error.trim().length > 0) {
+        return payload.error;
+    }
+    return 'Failed to validate the browser session for PostPlus CLI.';
+}
+async function createCliAuthHandoffServer(input) {
+    const requestId = randomUUID();
+    return new Promise((resolve, reject) => {
+        let settled = false;
+        let cleanupTimer = null;
+        let resolvePayload = null;
+        let rejectPayload = null;
+        const payloadPromise = new Promise((innerResolve, innerReject) => {
+            resolvePayload = innerResolve;
+            rejectPayload = innerReject;
+        });
+        const server = createServer((request, response) => {
+            const origin = request.headers.origin ?? null;
+            const allowOrigin = origin === input.allowedOrigin ? input.allowedOrigin : null;
+            if (request.method === 'OPTIONS') {
+                if (!allowOrigin) {
+                    response.writeHead(403);
+                    response.end();
+                    return;
+                }
+                response.writeHead(204, {
+                    'Access-Control-Allow-Headers': 'Content-Type',
+                    'Access-Control-Allow-Methods': 'POST, OPTIONS',
+                    'Access-Control-Allow-Origin': allowOrigin,
+                    'Access-Control-Max-Age': '600',
+                    Vary: 'Origin',
+                });
+                response.end();
+                return;
+            }
+            if (request.method !== 'POST' || request.url !== '/handoff') {
+                response.writeHead(404);
+                response.end();
+                return;
+            }
+            if (!allowOrigin) {
+                response.writeHead(403);
+                response.end();
+                return;
+            }
+            const chunks = [];
+            request.on('data', (chunk) => {
+                chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));
+            });
+            request.on('end', () => {
+                try {
+                    const payload = JSON.parse(Buffer.concat(chunks).toString('utf8'));
+                    if (payload.requestId !== requestId) {
+                        throw new Error('Mismatched CLI auth handoff request id.');
+                    }
+                    response.writeHead(200, {
+                        'Access-Control-Allow-Origin': allowOrigin,
+                        'Content-Type': 'application/json',
+                        Vary: 'Origin',
+                    });
+                    response.end(JSON.stringify({ ok: true }));
+                    if (!settled) {
+                        settled = true;
+                        resolvePayload?.(payload);
+                    }
+                }
+                catch (error) {
+                    response.writeHead(400, {
+                        'Access-Control-Allow-Origin': allowOrigin,
+                        'Content-Type': 'application/json',
+                        Vary: 'Origin',
+                    });
+                    response.end(JSON.stringify({
+                        error: error instanceof Error
+                            ? error.message
+                            : 'Invalid CLI auth handoff payload.',
+                    }));
+                }
+            });
+        });
+        server.on('error', (error) => {
+            if (!settled) {
+                settled = true;
+                reject(error);
+            }
+            else {
+                rejectPayload?.(error);
+            }
+        });
+        server.listen(0, '127.0.0.1', () => {
+            const address = server.address();
+            if (!address || typeof address === 'string') {
+                const error = new Error('Failed to bind the local CLI auth bridge.');
+                if (!settled) {
+                    settled = true;
+                    reject(error);
+                }
+                return;
+            }
+            cleanupTimer = setTimeout(() => {
+                if (!settled) {
+                    settled = true;
+                    rejectPayload?.(new Error('Timed out waiting for the browser sign-in handoff.'));
+                }
+                server.close();
+            }, 5 * 60 * 1000);
+            resolve({
+                bridgeUrl: `http://127.0.0.1:${address.port}/handoff`,
+                close: async () => new Promise((innerResolve, innerReject) => {
+                    if (cleanupTimer) {
+                        clearTimeout(cleanupTimer);
+                    }
+                    server.close((error) => {
+                        if (error) {
+                            innerReject(error);
+                            return;
+                        }
+                        innerResolve();
+                    });
+                }),
+                requestId,
+                waitForPayload: () => payloadPromise,
+            });
+        });
+    });
+}

package/build/auth-validate.js

@@ -0,0 +1,52 @@
+import { requireHostedBaseUrl } from './hosted-release.js';
+import { resolveAccessTokenState } from './local-state.js';
+export async function validateRemoteAuth() {
+    const [apiBaseUrl, accessTokenState] = await Promise.all([
+        requireHostedBaseUrl(),
+        resolveAccessTokenState(),
+    ]);
+    if (!accessTokenState.present || !accessTokenState.value) {
+        throw new Error('Run `postplus auth login` before validating PostPlus auth.');
+    }
+    const response = await fetch(`${apiBaseUrl}/api/postplus-cli/auth/whoami`, {
+        method: 'GET',
+        headers: {
+            accept: 'application/json',
+            authorization: `Bearer ${accessTokenState.value}`,
+        },
+        signal: AbortSignal.timeout(15000),
+    });
+    const payload = (await response.json());
+    if (!response.ok) {
+        throw new Error('error' in payload && typeof payload.error === 'string'
+            ? payload.error
+            : 'Failed to validate remote PostPlus auth.');
+    }
+    const successPayload = payload;
+    return {
+        accountId: successPayload.accountId,
+        apiBaseUrl,
+        ok: true,
+        sessionExpiresAt: successPayload.sessionExpiresAt,
+        source: accessTokenState.source === 'missing'
+            ? 'config'
+            : accessTokenState.source,
+        subscriptionStatus: successPayload.subscriptionStatus,
+        userEmail: successPayload.userEmail,
+        userId: successPayload.userId,
+    };
+}
+export function formatAuthValidateReport(report) {
+    return [
+        'PostPlus CLI auth validate',
+        '',
+        `Remote auth: ${report.ok ? 'OK' : 'FAILED'}`,
+        `PostPlus Cloud: ${report.apiBaseUrl}`,
+        `Account: ${report.accountId}`,
+        `User: ${report.userEmail ?? report.userId}`,
+        `Subscription: ${report.subscriptionStatus ?? 'unknown'}`,
+        `Session expires at: ${typeof report.sessionExpiresAt === 'number'
+            ? new Date(report.sessionExpiresAt * 1000).toISOString()
+            : 'unknown'}`,
+    ].join('\n');
+}

package/build/auth.js

@@ -0,0 +1,87 @@
+import { clearLocalAuthState, getPostPlusConfigPath, hasLocalConfigFile, maskSecret, readLocalConfig, resolveApiBaseUrlState, resolveLocalSessionState, setLocalAccessToken, setLocalApiBaseUrl, setLocalRefreshToken, } from './local-state.js';
+export async function generateAuthStatusReport() {
+    const [sessionState, apiBaseUrlState, configExists, config] = await Promise.all([
+        resolveLocalSessionState(),
+        resolveApiBaseUrlState(),
+        hasLocalConfigFile(),
+        readLocalConfig(),
+    ]);
+    return {
+        ok: sessionState.accessToken.present &&
+            sessionState.refreshToken.present &&
+            apiBaseUrlState.present,
+        accessToken: {
+            source: sessionState.accessToken.source,
+            present: sessionState.accessToken.present,
+            maskedValue: maskSecret(sessionState.accessToken.value),
+        },
+        apiBaseUrl: {
+            source: apiBaseUrlState.source,
+            present: apiBaseUrlState.present,
+            value: apiBaseUrlState.value,
+        },
+        config: {
+            path: getPostPlusConfigPath(),
+            exists: configExists,
+            accountId: config?.accountId?.trim() || null,
+            userEmail: typeof config?.userEmail === 'string' ? config.userEmail.trim() : null,
+            userId: config?.userId?.trim() || null,
+        },
+        refreshToken: {
+            source: sessionState.refreshToken.source,
+            present: sessionState.refreshToken.present,
+            maskedValue: maskSecret(sessionState.refreshToken.value),
+        },
+        sessionExpiresAt: sessionState.expiresAt,
+    };
+}
+export function formatAuthStatusReport(report) {
+    const lines = ['PostPlus CLI auth status', ''];
+    lines.push(report.accessToken.present
+        ? `[PASS] Access token: present (${report.accessToken.source})`
+        : '[FAIL] Access token: missing');
+    lines.push(report.accessToken.maskedValue
+        ? `  Value: ${report.accessToken.maskedValue}`
+        : '  Value: not configured');
+    lines.push(report.refreshToken.present
+        ? `[PASS] Refresh token: present (${report.refreshToken.source})`
+        : '[FAIL] Refresh token: missing');
+    lines.push(report.refreshToken.maskedValue
+        ? `  Value: ${report.refreshToken.maskedValue}`
+        : '  Value: not configured');
+    lines.push(report.apiBaseUrl.present
+        ? `[PASS] PostPlus Cloud: configured (${report.apiBaseUrl.source})`
+        : '[FAIL] PostPlus Cloud: missing');
+    lines.push(report.apiBaseUrl.value
+        ? `  Value: ${report.apiBaseUrl.value}`
+        : '  Value: not configured');
+    lines.push(report.config.exists
+        ? `[PASS] local config: ${report.config.path}`
+        : `[PASS] local config path: ${report.config.path}`);
+    lines.push(`  Account: ${report.config.accountId ?? 'not bound'}`);
+    lines.push(`  User: ${report.config.userEmail ?? report.config.userId ?? 'not bound'}`);
+    lines.push(`  Session expires at: ${typeof report.sessionExpiresAt === 'number'
+        ? new Date(report.sessionExpiresAt * 1000).toISOString()
+        : 'unknown'}`);
+    lines.push('', report.ok ? 'Auth status OK.' : 'Auth status incomplete.');
+    return lines.join('\n');
+}
+export async function configureAccessToken(accessToken) {
+    await setLocalAccessToken(accessToken);
+    return generateAuthStatusReport();
+}
+export async function configureRefreshToken(refreshToken) {
+    await setLocalRefreshToken(refreshToken);
+    return generateAuthStatusReport();
+}
+export async function configureApiBaseUrl(apiBaseUrl) {
+    await setLocalApiBaseUrl(apiBaseUrl);
+    return generateAuthStatusReport();
+}
+export async function clearAuthState() {
+    await clearLocalAuthState();
+    return generateAuthStatusReport();
+}
+export async function prepareAuthState() {
+    return generateAuthStatusReport();
+}

package/build/doctor.js

@@ -0,0 +1,31 @@
+import { resolveHostedBaseUrl } from './hosted-release.js';
+function createPass(id, label, detail) {
+    return {
+        id,
+        label,
+        status: 'pass',
+        detail,
+    };
+}
+export async function generateDoctorReport() {
+    const hostedBaseUrl = await resolveHostedBaseUrl();
+    const checks = [
+        createPass('hosted_base_url', 'PostPlus Cloud', `Using ${hostedBaseUrl ?? 'https://postplus.io'}`),
+    ];
+    return {
+        ok: checks.every((check) => check.status === 'pass'),
+        checks,
+    };
+}
+export function formatDoctorReport(report) {
+    const lines = ['PostPlus CLI doctor', ''];
+    for (const check of report.checks) {
+        const marker = check.status === 'pass' ? '[PASS]' : '[FAIL]';
+        lines.push(`${marker} ${check.label}: ${check.detail}`);
+        if (check.fix) {
+            lines.push(`  Fix: ${check.fix}`);
+        }
+    }
+    lines.push('', report.ok ? 'Doctor passed.' : 'Doctor failed.');
+    return lines.join('\n');
+}

package/build/hosted-release.js

@@ -0,0 +1,18 @@
+import { resolveApiBaseUrlState } from './local-state.js';
+function normalizeHostedBaseUrl(value) {
+    const url = new URL(value.trim());
+    const pathname = url.pathname.replace(/\/+$/, '');
+    const normalizedPathname = pathname.length > 0 && pathname !== '/' ? pathname : '';
+    return `${url.origin}${normalizedPathname}`;
+}
+export async function resolveHostedBaseUrl() {
+    const state = await resolveApiBaseUrlState();
+    return state.value ? normalizeHostedBaseUrl(state.value) : null;
+}
+export async function requireHostedBaseUrl() {
+    const baseUrl = await resolveHostedBaseUrl();
+    if (!baseUrl) {
+        throw new Error('Could not resolve a PostPlus API base URL.');
+    }
+    return baseUrl;
+}

package/build/index.js

@@ -0,0 +1,236 @@
+#!/usr/bin/env node
+import { formatAuthRefreshReport, refreshRemoteAuth, revokeRemoteAuthAndReport, } from './auth-lifecycle.js';
+import { loginWithBrowserHandoff } from './auth-login.js';
+import { formatAuthValidateReport, validateRemoteAuth, } from './auth-validate.js';
+import { clearAuthState, formatAuthStatusReport, generateAuthStatusReport, } from './auth.js';
+import { formatDoctorReport, generateDoctorReport, } from './doctor.js';
+import { assertConfigFilePermissions } from './local-state.js';
+import { POSTPLUS_SKILLS_INSTALL_COMMAND, loadPublicSkillCatalog, } from './skill-catalog.js';
+import { formatStatusReport, generateStatusReport } from './status.js';
+const REMOVED_SKILL_COMMAND_MESSAGE = `PostPlus CLI no longer installs skills directly. Run \`${POSTPLUS_SKILLS_INSTALL_COMMAND}\`.`;
+function printAuthHelp() {
+    process.stdout.write(`PostPlus CLI — auth commands
+
+Usage:
+  postplus auth login          Sign in with your PostPlus account in a browser
+  postplus auth status         Show current auth state (tokens, account, expiry)
+  postplus auth validate       Validate the current session against PostPlus Cloud
+  postplus auth refresh        Refresh the current session tokens
+  postplus auth revoke         Revoke the current session on PostPlus Cloud
+  postplus auth logout         Clear local auth state
+
+Options:
+  --json    Output results as JSON
+
+Run \`postplus help\` for all commands.
+`);
+}
+function printHelp() {
+    process.stdout.write(`PostPlus CLI
+
+Usage:
+  postplus auth login
+  postplus auth refresh [--json]
+  postplus auth revoke [--json]
+  postplus auth status [--json]
+  postplus auth validate [--json]
+  postplus auth logout [--json]
+  postplus doctor [--json]
+  postplus list [--json]
+  postplus status [--json]
+  postplus help
+
+Skills:
+  ${POSTPLUS_SKILLS_INSTALL_COMMAND}
+`);
+}
+async function runDoctor(json) {
+    const report = await generateDoctorReport();
+    if (json) {
+        writeJson(report);
+    }
+    else {
+        process.stdout.write(`${formatDoctorReport(report)}\n`);
+    }
+    return report.ok ? 0 : 1;
+}
+async function runAuthStatus(json) {
+    const report = await generateAuthStatusReport();
+    if (json) {
+        writeJson(report);
+    }
+    else {
+        process.stdout.write(`${formatAuthStatusReport(report)}\n`);
+    }
+    return report.ok ? 0 : 1;
+}
+async function runStatus(json) {
+    const report = await generateStatusReport();
+    if (json) {
+        writeJson(report);
+    }
+    else {
+        process.stdout.write(`${formatStatusReport(report)}\n`);
+    }
+    return report.ok ? 0 : 1;
+}
+async function runList(json) {
+    const catalog = await loadPublicSkillCatalog();
+    if (json) {
+        writeJson(catalog);
+        return 0;
+    }
+    const lines = [
+        'PostPlus skills',
+        '',
+        `Source: ${catalog.source}`,
+        `Install: ${catalog.installCommand}`,
+        '',
+    ];
+    for (const entry of catalog.skills) {
+        lines.push(entry.path ? `- ${entry.skillId}: ${entry.path}` : `- ${entry.skillId}`);
+    }
+    process.stdout.write(`${lines.join('\n')}\n`);
+    return 0;
+}
+function writeJson(value) {
+    process.stdout.write(`${JSON.stringify(value, null, 2)}\n`);
+}
+async function runAuthLogout(json) {
+    const report = await clearAuthState();
+    if (json) {
+        writeJson(report);
+    }
+    else {
+        process.stdout.write(`${formatAuthStatusReport(report)}\n`);
+    }
+    return 0;
+}
+async function runAuthRefresh(json) {
+    const report = await refreshRemoteAuth();
+    if (json) {
+        writeJson(report);
+    }
+    else {
+        process.stdout.write(`${formatAuthRefreshReport(report)}\n`);
+    }
+    return report.ok ? 0 : 1;
+}
+async function runAuthRevoke(json) {
+    const report = await revokeRemoteAuthAndReport();
+    if (json) {
+        writeJson(report);
+    }
+    else {
+        process.stdout.write(`${formatAuthStatusReport(report)}\n`);
+    }
+    return 0;
+}
+async function runAuthLogin() {
+    const report = await loginWithBrowserHandoff();
+    process.stdout.write([
+        '',
+        'PostPlus CLI login complete.',
+        `Account: ${report.accountId}`,
+        `PostPlus Cloud: ${report.apiBaseUrl}`,
+        `User: ${report.userEmail ?? 'unknown'}`,
+        `Session expires at: ${typeof report.sessionExpiresAt === 'number'
+            ? new Date(report.sessionExpiresAt * 1000).toISOString()
+            : 'unknown'}`,
+        '',
+    ].join('\n'));
+    return report.ok ? 0 : 1;
+}
+async function runAuthValidate(json) {
+    const report = await validateRemoteAuth();
+    if (json) {
+        writeJson(report);
+    }
+    else {
+        process.stdout.write(`${formatAuthValidateReport(report)}\n`);
+    }
+    return report.ok ? 0 : 1;
+}
+async function main() {
+    const [command, ...rest] = process.argv.slice(2);
+    await assertConfigFilePermissions();
+    const json = rest.includes('--json');
+    switch (command) {
+        case undefined:
+        case '--help':
+        case '-h':
+            printHelp();
+            process.exitCode = 0;
+            return;
+        case 'help': {
+            const [helpTopic] = rest;
+            if (helpTopic === 'auth') {
+                printAuthHelp();
+            }
+            else {
+                printHelp();
+            }
+            process.exitCode = 0;
+            return;
+        }
+        case 'doctor':
+            process.exitCode = await runDoctor(json);
+            return;
+        case 'install':
+        case 'update':
+        case 'uninstall':
+            process.stderr.write(`${REMOVED_SKILL_COMMAND_MESSAGE}\n`);
+            process.exitCode = 1;
+            return;
+        case 'list':
+            process.exitCode = await runList(json);
+            return;
+        case 'status':
+            process.exitCode = await runStatus(json);
+            return;
+        case 'auth': {
+            const [subcommand, ...authRest] = rest;
+            switch (subcommand) {
+                case 'login':
+                    process.exitCode = await runAuthLogin();
+                    return;
+                case 'refresh':
+                    process.exitCode = await runAuthRefresh(authRest.includes('--json'));
+                    return;
+                case 'revoke':
+                    process.exitCode = await runAuthRevoke(authRest.includes('--json'));
+                    return;
+                case 'status':
+                    process.exitCode = await runAuthStatus(authRest.includes('--json'));
+                    return;
+                case 'validate':
+                    process.exitCode = await runAuthValidate(authRest.includes('--json'));
+                    return;
+                case 'logout':
+                    process.exitCode = await runAuthLogout(authRest.includes('--json'));
+                    return;
+                case 'help':
+                case '--help':
+                case '-h':
+                case undefined:
+                    printAuthHelp();
+                    process.exitCode = 0;
+                    return;
+                default:
+                    process.stderr.write(`Unknown auth command: ${subcommand}\n\n`);
+                    printAuthHelp();
+                    process.exitCode = 1;
+                    return;
+            }
+        }
+        default:
+            process.stderr.write(`Unknown command: ${command}\n\n`);
+            printHelp();
+            process.exitCode = 1;
+    }
+}
+main().catch((error) => {
+    const message = error instanceof Error ? error.message : 'Unexpected PostPlus CLI error';
+    process.stderr.write(`${message}\n`);
+    process.exitCode = 1;
+});

package/build/local-state.js

@@ -0,0 +1,268 @@
+import { constants as fsConstants } from 'node:fs';
+import { access, chmod, mkdir, readFile, stat, writeFile } from 'node:fs/promises';
+import { homedir, platform } from 'node:os';
+import { dirname, join, resolve } from 'node:path';
+export const DEFAULT_POSTPLUS_API_BASE_URL = 'https://postplus.io';
+function resolveConfigProfile() {
+    const value = process.env.POSTPLUS_PROFILE?.trim();
+    if (!value || value.toLowerCase() === 'default') {
+        return null;
+    }
+    return value.replace(/[^a-zA-Z0-9._-]+/g, '-');
+}
+function resolveDefaultConfigRoot() {
+    const profile = resolveConfigProfile();
+    const appendProfile = (basePath) => profile ? join(basePath, 'profiles', profile) : basePath;
+    switch (platform()) {
+        case 'darwin':
+            return appendProfile(join(homedir(), 'Library', 'Application Support', 'postplus'));
+        case 'win32': {
+            const appData = process.env.APPDATA?.trim();
+            return appendProfile(appData && appData.length > 0
+                ? join(appData, 'postplus')
+                : join(homedir(), 'AppData', 'Roaming', 'postplus'));
+        }
+        default: {
+            const xdgConfigHome = process.env.XDG_CONFIG_HOME?.trim();
+            return appendProfile(xdgConfigHome && xdgConfigHome.length > 0
+                ? join(xdgConfigHome, 'postplus')
+                : join(homedir(), '.config', 'postplus'));
+        }
+    }
+}
+export function getPostPlusConfigDir() {
+    const override = process.env.POSTPLUS_CONFIG_DIR?.trim();
+    return override && override.length > 0
+        ? resolve(override)
+        : resolveDefaultConfigRoot();
+}
+export function getPostPlusConfigPath() {
+    return join(getPostPlusConfigDir(), 'config.json');
+}
+export async function readLocalConfig() {
+    const configPath = getPostPlusConfigPath();
+    try {
+        const raw = await readFile(configPath, 'utf8');
+        const parsed = JSON.parse(raw);
+        return parsed && typeof parsed === 'object' ? parsed : null;
+    }
+    catch (error) {
+        const nodeError = error;
+        if (nodeError.code === 'ENOENT') {
+            return null;
+        }
+        throw error;
+    }
+}
+const CONFIG_FILE_MODE = 0o600;
+export async function writeLocalConfig(config) {
+    const configPath = getPostPlusConfigPath();
+    await mkdir(dirname(configPath), { recursive: true });
+    await writeFile(configPath, `${JSON.stringify({
+        ...config,
+        updatedAt: new Date().toISOString(),
+    }, null, 2)}\n`, { encoding: 'utf8', mode: CONFIG_FILE_MODE });
+    // Repair permissions if the file pre-existed with broader access.
+    await chmod(configPath, CONFIG_FILE_MODE);
+}
+export async function assertConfigFilePermissions() {
+    const configPath = getPostPlusConfigPath();
+    try {
+        const info = await stat(configPath);
+        const mode = info.mode & 0o777;
+        if (mode !== CONFIG_FILE_MODE) {
+            process.stderr.write(`PostPlus CLI: repairing config file permissions at ${configPath} (was ${mode.toString(8)}, setting to ${CONFIG_FILE_MODE.toString(8)}).\n`);
+            await chmod(configPath, CONFIG_FILE_MODE);
+        }
+    }
+    catch (error) {
+        const nodeError = error;
+        if (nodeError.code !== 'ENOENT') {
+            throw error;
+        }
+    }
+}
+export async function updateLocalConfig(updater) {
+    const next = updater(await readLocalConfig());
+    await writeLocalConfig(next);
+    return next;
+}
+export async function clearLocalAuthState() {
+    return updateLocalConfig((current) => {
+        const next = {
+            ...(current ?? {}),
+        };
+        delete next.accessToken;
+        delete next.accountId;
+        delete next.apiKey;
+        delete next.machineId;
+        delete next.refreshToken;
+        delete next.sessionExpiresAt;
+        delete next.userEmail;
+        delete next.userId;
+        return next;
+    });
+}
+export async function setLocalAccessToken(accessToken) {
+    const normalizedAccessToken = accessToken.trim();
+    if (normalizedAccessToken.length === 0) {
+        throw new Error('POSTPLUS_ACCESS_TOKEN cannot be empty.');
+    }
+    return updateLocalConfig((current) => ({
+        ...(current ?? {}),
+        accessToken: normalizedAccessToken,
+    }));
+}
+export async function setLocalRefreshToken(refreshToken) {
+    const normalizedRefreshToken = refreshToken.trim();
+    if (normalizedRefreshToken.length === 0) {
+        throw new Error('POSTPLUS_REFRESH_TOKEN cannot be empty.');
+    }
+    return updateLocalConfig((current) => ({
+        ...(current ?? {}),
+        refreshToken: normalizedRefreshToken,
+    }));
+}
+export async function setLocalApiBaseUrl(apiBaseUrl) {
+    const normalizedApiBaseUrl = apiBaseUrl.trim();
+    if (normalizedApiBaseUrl.length === 0) {
+        throw new Error('POSTPLUS_API_BASE_URL cannot be empty.');
+    }
+    const normalizedUrl = new URL(normalizedApiBaseUrl).toString();
+    return updateLocalConfig((current) => ({
+        ...(current ?? {}),
+        apiBaseUrl: normalizedUrl.replace(/\/+$/, ''),
+    }));
+}
+export async function setLocalSession(input) {
+    const accessToken = input.accessToken.trim();
+    const refreshToken = input.refreshToken.trim();
+    const apiBaseUrl = input.apiBaseUrl.trim().replace(/\/+$/, '');
+    if (accessToken.length === 0) {
+        throw new Error('POSTPLUS_ACCESS_TOKEN cannot be empty.');
+    }
+    if (refreshToken.length === 0) {
+        throw new Error('POSTPLUS_REFRESH_TOKEN cannot be empty.');
+    }
+    if (apiBaseUrl.length === 0) {
+        throw new Error('POSTPLUS_API_BASE_URL cannot be empty.');
+    }
+    return updateLocalConfig((current) => ({
+        ...omitLegacyAuthFields(current),
+        accessToken,
+        accountId: input.accountId,
+        apiBaseUrl,
+        refreshToken,
+        sessionExpiresAt: input.sessionExpiresAt,
+        userEmail: input.userEmail,
+        userId: input.userId,
+    }));
+}
+export async function hasLocalConfigFile() {
+    try {
+        await access(getPostPlusConfigPath(), fsConstants.F_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export async function resolveAccessTokenState() {
+    const envValue = process.env.POSTPLUS_ACCESS_TOKEN?.trim();
+    if (envValue && envValue.length > 0) {
+        return {
+            source: 'env',
+            present: true,
+            value: envValue,
+        };
+    }
+    const config = await readLocalConfig();
+    const configValue = config?.accessToken?.trim();
+    if (configValue && configValue.length > 0) {
+        return {
+            source: 'config',
+            present: true,
+            value: configValue,
+        };
+    }
+    return {
+        source: 'missing',
+        present: false,
+        value: null,
+    };
+}
+export async function resolveRefreshTokenState() {
+    const envValue = process.env.POSTPLUS_REFRESH_TOKEN?.trim();
+    if (envValue && envValue.length > 0) {
+        return {
+            source: 'env',
+            present: true,
+            value: envValue,
+        };
+    }
+    const config = await readLocalConfig();
+    const configValue = config?.refreshToken?.trim();
+    if (configValue && configValue.length > 0) {
+        return {
+            source: 'config',
+            present: true,
+            value: configValue,
+        };
+    }
+    return {
+        source: 'missing',
+        present: false,
+        value: null,
+    };
+}
+export async function resolveLocalSessionState() {
+    const [accessToken, refreshToken, config] = await Promise.all([
+        resolveAccessTokenState(),
+        resolveRefreshTokenState(),
+        readLocalConfig(),
+    ]);
+    return {
+        accessToken,
+        expiresAt: typeof config?.sessionExpiresAt === 'number'
+            ? config.sessionExpiresAt
+            : null,
+        refreshToken,
+    };
+}
+export async function resolveApiBaseUrlState() {
+    const envApiBaseUrl = process.env.POSTPLUS_API_BASE_URL?.trim();
+    if (envApiBaseUrl && envApiBaseUrl.length > 0) {
+        return {
+            source: 'env',
+            present: true,
+            value: envApiBaseUrl.replace(/\/+$/, ''),
+        };
+    }
+    const config = await readLocalConfig();
+    const configApiBaseUrl = config?.apiBaseUrl?.trim();
+    if (configApiBaseUrl && configApiBaseUrl.length > 0) {
+        return {
+            source: 'config',
+            present: true,
+            value: configApiBaseUrl.replace(/\/+$/, ''),
+        };
+    }
+    return {
+        source: 'default',
+        present: true,
+        value: DEFAULT_POSTPLUS_API_BASE_URL,
+    };
+}
+export function maskSecret(value) {
+    if (!value) {
+        return null;
+    }
+    if (value.length <= 8) {
+        return '*'.repeat(value.length);
+    }
+    return `${value.slice(0, 4)}…${value.slice(-4)}`;
+}
+function omitLegacyAuthFields(current) {
+    const { apiKey: _apiKey, machineId: _machineId, ...rest } = (current ?? {});
+    return rest;
+}

package/build/skill-catalog.js

@@ -0,0 +1,56 @@
+export const POSTPLUS_SKILLS_REPO = 'PostPlusAI/postplus-skills';
+export const POSTPLUS_SKILLS_INSTALL_COMMAND = 'npx -y skills add PostPlusAI/postplus-skills --all';
+export const POSTPLUS_SKILLS_LIST_COMMAND = 'npx -y skills add PostPlusAI/postplus-skills --list';
+const POSTPLUS_SKILLS_INDEX_URL = 'https://raw.githubusercontent.com/PostPlusAI/postplus-skills/main/skills/INDEX.md';
+export async function loadPublicSkillCatalog() {
+    const response = await fetch(POSTPLUS_SKILLS_INDEX_URL, {
+        headers: {
+            accept: 'text/markdown,text/plain',
+        },
+        signal: AbortSignal.timeout(15000),
+    });
+    if (!response.ok) {
+        throw new Error(`Failed to load PostPlus skill catalog (${response.status}): ${response.statusText}`);
+    }
+    const indexText = await response.text();
+    return {
+        source: POSTPLUS_SKILLS_REPO,
+        indexUrl: POSTPLUS_SKILLS_INDEX_URL,
+        installCommand: POSTPLUS_SKILLS_INSTALL_COMMAND,
+        listCommand: POSTPLUS_SKILLS_LIST_COMMAND,
+        skills: parseSkillIndex(indexText),
+    };
+}
+function parseSkillIndex(indexText) {
+    const skills = [];
+    let inReleasedSkills = false;
+    let currentSkill = null;
+    for (const line of indexText.split('\n')) {
+        if (line.trim() === '## Released Skills') {
+            inReleasedSkills = true;
+            continue;
+        }
+        if (!inReleasedSkills) {
+            continue;
+        }
+        const skillMatch = line.match(/^- `([^`]+)`\s*$/);
+        if (skillMatch) {
+            currentSkill = skillMatch[1] ?? null;
+            if (currentSkill) {
+                skills.push({
+                    skillId: currentSkill,
+                    path: null,
+                });
+            }
+            continue;
+        }
+        const pathMatch = line.match(/^\s+- Path: `([^`]+)`\s*$/);
+        if (pathMatch && currentSkill) {
+            const last = skills.at(-1);
+            if (last?.skillId === currentSkill) {
+                last.path = pathMatch[1] ?? null;
+            }
+        }
+    }
+    return skills;
+}

package/build/status.js

@@ -0,0 +1,24 @@
+import { formatAuthStatusReport, generateAuthStatusReport, } from './auth.js';
+import { formatDoctorReport, generateDoctorReport, } from './doctor.js';
+export async function generateStatusReport() {
+    const [doctor, auth] = await Promise.all([
+        generateDoctorReport(),
+        generateAuthStatusReport(),
+    ]);
+    return {
+        ok: doctor.ok && auth.ok,
+        doctor,
+        auth,
+    };
+}
+export function formatStatusReport(report) {
+    return [
+        'PostPlus CLI status',
+        '',
+        `Overall: ${report.ok ? 'OK' : 'INCOMPLETE'}`,
+        '',
+        formatDoctorReport(report.doctor),
+        '',
+        formatAuthStatusReport(report.auth),
+    ].join('\n');
+}

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "@postplus/cli",
+  "version": "0.1.7",
+  "packageManager": "pnpm@10.30.3+sha512.c961d1e0a2d8e354ecaa5166b822516668b7f44cb5bd95122d590dd81922f606f5473b6d23ec4a5be05e7fcd18e8488d47d978bbe981872f1145d06e9a740017",
+  "type": "module",
+  "description": "PostPlus CLI for PostPlus Cloud auth, status, and diagnostics.",
+  "license": "Apache-2.0",
+  "files": [
+    "build/**",
+    "LICENSE",
+    "NOTICE",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "engines": {
+    "node": ">=20.10.0"
+  },
+  "bin": {
+    "postplus": "./build/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "clean": "rm -rf .turbo node_modules build",
+    "release:package": "node ./scripts/package-release.mjs",
+    "start": "tsx src/index.ts",
+    "test:acceptance": "node ./scripts/acceptance.mjs",
+    "test": "tsx --test src/postplus-cli.test.ts",
+    "typecheck": "tsc --noEmit"
+  },
+  "devDependencies": {
+    "@types/node": "^24.6.2",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/PostPlusAI/postplus-cli.git"
+  }
+}