npm - @sechroom/cli - Versions diffs - 2026.6.2 → 2026.6.3 - Mend

@sechroom/cli 2026.6.2 → 2026.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -103,11 +103,43 @@ sechroom --json memory get mem_XXXX     # agent-friendly
 Headless:
 ```bash
-export SECHROOM_TOKEN="<jwt from /auth/dev/token>"
+export SECHROOM_TOKEN="<bearer: a PAT or dev-token JWT>"
 export SECHROOM_TENANT=ocd
 sechroom --json memory search "rate limiting"
 ```
+## Onboarding (`init` / `setup`)
+`sechroom init` wires a project for sechroom by rendering the server's
+operator-surface setup descriptors (`GET /operator-surface/setup`, tenant-scoped
+— the aggregator URL is baked in) into local AI-client config + agent instruction
+files. **Idempotent — merges/appends, never clobbers** (JSON `mcpServers` merge;
+Codex TOML table replace; instruction files use a managed marker block).
+```bash
+sechroom init                       # Claude Code (default): .mcp.json + CLAUDE.md
+sechroom init --client all          # claude-code, claude-desktop, codex, cursor
+sechroom init --client codex,cursor # a subset
+sechroom init --dry-run --json      # preview the writes, no changes
+# granular pieces init orchestrates:
+sechroom setup mcp claude-desktop          # just the MCP config for one client
+sechroom setup agent-files codex           # just the AGENTS.md instruction file
+```
+Per client → where it writes:
+| client | MCP config | instruction file |
+|---|---|---|
+| `claude-code` | `./.mcp.json` | `./CLAUDE.md` |
+| `claude-desktop` | `claude_desktop_config.json` (OS path) | `~/.claude/CLAUDE.md` |
+| `codex` | `~/.codex/config.toml` | `./AGENTS.md` |
+| `cursor` | `./.cursor/mcp.json` | `./AGENTS.md` |
+The instruction-file step pulls the role template the SEM Starter bundle ships
+(via the descriptor's tag-query artifact). If that bundle isn't installed in the
+tenant, the step **skips gracefully** with a note (MCP config still gets written).
 ## Layout
 ```
@@ -121,6 +153,11 @@ src/
     memory.ts         create / get / search
     worklog.ts        append
     lookup.ts         resolve any id (mem_…/unprefixed/sechroom:<id>) -> kind/title/url
+    setup.ts          init + setup mcp/agent-files
+  setup/
+    operator-surface.ts  fetch GET /operator-surface/setup + resolve template artifacts
+    clients.ts           client→(surface, local paths, format) registry
+    apply.ts             writers: mcp json merge / codex toml / instruction marker block
 ```
 ## Remaining before ship

package/dist/index.js CHANGED Viewed

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 // src/index.ts
+import { readFileSync as readFileSync3 } from "fs";
 import { Command } from "commander";
 // src/auth.ts
@@ -211,6 +212,62 @@ async function requireToken(cfg) {
 // src/client.ts
 import createClient from "openapi-fetch";
+// src/ui.ts
+var FRAMES = ["\u280B", "\u2819", "\u2839", "\u2838", "\u283C", "\u2834", "\u2826", "\u2827", "\u2807", "\u280F"];
+var quiet = false;
+function setQuiet(q) {
+  quiet = q;
+}
+function active() {
+  return !quiet && Boolean(process.stderr.isTTY);
+}
+function spinner(text) {
+  if (!active()) {
+    return { succeed() {
+    }, fail() {
+    }, stop() {
+    } };
+  }
+  let i = 0;
+  const render = () => {
+    i = (i + 1) % FRAMES.length;
+    process.stderr.write(`\r${FRAMES[i]} ${text}`);
+  };
+  process.stderr.write(`\r${FRAMES[0]} ${text}`);
+  const timer = setInterval(render, 80);
+  timer.unref?.();
+  const clear = () => {
+    clearInterval(timer);
+    process.stderr.write("\r\x1B[K");
+  };
+  return {
+    succeed(t) {
+      clear();
+      process.stderr.write(`\u2713 ${t ?? text}
+`);
+    },
+    fail(t) {
+      clear();
+      process.stderr.write(`\u2717 ${t ?? text}
+`);
+    },
+    stop: clear
+  };
+}
+async function withSpinner(text, fn) {
+  const s = spinner(text);
+  try {
+    const result = await fn();
+    s.succeed();
+    return result;
+  } catch (err) {
+    s.fail();
+    throw err;
+  }
+}
+// src/client.ts
 async function makeClient(cfg) {
   const token = await requireToken(cfg);
   const client = createClient({ baseUrl: cfg.baseUrl });
@@ -230,6 +287,22 @@ function emit(data, json) {
     process.stdout.write(JSON.stringify(data, null, 2) + "\n");
   }
 }
+async function runApi(label, fn) {
+  const s = spinner(label);
+  let res;
+  try {
+    res = await fn();
+  } catch (err) {
+    s.fail();
+    fail(err);
+  }
+  if (res.error !== void 0 && res.error !== null) {
+    s.fail();
+    fail(res.error);
+  }
+  s.succeed();
+  return res.data;
+}
 function fail(error) {
   const msg = typeof error === "object" && error !== null && "title" in error ? String(error.title) : typeof error === "object" ? JSON.stringify(error) : String(error);
   process.stderr.write(`error: ${msg}
@@ -242,50 +315,51 @@ function registerMemory(program2) {
   const memory = program2.command("memory").description("Create, read, and search memories");
   memory.command("create").description("Create a memory (POST /memories)").requiredOption("--text <text>", "Memory body text").option("--type <type>", "Memory type", "reference").option("--title <title>", "Optional title").option("--tag <tag...>", "Tags (repeatable)").option("--owner-type <ownerType>", "Workspace | Project | Unfiled", "Unfiled").option("--owner-id <ownerId>", "Owner id (required for Workspace/Project)").option("--source <source>", "Source / lane stamp", "cli").option("--confidence <n>", "Confidence 0..1", "1.0").action(async (opts, cmd) => {
     const cfg = resolveConfig(cmd.optsWithGlobals());
-    const client = await makeClient(cfg);
     const unfiled = String(opts.ownerType).toLowerCase() === "unfiled";
-    const { data, error } = await client.POST("/memories", {
-      body: {
-        text: opts.text,
-        type: opts.type,
-        content: "{}",
-        confidence: Number(opts.confidence),
-        source: opts.source,
-        archetype: "Document",
-        title: opts.title ?? null,
-        tags: opts.tag ?? null,
-        owner: unfiled ? null : { type: opts.ownerType, id: String(opts.ownerId ?? "") }
-      }
+    const data = await runApi("Creating memory", async () => {
+      const client = await makeClient(cfg);
+      return client.POST("/memories", {
+        body: {
+          text: opts.text,
+          type: opts.type,
+          content: "{}",
+          confidence: Number(opts.confidence),
+          source: opts.source,
+          archetype: "Document",
+          title: opts.title ?? null,
+          tags: opts.tag ?? null,
+          owner: unfiled ? null : { type: opts.ownerType, id: String(opts.ownerId ?? "") }
+        }
+      });
     });
-    if (error) fail(error);
     emit(data, cmd.optsWithGlobals().json);
   });
   memory.command("get <memoryId>").description("Fetch a memory by id (GET /memories/{memoryId})").action(async (memoryId, _opts, cmd) => {
     const cfg = resolveConfig(cmd.optsWithGlobals());
-    const client = await makeClient(cfg);
-    const { data, error } = await client.GET("/memories/{memoryId}", {
-      params: { path: { memoryId } }
+    const data = await runApi("Fetching memory", async () => {
+      const client = await makeClient(cfg);
+      return client.GET("/memories/{memoryId}", { params: { path: { memoryId } } });
     });
-    if (error) fail(error);
     emit(data, cmd.optsWithGlobals().json);
   });
   memory.command("search <query>").description("Hybrid search (POST /memories/search; SemanticQuery -> vector+FTS RRF)").option("--limit <n>", "Max results", "10").option("--tag <tag...>", "Require all listed tags").option("--workspace <workspaceId>", "Scope to a workspace (cascades to its projects)").option("--include-archived", "Include archived memories", false).action(async (query, opts, cmd) => {
     const cfg = resolveConfig(cmd.optsWithGlobals());
-    const client = await makeClient(cfg);
-    const { data, error } = await client.POST("/memories/search", {
-      body: {
-        query: null,
-        textQuery: null,
-        semanticQuery: query,
-        hybrid: true,
-        limit: Number(opts.limit),
-        includeArchived: Boolean(opts.includeArchived),
-        includeSystem: false,
-        ...opts.tag ? { tags: opts.tag } : {},
-        ...opts.workspace ? { workspaceId: opts.workspace } : {}
-      }
+    const data = await runApi("Searching", async () => {
+      const client = await makeClient(cfg);
+      return client.POST("/memories/search", {
+        body: {
+          query: null,
+          textQuery: null,
+          semanticQuery: query,
+          hybrid: true,
+          limit: Number(opts.limit),
+          includeArchived: Boolean(opts.includeArchived),
+          includeSystem: false,
+          ...opts.tag ? { tags: opts.tag } : {},
+          ...opts.workspace ? { workspaceId: opts.workspace } : {}
+        }
+      });
     });
-    if (error) fail(error);
     emit(data, cmd.optsWithGlobals().json);
   });
 }
@@ -295,16 +369,17 @@ function registerWorklog(program2) {
   const worklog = program2.command("worklog").description("Append to the daily work log");
   worklog.command("append").description("Append a work-log entry (POST /operator-surface/work-log/append)").requiredOption("--text <text>", "Entry body (short bullets / pointers) \u2014 the bullet").option("--source <source>", "Lane stamp (e.g. claude-code-chris) \u2014 laneId", "cli").option("--workspace <workspaceId>", "Target work-log workspace (default: caller's daily log)").option("--title <title>", "Optional entry title").action(async (opts, cmd) => {
     const cfg = resolveConfig(cmd.optsWithGlobals());
-    const client = await makeClient(cfg);
-    const { data, error } = await client.POST("/operator-surface/work-log/append", {
-      body: {
-        bullet: opts.text,
-        laneId: opts.source ?? null,
-        workspaceId: opts.workspace ?? null,
-        title: opts.title ?? null
-      }
+    const data = await runApi("Appending work-log entry", async () => {
+      const client = await makeClient(cfg);
+      return client.POST("/operator-surface/work-log/append", {
+        body: {
+          bullet: opts.text,
+          laneId: opts.source ?? null,
+          workspaceId: opts.workspace ?? null,
+          title: opts.title ?? null
+        }
+      });
     });
-    if (error) fail(error);
     emit(data, cmd.optsWithGlobals().json);
   });
 }
@@ -315,11 +390,10 @@ function registerLookup(program2) {
     "Resolve a sechroom id to its kind, title, and view URL (mem_\u2026/wsp_\u2026/prj_\u2026, unprefixed, or sechroom:<id>)"
   ).action(async (id, _opts, cmd) => {
     const cfg = resolveConfig(cmd.optsWithGlobals());
-    const client = await makeClient(cfg);
-    const { data, error } = await client.GET("/lookup/{id}", {
-      params: { path: { id } }
+    const data = await runApi(`Resolving ${id}`, async () => {
+      const client = await makeClient(cfg);
+      return client.GET("/lookup/{id}", { params: { path: { id } } });
     });
-    if (error) fail(error);
     if (data == null) {
       process.stderr.write(`not found: ${id}
 `);
@@ -329,9 +403,314 @@ function registerLookup(program2) {
   });
 }
+// src/setup/apply.ts
+import { mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2, existsSync as existsSync2 } from "fs";
+import { dirname } from "path";
+// src/setup/operator-surface.ts
+var SectionType = {
+  McpConfig: "mcp-config",
+  McpConfigToml: "mcp-config-toml",
+  InstructionFile: "instruction-file",
+  ProjectConfig: "project-config",
+  Verify: "verify"
+};
+async function fetchSetup(cfg) {
+  const client = await makeClient(cfg);
+  const { data, error } = await client.GET("/operator-surface/setup", {});
+  if (error) throw new Error(`GET /operator-surface/setup failed: ${JSON.stringify(error)}`);
+  return data;
+}
+function findSurface(setup, surfaceKey) {
+  return setup.surfaces.find((s) => s.surfaceKey === surfaceKey);
+}
+function findSection(surface, sectionType) {
+  return surface?.sections.find((s) => s.sectionType === sectionType);
+}
+function sectionSnippet(section) {
+  if (!section) return null;
+  for (const step of section.steps) {
+    if (step.copyValue) return step.copyValue;
+    if (step.codeSnippet) return step.codeSnippet;
+  }
+  return null;
+}
+function parseTagArtifactId(id) {
+  if (!id.startsWith("tag:")) return null;
+  const tags = id.slice("tag:".length).split(",").map((t) => t.trim()).filter((t) => t.length > 0);
+  return tags.length > 0 ? tags : null;
+}
+async function resolveInstructionBody(cfg, section) {
+  const client = await makeClient(cfg);
+  for (const artifact of section.artifacts) {
+    const tags = parseTagArtifactId(artifact.id);
+    if (!tags) continue;
+    const { data } = await client.POST("/memories/search", {
+      body: {
+        query: null,
+        textQuery: null,
+        semanticQuery: artifact.title ?? "role instruction template",
+        hybrid: true,
+        limit: 1,
+        includeArchived: false,
+        includeSystem: false,
+        tags
+      }
+    });
+    const hits = data ?? [];
+    if (hits.length === 0) continue;
+    const memId = hits[0].id;
+    const { data: memEnvelope } = await client.GET("/memories/{memoryId}", {
+      params: { path: { memoryId: memId } }
+    });
+    const env = memEnvelope;
+    const body = env?.item?.text ?? env?.text;
+    if (typeof body === "string" && body.length > 0) {
+      return { title: env?.item?.title ?? env?.title ?? artifact.title, body };
+    }
+  }
+  return null;
+}
+// src/setup/apply.ts
+var BLOCK_BEGIN = "<!-- @sechroom/cli:begin (managed \u2014 re-run `sechroom setup agent-files` to refresh) -->";
+var BLOCK_END = "<!-- @sechroom/cli:end -->";
+function ensureDir2(path) {
+  mkdirSync2(dirname(path), { recursive: true });
+}
+function readOr(path, fallback) {
+  try {
+    return readFileSync2(path, "utf8");
+  } catch {
+    return fallback;
+  }
+}
+function mergeMcpJson(path, snippet, dryRun) {
+  const incoming = JSON.parse(snippet);
+  const existed = existsSync2(path);
+  let current = {};
+  if (existed) {
+    try {
+      current = JSON.parse(readFileSync2(path, "utf8"));
+    } catch {
+      return { kind: "mcp", path, status: "skipped", note: "existing file isn't valid JSON \u2014 left untouched" };
+    }
+  }
+  current.mcpServers = { ...current.mcpServers ?? {}, ...incoming.mcpServers ?? {} };
+  if (dryRun) return { kind: "mcp", path, status: "dry-run" };
+  ensureDir2(path);
+  writeFileSync2(path, JSON.stringify(current, null, 2) + "\n", { mode: 384 });
+  return { kind: "mcp", path, status: existed ? "merged" : "created" };
+}
+function mergeCodexToml(path, snippet, dryRun) {
+  const existed = existsSync2(path);
+  let body = readOr(path, "");
+  body = body.replace(/(^|\n)\[mcp_servers\.sechroom\][^[]*/, "\n").replace(/\n{3,}/g, "\n\n");
+  const trimmed = body.trim();
+  const next = (trimmed.length > 0 ? trimmed + "\n\n" : "") + snippet.trim() + "\n";
+  if (dryRun) return { kind: "mcp", path, status: "dry-run" };
+  ensureDir2(path);
+  writeFileSync2(path, next, { mode: 384 });
+  return { kind: "mcp", path, status: existed ? "merged" : "created" };
+}
+function writeInstructionBlock(path, body, dryRun) {
+  const block = `${BLOCK_BEGIN}
+${body.trim()}
+${BLOCK_END}
+`;
+  const existed = existsSync2(path);
+  const current = readOr(path, "");
+  let next;
+  const re = new RegExp(`${escapeRe(BLOCK_BEGIN)}[\\s\\S]*?${escapeRe(BLOCK_END)}\\n?`);
+  if (re.test(current)) {
+    next = current.replace(re, block);
+  } else {
+    next = current.trim().length > 0 ? `${current.trimEnd()}
+${block}` : block;
+  }
+  if (dryRun) return { kind: "instruction", path, status: "dry-run" };
+  ensureDir2(path);
+  writeFileSync2(path, next);
+  return { kind: "instruction", path, status: existed ? "merged" : "created" };
+}
+function escapeRe(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+async function applyClient(cfg, setup, target, opts) {
+  const actions = [];
+  if (opts.mcp && target.mcp) {
+    const surface = findSurface(setup, target.mcp.surfaceKey);
+    const section = findSection(surface, target.mcp.sectionType);
+    const snippet = sectionSnippet(section);
+    if (!snippet) {
+      actions.push({ kind: "mcp", path: target.mcp.path, status: "skipped", note: `no ${target.mcp.sectionType} section on surface '${target.mcp.surfaceKey}'` });
+    } else {
+      actions.push(
+        target.mcp.format === "toml" ? mergeCodexToml(target.mcp.path, snippet, opts.dryRun) : mergeMcpJson(target.mcp.path, snippet, opts.dryRun)
+      );
+    }
+  }
+  if (opts.agentFiles && target.instruction) {
+    const surface = findSurface(setup, target.instruction.surfaceKey);
+    const section = findSection(surface, SectionType.InstructionFile);
+    if (!section) {
+      actions.push({ kind: "instruction", path: target.instruction.path, status: "skipped", note: `no instruction-file section on surface '${target.instruction.surfaceKey}'` });
+    } else {
+      const resolved = await resolveInstructionBody(cfg, section);
+      if (!resolved) {
+        actions.push({ kind: "instruction", path: target.instruction.path, status: "skipped", note: "no role template found in this tenant \u2014 install the SEM Starter bundle, then re-run `sechroom setup agent-files`" });
+      } else {
+        actions.push(writeInstructionBlock(target.instruction.path, resolved.body, opts.dryRun));
+      }
+    }
+  }
+  return actions;
+}
+// src/setup/clients.ts
+import { homedir as homedir2 } from "os";
+import { join as join2 } from "path";
+function claudeDesktopConfigPath(home) {
+  switch (process.platform) {
+    case "darwin":
+      return join2(home, "Library", "Application Support", "Claude", "claude_desktop_config.json");
+    case "win32":
+      return join2(process.env.APPDATA ?? join2(home, "AppData", "Roaming"), "Claude", "claude_desktop_config.json");
+    default:
+      return join2(home, ".config", "Claude", "claude_desktop_config.json");
+  }
+}
+function clientTargets(cwd) {
+  const home = homedir2();
+  return {
+    "claude-code": {
+      key: "claude-code",
+      label: "Claude Code",
+      mcp: { surfaceKey: "claude-code", sectionType: SectionType.McpConfig, path: join2(cwd, ".mcp.json"), format: "json" },
+      instruction: { surfaceKey: "claude-code", path: join2(cwd, "CLAUDE.md") }
+    },
+    "claude-desktop": {
+      key: "claude-desktop",
+      label: "Claude Desktop",
+      mcp: { surfaceKey: "claude-desktop", sectionType: SectionType.McpConfig, path: claudeDesktopConfigPath(home), format: "json" },
+      instruction: { surfaceKey: "claude-desktop", path: join2(home, ".claude", "CLAUDE.md") }
+    },
+    codex: {
+      key: "codex",
+      label: "Codex CLI",
+      mcp: { surfaceKey: "chatgpt", sectionType: SectionType.McpConfigToml, path: join2(home, ".codex", "config.toml"), format: "toml" },
+      instruction: { surfaceKey: "chatgpt", path: join2(cwd, "AGENTS.md") }
+    },
+    cursor: {
+      key: "cursor",
+      label: "Cursor",
+      mcp: { surfaceKey: "claude-code", sectionType: SectionType.McpConfig, path: join2(cwd, ".cursor", "mcp.json"), format: "json" },
+      instruction: { surfaceKey: "chatgpt", path: join2(cwd, "AGENTS.md") }
+    }
+  };
+}
+var ALL_CLIENT_KEYS = ["claude-code", "claude-desktop", "codex", "cursor"];
+var DEFAULT_CLIENT_KEY = "claude-code";
+// src/commands/setup.ts
+function resolveClientKeys(raw) {
+  const targets = clientTargets(process.cwd());
+  if (raw === "all") return [...ALL_CLIENT_KEYS];
+  const keys = raw.split(",").map((k) => k.trim()).filter(Boolean);
+  for (const k of keys) {
+    if (!targets[k]) {
+      fail(`unknown client '${k}'. Known: ${ALL_CLIENT_KEYS.join(", ")}, or 'all'.`);
+    }
+  }
+  return keys;
+}
+function printActions(client, actions) {
+  process.stdout.write(`
+${client.label} (${client.key}):
+`);
+  for (const a of actions) {
+    const tag = a.status === "skipped" ? "skip" : a.status;
+    process.stdout.write(`  [${tag}] ${a.kind}: ${a.path}${a.note ? ` \u2014 ${a.note}` : ""}
+`);
+  }
+}
+function registerInit(program2) {
+  program2.command("init").description("Wire this project for sechroom: write MCP config + agent instruction files from the server's setup descriptors").option("--client <list>", `comma-separated clients (${ALL_CLIENT_KEYS.join(", ")}) or 'all'`, DEFAULT_CLIENT_KEY).option("--dry-run", "print what would be written without writing", false).option("--mcp-only", "only write MCP config (skip agent files)", false).option("--agent-files-only", "only write agent instruction files (skip MCP config)", false).action(async (opts, cmd) => {
+    const cfg = resolveConfig(cmd.optsWithGlobals());
+    const setup = await withSpinner("Fetching setup descriptors", () => fetchSetup(cfg));
+    const targets = clientTargets(process.cwd());
+    const keys = resolveClientKeys(opts.client);
+    const json = cmd.optsWithGlobals().json;
+    const result = [];
+    for (const key of keys) {
+      const target = targets[key];
+      const actions = await applyClient(cfg, setup, target, {
+        dryRun: Boolean(opts.dryRun),
+        mcp: !opts.agentFilesOnly,
+        agentFiles: !opts.mcpOnly
+      });
+      result.push({ client: key, actions });
+      if (!json) printActions(target, actions);
+    }
+    if (json) {
+      emit({ dryRun: Boolean(opts.dryRun), clients: result }, true);
+      return;
+    }
+    const first = targets[keys[0]];
+    const surface = findSurface(setup, first.mcp?.surfaceKey ?? first.instruction?.surfaceKey ?? "");
+    const verify = findSection(surface, SectionType.Verify);
+    if (verify?.description) {
+      process.stdout.write(`
+Next \u2014 verify: ${verify.description}
+`);
+    }
+    process.stdout.write(
+      opts.dryRun ? "\n(dry run \u2014 nothing written)\n" : "\nDone. Restart your AI client (or reload MCP) to pick up the new config.\n"
+    );
+  });
+}
+function registerSetup(program2) {
+  const setup = program2.command("setup").description("Granular onboarding steps (init runs these together)");
+  setup.command("mcp <client>").description(`Write only the MCP config for a client (${ALL_CLIENT_KEYS.join(", ")})`).option("--dry-run", "print what would be written without writing", false).action(async (client, opts, cmd) => {
+    await runSingle(client, cmd, { dryRun: Boolean(opts.dryRun), mcp: true, agentFiles: false });
+  });
+  setup.command("agent-files <client>").description(`Write only the agent instruction file for a client (${ALL_CLIENT_KEYS.join(", ")})`).option("--dry-run", "print what would be written without writing", false).action(async (client, opts, cmd) => {
+    await runSingle(client, cmd, { dryRun: Boolean(opts.dryRun), mcp: false, agentFiles: true });
+  });
+}
+async function runSingle(client, cmd, opts) {
+  const cfg = resolveConfig(cmd.optsWithGlobals());
+  const targets = clientTargets(process.cwd());
+  const target = targets[client];
+  if (!target) fail(`unknown client '${client}'. Known: ${ALL_CLIENT_KEYS.join(", ")}.`);
+  const setupData = await withSpinner("Fetching setup descriptors", () => fetchSetup(cfg));
+  const actions = await applyClient(cfg, setupData, target, opts);
+  const json = cmd.optsWithGlobals().json;
+  if (json) {
+    emit({ dryRun: opts.dryRun, client, actions }, true);
+  } else {
+    printActions(target, actions);
+    process.stdout.write(opts.dryRun ? "\n(dry run \u2014 nothing written)\n" : "\nDone.\n");
+  }
+}
 // src/index.ts
+function resolveVersion() {
+  try {
+    const pkg = JSON.parse(
+      readFileSync3(new URL("../package.json", import.meta.url), "utf8")
+    );
+    return pkg.version ?? "0.0.0";
+  } catch {
+    return "0.0.0";
+  }
+}
 var program = new Command();
-program.name("sechroom").description("Sechroom CLI \u2014 thin generated client over the Sechroom HTTP API. An agent/human surface alongside MCP.").version("0.0.0").option("--base-url <url>", "API base URL (overrides config / SECHROOM_BASE_URL)").option("--tenant <tenant>", "Tenant id (required by the API; overrides config / SECHROOM_TENANT)").option("--json", "Emit compact JSON (for scripts and agents)", false);
+program.name("sechroom").description("Sechroom CLI \u2014 thin generated client over the Sechroom HTTP API. An agent/human surface alongside MCP.").version(resolveVersion()).option("--base-url <url>", "API base URL (overrides config / SECHROOM_BASE_URL)").option("--tenant <tenant>", "Tenant id (required by the API; overrides config / SECHROOM_TENANT)").option("--json", "Emit compact JSON (for scripts and agents)", false);
+program.hook("preAction", (_thisCmd, actionCmd) => {
+  setQuiet(Boolean(actionCmd.optsWithGlobals().json));
+});
 program.command("login").description("Sign in via browser (OAuth auth-code + PKCE, dynamic client registration)").action(async (_opts, cmd) => {
   const g = cmd.optsWithGlobals();
   const persisted = readPersisted();
@@ -355,6 +734,8 @@ config.command("show").description("Print persisted config").action(() => {
 registerMemory(program);
 registerWorklog(program);
 registerLookup(program);
+registerInit(program);
+registerSetup(program);
 program.parseAsync().catch((err) => {
   process.stderr.write(`error: ${err instanceof Error ? err.message : String(err)}
 `);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sechroom/cli",
-  "version": "2026.6.2",
+  "version": "2026.6.3",
   "description": "Sechroom CLI — a thin, generated client over the Sechroom HTTP API. An agent/human surface alongside MCP.",
   "type": "module",
   "license": "UNLICENSED",