@slamb2k/dvx 1.0.7

package/dist/index.js

@@ -0,0 +1,1503 @@
+#!/usr/bin/env node
+import {
+  AuthManager,
+  DataverseError,
+  EntityNotFoundError,
+  ImpersonationPrivilegeError,
+  MsalCachePlugin,
+  ValidationError,
+  buildBatchBody,
+  chunkArray,
+  createClient,
+  createSpinner,
+  isInteractive,
+  logError,
+  logInfo,
+  logMutationSuccess,
+  logStep,
+  logSuccess,
+  logWarn,
+  openBrowser,
+  promptConfirmClack,
+  promptUrl,
+  setUxOptions,
+  stripAnsi,
+  validateEntityName,
+  validateFetchXml,
+  validateGuid,
+  validateUrl
+} from "./chunk-QFYVVOAX.js";
+
+// src/index.ts
+import { Command, Option } from "commander";
+
+// src/commands/auth-login.ts
+import { PublicClientApplication } from "@azure/msal-node";
+import { Client } from "@microsoft/microsoft-graph-client";
+import * as clack from "@clack/prompts";
+import * as path from "path";
+var DVX_BOOTSTRAPPER_CLIENT_ID = "73f809fb-5469-4956-85f9-e0141af82d90";
+var MANUAL_INSTRUCTIONS = `
+Manual Setup Instructions:
+1. Go to https://portal.azure.com \u2192 Azure Active Directory \u2192 App registrations
+2. Click "New registration", set name to "dvx", type "Single tenant"
+3. Go to the new app \u2192 Certificates & secrets \u2192 New client secret
+4. Copy the Application (client) ID and the secret value
+5. In Dataverse admin, create an Application User with the client ID
+6. Assign the "System Administrator" or relevant security role
+`;
+async function bootstrapSignIn(tenantId) {
+  const authority = tenantId ? `https://login.microsoftonline.com/${tenantId}` : "https://login.microsoftonline.com/organizations";
+  const cacheFilePath = path.join(process.cwd(), ".dvx", "msal-cache-bootstrapper.json");
+  const pca = new PublicClientApplication({
+    auth: {
+      clientId: DVX_BOOTSTRAPPER_CLIENT_ID,
+      authority
+    },
+    cache: {
+      cachePlugin: new MsalCachePlugin(cacheFilePath)
+    }
+  });
+  const scopes = ["https://globaldisco.crm.dynamics.com//user_impersonation"];
+  const accounts = await pca.getAllAccounts();
+  let discoveredTenantId = tenantId;
+  if (accounts.length > 0 && accounts[0]) {
+    try {
+      const result2 = await pca.acquireTokenSilent({ account: accounts[0], scopes });
+      if (result2?.accessToken && result2.account?.tenantId) {
+        return { pca, tenantId: discoveredTenantId ?? result2.account.tenantId };
+      }
+    } catch {
+    }
+  }
+  const result = await pca.acquireTokenInteractive({
+    scopes,
+    openBrowser: async (url) => {
+      openBrowser(url);
+    },
+    successTemplate: "<h1>Authentication complete. You may close this tab.</h1>",
+    errorTemplate: "<h1>Authentication failed: {error}</h1>"
+  });
+  if (!result?.accessToken) {
+    throw new Error("Failed to acquire token during sign-in");
+  }
+  discoveredTenantId = discoveredTenantId ?? result.account?.tenantId;
+  if (!discoveredTenantId) {
+    throw new Error("Could not determine tenant ID from sign-in. Pass --tenant-id explicitly.");
+  }
+  return { pca, tenantId: discoveredTenantId };
+}
+async function discoverEnvironments(pca) {
+  const scopes = ["https://globaldisco.crm.dynamics.com//user_impersonation"];
+  const accounts = await pca.getAllAccounts();
+  let accessToken;
+  if (accounts.length > 0 && accounts[0]) {
+    try {
+      const result = await pca.acquireTokenSilent({ account: accounts[0], scopes });
+      accessToken = result?.accessToken;
+    } catch {
+    }
+  }
+  if (!accessToken) {
+    const result = await pca.acquireTokenInteractive({
+      scopes,
+      openBrowser: async (url) => {
+        openBrowser(url);
+      },
+      successTemplate: "<h1>Authentication complete. You may close this tab.</h1>",
+      errorTemplate: "<h1>Authentication failed: {error}</h1>"
+    });
+    accessToken = result?.accessToken;
+  }
+  if (!accessToken) {
+    throw new Error("Failed to acquire discovery token");
+  }
+  const response = await fetch("https://globaldisco.crm.dynamics.com/api/discovery/v2.0/Instances", {
+    headers: { Authorization: `Bearer ${accessToken}` }
+  });
+  if (!response.ok) {
+    throw new Error(`Discovery API returned ${response.status}: ${response.statusText}`);
+  }
+  const data = await response.json();
+  return data.value.filter((env) => env.State === 0).map((env) => ({
+    url: env.Url,
+    friendlyName: env.FriendlyName,
+    uniqueName: env.UniqueName,
+    state: env.State === 0 ? "Enabled" : "Disabled",
+    version: env.Version
+  }));
+}
+async function selectEnvironment(environments) {
+  const options = environments.map((env) => ({
+    value: env.url,
+    label: env.friendlyName || env.uniqueName,
+    hint: env.url
+  }));
+  options.push({
+    value: "__manual__",
+    label: "Enter URL manually",
+    hint: "Specify a Dataverse environment URL"
+  });
+  const selected = await clack.select({
+    message: "Select a Dataverse environment",
+    options
+  });
+  if (clack.isCancel(selected)) {
+    clack.cancel("Login cancelled.");
+    process.exit(0);
+  }
+  if (selected === "__manual__") {
+    const url = await clack.text({
+      message: "Dataverse environment URL",
+      placeholder: "https://org.crm.dynamics.com",
+      validate: (value) => {
+        if (!value) return "Please enter a valid URL";
+        try {
+          new URL(value);
+        } catch {
+          return "Please enter a valid URL";
+        }
+      }
+    });
+    if (clack.isCancel(url)) {
+      clack.cancel("Login cancelled.");
+      process.exit(0);
+    }
+    return url;
+  }
+  return selected;
+}
+async function acquireGraphToken(pca) {
+  const scopes = ["https://graph.microsoft.com/Application.ReadWrite.All"];
+  const accounts = await pca.getAllAccounts();
+  if (accounts.length > 0 && accounts[0]) {
+    try {
+      const result2 = await pca.acquireTokenSilent({ account: accounts[0], scopes });
+      if (result2?.accessToken) return result2.accessToken;
+    } catch {
+    }
+  }
+  const result = await pca.acquireTokenInteractive({
+    scopes,
+    openBrowser: async (url) => {
+      openBrowser(url);
+    },
+    successTemplate: "<h1>Authentication complete. You may close this tab.</h1>",
+    errorTemplate: "<h1>Authentication failed: {error}</h1>"
+  });
+  if (!result?.accessToken) {
+    throw new Error("Failed to acquire Graph API token");
+  }
+  return result.accessToken;
+}
+async function provisionViaGraph(pca) {
+  const accessToken = await acquireGraphToken(pca);
+  const graphClient = Client.init({
+    authProvider: (done) => {
+      done(null, accessToken);
+    }
+  });
+  logStep('Creating app registration "dvx-service"...');
+  const app = await graphClient.api("/applications").post({
+    displayName: "dvx-service",
+    signInAudience: "AzureADMyOrg",
+    publicClient: {
+      redirectUris: ["http://localhost"]
+    },
+    requiredResourceAccess: [
+      {
+        resourceAppId: "00000007-0000-0000-c000-000000000000",
+        resourceAccess: [
+          { id: "78ce3f0f-a1ce-49c2-8cde-64b5c0896db4", type: "Scope" }
+        ]
+      }
+    ]
+  });
+  logSuccess(`App created: ${app.appId}`);
+  logStep("Creating service principal...");
+  await graphClient.api("/servicePrincipals").post({
+    appId: app.appId
+  });
+  logSuccess("Service principal created");
+  logStep("Granting admin consent for Dataverse access...");
+  try {
+    const crmSp = await graphClient.api("/servicePrincipals").filter("appId eq '00000007-0000-0000-c000-000000000000'").select("id").get();
+    const dvxSp = await graphClient.api("/servicePrincipals").filter(`appId eq '${app.appId}'`).select("id").get();
+    if (crmSp.value[0] && dvxSp.value[0]) {
+      await graphClient.api("/oauth2PermissionGrants").post({
+        clientId: dvxSp.value[0].id,
+        consentType: "AllPrincipals",
+        resourceId: crmSp.value[0].id,
+        scope: "user_impersonation"
+      });
+      logSuccess("Admin consent granted");
+    }
+  } catch {
+    logWarn("Could not auto-grant consent (may require Global Admin). Users will be prompted on first login.");
+  }
+  return app.appId;
+}
+async function authLogin(options) {
+  if (options.servicePrincipal) {
+    if (!options.url) {
+      throw new Error("Environment URL required for service principal auth. Pass --url.");
+    }
+    const envUrl2 = validateUrl(options.url);
+    const clientSecret = options.clientSecret ?? process.env["DATAVERSE_CLIENT_SECRET"];
+    if (!clientSecret) {
+      throw new Error("Client secret required. Pass --client-secret or set DATAVERSE_CLIENT_SECRET.");
+    }
+    if (!options.clientId) {
+      throw new Error("Client ID required for service principal auth. Pass --client-id.");
+    }
+    if (!options.tenantId) {
+      throw new Error("Tenant ID required for service principal auth. Pass --tenant-id.");
+    }
+    const profile2 = {
+      name: options.name,
+      type: "service-principal",
+      environmentUrl: envUrl2,
+      tenantId: options.tenantId,
+      clientId: options.clientId,
+      clientSecret
+    };
+    const manager2 = new AuthManager();
+    manager2.createProfile(profile2);
+    process.env["DATAVERSE_CLIENT_SECRET"] = clientSecret;
+    const spSpinner = createSpinner();
+    spSpinner.start("Validating connection...");
+    let entityCount;
+    try {
+      const { client } = await createClient();
+      const entityList = await client.listEntities();
+      entityCount = entityList.length;
+      spSpinner.stop(`Connected \u2014 found ${entityCount} entities`);
+    } catch (err) {
+      spSpinner.error("Connection failed");
+      throw err;
+    }
+    console.log(JSON.stringify({ profile: options.name, type: "service-principal", status: "logged_in", entityCount }));
+    return;
+  }
+  if (isInteractive()) clack.intro("dvx auth login");
+  let envUrl = options.url ? validateUrl(options.url) : void 0;
+  let tenantId = options.tenantId;
+  let clientId = options.clientId;
+  let session;
+  if (!envUrl) {
+    const s = createSpinner();
+    s.start("Signing in to discover environments...");
+    try {
+      session = await bootstrapSignIn(tenantId);
+      tenantId = session.tenantId;
+      s.stop("Signed in");
+    } catch (err) {
+      s.stop("Sign-in failed");
+      const message = err instanceof Error ? err.message : String(err);
+      logWarn(`Could not sign in for discovery: ${message}`);
+      envUrl = validateUrl(await promptUrl("Dataverse environment URL"));
+    }
+    if (!envUrl && session) {
+      const s2 = createSpinner();
+      s2.start("Discovering environments...");
+      try {
+        const environments = await discoverEnvironments(session.pca);
+        s2.stop(`Found ${environments.length} environment${environments.length === 1 ? "" : "s"}`);
+        if (environments.length > 0) {
+          envUrl = validateUrl(await selectEnvironment(environments));
+        } else {
+          logWarn("No Dataverse environments found for this account.");
+          envUrl = validateUrl(await promptUrl("Dataverse environment URL"));
+        }
+      } catch (err) {
+        s2.stop("Discovery failed");
+        const message = err instanceof Error ? err.message : String(err);
+        logWarn(`Discovery failed: ${message}`);
+        envUrl = validateUrl(await promptUrl("Dataverse environment URL"));
+      }
+    }
+  }
+  if (!envUrl) {
+    throw new Error("No environment URL determined. Pass --url explicitly.");
+  }
+  if (!clientId) {
+    try {
+      if (!session) {
+        const s = createSpinner();
+        s.start("Signing in for app registration...");
+        session = await bootstrapSignIn(tenantId);
+        tenantId = session.tenantId;
+        s.stop("Signed in");
+      }
+      clientId = await provisionViaGraph(session.pca);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      logWarn(`Automated app registration failed: ${message}`);
+      logInfo(MANUAL_INSTRUCTIONS);
+      const enteredClientId = await clack.text({ message: "Enter client ID from app registration" });
+      if (clack.isCancel(enteredClientId)) {
+        clack.cancel("Login cancelled.");
+        process.exit(0);
+      }
+      clientId = enteredClientId;
+      if (!tenantId) {
+        const enteredTenantId = await clack.text({ message: "Enter Entra tenant ID" });
+        if (clack.isCancel(enteredTenantId)) {
+          clack.cancel("Login cancelled.");
+          process.exit(0);
+        }
+        tenantId = enteredTenantId;
+      }
+    }
+  }
+  if (!tenantId) {
+    throw new Error("Could not determine tenant ID. Pass --tenant-id explicitly.");
+  }
+  const profile = {
+    name: options.name,
+    type: "delegated",
+    environmentUrl: envUrl,
+    tenantId,
+    clientId
+  };
+  const manager = new AuthManager();
+  manager.createProfile(profile);
+  const finalSpinner = createSpinner();
+  finalSpinner.start("Signing in to Dataverse...");
+  await manager.getToken(options.name);
+  finalSpinner.stop("Signed in");
+  if (isInteractive()) clack.outro(`Logged in as '${options.name}' \u2192 ${envUrl}`);
+  console.log(JSON.stringify({ profile: options.name, type: "delegated", status: "logged_in" }));
+}
+async function authLogout(options) {
+  const manager = new AuthManager();
+  if (options.all) {
+    manager.deleteAllProfiles();
+    console.log("All auth profiles removed.");
+    return;
+  }
+  const active = manager.getActiveProfile();
+  manager.deleteProfile(active.name);
+  console.log(`Profile '${active.name}' removed.`);
+}
+
+// src/utils/table.ts
+function renderTable(rows, headers, options) {
+  const allRows = headers ? [headers, ...rows] : rows;
+  if (allRows.length === 0) return "";
+  const colCount = Math.max(...allRows.map((r) => r.length));
+  const colWidths = [];
+  for (let col = 0; col < colCount; col++) {
+    colWidths.push(Math.max(...allRows.map((r) => (r[col] ?? "").length)));
+  }
+  const lines = [];
+  for (let i = 0; i < allRows.length; i++) {
+    const row = allRows[i];
+    const formatted = row.map((cell, col) => {
+      let display = cell;
+      if (headers && i === 0 && options?.dimHeaders) {
+        display = `\x1B[2m${cell}\x1B[0m`;
+      }
+      if (col === row.length - 1) return display;
+      return display + " ".repeat(Math.max(0, (colWidths[col] ?? 0) + 2 - cell.length));
+    }).join("");
+    lines.push(formatted);
+    if (headers && i === 0) {
+      lines.push("-".repeat(colWidths.reduce((sum, w) => sum + w + 2, 0)));
+    }
+  }
+  if (options?.showRowCount) {
+    lines.push(`(${rows.length} rows)`);
+  }
+  return lines.join("\n");
+}
+
+// src/commands/auth-list.ts
+async function authList(options) {
+  const { authManager } = await createClient();
+  const profiles = authManager.listProfiles();
+  if (profiles.length === 0) {
+    console.log("No auth profiles configured.");
+    return;
+  }
+  if (options.output === "json") {
+    console.log(JSON.stringify(profiles.map((p) => ({
+      name: p.name,
+      active: p.active,
+      environmentUrl: p.profile.environmentUrl
+    })), null, 2));
+  } else {
+    const rows = profiles.map((p) => {
+      const marker = p.active ? "*" : " ";
+      return [marker, p.name, p.profile.environmentUrl];
+    });
+    console.log(renderTable(rows, [" ", "Name", "URL"]));
+  }
+}
+
+// src/commands/auth-select.ts
+async function authSelect(profileName) {
+  if (!profileName.trim()) {
+    throw new ValidationError("Profile name must be a non-empty string");
+  }
+  const { authManager } = await createClient();
+  authManager.selectProfile(profileName);
+  console.log(`Active profile switched to '${profileName}'.`);
+}
+
+// src/commands/entities.ts
+async function entities(options) {
+  const { client } = await createClient();
+  const s = createSpinner();
+  s.start("Fetching entities...");
+  let entityList;
+  try {
+    entityList = await client.listEntities();
+  } catch (err) {
+    s.error("Failed to fetch entities");
+    throw err;
+  }
+  s.stop(`Found ${entityList.length} entities`);
+  if (options.output === "json") {
+    console.log(JSON.stringify(entityList, null, 2));
+  } else if (options.output === "ndjson") {
+    for (const e of entityList) {
+      console.log(JSON.stringify({ name: e.logicalName, displayName: e.displayName, entitySetName: e.entitySetName }));
+    }
+  } else {
+    if (entityList.length === 0) {
+      console.log("No entities found.");
+      return;
+    }
+    const rows = entityList.map((e) => [e.logicalName, e.displayName, e.entitySetName]);
+    console.log(renderTable(rows, ["LogicalName", "DisplayName", "EntitySetName"]));
+  }
+}
+
+// src/commands/schema.ts
+async function schema(entityName, options) {
+  const { client } = await createClient();
+  if (options.refreshAll) {
+    client.clearSchemaCache();
+  } else if (options.refresh) {
+    client.invalidateSchema(entityName);
+  }
+  const s = createSpinner();
+  s.start(`Fetching schema for ${entityName}...`);
+  let entry;
+  try {
+    entry = await client.getEntitySchema(entityName, options.noCache);
+  } catch (err) {
+    s.error("Failed to fetch schema");
+    throw err;
+  }
+  s.stop(`Schema loaded: ${entry.attributes.length} attributes`);
+  if (options.output === "table") {
+    const rows = entry.attributes.map((a) => [
+      a.logicalName,
+      a.displayName,
+      a.attributeType,
+      a.requiredLevel === "ApplicationRequired" || a.requiredLevel === "SystemRequired" ? "Yes" : "No"
+    ]);
+    console.log(renderTable(rows, ["LogicalName", "DisplayName", "Type", "Required"]));
+  } else {
+    console.log(JSON.stringify(entry, null, 2));
+  }
+}
+
+// src/commands/query.ts
+import { readFileSync } from "fs";
+function renderRecordTable(records) {
+  if (records.length === 0) {
+    console.log("No records found.");
+    return;
+  }
+  const keys = Object.keys(records[0]).filter((k) => !k.startsWith("@"));
+  const rows = records.map((r) => keys.map((k) => String(r[k] ?? "")));
+  console.log(renderTable(rows, keys));
+}
+async function query(options) {
+  const { client } = await createClient({ dryRun: options.dryRun });
+  let fetchXmlContent;
+  let entityName;
+  if (options.file) {
+    const content = readFileSync(options.file, "utf-8");
+    if (content.trimStart().startsWith("<")) {
+      fetchXmlContent = content;
+    } else {
+      options.odata = content.trim();
+    }
+  }
+  if (options.fetchxml) {
+    fetchXmlContent = options.fetchxml;
+  }
+  const s = createSpinner();
+  if (fetchXmlContent) {
+    validateFetchXml(fetchXmlContent);
+    const entityMatch = /entity\s+name=["']([^"']+)["']/i.exec(fetchXmlContent);
+    entityName = entityMatch?.[1];
+    if (!entityName) {
+      throw new ValidationError("Could not determine entity name from FetchXML");
+    }
+    s.start("Querying...");
+    if (options.output === "ndjson" || options.pageAll) {
+      let count = 0;
+      try {
+        await client.queryFetchXml(entityName, fetchXmlContent, (record) => {
+          count++;
+          console.log(JSON.stringify(record));
+        });
+      } catch (err) {
+        s.error("Query failed");
+        throw err;
+      }
+      s.stop(`Query complete: ${count} records`);
+    } else {
+      let records;
+      try {
+        records = await client.queryFetchXml(entityName, fetchXmlContent);
+      } catch (err) {
+        s.error("Query failed");
+        throw err;
+      }
+      s.stop(`Query complete: ${records.length} records`);
+      if (options.output === "json") {
+        console.log(JSON.stringify(records, null, 2));
+      } else {
+        renderRecordTable(records);
+      }
+    }
+    return;
+  }
+  if (!options.odata) {
+    throw new ValidationError("Either --odata, --fetchxml, or --file is required");
+  }
+  const odataParts = options.odata.split("?");
+  const entitySetName = odataParts[0] ?? "";
+  const odataQuery = odataParts.slice(1).join("?");
+  if (!entitySetName) {
+    throw new ValidationError(`OData expression must start with the entity set name (e.g., "accounts?$filter=name eq 'test'")`);
+  }
+  const fields = options.fields?.split(",").map((f) => f.trim());
+  s.start("Querying...");
+  if (options.output === "ndjson" || options.pageAll) {
+    let count = 0;
+    try {
+      await client.query(entitySetName, odataQuery, {
+        fields,
+        pageAll: options.pageAll,
+        maxRows: options.maxRows,
+        onRecord: (record) => {
+          count++;
+          console.log(JSON.stringify(record));
+        },
+        onProgress: (info) => {
+          s.message(`Page ${info.pageNumber} \u2014 ${info.recordCount} records...`);
+        }
+      });
+    } catch (err) {
+      s.error("Query failed");
+      throw err;
+    }
+    s.stop(`Query complete: ${count} records`);
+  } else {
+    let records;
+    try {
+      records = await client.query(entitySetName, odataQuery, {
+        fields,
+        pageAll: false,
+        maxRows: options.maxRows,
+        onProgress: (info) => {
+          s.message(`Page ${info.pageNumber} \u2014 ${info.recordCount} records...`);
+        }
+      });
+    } catch (err) {
+      s.error("Query failed");
+      throw err;
+    }
+    s.stop(`Query complete: ${records.length} records`);
+    if (options.output === "json") {
+      console.log(JSON.stringify(records, null, 2));
+    } else {
+      renderRecordTable(records);
+    }
+  }
+}
+
+// src/commands/get.ts
+async function get(entityName, id, options) {
+  validateEntityName(entityName);
+  const validatedId = validateGuid(id);
+  const { client } = await createClient();
+  const fields = options.fields?.split(",").map((f) => f.trim()).filter((f) => f.length > 0);
+  const s = createSpinner();
+  s.start(`Fetching ${entityName} ${validatedId}...`);
+  let record;
+  try {
+    record = await client.getRecord(entityName, validatedId, fields);
+  } catch (err) {
+    s.error("Failed to fetch record");
+    throw err;
+  }
+  s.stop("Record loaded");
+  if (options.output === "json") {
+    console.log(JSON.stringify(record, null, 2));
+  } else {
+    const entries = Object.entries(record).filter(([k]) => !k.startsWith("@"));
+    if (entries.length === 0) {
+      console.log("No fields returned.");
+      return;
+    }
+    const rows = entries.map(([key, value]) => [key, String(value ?? "")]);
+    console.log(renderTable(rows, ["Field", "Value"]));
+  }
+}
+
+// src/utils/parse-json.ts
+function parseJsonPayload(raw) {
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    throw new ValidationError("Invalid JSON payload");
+  }
+  if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+    throw new ValidationError("JSON payload must be an object");
+  }
+  return parsed;
+}
+
+// src/utils/output.ts
+function formatMutationResult(result, opts) {
+  const payload = result ?? (opts.id ? { ok: true, id: opts.id } : { ok: true });
+  if (opts.format === "json") {
+    console.log(JSON.stringify(payload));
+  } else {
+    const entries = Object.entries(payload);
+    if (entries.length === 0) {
+      console.log("ok");
+    } else {
+      for (const [k, v] of entries) {
+        console.log(`${k}: ${String(v)}`);
+      }
+    }
+  }
+}
+
+// src/commands/create.ts
+async function createRecord(entityName, options) {
+  validateEntityName(entityName);
+  const { client } = await createClient({ dryRun: options.dryRun, callerObjectId: options.callerObjectId });
+  const data = parseJsonPayload(options.json);
+  const s = createSpinner();
+  s.start(`Creating ${entityName}...`);
+  let id;
+  try {
+    id = await client.createRecord(entityName, data);
+  } catch (err) {
+    s.error("Create failed");
+    throw err;
+  }
+  s.stop(`Created ${entityName}`);
+  logMutationSuccess(`Created ${entityName} ${id}`);
+  formatMutationResult(null, { format: options.output ?? "table", id });
+}
+
+// src/commands/update.ts
+async function updateRecord(entityName, id, options) {
+  validateEntityName(entityName);
+  validateGuid(id);
+  const { client } = await createClient({ dryRun: options.dryRun, callerObjectId: options.callerObjectId });
+  const data = parseJsonPayload(options.json);
+  const s = createSpinner();
+  s.start(`Updating ${entityName} ${id}...`);
+  try {
+    await client.updateRecord(entityName, id, data);
+  } catch (err) {
+    s.error("Update failed");
+    throw err;
+  }
+  s.stop(`Updated ${entityName}`);
+  logMutationSuccess(`Updated ${entityName} ${id}`);
+  formatMutationResult(null, { format: options.output ?? "table" });
+}
+
+// src/commands/upsert.ts
+async function upsertRecord(entityName, options) {
+  validateEntityName(entityName);
+  const { client } = await createClient({ dryRun: options.dryRun, callerObjectId: options.callerObjectId });
+  const data = parseJsonPayload(options.json);
+  const matchValue = data[options.matchField];
+  if (matchValue === void 0) {
+    throw new ValidationError(`Match field '${options.matchField}' not found in JSON payload`);
+  }
+  const schema2 = await client.getEntitySchema(entityName);
+  const attr = schema2.attributes.find((a) => a.logicalName === options.matchField);
+  if (!attr) {
+    throw new ValidationError(`Unknown field: ${options.matchField}`);
+  }
+  const escapedValue = typeof matchValue === "string" ? `'${matchValue.replace(/'/g, "''")}'` : String(matchValue);
+  const odata = `$filter=${options.matchField} eq ${escapedValue}&$select=${schema2.primaryIdAttribute}`;
+  const s = createSpinner();
+  s.start(`Upserting ${entityName}...`);
+  try {
+    const records = await client.query(schema2.entitySetName, odata, { pageAll: false, maxRows: 1 });
+    if (records.length > 0) {
+      const existingId = String(records[0][schema2.primaryIdAttribute]);
+      await client.updateRecord(entityName, existingId, data);
+      s.stop(`Upserted ${entityName}`);
+      logMutationSuccess(`Upserted ${entityName} ${existingId} (updated)`);
+      formatMutationResult({ action: "updated", id: existingId }, { format: options.output ?? "table", id: existingId });
+    } else {
+      const id = await client.createRecord(entityName, data);
+      s.stop(`Upserted ${entityName}`);
+      logMutationSuccess(`Upserted ${entityName} ${id} (created)`);
+      formatMutationResult({ action: "created", id }, { format: options.output ?? "table", id });
+    }
+  } catch (err) {
+    s.error("Upsert failed");
+    throw err;
+  }
+}
+
+// src/commands/delete.ts
+async function deleteRecord(entityName, id, options) {
+  validateEntityName(entityName);
+  validateGuid(id);
+  if (!options.confirm && !options.dryRun) {
+    if (isInteractive()) {
+      const confirmed = await promptConfirmClack(`Delete record '${id}' from '${entityName}'?`);
+      if (!confirmed) {
+        process.stderr.write("Aborted\n");
+        return;
+      }
+    } else {
+      throw new ValidationError("Non-interactive mode requires --confirm flag for delete operations");
+    }
+  }
+  const { client } = await createClient({ dryRun: options.dryRun, callerObjectId: options.callerObjectId });
+  const s = createSpinner();
+  s.start(`Deleting ${entityName} ${id}...`);
+  try {
+    await client.deleteRecord(entityName, id);
+  } catch (err) {
+    s.error("Delete failed");
+    throw err;
+  }
+  s.stop(`Deleted ${entityName}`);
+  logMutationSuccess(`Deleted ${id} from ${entityName}`);
+  formatMutationResult(null, { format: options.output ?? "table" });
+}
+
+// src/commands/batch.ts
+import { readFile } from "fs/promises";
+import { z } from "zod";
+var BatchOperationSchema = z.object({
+  method: z.enum(["GET", "POST", "PATCH", "DELETE"]),
+  path: z.string(),
+  headers: z.record(z.string(), z.string()).optional(),
+  body: z.unknown().optional(),
+  contentId: z.string().optional()
+});
+var BatchFileSchema = z.array(BatchOperationSchema);
+async function batch(options) {
+  const { client } = await createClient({ dryRun: options.dryRun, callerObjectId: options.callerObjectId });
+  const content = await readFile(options.file, "utf-8");
+  let parsed;
+  try {
+    parsed = JSON.parse(content);
+  } catch {
+    throw new ValidationError("Invalid JSON in batch file");
+  }
+  const operations = BatchFileSchema.parse(parsed);
+  const chunks = chunkArray(operations, 1e3);
+  const totalOps = operations.length;
+  const s = createSpinner();
+  for (let i = 0; i < chunks.length; i++) {
+    const chunk = chunks[i];
+    const boundary = `batch_dvx_${Date.now()}_${i}`;
+    s.start(`Chunk ${i + 1}/${chunks.length} (${chunk.length} operations)...`);
+    let result;
+    try {
+      const body = buildBatchBody(chunk, boundary, { atomic: options.atomic });
+      result = await client.executeBatch(body, boundary);
+    } catch (err) {
+      s.error(`Chunk ${i + 1}/${chunks.length} failed`);
+      throw err;
+    }
+    s.stop(`Chunk ${i + 1}/${chunks.length} complete`);
+    formatMutationResult(
+      { chunk: i + 1, totalChunks: chunks.length, operations: chunk.length, responseLength: result.length },
+      { format: options.output ?? "table" }
+    );
+  }
+  logSuccess(`Batch complete: ${totalOps} operations across ${chunks.length} chunk${chunks.length === 1 ? "" : "s"}`);
+}
+
+// src/commands/action.ts
+async function actionCommand(actionName, options) {
+  if (!!options.entity !== !!options.id) {
+    throw new ValidationError("--entity and --id must both be provided for bound actions");
+  }
+  const payload = parseJsonPayload(options.json);
+  const { client } = await createClient({ dryRun: options.dryRun, callerObjectId: options.callerObjectId });
+  const s = createSpinner();
+  s.start(`Executing ${actionName}...`);
+  let result;
+  try {
+    result = await client.executeAction(actionName, payload, {
+      entityName: options.entity,
+      id: options.id
+    });
+  } catch (err) {
+    s.error("Action failed");
+    throw err;
+  }
+  s.stop("Action complete");
+  logMutationSuccess(`Executed ${actionName}`);
+  const resultRecord = result && typeof result === "object" && !Array.isArray(result) ? result : { result: JSON.stringify(result) };
+  formatMutationResult(resultRecord, { format: options.output ?? "table" });
+}
+
+// src/commands/demo.ts
+import * as clack2 from "@clack/prompts";
+var DEMO_PREFIX = "[dvx-demo]";
+var TIER_ORDER = ["read", "write", "full"];
+function callout(msg) {
+  const text2 = `\u26A1 dvx advantage: ${msg}`;
+  if (isInteractive()) {
+    clack2.log.info(text2);
+  } else {
+    process.stderr.write(`${text2}
+`);
+  }
+}
+async function selectTier(options) {
+  if (options.tier) return options.tier;
+  if (!isInteractive()) {
+    throw new ValidationError("--tier is required in non-interactive mode (choices: read, write, full)");
+  }
+  const result = await clack2.select({
+    message: "Select demo tier",
+    options: [
+      { value: "read", label: "Read", hint: "Schema discovery, queries, FetchXML \u2014 no data changes" },
+      { value: "write", label: "Write", hint: "Read + CRUD lifecycle with auto-cleanup" },
+      { value: "full", label: "Full", hint: "Write + batch, actions, impersonation, aggregation" }
+    ]
+  });
+  if (clack2.isCancel(result)) {
+    clack2.cancel("Demo cancelled.");
+    process.exit(0);
+  }
+  return result;
+}
+async function checkOpportunityAvailable(client) {
+  try {
+    await client.getEntitySchema("opportunity");
+    return true;
+  } catch (err) {
+    if (err instanceof EntityNotFoundError) return false;
+    if (err instanceof DataverseError && (err.statusCode === 404 || err.message.includes("does not exist"))) return false;
+    throw err;
+  }
+}
+function logData(text2) {
+  if (isInteractive()) {
+    clack2.log.step(text2);
+  } else {
+    console.log(text2);
+  }
+}
+function formatRecords(records, maxRows = 5) {
+  if (records.length === 0) return "(no records)";
+  const subset = records.slice(0, maxRows);
+  const keys = Object.keys(subset[0]);
+  const rows = subset.map((r) => keys.map((k) => String(r[k] ?? "")));
+  let out = renderTable(rows, keys, { dimHeaders: true });
+  if (records.length > maxRows) out += `
+  ... and ${records.length - maxRows} more`;
+  return out;
+}
+async function runStep(step, ctx) {
+  const s = createSpinner();
+  const start = performance.now();
+  try {
+    s.start(step.name);
+    const output = await step.run(ctx, s);
+    s.stop(step.name);
+    if (output) logData(output);
+    callout(step.callout);
+    return { name: step.name, status: "pass", elapsedMs: Math.round(performance.now() - start) };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    s.error(`${step.name} \u2014 ${msg}`);
+    if (err instanceof ImpersonationPrivilegeError) {
+      return { name: step.name, status: "skip", elapsedMs: Math.round(performance.now() - start), error: msg };
+    }
+    return { name: step.name, status: "fail", elapsedMs: Math.round(performance.now() - start), error: msg };
+  }
+}
+async function cleanup(client, createdIds) {
+  const entries = [...createdIds.entries()].reverse();
+  for (const [entity, id] of entries) {
+    try {
+      await client.deleteRecord(entity, id);
+    } catch {
+      logWarn(`Cleanup: failed to delete ${entity} ${id}`);
+    }
+  }
+  try {
+    const orphans = await client.query("accounts", `$filter=startswith(name,'${DEMO_PREFIX}')&$select=accountid`);
+    for (const orphan of orphans) {
+      const id = orphan["accountid"];
+      if (id) {
+        try {
+          await client.deleteRecord("account", id);
+        } catch {
+          logWarn(`Cleanup: failed to delete orphan account ${id}`);
+        }
+      }
+    }
+  } catch {
+    logWarn("Cleanup: orphan sweep failed");
+  }
+  try {
+    const orphanContacts = await client.query("contacts", `$filter=startswith(firstname,'${DEMO_PREFIX}')&$select=contactid`);
+    for (const orphan of orphanContacts) {
+      const id = orphan["contactid"];
+      if (id) {
+        try {
+          await client.deleteRecord("contact", id);
+        } catch {
+          logWarn(`Cleanup: failed to delete orphan contact ${id}`);
+        }
+      }
+    }
+  } catch {
+    logWarn("Cleanup: contact orphan sweep failed");
+  }
+}
+function renderSummary(results) {
+  const rows = results.map((r) => {
+    let status;
+    switch (r.status) {
+      case "pass":
+        status = "\x1B[32mPASS\x1B[0m";
+        break;
+      case "skip":
+        status = "\x1B[33mSKIP\x1B[0m";
+        break;
+      case "fail":
+        status = "\x1B[31mFAIL\x1B[0m";
+        break;
+    }
+    return [r.name, status, `${r.elapsedMs}ms`];
+  });
+  console.log(renderTable(rows, ["Demo", "Status", "Elapsed"], { dimHeaders: true }));
+}
+var ALL_DEMO_STEPS = [
+  // === Read tier ===
+  {
+    name: "List entities",
+    tier: "read",
+    callout: "Full entity catalog with display names \u2014 native MCP only exposes pre-configured entities",
+    async run(ctx, s) {
+      const list = await ctx.client.listEntities();
+      s.message(`Found ${list.length} entities`);
+      const sample = list.slice(0, 8);
+      const rows = sample.map((e) => [e.logicalName, e.displayName, e.entitySetName]);
+      let out = renderTable(rows, ["Logical Name", "Display Name", "Entity Set"], { dimHeaders: true });
+      if (list.length > 8) out += `
+  ... and ${list.length - 8} more`;
+      return out;
+    }
+  },
+  {
+    name: "Schema introspection",
+    tier: "read",
+    callout: "Live schema with attribute types and required levels \u2014 native MCP has no schema introspection",
+    async run(ctx, s) {
+      const schema2 = await ctx.client.getEntitySchema("account");
+      s.message(`account: ${schema2.attributes.length} attributes`);
+      const sample = schema2.attributes.slice(0, 8);
+      const rows = sample.map((a) => [a.logicalName, a.attributeType, a.requiredLevel]);
+      let out = renderTable(rows, ["Attribute", "Type", "Required"], { dimHeaders: true });
+      if (schema2.attributes.length > 8) out += `
+  ... and ${schema2.attributes.length - 8} more`;
+      return out;
+    }
+  },
+  // === Write tier (create data before read steps query it) ===
+  {
+    name: "Create account",
+    tier: "write",
+    callout: "Create with auto-schema resolution \u2014 dvx maps logical name to entity set automatically",
+    async run(ctx) {
+      const id = await ctx.client.createRecord("account", {
+        name: `${DEMO_PREFIX} Contoso Ltd`,
+        description: "Demo account created by dvx demo \u2014 will be auto-cleaned"
+      });
+      ctx.createdIds.set("account", id);
+      return `Created account ${id}`;
+    }
+  },
+  {
+    name: "Update account",
+    tier: "write",
+    callout: "Partial update via PATCH \u2014 only changed fields sent, not full record replacement",
+    async run(ctx) {
+      const id = ctx.createdIds.get("account");
+      if (!id) throw new Error("No account to update \u2014 create step must run first");
+      await ctx.client.updateRecord("account", id, {
+        websiteurl: "https://dvx.dev",
+        telephone1: "+1-555-DVX-DEMO"
+      });
+      return `Updated ${id}: websiteurl, telephone1`;
+    }
+  },
+  {
+    name: "Upsert contact",
+    tier: "write",
+    callout: "Upsert with alternate key matching \u2014 dvx resolves match fields automatically",
+    async run(ctx) {
+      const accountId = ctx.createdIds.get("account");
+      const id = await ctx.client.createRecord("contact", {
+        firstname: `${DEMO_PREFIX}`,
+        lastname: "Demo User",
+        emailaddress1: "demo@dvx.dev",
+        ...accountId ? { "parentcustomerid_account@odata.bind": `/accounts(${accountId})` } : {}
+      });
+      ctx.createdIds.set("contact", id);
+      return `Created contact ${id}${accountId ? ` (linked to account ${accountId})` : ""}`;
+    }
+  },
+  // === Read tier (queries — run after write tier creates data) ===
+  {
+    name: "OData query",
+    tier: "read",
+    callout: "Full OData $filter/$orderby/$select/$expand \u2014 native MCP limited to basic retrieval",
+    async run(ctx, s) {
+      const results = await ctx.client.query("accounts", "$filter=startswith(name,'[dvx-demo]')&$orderby=name&$top=5&$select=name,accountid");
+      s.message(`${results.length} account(s) matched`);
+      return formatRecords(results);
+    }
+  },
+  {
+    name: "FetchXML with joins",
+    tier: "read",
+    callout: "FetchXML with linked entities and paging \u2014 native MCP has no FetchXML support",
+    async run(ctx, s) {
+      const fetchXml = `<fetch top="5">
+  <entity name="account">
+    <attribute name="name" />
+    <attribute name="accountid" />
+    <filter>
+      <condition attribute="name" operator="like" value="${DEMO_PREFIX}%" />
+    </filter>
+    <link-entity name="contact" from="parentcustomerid" to="accountid" link-type="outer">
+      <attribute name="fullname" />
+    </link-entity>
+  </entity>
+</fetch>`;
+      const results = await ctx.client.queryFetchXml("account", fetchXml);
+      s.message(`${results.length} record(s) with linked contacts`);
+      return formatRecords(results);
+    }
+  },
+  {
+    name: "Get single record",
+    tier: "read",
+    callout: "Field-level $select on single record \u2014 native MCP returns all fields always",
+    async run(ctx, s) {
+      const list = await ctx.client.query("accounts", "$top=1&$select=accountid,name");
+      if (list.length === 0) {
+        s.message("No accounts available");
+        return;
+      }
+      const id = list[0]["accountid"];
+      const record = await ctx.client.getRecord("account", id, ["name", "createdon"]);
+      s.message(`Retrieved: ${record["name"] ?? id}`);
+      const keys = Object.keys(record);
+      const rows = keys.map((k) => [k, String(record[k] ?? "")]);
+      return renderTable(rows, ["Field", "Value"], { dimHeaders: true });
+    }
+  },
+  // === Write tier (delete) ===
+  {
+    name: "Delete record",
+    tier: "write",
+    callout: "Delete with GUID validation and confirmation \u2014 dvx validates before sending to API",
+    async run(ctx) {
+      const id = ctx.createdIds.get("account");
+      if (!id) throw new Error("No account to delete \u2014 create step must run first");
+      await ctx.client.deleteRecord("account", id);
+      ctx.createdIds.delete("account");
+      return `Deleted account ${id}`;
+    }
+  },
+  // === Full tier ===
+  {
+    name: "Batch atomic create",
+    tier: "full",
+    callout: "Atomic batch with changeset \u2014 all-or-nothing, 1000 ops/request \u2014 native MCP has no batch",
+    async run(ctx) {
+      const ops = Array.from({ length: 5 }, (_, i) => ({
+        method: "POST",
+        path: "accounts",
+        body: { name: `${DEMO_PREFIX} Batch ${i + 1}` }
+      }));
+      const boundary = `batch_dvx_demo_${Date.now()}`;
+      const body = buildBatchBody(ops, boundary, { atomic: true });
+      await ctx.client.executeBatch(body, boundary);
+      return `5 accounts created atomically in a single changeset`;
+    }
+  },
+  {
+    name: "WhoAmI action",
+    tier: "full",
+    callout: "Custom action execution \u2014 call any action/SDK message \u2014 native MCP cannot call actions",
+    async run(ctx, s) {
+      const result = await ctx.client.executeAction("WhoAmI", {});
+      const userId = result["UserId"];
+      if (userId) s.message(`Authenticated as ${userId}`);
+      const keys = Object.keys(result);
+      const rows = keys.map((k) => [k, String(result[k] ?? "")]);
+      return renderTable(rows, ["Field", "Value"], { dimHeaders: true });
+    }
+  },
+  {
+    name: "Impersonated query",
+    tier: "full",
+    callout: "CallerObjectId impersonation \u2014 run as another user for audit trails",
+    async run(ctx, s) {
+      const whoami = await ctx.client.executeAction("WhoAmI", {});
+      const userId = whoami["UserId"];
+      if (!userId) {
+        s.message("Could not determine user ID \u2014 skipping impersonation");
+        return;
+      }
+      const { client: impersonatedClient } = await createClient({ callerObjectId: userId });
+      const results = await impersonatedClient.query("accounts", "$top=1&$select=name");
+      s.message(`Impersonated query returned ${results.length} record(s)`);
+      return formatRecords(results);
+    }
+  },
+  {
+    name: "FetchXML aggregation",
+    tier: "full",
+    callout: "FetchXML aggregation with groupby \u2014 server-side analytics, not possible via native MCP",
+    async run(ctx, s) {
+      const fetchXml = `<fetch aggregate="true">
+  <entity name="account">
+    <attribute name="statecode" groupby="true" alias="state" />
+    <attribute name="accountid" aggregate="count" alias="count" />
+  </entity>
+</fetch>`;
+      const results = await ctx.client.queryFetchXml("account", fetchXml);
+      s.message(`${results.length} state group(s)`);
+      return formatRecords(results);
+    }
+  }
+];
+async function demo(options) {
+  const selectedTier = await selectTier(options);
+  if (isInteractive()) {
+    clack2.intro(`dvx demo \u2014 ${selectedTier} tier`);
+  }
+  const { client } = await createClient();
+  const hasOpportunity = await checkOpportunityAvailable(client);
+  const maxIdx = TIER_ORDER.indexOf(selectedTier);
+  const activeSteps = ALL_DEMO_STEPS.filter((s) => TIER_ORDER.indexOf(s.tier) <= maxIdx);
+  const ctx = { client, createdIds: /* @__PURE__ */ new Map(), hasOpportunity };
+  const results = [];
+  const totalStart = performance.now();
+  try {
+    for (const step of activeSteps) {
+      const result = await runStep(step, ctx);
+      results.push(result);
+    }
+  } finally {
+    if (ctx.createdIds.size > 0) {
+      const s = createSpinner();
+      s.start("Cleaning up demo data...");
+      await cleanup(client, ctx.createdIds);
+      s.stop("Cleanup complete");
+    }
+    if (TIER_ORDER.indexOf(selectedTier) >= TIER_ORDER.indexOf("full")) {
+      const s = createSpinner();
+      s.start("Sweeping orphan demo records...");
+      await cleanup(client, /* @__PURE__ */ new Map());
+      s.stop("Orphan sweep complete");
+    }
+  }
+  const totalMs = Math.round(performance.now() - totalStart);
+  const passed = results.filter((r) => r.status === "pass").length;
+  if (options.output === "json") {
+    console.log(JSON.stringify({
+      tier: selectedTier,
+      totalMs,
+      passed,
+      total: results.length,
+      results: results.map((r) => ({ name: r.name, status: r.status, elapsedMs: r.elapsedMs, ...r.error ? { error: r.error } : {} }))
+    }, null, 2));
+  } else {
+    console.log("");
+    renderSummary(results);
+  }
+  if (isInteractive()) {
+    clack2.outro(`${passed}/${results.length} demos passed in ${totalMs}ms`);
+  }
+}
+
+// src/commands/completion.ts
+var COMMANDS = ["auth", "entities", "schema", "query", "get", "create", "update", "upsert", "delete", "batch", "action", "mcp", "init", "completion"];
+var BASH_COMPLETION = `
+# dvx bash completion
+_dvx_completion() {
+  local cur prev words
+  COMPREPLY=()
+  cur="\${COMP_WORDS[COMP_CWORD]}"
+  prev="\${COMP_WORDS[COMP_CWORD-1]}"
+
+  local commands="${COMMANDS.join(" ")}"
+  local auth_commands="create select login list"
+
+  case "\${prev}" in
+    dvx) COMPREPLY=($(compgen -W "\${commands}" -- "\${cur}")) ;;
+    auth) COMPREPLY=($(compgen -W "\${auth_commands}" -- "\${cur}")) ;;
+    completion) COMPREPLY=($(compgen -W "bash zsh powershell" -- "\${cur}")) ;;
+    *) COMPREPLY=($(compgen -f -- "\${cur}")) ;;
+  esac
+}
+complete -F _dvx_completion dvx
+`.trim();
+var ZSH_COMPLETION = `
+#compdef dvx
+_dvx() {
+  local state
+  _arguments \\
+    '1: :->cmd' \\
+    '*: :->args'
+  case $state in
+    cmd) _values 'commands' ${COMMANDS.join(" ")} ;;
+    args) case $words[2] in
+      auth) _values 'auth commands' create select login list ;;
+      completion) _values 'shells' bash zsh powershell ;;
+    esac ;;
+  esac
+}
+_dvx "$@"
+`.trim();
+var POWERSHELL_COMPLETION = `
+Register-ArgumentCompleter -Native -CommandName dvx -ScriptBlock {
+  param($wordToComplete, $commandAst, $cursorPosition)
+  $commands = @(${COMMANDS.map((c) => `'${c}'`).join(",")})
+  $commands | Where-Object { $_ -like "\${wordToComplete}*" } | ForEach-Object {
+    [System.Management.Automation.CompletionResult]::new($_, $_, 'ParameterValue', $_)
+  }
+}
+`.trim();
+function completion(shell) {
+  switch (shell) {
+    case "bash":
+      console.log(BASH_COMPLETION);
+      break;
+    case "zsh":
+      console.log(ZSH_COMPLETION);
+      break;
+    case "powershell":
+      console.log(POWERSHELL_COMPLETION);
+      break;
+  }
+}
+
+// src/index.ts
+import { createRequire } from "module";
+var require2 = createRequire(import.meta.url);
+var { version } = require2("../package.json");
+var BANNER = `
+\x1B[36m{_____    {__         {__\x1B[0m\x1B[33m{__      {__\x1B[0m
+\x1B[36m{__   {__  {__       {__  \x1B[0m\x1B[33m{__   {__\x1B[0m
+\x1B[36m{__    {__  {__     {__    \x1B[0m\x1B[33m{__ {__\x1B[0m
+\x1B[36m{__    {__   {__   {__     \x1B[0m\x1B[33m  {__\x1B[0m
+\x1B[36m{__    {__    {__ {__      \x1B[0m\x1B[33m{__ {__\x1B[0m        \x1B[2mAgent-first CLI/MCP for\x1B[0m
+\x1B[36m{__   {__      {____      \x1B[0m\x1B[33m{__   {__\x1B[0m       \x1B[2mMicrosoft Dataverse\x1B[0m
+\x1B[36m{_____          {__      \x1B[0m\x1B[33m{__      {__\x1B[0m     \x1B[2mv${version}\x1B[0m
+`;
+var program = new Command();
+program.name("dvx").description("Agent-first CLI for Microsoft Dataverse CE/Sales/Service").version(version).option("--no-color", "Disable color output").option("--quiet", "Suppress all progress output").addHelpText("before", () => {
+  const opts = program.opts();
+  return opts.color === false ? stripAnsi(BANNER) : BANNER;
+}).action(() => {
+  program.outputHelp();
+});
+program.hook("preAction", (thisCommand) => {
+  const opts = thisCommand.optsWithGlobals();
+  setUxOptions({
+    quiet: opts.quiet ?? false,
+    noColor: opts.color === false
+  });
+});
+var auth = program.command("auth").description("Manage authentication profiles");
+auth.command("login").description("Sign in to a Dataverse environment").option("--name <name>", "Profile name", "default").option("--url <url>", "Dataverse environment URL (auto-discovered if omitted)").option("--tenant-id <id>", "Entra tenant ID (auto-detected from sign-in if omitted)").option("--client-id <id>", "App registration client ID (auto-created if omitted)").option("--service-principal", "Use service principal (client credentials) auth").option("--client-secret <secret>", "Client secret (prefer DATAVERSE_CLIENT_SECRET env var)").action(async (opts) => {
+  await authLogin({
+    name: opts.name,
+    url: opts.url,
+    tenantId: opts.tenantId,
+    clientId: opts.clientId,
+    clientSecret: opts.clientSecret,
+    servicePrincipal: opts.servicePrincipal
+  });
+});
+auth.command("logout").description("Remove auth profile").option("--all", "Remove all profiles").action(async (opts) => {
+  await authLogout({ all: opts.all });
+});
+auth.command("list").alias("status").description("List all authentication profiles").addOption(new Option("--output <format>", "Output format").choices(["json", "table"]).default("table")).action(async (opts) => {
+  await authList({ output: opts.output });
+});
+auth.command("select").description("Switch active authentication profile").argument("<profile>", "Profile name to activate").action(async (profileName) => {
+  await authSelect(profileName);
+});
+program.command("entities").description("List all entities in the environment").addOption(new Option("--output <format>", "Output format").choices(["json", "table", "ndjson"]).default("table")).action(async (opts) => {
+  await entities({ output: opts.output });
+});
+program.command("schema").description("Get entity schema with attribute definitions").argument("<entity>", "Entity logical name").addOption(new Option("--output <format>", "Output format").choices(["json", "table"]).default("json")).option("--no-cache", "Force live fetch, bypass cache").option("--refresh", "Invalidate cached schema for this entity before fetching").option("--refresh-all", "Clear entire schema cache before fetching").action(async (entityName, opts) => {
+  await schema(entityName, { output: opts.output, noCache: !opts.cache, refresh: opts.refresh, refreshAll: opts.refreshAll });
+});
+program.command("query").description("Query records using OData or FetchXML").option("--odata <expression>", "OData query expression (entitySetName?$filter=...)").option("--fetchxml <xml>", "FetchXML query string").option("--file <path>", "Read query from file (auto-detects OData or FetchXML)").option("--fields <fields>", "Comma-separated field names to select").option("--page-all", "Stream all pages as NDJSON", false).option("--max-rows <n>", "Maximum rows to return", parseInt).option("--dry-run", "Preview the operation without executing", false).addOption(new Option("--output <format>", "Output format").choices(["json", "ndjson", "table"]).default("json")).action(async (opts) => {
+  await query({
+    odata: opts.odata,
+    fetchxml: opts.fetchxml,
+    file: opts.file,
+    fields: opts.fields,
+    pageAll: opts.pageAll,
+    maxRows: opts.maxRows,
+    output: opts.output,
+    dryRun: opts.dryRun
+  });
+});
+program.command("get").description("Get a single record by ID").argument("<entity>", "Entity logical name").argument("<id>", "Record GUID").option("--fields <fields>", "Comma-separated field names to select").addOption(new Option("--output <format>", "Output format").choices(["json", "table"]).default("json")).action(async (entityName, id, opts) => {
+  await get(entityName, id, { fields: opts.fields, output: opts.output });
+});
+program.command("create").description("Create a new record").argument("<entity>", "Entity logical name").requiredOption("--json <data>", "JSON payload for the record").option("--dry-run", "Preview the operation without executing", false).option("--as-user <id>", "Run as this Entra user object ID (CallerObjectId)").addOption(new Option("--output <format>", "Output format: json|table").choices(["json", "table"]).default("table")).action(async (entityName, opts) => {
+  await createRecord(entityName, { json: opts.json, dryRun: opts.dryRun, callerObjectId: opts.asUser, output: opts.output });
+});
+program.command("update").description("Update an existing record").argument("<entity>", "Entity logical name").argument("<id>", "Record GUID").requiredOption("--json <data>", "JSON payload with fields to update").option("--dry-run", "Preview the operation without executing", false).option("--as-user <id>", "Run as this Entra user object ID (CallerObjectId)").addOption(new Option("--output <format>", "Output format: json|table").choices(["json", "table"]).default("table")).action(async (entityName, id, opts) => {
+  await updateRecord(entityName, id, { json: opts.json, dryRun: opts.dryRun, callerObjectId: opts.asUser, output: opts.output });
+});
+program.command("upsert").description("Create or update a record based on a match field").argument("<entity>", "Entity logical name").requiredOption("--match-field <field>", "Field to match on for upsert").requiredOption("--json <data>", "JSON payload for the record").option("--dry-run", "Preview the operation without executing", false).option("--as-user <id>", "Run as this Entra user object ID (CallerObjectId)").addOption(new Option("--output <format>", "Output format: json|table").choices(["json", "table"]).default("table")).action(async (entityName, opts) => {
+  await upsertRecord(entityName, { matchField: opts.matchField, json: opts.json, dryRun: opts.dryRun, callerObjectId: opts.asUser, output: opts.output });
+});
+program.command("delete").description("Delete a record by ID").argument("<entity>", "Entity logical name").argument("<id>", "Record GUID").option("--confirm", "Skip confirmation prompt", false).option("--dry-run", "Preview the operation without executing", false).option("--as-user <id>", "Run as this Entra user object ID (CallerObjectId)").addOption(new Option("--output <format>", "Output format: json|table").choices(["json", "table"]).default("table")).action(async (entityName, id, opts) => {
+  await deleteRecord(entityName, id, { confirm: opts.confirm, dryRun: opts.dryRun, callerObjectId: opts.asUser, output: opts.output });
+});
+program.command("batch").description("Execute batch operations from a file").requiredOption("--file <path>", "JSON file with batch operations").option("--atomic", "Wrap operations in a changeset for atomicity", false).option("--dry-run", "Preview the operation without executing", false).option("--as-user <id>", "Run as this Entra user object ID (CallerObjectId)").addOption(new Option("--output <format>", "Output format: json|table").choices(["json", "table"]).default("table")).action(async (opts) => {
+  await batch({ file: opts.file, atomic: opts.atomic, dryRun: opts.dryRun, callerObjectId: opts.asUser, output: opts.output });
+});
+program.command("action").description("Execute a Dataverse action or SDK message").argument("<action>", "Action name (PascalCase)").requiredOption("--json <data>", "JSON payload for the action").option("--entity <entity>", "Entity logical name for bound actions").option("--id <id>", "Record GUID for bound actions").option("--dry-run", "Preview the operation without executing", false).option("--as-user <id>", "Run as this Entra user object ID (CallerObjectId)").addOption(new Option("--output <format>", "Output format: json|table").choices(["json", "table"]).default("table")).action(async (actionName, opts) => {
+  await actionCommand(actionName, { json: opts.json, entity: opts.entity, id: opts.id, dryRun: opts.dryRun, callerObjectId: opts.asUser, output: opts.output });
+});
+program.command("demo").description("Run interactive demo showcasing dvx capabilities").addOption(new Option("--tier <tier>", "Demo depth tier").choices(["read", "write", "full"])).addOption(new Option("--output <format>", "Output format").choices(["json", "table"]).default("table")).action(async (opts) => {
+  await demo({ tier: opts.tier, output: opts.output });
+});
+program.command("mcp").description("Start MCP server for agent consumption").option("--entities <entities>", "Comma-separated entity logical names to scope tools").option("--port <port>", "Port for HTTP transport", parseInt).addOption(new Option("--transport <transport>", "Transport type: stdio|http").choices(["stdio", "http"]).default("stdio")).action(async (options) => {
+  const { startMcpServer } = await import("./server-KJMLJWZI.js");
+  await startMcpServer({
+    entities: options.entities?.split(",").map((e) => e.trim()),
+    transport: options.transport,
+    port: options.port
+  });
+});
+program.command("completion").description("Generate shell completion script").argument("<shell>", "Shell type: bash, zsh, or powershell").action((shell) => {
+  completion(shell);
+});
+function getHint(error, argv) {
+  const msg = error.message;
+  const args = argv.join(" ");
+  if (msg.includes("Bad Request") && args.includes("--odata")) {
+    const odataArg = argv[argv.indexOf("--odata") + 1] ?? "";
+    if (odataArg.includes("?=") || odataArg.includes("&=") || !odataArg.includes("$")) {
+      return "Use single quotes to prevent shell expansion of $ in OData: --odata '/entities?$top=10'";
+    }
+  }
+  if (error.name === "AuthProfileNotFoundError") {
+    return "Run `dvx auth login` to set up authentication.";
+  }
+  if (error.name === "AuthProfileExistsError") {
+    return "Use `dvx auth select <name>` to switch profiles, or `dvx auth logout` to remove the existing one.";
+  }
+  if (error.name === "TokenAcquisitionError" && msg.includes("Client secret not found")) {
+    return "Set DATAVERSE_CLIENT_SECRET env var, or use `dvx auth login` for delegated (browser) auth.";
+  }
+  if (error.name === "EntityNotFoundError") {
+    return 'Run `dvx entities` to list available entities. Entity names are singular (e.g., "account" not "accounts").';
+  }
+  if (error.name === "RecordNotFoundError") {
+    return "Verify the record ID is correct. Use `dvx query` to search for records.";
+  }
+  if (error.name === "ValidationError" && msg.includes("GUID")) {
+    return "GUIDs must be in format: 00000000-0000-0000-0000-000000000000";
+  }
+  if (error.name === "ImpersonationPrivilegeError") {
+    return "The application user needs the prvActOnBehalfOfAnotherUser privilege. Assign it via a security role in Dataverse admin.";
+  }
+  if (error.name === "FetchXmlValidationError") {
+    return "Wrap FetchXML in single quotes to prevent shell interpretation of < and > characters.";
+  }
+  if (error.name === "DataverseError" && msg.includes("401")) {
+    return "Authentication expired or invalid. Run `dvx auth login` to re-authenticate.";
+  }
+  if (error.name === "DataverseError" && msg.includes("403")) {
+    return "Check that the authenticated user/app has the required security role in Dataverse.";
+  }
+  if (msg.includes("JSON") || msg.includes("Unexpected token")) {
+    if (args.includes("--json")) {
+      return `Ensure --json value is valid JSON. Use single quotes around the value: --json '{"name": "value"}'`;
+    }
+  }
+  return void 0;
+}
+function getOutputFormat(argv) {
+  const idx = argv.indexOf("--output");
+  return idx >= 0 ? argv[idx + 1] : void 0;
+}
+async function main() {
+  try {
+    await program.parseAsync(process.argv);
+  } catch (error) {
+    const outputFormat = getOutputFormat(process.argv);
+    if (error instanceof Error) {
+      if (outputFormat === "json") {
+        const hint = getHint(error, process.argv);
+        const payload = {
+          error: error.message,
+          code: error.name
+        };
+        if (hint) payload["hint"] = hint;
+        console.log(JSON.stringify(payload));
+      } else {
+        logError(error.message);
+        const hint = getHint(error, process.argv);
+        if (hint) {
+          logInfo(hint);
+        }
+      }
+      if (process.env["DVX_DEBUG"] === "true") {
+        console.error(error.stack);
+      }
+    } else {
+      if (outputFormat === "json") {
+        console.log(JSON.stringify({ error: String(error), code: "UnknownError" }));
+      } else {
+        console.error("Unknown error:", error);
+      }
+    }
+    process.exit(1);
+  }
+}
+var index_default = main;
+main();
+export {
+  index_default as default
+};
+//# sourceMappingURL=index.js.map