@startanaicompany/cli 1.4.21 → 1.5.0

package/CLAUDE.md

@@ -146,16 +146,28 @@ Uses Commander.js to define:
 5. All subsequent API requests include X-Session-Token header
 6. Token expires after 1 year → user must login again
 
-**API Key Flow (CI/CD & Scripts):**
-1. User logs in with email + API key → API returns session token
-2. Environment variable `SAAC_API_KEY` can override stored credentials
-3. Useful for automation, scripts, and CI/CD pipelines
+**Auto-Login Flow (CI/CD & Automation):**
+1. User sets `SAAC_USER_API_KEY` and `SAAC_USER_EMAIL` environment variables
+2. Any command checks `ensureAuthenticated()` instead of `isAuthenticated()`
+3. If not logged in, `ensureAuthenticated()` checks for env vars
+4. If both present, automatically calls login API
+5. Session token saved to config, cached for subsequent commands
+6. Subsequent commands use cached session (fast path, no API call)
 
 **Authentication Priority:**
 ```javascript
-// In api.js createClient()
+// In commands (e.g., deploy.js, list.js, etc.)
+if (!(await ensureAuthenticated())) {
+  // Not logged in and auto-login failed
+  logger.error('Not logged in');
+  logger.info('Run: saac login -e <email> -k <api-key>');
+  logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
+  process.exit(1);
+}
+
+// In api.js createClient() - Header priority:
 if (process.env.SAAC_API_KEY) {
-  headers['X-API-Key'] = SAAC_API_KEY;  // 1st priority
+  headers['X-API-Key'] = SAAC_API_KEY;  // 1st priority (legacy)
 } else if (user.sessionToken) {
   headers['X-Session-Token'] = sessionToken;  // 2nd priority
 } else if (user.apiKey) {
@@ -163,6 +175,11 @@ if (process.env.SAAC_API_KEY) {
 }
 ```
 
+**Environment Variables:**
+- `SAAC_USER_API_KEY` - API key for auto-login (NEW)
+- `SAAC_USER_EMAIL` - Email for auto-login (NEW)
+- `SAAC_API_KEY` - Legacy API key (used directly in API headers, bypasses login)
+
 ### Application Lifecycle
 
 1. **Create/Init** → applicationUuid saved to `.saac/config.json`
@@ -205,10 +222,53 @@ The CLI now uses session tokens instead of storing permanent API keys:
 ```
 
 **Token Validation Functions** (in `config.js`):
-- `isAuthenticated()` - Checks if user has valid, non-expired token
+- `isAuthenticated()` - Checks if user has valid, non-expired token (synchronous)
+- `ensureAuthenticated()` - **NEW**: Checks authentication + auto-login via env vars (async)
 - `isTokenExpired()` - Checks if session token has expired
 - `isTokenExpiringSoon()` - Checks if token expires within 7 days
 
+**ensureAuthenticated() Function:**
+```javascript
+async function ensureAuthenticated() {
+  // Step 1: Check if already authenticated (fast path)
+  if (isAuthenticated()) {
+    return true;
+  }
+
+  // Step 2: Check for environment variables
+  const apiKey = process.env.SAAC_USER_API_KEY;
+  const email = process.env.SAAC_USER_EMAIL;
+
+  if (!apiKey || !email) {
+    return false; // No env vars - cannot auto-login
+  }
+
+  // Step 3: Attempt auto-login via API
+  try {
+    const api = require('./api');
+    const result = await api.login(email, apiKey);
+
+    // Step 4: Save session token to config
+    saveUser({
+      email: result.user.email,
+      userId: result.user.id,
+      sessionToken: result.session_token,
+      expiresAt: result.expires_at,
+      verified: result.user.verified,
+    });
+
+    return true; // Auto-login successful
+  } catch (error) {
+    return false; // Auto-login failed
+  }
+}
+```
+
+**When to use:**
+- Use `ensureAuthenticated()` in ALL non-auth commands (deploy, list, create, etc.)
+- Use `isAuthenticated()` only when you don't want auto-login behavior
+- Commands that should NOT use `ensureAuthenticated()`: login, logout, register, verify
+
 **Backend Requirements:**
 - `POST /auth/login` - Accepts `X-API-Key` + email, returns session token
 - Middleware must accept both `X-Session-Token` and `X-API-Key` headers

package/README.md

@@ -272,6 +272,259 @@ saac whoami
 
 ---
 
+## Environment Variables for CI/CD
+
+The SAAC CLI supports **automatic authentication** via environment variables, perfect for CI/CD pipelines, Docker containers, and automation scripts.
+
+### How It Works
+
+When you run any SAAC command:
+1. CLI checks if you're already logged in (session token exists)
+2. If not logged in, checks for `SAAC_USER_API_KEY` and `SAAC_USER_EMAIL` environment variables
+3. If both are present, **automatically logs in** via API
+4. Session token is cached for subsequent commands (same performance as manual login)
+
+### Required Environment Variables
+
+- `SAAC_USER_API_KEY` - Your API key (format: `cw_...`)
+- `SAAC_USER_EMAIL` - Your email address
+
+**Both variables must be set** for auto-login to work.
+
+### Usage Examples
+
+#### GitHub Actions
+
+```yaml
+name: Deploy to SAAC
+on:
+  push:
+    branches: [main]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install SAAC CLI
+        run: npm install -g @startanaicompany/cli
+
+      - name: Deploy Application
+        env:
+          SAAC_USER_API_KEY: ${{ secrets.SAAC_API_KEY }}
+          SAAC_USER_EMAIL: ${{ secrets.SAAC_EMAIL }}
+        run: |
+          saac deploy
+          saac logs --deployment
+```
+
+**Setup:**
+1. Go to your repo → Settings → Secrets → Actions
+2. Add `SAAC_API_KEY` with your API key
+3. Add `SAAC_EMAIL` with your email address
+
+#### GitLab CI/CD
+
+```yaml
+deploy:
+  stage: deploy
+  image: node:18
+  variables:
+    SAAC_USER_API_KEY: $CI_SAAC_API_KEY
+    SAAC_USER_EMAIL: $CI_SAAC_EMAIL
+  script:
+    - npm install -g @startanaicompany/cli
+    - saac deploy
+    - saac logs --deployment
+  only:
+    - main
+```
+
+**Setup:**
+1. Go to your project → Settings → CI/CD → Variables
+2. Add `CI_SAAC_API_KEY` (protected, masked)
+3. Add `CI_SAAC_EMAIL`
+
+#### Docker
+
+```dockerfile
+FROM node:18
+
+# Install SAAC CLI
+RUN npm install -g @startanaicompany/cli
+
+# Set environment variables (use build args for security)
+ARG SAAC_API_KEY
+ARG SAAC_EMAIL
+ENV SAAC_USER_API_KEY=$SAAC_API_KEY
+ENV SAAC_USER_EMAIL=$SAAC_EMAIL
+
+# Your application code
+WORKDIR /app
+COPY . .
+
+# Deploy on container startup
+CMD ["sh", "-c", "saac deploy && npm start"]
+```
+
+**Build with secrets:**
+```bash
+docker build \
+  --build-arg SAAC_API_KEY=cw_your_key \
+  --build-arg SAAC_EMAIL=your@email.com \
+  -t my-app .
+```
+
+#### Local Shell Script
+
+```bash
+#!/bin/bash
+set -e
+
+# Set environment variables
+export SAAC_USER_API_KEY=cw_your_api_key_here
+export SAAC_USER_EMAIL=your@email.com
+
+# Run SAAC commands
+saac deploy
+saac logs --deployment
+saac status
+
+echo "Deployment complete!"
+```
+
+#### With .env File (Local Development)
+
+Create `.env` file (**add to `.gitignore`!**):
+```bash
+SAAC_USER_API_KEY=cw_your_api_key_here
+SAAC_USER_EMAIL=your@email.com
+```
+
+Use with a script:
+```bash
+#!/bin/bash
+# Load .env file
+set -a
+source .env
+set +a
+
+# Run SAAC commands
+saac list
+saac status
+```
+
+### Security Best Practices
+
+✅ **DO:**
+- Store API keys in secrets management (GitHub Secrets, GitLab Variables, AWS Secrets Manager, etc.)
+- Use environment variables for automation
+- Add `.env` files to `.gitignore`
+- Rotate API keys periodically with `saac keys regenerate`
+- Use different API keys for different environments (dev, staging, prod)
+- Set secrets as "protected" and "masked" in CI/CD systems
+
+❌ **DON'T:**
+- Commit API keys to version control
+- Share API keys in plain text (Slack, email, etc.)
+- Hardcode API keys in scripts or Dockerfiles
+- Use the same API key across multiple teams/projects
+- Log API keys in CI/CD output
+
+### How It Differs from Manual Login
+
+| Feature | Manual Login | Auto-Login (Env Vars) |
+|---------|--------------|----------------------|
+| Session token created | ✅ Yes | ✅ Yes |
+| Session cached locally | ✅ Yes | ✅ Yes |
+| Session expires | ✅ 1 year | ✅ 1 year |
+| Requires user interaction | ❌ No (after first login) | ✅ Fully automated |
+| Perfect for CI/CD | ⚠️ Requires manual setup | ✅ Native support |
+| Performance | ⚡ Fast (cached) | ⚡ Fast (cached after first auto-login) |
+
+### Troubleshooting
+
+**"Not logged in" despite setting environment variables:**
+- Verify both `SAAC_USER_API_KEY` and `SAAC_USER_EMAIL` are set:
+  ```bash
+  echo $SAAC_USER_API_KEY
+  echo $SAAC_USER_EMAIL
+  ```
+- Ensure API key is valid (not revoked or expired)
+- Check API key format starts with `cw_`
+- Try logging in manually to verify credentials work:
+  ```bash
+  saac login -e $SAAC_USER_EMAIL -k $SAAC_USER_API_KEY
+  ```
+
+**Environment variables not being read:**
+- Make sure variables are exported: `export SAAC_USER_API_KEY=...`
+- Check for typos in variable names (must be exact)
+- In Docker, ensure ENV is set or use build args correctly
+- In CI/CD, verify secrets are configured correctly
+
+**Security concerns:**
+- Never print environment variables in logs: `echo $SAAC_USER_API_KEY` ❌
+- Use masked/protected secrets in CI/CD systems
+- Regenerate API key if accidentally exposed: `saac keys regenerate`
+- Monitor active sessions: `saac sessions`
+
+### Example: Complete CI/CD Workflow
+
+```yaml
+name: Full Deployment Workflow
+on:
+  push:
+    branches: [main, staging]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '18'
+
+      - name: Install Dependencies
+        run: npm install
+
+      - name: Run Tests
+        run: npm test
+
+      - name: Install SAAC CLI
+        run: npm install -g @startanaicompany/cli
+
+      - name: Deploy to SAAC
+        env:
+          SAAC_USER_API_KEY: ${{ secrets.SAAC_API_KEY }}
+          SAAC_USER_EMAIL: ${{ secrets.SAAC_EMAIL }}
+        run: |
+          # Auto-login happens automatically!
+          saac deploy
+
+          # Wait for deployment to complete (built-in timeout)
+          echo "Deployment finished!"
+
+      - name: Check Application Status
+        env:
+          SAAC_USER_API_KEY: ${{ secrets.SAAC_API_KEY }}
+          SAAC_USER_EMAIL: ${{ secrets.SAAC_EMAIL }}
+        run: |
+          saac status
+          saac logs --deployment | tail -20
+
+      - name: Notify on Failure
+        if: failure()
+        run: |
+          echo "Deployment failed! Check logs with: saac logs --deployment"
+```
+
+---
+
 ## Git OAuth
 
 SAAC CLI uses **OAuth-only authentication** for Git access. You must connect your Git account before creating applications.
@@ -374,6 +627,141 @@ saac git disconnect git.startanaicompany.com
 - Existing applications continue to work
 - New applications will require reconnection
 
+### `saac git repos <host>`
+
+List repositories from a connected Git host.
+
+```bash
+# Basic usage
+saac git repos git.startanaicompany.com
+saac git repos github.com
+
+# Include latest commit information
+saac git repos github.com --commits
+
+# Filter by visibility
+saac git repos github.com --visibility private
+saac git repos github.com --visibility public
+
+# With pagination
+saac git repos github.com --page 2 --per-page 10
+
+# Sort repositories
+saac git repos github.com --sort created
+saac git repos github.com --sort name
+
+# JSON output for scripting
+saac git repos github.com --json
+
+# Combine options
+saac git repos github.com --commits --visibility private --per-page 20
+```
+
+**Options:**
+- `-p, --page <number>` - Page number for pagination (default: 1)
+- `-n, --per-page <number>` - Results per page, max 100 (default: 20)
+- `-s, --sort <type>` - Sort order: `updated`, `created`, `name` (default: `updated`)
+- `-v, --visibility <type>` - Filter: `all`, `public`, `private` (default: `all`)
+- `-c, --commits` - Include latest commit info for each repository
+- `--json` - Output as JSON for scripting
+
+**Shows:**
+- Repository name
+- Visibility (public/private)
+- Last updated timestamp
+- Default branch
+- Primary language
+- Latest commit (with `--commits` flag)
+
+**Example output (without commits):**
+```
+Repositories on git.startanaicompany.com (ryan.gogo)
+────────────────────────────────────────────────────
+
+NAME                VISIBILITY   UPDATED                BRANCH  LANGUAGE
+mysimpleflowershop  private      1/27/2026, 12:52:18 AM master  JavaScript
+api-server          private      1/26/2026, 8:30:00 PM  main    TypeScript
+landing-page        public       1/25/2026, 3:15:00 PM  master  HTML
+
+Showing 3 repositories (page 1)
+```
+
+**Example output (with `--commits`):**
+```
+Repositories on git.startanaicompany.com (ryan.gogo)
+────────────────────────────────────────────────────
+
+NAME                VISIBILITY   LAST COMMIT
+mysimpleflowershop  private      4b2c63f Initial commit - Simple Flower (3d ago)
+api-server          private      a90373d Add user authentication (1d ago)
+landing-page        public       f1e2d3c Update homepage design (5h ago)
+
+Showing 3 repositories (page 1)
+```
+
+**JSON output:**
+```bash
+$ saac git repos github.com --json
+
+{
+  "success": true,
+  "git_host": "github.com",
+  "username": "johndoe",
+  "provider_type": "github",
+  "repositories": [
+    {
+      "name": "my-app",
+      "fullName": "johndoe/my-app",
+      "description": "A cool application",
+      "private": false,
+      "sshUrl": "git@github.com:johndoe/my-app.git",
+      "cloneUrl": "https://github.com/johndoe/my-app.git",
+      "htmlUrl": "https://github.com/johndoe/my-app",
+      "defaultBranch": "main",
+      "updatedAt": "2026-01-30T12:00:00Z",
+      "language": "JavaScript",
+      "latestCommit": {
+        "sha": "abc1234",
+        "message": "Fix authentication bug",
+        "author": "John Doe",
+        "date": "2026-01-30T11:30:00Z"
+      }
+    }
+  ],
+  "count": 1,
+  "page": 1,
+  "per_page": 100
+}
+```
+
+**Use Cases:**
+- Browse available repositories before creating an application
+- Find repository SSH URLs for `saac create` command
+- Check latest commits without visiting Git provider
+- Script repository discovery and automation
+- Filter personal vs organization repositories
+
+**Performance Notes:**
+- Without `--commits`: Fast (single API call)
+- With `--commits`: Slower (fetches commit info for each repo in parallel)
+- Use `--commits` only when you need commit information
+
+**Example Workflow:**
+```bash
+# 1. Connect to Git host
+saac git connect github.com
+
+# 2. List your repositories
+saac git repos github.com
+
+# 3. Find the repository you want to deploy
+saac git repos github.com --visibility private
+
+# 4. Copy the SSH URL from the output
+# 5. Create application with that repository
+saac create my-app -s myapp -r git@github.com:username/my-app.git
+```
+
 ---
 
 ## Application Management
@@ -392,31 +780,78 @@ saac init
 - Have an existing project
 - Want to manage an application from a different directory
 
-**What it does:**
-1. Fetches all your SAAC applications
-2. Shows interactive list to select from
-3. Saves selected application info to `.saac/config.json`
-4. Now you can use `saac deploy`, `saac logs`, etc.
+**Smart Auto-Detection (NEW!):**
+
+If you're in a Git repository, `saac init` automatically detects the remote URL and matches it to your applications:
 
-**Example:**
 ```bash
+$ cd mysimpleflowershop
 $ saac init
 
-Select Application
-──────────────────
+Initialize SAAC Project
+───────────────────────
 
-? Which application do you want to link to this directory?
-  ❯ mysimpleflowershop (mysimpleflowershop.startanaicompany.com)
-    api-server (api.startanaicompany.com)
-    landing-page (landing.startanaicompany.com)
+✓ Found 3 application(s)
+
+ℹ Auto-detected Git repository: git@git.startanaicompany.com:ryan.gogo/mysimpleflowershop.git
+
+  Matched Application: mysimpleflowershop
+  Domain: mysimpleflowershop.startanaicompany.com
+  Status: running:healthy
+
+? Link this application to the current directory? (Y/n) Yes
+
+✓ Project initialized!
+
+  Application: mysimpleflowershop
+  UUID: abc123-def456...
+  Domain: mysimpleflowershop.startanaicompany.com
+  Status: running:healthy
+
+You can now use:
+  saac deploy              Deploy your application
+  saac logs --follow       View deployment logs
+  saac status              Check application status
+  saac update --port 8080  Update configuration
+```
 
-✓ Application linked successfully!
+**How Auto-Detection Works:**
+1. Reads Git remote URL from `.git/config`
+2. Normalizes both Git remote and application repositories
+3. Matches against your applications automatically
+4. Asks for confirmation (defaults to Yes)
+5. Falls back to manual selection if no match found or if you decline
 
-ℹ Configuration saved to .saac/config.json
-ℹ You can now use:
-  saac deploy    - Deploy application
-  saac logs      - View logs
-  saac status    - Check status
+**Supports:**
+- SSH URLs: `git@github.com:user/repo.git`
+- HTTPS URLs: `https://github.com/user/repo.git`
+- With or without `.git` suffix
+- Case-insensitive matching
+
+**Manual Selection (fallback):**
+
+If not in a Git repository or no match found, shows interactive list:
+
+```bash
+$ saac init
+
+? Select application to link to this directory:
+  ❯ mysimpleflowershop - mysimpleflowershop.startanaicompany.com (running:healthy)
+    api-server - api.startanaicompany.com (running:healthy)
+    landing-page - landing.startanaicompany.com (stopped)
+```
+
+**What it saves:**
+
+Creates `.saac/config.json` in current directory:
+```json
+{
+  "applicationUuid": "abc123-def456...",
+  "applicationName": "mysimpleflowershop",
+  "subdomain": "mysimpleflowershop",
+  "domainSuffix": "startanaicompany.com",
+  "gitRepository": "git@git.startanaicompany.com:ryan.gogo/mysimpleflowershop.git"
+}
 ```
 
 ### `saac create <name>`

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@startanaicompany/cli",
-  "version": "1.4.21",
+  "version": "1.5.0",
   "description": "Official CLI for StartAnAiCompany.com - Deploy AI recruitment sites with ease",
   "main": "src/index.js",
   "bin": {

package/src/commands/create.js

@@ -3,7 +3,7 @@
  */
 
 const api = require('../lib/api');
-const { isAuthenticated, saveProjectConfig, getUser, getProjectConfig } = require('../lib/config');
+const { ensureAuthenticated, saveProjectConfig, getUser, getProjectConfig } = require('../lib/config');
 const logger = require('../lib/logger');
 const oauth = require('../lib/oauth');
 const inquirer = require('inquirer');
@@ -12,12 +12,11 @@ const errorDisplay = require('../lib/errorDisplay');
 
 async function create(name, options) {
   try {
-    // Check authentication
-    if (!isAuthenticated()) {
+    // Check authentication (with auto-login support)
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
-      logger.newline();
-      logger.info('Run:');
-      logger.log('  saac login -e <email> -k <api-key>');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/delete.js

@@ -3,7 +3,7 @@
  */
 
 const api = require('../lib/api');
-const { getProjectConfig, isAuthenticated } = require('../lib/config');
+const { getProjectConfig, ensureAuthenticated } = require('../lib/config');
 const logger = require('../lib/logger');
 const inquirer = require('inquirer');
 const fs = require('fs');
@@ -16,8 +16,10 @@ const path = require('path');
 async function deleteApp(options) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/deploy.js

@@ -3,15 +3,17 @@
  */
 
 const api = require('../lib/api');
-const { getProjectConfig, isAuthenticated } = require('../lib/config');
+const { getProjectConfig, ensureAuthenticated } = require('../lib/config');
 const logger = require('../lib/logger');
 const errorDisplay = require('../lib/errorDisplay');
 
 async function deploy(options) {
   try {
-    // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    // Check authentication (with auto-login support)
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/deployments.js

@@ -3,15 +3,17 @@
  */
 
 const api = require('../lib/api');
-const { getProjectConfig, isAuthenticated } = require('../lib/config');
+const { getProjectConfig, ensureAuthenticated } = require('../lib/config');
 const logger = require('../lib/logger');
 const { table } = require('table');
 
 async function deployments(options) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/domain.js

@@ -3,7 +3,7 @@
  */
 
 const api = require('../lib/api');
-const { getProjectConfig, isAuthenticated, saveProjectConfig } = require('../lib/config');
+const { getProjectConfig, ensureAuthenticated, saveProjectConfig } = require('../lib/config');
 const logger = require('../lib/logger');
 
 /**
@@ -14,8 +14,10 @@ const logger = require('../lib/logger');
 async function set(subdomain, options) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 
@@ -149,8 +151,10 @@ async function set(subdomain, options) {
 async function show() {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/env.js

@@ -3,7 +3,7 @@
  */
 
 const api = require('../lib/api');
-const { getProjectConfig, isAuthenticated } = require('../lib/config');
+const { getProjectConfig, ensureAuthenticated } = require('../lib/config');
 const logger = require('../lib/logger');
 const { table } = require('table');
 
@@ -14,8 +14,10 @@ const { table } = require('table');
 async function get(key) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 
@@ -108,8 +110,10 @@ async function list() {
 async function set(vars) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/exec.js

@@ -3,7 +3,7 @@
  */
 
 const api = require('../lib/api');
-const { getProjectConfig, isAuthenticated } = require('../lib/config');
+const { getProjectConfig, ensureAuthenticated } = require('../lib/config');
 const logger = require('../lib/logger');
 const { table } = require('table');
 
@@ -15,8 +15,10 @@ const { table } = require('table');
 async function exec(command, options = {}) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 
@@ -156,8 +158,10 @@ async function exec(command, options = {}) {
 async function history(options = {}) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/git.js

@@ -4,7 +4,7 @@
 
 const oauth = require('../lib/oauth');
 const api = require('../lib/api');
-const { isAuthenticated, getUser } = require('../lib/config');
+const { ensureAuthenticated, getUser } = require('../lib/config');
 const logger = require('../lib/logger');
 const { table } = require('table');
 const inquirer = require('inquirer');
@@ -15,11 +15,10 @@ const inquirer = require('inquirer');
 async function connect(host) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
-      logger.newline();
-      logger.info('Run:');
-      logger.log('  saac login -e <email> -k <api-key>');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 
@@ -116,11 +115,10 @@ async function connect(host) {
 async function list() {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
-      logger.newline();
-      logger.info('Run:');
-      logger.log('  saac login -e <email> -k <api-key>');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 
@@ -193,11 +191,10 @@ async function list() {
 async function disconnect(host) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
-      logger.newline();
-      logger.info('Run:');
-      logger.log('  saac login -e <email> -k <api-key>');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 
@@ -254,11 +251,10 @@ async function disconnect(host) {
 async function repos(gitHost, options) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
-      logger.newline();
-      logger.info('Run:');
-      logger.log('  saac login -e <email> -k <api-key>');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/init.js

@@ -7,18 +7,20 @@
  */
 
 const api = require('../lib/api');
-const { isAuthenticated, saveProjectConfig, getProjectConfig } = require('../lib/config');
+const { ensureAuthenticated, saveProjectConfig, getProjectConfig } = require('../lib/config');
 const logger = require('../lib/logger');
 const inquirer = require('inquirer');
+const { execSync } = require('child_process');
+const fs = require('fs');
+const path = require('path');
 
 async function init(options) {
   try {
-    // Check authentication
-    if (!isAuthenticated()) {
+    // Check authentication (with auto-login support)
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
-      logger.newline();
-      logger.info('Run:');
-      logger.log('  saac login -e <email> -k <api-key>');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 
@@ -86,11 +88,58 @@ async function createAndInitialize(options) {
   // This would call the create command functionality, then save the config
 }
 
+/**
+ * Get Git remote URL from current directory
+ * @returns {string|null} - Git remote URL or null if not a git repo
+ */
+function getGitRemoteUrl() {
+  try {
+    // Check if .git directory exists
+    if (!fs.existsSync(path.join(process.cwd(), '.git'))) {
+      return null;
+    }
+
+    // Get remote.origin.url
+    const remoteUrl = execSync('git config --get remote.origin.url', {
+      encoding: 'utf8',
+      stdio: ['pipe', 'pipe', 'ignore'] // Suppress stderr
+    }).trim();
+
+    return remoteUrl || null;
+  } catch (error) {
+    // Not a git repo or no remote configured
+    return null;
+  }
+}
+
+/**
+ * Normalize Git URLs for comparison
+ * Converts both SSH and HTTPS URLs to a comparable format
+ */
+function normalizeGitUrl(url) {
+  if (!url) return '';
+
+  // Remove .git suffix
+  let normalized = url.replace(/\.git$/, '');
+
+  // Convert SSH to HTTPS-like format for comparison
+  // git@github.com:user/repo -> github.com/user/repo
+  normalized = normalized.replace(/^git@([^:]+):/, '$1/');
+
+  // Remove https:// or http://
+  normalized = normalized.replace(/^https?:\/\//, '');
+
+  return normalized.toLowerCase();
+}
+
 /**
  * Link an existing application to current directory (interactive)
  */
 async function linkExistingApplication() {
 
+  // Try to auto-detect Git repository
+  const gitRemoteUrl = getGitRemoteUrl();
+
   // Fetch user's applications
   const spin = logger.spinner('Fetching your applications...').start();
 
@@ -111,20 +160,67 @@ async function linkExistingApplication() {
 
     logger.newline();
 
-    // Interactive: Let user select application
-    const choices = applications.map(app => ({
-      name: `${app.name} - ${app.domain || `${app.subdomain}.startanaicompany.com`} (${app.status})`,
-      value: app,
-    }));
-
-    const { selectedApp } = await inquirer.prompt([
-      {
-        type: 'list',
-        name: 'selectedApp',
-        message: 'Select application to link to this directory:',
-        choices: choices,
-      },
-    ]);
+    let selectedApp = null;
+
+    // Try to auto-match based on Git remote URL
+    if (gitRemoteUrl) {
+      const normalizedRemote = normalizeGitUrl(gitRemoteUrl);
+
+      const matchedApp = applications.find(app => {
+        if (!app.git_repository) return false;
+        const normalizedAppRepo = normalizeGitUrl(app.git_repository);
+        return normalizedAppRepo === normalizedRemote;
+      });
+
+      if (matchedApp) {
+        // Found matching application!
+        logger.info(`Auto-detected Git repository: ${gitRemoteUrl}`);
+        logger.newline();
+        logger.field('Matched Application', matchedApp.name);
+        logger.field('Domain', matchedApp.domain || `${matchedApp.subdomain}.startanaicompany.com`);
+        logger.field('Status', matchedApp.status);
+        logger.newline();
+
+        const { confirm } = await inquirer.prompt([
+          {
+            type: 'confirm',
+            name: 'confirm',
+            message: 'Link this application to the current directory?',
+            default: true,
+          },
+        ]);
+
+        if (confirm) {
+          selectedApp = matchedApp;
+        } else {
+          logger.newline();
+          logger.info('Please select a different application:');
+          logger.newline();
+        }
+      } else {
+        logger.warn(`No application found matching Git remote: ${gitRemoteUrl}`);
+        logger.newline();
+      }
+    }
+
+    // If no auto-match or user declined, show interactive selection
+    if (!selectedApp) {
+      const choices = applications.map(app => ({
+        name: `${app.name} - ${app.domain || `${app.subdomain}.startanaicompany.com`} (${app.status})`,
+        value: app,
+      }));
+
+      const answer = await inquirer.prompt([
+        {
+          type: 'list',
+          name: 'selectedApp',
+          message: 'Select application to link to this directory:',
+          choices: choices,
+        },
+      ]);
+
+      selectedApp = answer.selectedApp;
+    }
 
     logger.newline();
 

package/src/commands/keys.js

@@ -3,7 +3,7 @@
  */
 
 const api = require('../lib/api');
-const { getUser, isAuthenticated } = require('../lib/config');
+const { getUser, ensureAuthenticated } = require('../lib/config');
 const logger = require('../lib/logger');
 const inquirer = require('inquirer');
 
@@ -13,7 +13,7 @@ const inquirer = require('inquirer');
 async function regenerate() {
   try {
     // Must be authenticated (via session token)
-    if (!isAuthenticated()) {
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
       logger.newline();
       logger.info('You must be logged in to regenerate your API key');
@@ -21,6 +21,10 @@ async function regenerate() {
       logger.info('Login using email verification:');
       logger.log('  saac login -e <email>           # Request OTP');
       logger.log('  saac login -e <email> --otp <code>  # Verify OTP');
+      logger.newline();
+      logger.info('Or set environment variables:');
+      logger.log('  export SAAC_USER_API_KEY=your_api_key');
+      logger.log('  export SAAC_USER_EMAIL=your_email');
       process.exit(1);
     }
 
@@ -88,7 +92,7 @@ async function regenerate() {
  */
 async function show() {
   try {
-    if (!isAuthenticated()) {
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
       logger.newline();
       logger.info('Login first:');

package/src/commands/list.js

@@ -3,18 +3,17 @@
  */
 
 const api = require('../lib/api');
-const { isAuthenticated } = require('../lib/config');
+const { ensureAuthenticated } = require('../lib/config');
 const logger = require('../lib/logger');
 const { table } = require('table');
 
 async function list() {
   try {
-    // Check authentication
-    if (!isAuthenticated()) {
+    // Check authentication (with auto-login support)
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
-      logger.newline();
-      logger.info('Run:');
-      logger.log('  saac login -e <email> -k <api-key>');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/logs.js

@@ -3,14 +3,16 @@
  */
 
 const api = require('../lib/api');
-const { getProjectConfig, isAuthenticated } = require('../lib/config');
+const { getProjectConfig, ensureAuthenticated } = require('../lib/config');
 const logger = require('../lib/logger');
 
 async function logs(deploymentUuidArg, options) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/run.js

@@ -3,7 +3,7 @@
  */
 
 const api = require('../lib/api');
-const { getProjectConfig, isAuthenticated } = require('../lib/config');
+const { getProjectConfig, ensureAuthenticated } = require('../lib/config');
 const logger = require('../lib/logger');
 const { spawn } = require('child_process');
 const fs = require('fs');
@@ -55,8 +55,10 @@ async function getEnvironmentVariables(appUuid, forceRefresh = false) {
 async function run(command, options = {}) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/sessions.js

@@ -3,18 +3,17 @@
  */
 
 const api = require('../lib/api');
-const { isAuthenticated } = require('../lib/config');
+const { ensureAuthenticated } = require('../lib/config');
 const logger = require('../lib/logger');
 const { table } = require('table');
 
 async function sessions() {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
-      logger.newline();
-      logger.info('Run:');
-      logger.log('  saac login -e <email> -k <api-key>');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/shell.js

@@ -7,7 +7,7 @@
 
 const WebSocket = require('ws');
 const readline = require('readline');
-const { getProjectConfig, isAuthenticated, getUser, getApiUrl } = require('../lib/config');
+const { getProjectConfig, ensureAuthenticated, getUser, getApiUrl } = require('../lib/config');
 const logger = require('../lib/logger');
 
 /**
@@ -320,8 +320,10 @@ class ShellClient {
 async function shell(options = {}) {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
-      logger.error('Not logged in. Run: saac login');
+    if (!(await ensureAuthenticated())) {
+      logger.error('Not logged in');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/status.js

@@ -3,7 +3,7 @@
  */
 
 const api = require('../lib/api');
-const { getUser, isAuthenticated, isTokenExpiringSoon } = require('../lib/config');
+const { getUser, ensureAuthenticated, isTokenExpiringSoon } = require('../lib/config');
 const logger = require('../lib/logger');
 const { table } = require('table');
 
@@ -13,11 +13,10 @@ async function status() {
     logger.newline();
 
     // Check if logged in locally (silently)
-    if (!isAuthenticated()) {
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
-      logger.newline();
-      logger.info('Run:');
-      logger.log('  saac login -e <email> -k <api-key>');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/update.js

@@ -3,17 +3,16 @@
  */
 
 const api = require('../lib/api');
-const { isAuthenticated, getProjectConfig } = require('../lib/config');
+const { ensureAuthenticated, getProjectConfig } = require('../lib/config');
 const logger = require('../lib/logger');
 
 async function update(options) {
   try {
-    // Check authentication
-    if (!isAuthenticated()) {
+    // Check authentication (with auto-login support)
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
-      logger.newline();
-      logger.info('Run:');
-      logger.log('  saac login -e <email> -k <api-key>');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/commands/whoami.js

@@ -3,7 +3,7 @@
  */
 
 const api = require('../lib/api');
-const { isAuthenticated } = require('../lib/config');
+const { ensureAuthenticated } = require('../lib/config');
 const logger = require('../lib/logger');
 
 /**
@@ -12,11 +12,10 @@ const logger = require('../lib/logger');
 async function whoami() {
   try {
     // Check authentication
-    if (!isAuthenticated()) {
+    if (!(await ensureAuthenticated())) {
       logger.error('Not logged in');
-      logger.newline();
-      logger.info('Run:');
-      logger.log('  saac login -e <email> -k <api-key>');
+      logger.info('Run: saac login -e <email> -k <api-key>');
+      logger.info('Or set: SAAC_USER_API_KEY and SAAC_USER_EMAIL');
       process.exit(1);
     }
 

package/src/lib/config.js

@@ -106,6 +106,52 @@ function isTokenExpiringSoon() {
   return expirationDate <= sevenDaysFromNow && !isTokenExpired();
 }
 
+/**
+ * Ensure user is authenticated, with auto-login support via environment variables
+ * Checks for SAAC_USER_API_KEY and SAAC_USER_EMAIL environment variables
+ * If present and user is not authenticated, attempts automatic login
+ *
+ * @returns {Promise<boolean>} - True if authenticated, false otherwise
+ */
+async function ensureAuthenticated() {
+  // Step 1: Check if already authenticated (fast path)
+  if (isAuthenticated()) {
+    return true;
+  }
+
+  // Step 2: Check for environment variables
+  const apiKey = process.env.SAAC_USER_API_KEY;
+  const email = process.env.SAAC_USER_EMAIL;
+
+  if (!apiKey || !email) {
+    // No environment variables - cannot auto-login
+    return false;
+  }
+
+  // Step 3: Attempt auto-login via API
+  try {
+    // Dynamically require to avoid circular dependency
+    const api = require('./api');
+    const result = await api.login(email, apiKey);
+
+    // Step 4: Save session token to config
+    saveUser({
+      email: result.user.email,
+      userId: result.user.id,
+      sessionToken: result.session_token,
+      expiresAt: result.expires_at,
+      verified: result.user.verified,
+    });
+
+    // Auto-login successful
+    return true;
+
+  } catch (error) {
+    // Auto-login failed (invalid key, network error, etc.)
+    return false;
+  }
+}
+
 /**
  * Get user info
  */
@@ -146,6 +192,7 @@ module.exports = {
   getProjectConfig,
   saveProjectConfig,
   isAuthenticated,
+  ensureAuthenticated,
   isTokenExpired,
   isTokenExpiringSoon,
   getUser,