@statelyai/sdk 0.5.1 → 0.6.0

package/dist/cli.mjs

@@ -1,14 +1,21 @@
 #!/usr/bin/env node
+import { createStatelyClient } from "./studio.mjs";
+import "./graphToXStateTS-CvXM8wHL.mjs";
 import { planSync, pullSync } from "./sync.mjs";
 import fs from "node:fs/promises";
 import * as path$1 from "node:path";
 import path from "node:path";
-import fs$1, { watch } from "node:fs";
+import { execFile, execFileSync, spawn } from "node:child_process";
+import { promisify } from "node:util";
+import fs$1, { promises, watch } from "node:fs";
+import { createInterface } from "node:readline/promises";
+import { Writable } from "node:stream";
 import { fileURLToPath, pathToFileURL } from "node:url";
 import { Args, Command, Flags, flush, handle, run as run$1 } from "@oclif/core";
 import * as crypto from "node:crypto";
-import { spawn } from "node:child_process";
 import * as http from "node:http";
+import * as https from "node:https";
+import os from "node:os";
 
 //#region src/cliHost.ts
 const DEFAULT_SYNC_MAX_FILES = 150;
@@ -255,7 +262,7 @@ var RemoteEditorSession = class {
 		const url = new URL(pathname, normalizedBaseUrl(this.options.editorUrl));
 		const headers = { "Content-Type": "application/json" };
 		if (this.options.apiKey) headers.Authorization = `Bearer ${this.options.apiKey}`;
-		const response = await fetch(url, {
+		const response = await fetchEditorHost(url, {
 			method: "POST",
 			headers,
 			body: JSON.stringify(body)
@@ -339,6 +346,7 @@ var RemoteEditorSession = class {
 async function openEditor(options) {
 	const fileName = path$1.resolve(options.fileName);
 	await fs.access(fileName);
+	await assertEditorHostAvailable(options.editorUrl);
 	const rootUri = fileNameToUri(fileName);
 	const rootDir = path$1.dirname(fileName);
 	let activeClient;
@@ -586,6 +594,59 @@ function listen(server, port, host) {
 		server.listen(port, host, resolve);
 	});
 }
+async function fetchEditorHost(input, init) {
+	const url = typeof input === "string" ? new URL(input) : input;
+	if (!isLocalVizHost(url.toString())) return fetch(url, init);
+	const body = typeof init?.body === "string" ? init.body : init?.body instanceof URLSearchParams ? init.body.toString() : void 0;
+	return new Promise((resolve, reject) => {
+		const request = https.request(url, {
+			method: init?.method ?? "GET",
+			headers: init?.headers,
+			rejectUnauthorized: false
+		}, (response) => {
+			const chunks = [];
+			response.on("data", (chunk) => {
+				chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
+			});
+			response.on("end", () => {
+				const text = Buffer.concat(chunks).toString("utf8");
+				resolve({
+					ok: typeof response.statusCode === "number" && response.statusCode >= 200 && response.statusCode < 300,
+					status: response.statusCode ?? 0,
+					async json() {
+						return JSON.parse(text);
+					}
+				});
+			});
+		});
+		request.on("error", reject);
+		if (body !== void 0) request.write(body);
+		request.end();
+	});
+}
+async function assertEditorHostAvailable(editorUrl) {
+	const baseUrl = normalizedBaseUrl(editorUrl);
+	const embedUrl = new URL("/embed", baseUrl);
+	let response;
+	try {
+		response = await fetchEditorHost(embedUrl, { redirect: "manual" });
+	} catch (error) {
+		throw new Error(formatEditorHostError(baseUrl, void 0, error));
+	}
+	if (response.status === 404) throw new Error(formatEditorHostError(baseUrl, response.status));
+}
+function formatEditorHostError(baseUrl, status, cause) {
+	const hint = isLocalVizHost(baseUrl) ? " Start the local editor app with `pnpm dev` on https://viz.localhost, or pass `--editor-url https://viz.localhost`." : " Start the editor host, set `STATELY_EDITOR_URL`, or pass `--editor-url <url>`.";
+	return `Cannot reach a usable editor host at ${baseUrl}.${status ? ` HTTP ${status} from /embed.` : ""}${cause instanceof Error && cause.message ? ` ${cause.message}` : ""} The CLI loads editor URL defaults from your environment, including \`.env.local\`.${hint}`;
+}
+function isLocalVizHost(value) {
+	try {
+		const url = new URL(value);
+		return url.protocol === "https:" && url.hostname === "viz.localhost";
+	} catch {
+		return false;
+	}
+}
 function openBrowser(url) {
 	spawn(process.platform === "darwin" ? "open" : process.platform === "win32" ? "cmd" : "xdg-open", process.platform === "win32" ? [
 		"/c",
@@ -639,14 +700,266 @@ function normalizedBaseUrl(value) {
 	return value.replace(/\/+$/, "");
 }
 function formatError(error, fallback) {
-	return error instanceof Error ? error.message : fallback;
+	if (!(error instanceof Error)) return fallback;
+	const details = collectErrorDetails(error);
+	return details.length > 0 ? `${error.message} (${details.join(" | ")})` : error.message;
+}
+function collectErrorDetails(error) {
+	const details = [];
+	const seen = /* @__PURE__ */ new Set();
+	let current = error;
+	while (current && typeof current === "object" && !seen.has(current)) {
+		seen.add(current);
+		const code = "code" in current && typeof current.code === "string" ? current.code : void 0;
+		const message = "message" in current && typeof current.message === "string" ? current.message : void 0;
+		if (code && message) details.push(`${code}: ${message}`);
+		else if (code) details.push(code);
+		current = "cause" in current ? current.cause : void 0;
+	}
+	return details;
 }
 function escapeAttribute(value) {
 	return value.replaceAll("&", "&amp;").replaceAll("\"", "&quot;").replaceAll("<", "&lt;").replaceAll(">", "&gt;");
 }
 
+//#endregion
+//#region src/credentials.ts
+const execFile$1 = promisify(execFile);
+const SERVICE_NAME = "statelyai";
+const ACCOUNT_NAME = "api-key";
+const CREDENTIALS_FILE_NAME = "credentials.json";
+function getConfigDir() {
+	const override = process.env.STATELYAI_CONFIG_DIR;
+	if (override) return path.resolve(override);
+	if (process.platform === "darwin") return path.join(os.homedir(), "Library", "Application Support", SERVICE_NAME);
+	if (process.platform === "win32") return path.join(process.env.APPDATA ?? path.join(os.homedir(), "AppData", "Roaming"), SERVICE_NAME);
+	return path.join(process.env.XDG_CONFIG_HOME ?? path.join(os.homedir(), ".config"), SERVICE_NAME);
+}
+function getCredentialsFilePath() {
+	return path.join(getConfigDir(), CREDENTIALS_FILE_NAME);
+}
+function shouldUseFileBackendOnly() {
+	return process.env.STATELYAI_CREDENTIALS_BACKEND === "file";
+}
+async function readFileCredentials() {
+	try {
+		const raw = await promises.readFile(getCredentialsFilePath(), "utf8");
+		const parsed = JSON.parse(raw);
+		if (typeof parsed.apiKey !== "string" || parsed.apiKey.length === 0) return;
+		return {
+			apiKey: parsed.apiKey,
+			backend: "file",
+			location: getCredentialsFilePath()
+		};
+	} catch {
+		return;
+	}
+}
+async function writeFileCredentials(apiKey) {
+	const configDir = getConfigDir();
+	const credentialsPath = getCredentialsFilePath();
+	await promises.mkdir(configDir, {
+		recursive: true,
+		mode: 448
+	});
+	await promises.writeFile(credentialsPath, `${JSON.stringify({ apiKey }, null, 2)}\n`, {
+		encoding: "utf8",
+		mode: 384
+	});
+	await promises.chmod(credentialsPath, 384);
+	return {
+		apiKey,
+		backend: "file",
+		location: credentialsPath
+	};
+}
+async function deleteFileCredentials() {
+	try {
+		await promises.unlink(getCredentialsFilePath());
+		return true;
+	} catch {
+		return false;
+	}
+}
+async function readMacOSKeychain() {
+	if (process.platform !== "darwin") return;
+	try {
+		const { stdout } = await execFile$1("security", [
+			"find-generic-password",
+			"-s",
+			SERVICE_NAME,
+			"-a",
+			ACCOUNT_NAME,
+			"-w"
+		]);
+		const apiKey = stdout.trim();
+		if (!apiKey) return;
+		return {
+			apiKey,
+			backend: "macos-keychain",
+			location: "macOS Keychain"
+		};
+	} catch {
+		return;
+	}
+}
+async function writeMacOSKeychain(apiKey) {
+	if (process.platform !== "darwin") return;
+	try {
+		await execFile$1("security", [
+			"add-generic-password",
+			"-U",
+			"-s",
+			SERVICE_NAME,
+			"-a",
+			ACCOUNT_NAME,
+			"-w",
+			apiKey
+		]);
+		return {
+			apiKey,
+			backend: "macos-keychain",
+			location: "macOS Keychain"
+		};
+	} catch {
+		return;
+	}
+}
+async function deleteMacOSKeychain() {
+	if (process.platform !== "darwin") return false;
+	try {
+		await execFile$1("security", [
+			"delete-generic-password",
+			"-s",
+			SERVICE_NAME,
+			"-a",
+			ACCOUNT_NAME
+		]);
+		return true;
+	} catch {
+		return false;
+	}
+}
+async function readLinuxSecretTool() {
+	if (process.platform !== "linux") return;
+	try {
+		const { stdout } = await execFile$1("secret-tool", [
+			"lookup",
+			"service",
+			SERVICE_NAME,
+			"account",
+			ACCOUNT_NAME
+		]);
+		const apiKey = stdout.trim();
+		if (!apiKey) return;
+		return {
+			apiKey,
+			backend: "linux-secret-tool",
+			location: "Secret Service (secret-tool)"
+		};
+	} catch {
+		return;
+	}
+}
+async function writeLinuxSecretTool(apiKey) {
+	if (process.platform !== "linux") return;
+	try {
+		execFileSync("secret-tool", [
+			"store",
+			"--label",
+			"statelyai API key",
+			"service",
+			SERVICE_NAME,
+			"account",
+			ACCOUNT_NAME
+		], { input: apiKey });
+		return {
+			apiKey,
+			backend: "linux-secret-tool",
+			location: "Secret Service (secret-tool)"
+		};
+	} catch {
+		return;
+	}
+}
+async function deleteLinuxSecretTool() {
+	if (process.platform !== "linux") return false;
+	try {
+		await execFile$1("secret-tool", [
+			"clear",
+			"service",
+			SERVICE_NAME,
+			"account",
+			ACCOUNT_NAME
+		]);
+		return true;
+	} catch {
+		return false;
+	}
+}
+async function getStoredApiKey() {
+	if (shouldUseFileBackendOnly()) return readFileCredentials();
+	return await readMacOSKeychain() ?? await readLinuxSecretTool() ?? await readFileCredentials();
+}
+async function setStoredApiKey(apiKey) {
+	if (shouldUseFileBackendOnly()) return writeFileCredentials(apiKey);
+	return await writeMacOSKeychain(apiKey) ?? await writeLinuxSecretTool(apiKey) ?? await writeFileCredentials(apiKey);
+}
+async function deleteStoredApiKey() {
+	if (shouldUseFileBackendOnly()) {
+		const deleted = await deleteFileCredentials();
+		return {
+			deleted,
+			locations: deleted ? [getCredentialsFilePath()] : []
+		};
+	}
+	const locations = [];
+	if (await deleteMacOSKeychain()) locations.push("macOS Keychain");
+	if (await deleteLinuxSecretTool()) locations.push("Secret Service (secret-tool)");
+	if (await deleteFileCredentials()) locations.push(getCredentialsFilePath());
+	return {
+		deleted: locations.length > 0,
+		locations
+	};
+}
+function describeCredentialBackend(backend, location) {
+	switch (backend) {
+		case "macos-keychain": return location;
+		case "linux-secret-tool": return location;
+		case "file": return `file (${location})`;
+	}
+}
+
 //#endregion
 //#region src/cli.ts
+const execFileAsync = promisify(execFile);
+const STATELY_CONFIG_FILE = "statelyai.json";
+const STATELY_CONFIG_SCHEMA_URL = "https://stately.ai/schemas/statelyai.json";
+const STATELY_CONFIG_VERSION = "1.0.0";
+function getDefaultSources(defaultXStateVersion) {
+	return [{
+		include: ["**/*.{ts,tsx,js,jsx,mts,cts,mjs,cjs}"],
+		exclude: [
+			"**/*.test.*",
+			"**/*.spec.*",
+			"**/dist/**",
+			"**/node_modules/**"
+		],
+		format: "xstate",
+		xstateVersion: defaultXStateVersion
+	}];
+}
+function createStatelyProjectConfig(options) {
+	const defaultXStateVersion = options.defaultXStateVersion ?? 5;
+	return {
+		$schema: STATELY_CONFIG_SCHEMA_URL,
+		version: STATELY_CONFIG_VERSION,
+		projectId: options.projectId,
+		studioUrl: options.studioUrl,
+		defaultXStateVersion,
+		sources: getDefaultSources(defaultXStateVersion)
+	};
+}
 function loadLocalEnv() {
 	if (typeof process.loadEnvFile !== "function") return;
 	const cwdEnvPath = path.join(process.cwd(), ".env.local");
@@ -655,14 +968,170 @@ function loadLocalEnv() {
 	} catch {}
 }
 loadLocalEnv();
-function getDefaultApiKey() {
-	return process.env.STATELY_API_KEY ?? process.env.NEXT_PUBLIC_STATELY_API_KEY;
+function getEnvApiKey() {
+	const statelyApiKey = process.env.STATELY_API_KEY;
+	if (statelyApiKey) return {
+		apiKey: statelyApiKey,
+		variable: "STATELY_API_KEY"
+	};
+	const publicApiKey = process.env.NEXT_PUBLIC_STATELY_API_KEY;
+	if (publicApiKey) return {
+		apiKey: publicApiKey,
+		variable: "NEXT_PUBLIC_STATELY_API_KEY"
+	};
+}
+async function resolveApiKey(explicitApiKey) {
+	if (explicitApiKey) return {
+		apiKey: explicitApiKey,
+		source: "flag",
+		detail: "--api-key"
+	};
+	const envApiKey = getEnvApiKey();
+	if (envApiKey) return {
+		apiKey: envApiKey.apiKey,
+		source: "env",
+		detail: envApiKey.variable
+	};
+	const storedApiKey = await getStoredApiKey();
+	if (storedApiKey) return {
+		apiKey: storedApiKey.apiKey,
+		source: "stored",
+		detail: describeCredentialBackend(storedApiKey.backend, storedApiKey.location)
+	};
+	return { source: "missing" };
 }
 function getDefaultBaseUrl() {
 	return process.env.STATELY_API_URL ?? process.env.NEXT_PUBLIC_BASE_URL ?? process.env.NEXT_PUBLIC_STATELY_API_URL;
 }
 function getDefaultEditorUrl() {
-	return process.env.STATELY_EDITOR_URL ?? process.env.NEXT_PUBLIC_BETA_EDITOR_URL ?? process.env.NEXT_PUBLIC_BASE_URL ?? "http://localhost:3001";
+	return process.env.STATELY_EDITOR_URL ?? process.env.NEXT_PUBLIC_BETA_EDITOR_URL ?? process.env.NEXT_PUBLIC_BASE_URL ?? "https://viz.localhost";
+}
+function getResolvedStudioUrl(baseUrl) {
+	return baseUrl ?? getDefaultBaseUrl() ?? "https://stately.ai";
+}
+function parseGitHubRemote(remoteUrl) {
+	const httpsMatch = remoteUrl.match(/^https:\/\/github\.com\/([^/]+)\/([^/]+?)(?:\.git)?$/);
+	if (httpsMatch) {
+		const [, owner, repo] = httpsMatch;
+		if (!owner || !repo) return null;
+		return {
+			url: `https://github.com/${owner}/${repo}`,
+			owner,
+			repo,
+			branch: "",
+			treeSha: ""
+		};
+	}
+	const sshMatch = remoteUrl.match(/^git@github\.com:([^/]+)\/([^/]+?)(?:\.git)?$/);
+	if (sshMatch) {
+		const [, owner, repo] = sshMatch;
+		if (!owner || !repo) return null;
+		return {
+			url: `https://github.com/${owner}/${repo}`,
+			owner,
+			repo,
+			branch: "",
+			treeSha: ""
+		};
+	}
+	return null;
+}
+async function inferConnectedRepoFromCwd(cwd) {
+	try {
+		const [{ stdout: remoteStdout }, { stdout: branchStdout }, { stdout: treeShaStdout }] = await Promise.all([
+			execFileAsync("git", [
+				"remote",
+				"get-url",
+				"origin"
+			], { cwd }),
+			execFileAsync("git", ["branch", "--show-current"], { cwd }),
+			execFileAsync("git", ["rev-parse", "HEAD"], { cwd })
+		]);
+		const parsedRemote = parseGitHubRemote(remoteStdout.trim());
+		if (!parsedRemote) return;
+		return {
+			...parsedRemote,
+			branch: branchStdout.trim(),
+			treeSha: treeShaStdout.trim()
+		};
+	} catch {
+		return;
+	}
+}
+function inferInitProjectName(cwd, repo) {
+	if (repo?.repo) return repo.repo;
+	return path.basename(cwd);
+}
+async function readApiKeyFromStdin() {
+	const chunks = [];
+	for await (const chunk of process.stdin) chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
+	return Buffer.concat(chunks).toString("utf8").trim();
+}
+async function promptForApiKey() {
+	if (!process.stdin.isTTY || !process.stdout.isTTY) throw new Error("No interactive terminal available. Pass --api-key or pipe the key on stdin.");
+	const maskedOutput = new Writable({ write(chunk, _encoding, callback) {
+		if (!maskedOutput.muted) process.stdout.write(chunk);
+		callback();
+	} });
+	maskedOutput.muted = false;
+	const rl = createInterface({
+		input: process.stdin,
+		output: maskedOutput,
+		terminal: true
+	});
+	try {
+		process.stdout.write("Enter your Stately API key: ");
+		maskedOutput.muted = true;
+		const apiKey = (await rl.question("")).trim();
+		maskedOutput.muted = false;
+		process.stdout.write("\n");
+		return apiKey;
+	} finally {
+		rl.close();
+	}
+}
+function normalizeApiKey(value) {
+	const trimmed = value?.trim();
+	return trimmed ? trimmed : void 0;
+}
+async function fileExists(filePath) {
+	try {
+		await fs.access(filePath);
+		return true;
+	} catch {
+		return false;
+	}
+}
+async function initProject(options) {
+	const cwd = path.resolve(options.cwd ?? process.cwd());
+	const studioUrl = getResolvedStudioUrl(options.baseUrl);
+	const configPath = path.resolve(cwd, options.configPath ?? STATELY_CONFIG_FILE);
+	const defaultXStateVersion = Math.max(5, options.defaultXStateVersion ?? 5);
+	if (!options.force && await fileExists(configPath)) throw new Error(`${configPath} already exists. Pass --force to overwrite it.`);
+	const client = options.client ?? createStatelyClient({
+		apiKey: options.apiKey,
+		baseUrl: studioUrl
+	});
+	const inferredRepo = options.project?.repo ?? await inferConnectedRepoFromCwd(cwd);
+	const projectInput = {
+		name: options.project?.name ?? inferInitProjectName(cwd, inferredRepo),
+		visibility: options.project?.visibility ?? "Private",
+		...options.project?.description ? { description: options.project.description } : {},
+		...options.project?.keywords ? { keywords: options.project.keywords } : {},
+		...inferredRepo ? { repo: inferredRepo } : {}
+	};
+	const project = await client.projects.ensure(projectInput);
+	const config = createStatelyProjectConfig({
+		projectId: project.projectId,
+		studioUrl,
+		defaultXStateVersion
+	});
+	await fs.writeFile(configPath, `${JSON.stringify(config, null, 2)}\n`, "utf8");
+	return {
+		config,
+		configPath,
+		project
+	};
 }
 const sharedFlags = {
 	help: Flags.help({ char: "h" }),
@@ -725,10 +1194,11 @@ var PlanCommand = class PlanCommand extends ParsedSyncCommand {
 	static args = sharedArgs;
 	async run() {
 		const { args, flags } = await this.parseSync(PlanCommand);
+		const apiKey = (await resolveApiKey(flags["api-key"])).apiKey;
 		const plan = await planSync({
 			source: args.source,
 			target: args.target,
-			apiKey: flags["api-key"] ?? getDefaultApiKey(),
+			apiKey,
 			baseUrl: flags["base-url"] ?? getDefaultBaseUrl()
 		});
 		this.log(formatPlanSummary(plan));
@@ -741,10 +1211,11 @@ var DiffCommand = class DiffCommand extends ParsedSyncCommand {
 	static args = sharedArgs;
 	async run() {
 		const { args, flags } = await this.parseSync(DiffCommand);
+		const apiKey = (await resolveApiKey(flags["api-key"])).apiKey;
 		const plan = await planSync({
 			source: args.source,
 			target: args.target,
-			apiKey: flags["api-key"] ?? getDefaultApiKey(),
+			apiKey,
 			baseUrl: flags["base-url"] ?? getDefaultBaseUrl()
 		});
 		this.log(formatPlanSummary(plan));
@@ -757,10 +1228,11 @@ var PullCommand = class PullCommand extends ParsedSyncCommand {
 	static args = sharedArgs;
 	async run() {
 		const { args, flags } = await this.parseSync(PullCommand);
+		const apiKey = (await resolveApiKey(flags["api-key"])).apiKey;
 		const result = await pullSync({
 			source: args.source,
 			target: args.target,
-			apiKey: flags["api-key"] ?? getDefaultApiKey(),
+			apiKey,
 			baseUrl: flags["base-url"] ?? getDefaultBaseUrl()
 		});
 		this.log(`Pulled: ${result.source.locator} -> ${result.outputPath}\nTarget: ${result.target.kind} (${result.target.format})`);
@@ -799,22 +1271,121 @@ var OpenCommand = class OpenCommand extends Command {
 	};
 	async run() {
 		const { args, flags } = await this.parse(OpenCommand);
+		const apiKey = (await resolveApiKey(flags["api-key"])).apiKey;
 		await openEditor({
 			fileName: path.resolve(args.file),
 			editorUrl: flags["editor-url"] ?? getDefaultEditorUrl(),
 			host: flags.host,
 			port: flags.port,
 			shouldOpen: flags.open,
-			apiKey: flags["api-key"] ?? getDefaultApiKey(),
+			apiKey,
 			debug: flags.debug
 		});
 	}
 };
+var InitCommand = class InitCommand extends Command {
+	static enableJsonFlag = false;
+	static summary = "Create a Stately project and write statelyai.json.";
+	static description = "Creates or reuses a remote Studio project for the current working directory and writes a local statelyai.json configuration file.";
+	static flags = {
+		help: Flags.help({ char: "h" }),
+		"api-key": Flags.string({ description: "Stately API key used to create the remote project" }),
+		"base-url": Flags.string({ description: "Base URL for Stately Studio or a self-hosted deployment" }),
+		name: Flags.string({ description: "Project name to create remotely" }),
+		visibility: Flags.string({
+			description: "Remote project visibility",
+			options: [
+				"Private",
+				"Public",
+				"Unlisted"
+			],
+			default: "Private"
+		}),
+		force: Flags.boolean({
+			description: "Overwrite an existing statelyai.json file",
+			default: false
+		})
+	};
+	async run() {
+		const { flags } = await this.parse(InitCommand);
+		const resolvedApiKey = await resolveApiKey(flags["api-key"]);
+		if (!resolvedApiKey.apiKey) this.error("No API key configured. Use `statelyai login`, set `STATELY_API_KEY`, or pass `--api-key`.");
+		const result = await initProject({
+			apiKey: resolvedApiKey.apiKey,
+			baseUrl: flags["base-url"],
+			force: flags.force,
+			project: {
+				...flags.name ? { name: flags.name } : {},
+				visibility: flags.visibility
+			}
+		});
+		this.log(`Initialized project ${result.project.projectId} and wrote ${result.configPath}.`);
+	}
+};
+var LoginCommand = class LoginCommand extends Command {
+	static enableJsonFlag = false;
+	static summary = "Store a Stately API key for future CLI use.";
+	static description = "Stores a Stately API key in the OS credential store when available, with a private file fallback.";
+	static flags = {
+		help: Flags.help({ char: "h" }),
+		"api-key": Flags.string({ description: "API key to store without an interactive prompt" }),
+		stdin: Flags.boolean({
+			description: "Read the API key from standard input",
+			default: false
+		})
+	};
+	async run() {
+		const { flags } = await this.parse(LoginCommand);
+		if (flags.stdin && flags["api-key"]) this.error("Pass either --api-key or --stdin, not both.");
+		const apiKey = normalizeApiKey(flags["api-key"] ?? (!process.stdin.isTTY || flags.stdin ? await readApiKeyFromStdin() : await promptForApiKey()));
+		if (!apiKey) this.error("API key cannot be empty.");
+		const stored = await setStoredApiKey(apiKey);
+		this.log(`Stored API key in ${describeCredentialBackend(stored.backend, stored.location)}.`);
+	}
+};
+var LogoutCommand = class extends Command {
+	static enableJsonFlag = false;
+	static summary = "Remove any API key stored by the CLI.";
+	static description = "Deletes the locally stored API key. Environment variables are not changed.";
+	static flags = { help: Flags.help({ char: "h" }) };
+	async run() {
+		const result = await deleteStoredApiKey();
+		if (!result.deleted) {
+			this.log("No stored API key found.");
+			return;
+		}
+		this.log(`Removed stored API key from ${result.locations.join(", ")}.`);
+	}
+};
+var AuthStatusCommand = class extends Command {
+	static enableJsonFlag = false;
+	static summary = "Show how the CLI would resolve its API key.";
+	static description = "Reports whether the CLI would use a flag, environment variable, or stored credential.";
+	static flags = { help: Flags.help({ char: "h" }) };
+	async run() {
+		const envApiKey = getEnvApiKey();
+		const storedApiKey = await getStoredApiKey();
+		if (envApiKey) {
+			this.log(`API key source: environment (${envApiKey.variable}).`);
+			if (storedApiKey) this.log(`Stored credential also available in ${describeCredentialBackend(storedApiKey.backend, storedApiKey.location)}.`);
+			return;
+		}
+		if (storedApiKey) {
+			this.log(`API key source: stored credential (${describeCredentialBackend(storedApiKey.backend, storedApiKey.location)}).`);
+			return;
+		}
+		this.log("No API key configured. Use `statelyai login`, set `STATELY_API_KEY`, or pass `--api-key`.");
+	}
+};
 const COMMANDS = {
 	plan: PlanCommand,
 	diff: DiffCommand,
 	pull: PullCommand,
-	open: OpenCommand
+	open: OpenCommand,
+	init: InitCommand,
+	login: LoginCommand,
+	logout: LogoutCommand,
+	"auth:status": AuthStatusCommand
 };
 async function run(argv = process.argv.slice(2), entryUrl = import.meta.url) {
 	const normalizedArgv = argv.length === 1 && argv[0] === "-h" ? ["--help"] : argv;
@@ -838,4 +1409,4 @@ function isDirectExecution() {
 if (isDirectExecution()) run();
 
 //#endregion
-export { COMMANDS, formatPlanSummary, run };
+export { COMMANDS, createStatelyProjectConfig, formatPlanSummary, getEnvApiKey, inferInitProjectName, initProject, resolveApiKey, run };