@supercheck/cli 0.1.0-beta.1

package/dist/bin/supercheck.js

@@ -0,0 +1,3750 @@
+#!/usr/bin/env node
+
+// src/bin/supercheck.ts
+import { Command as Command18 } from "commander";
+import pc7 from "picocolors";
+
+// src/commands/login.ts
+import { Command } from "commander";
+
+// src/auth/store.ts
+import Conf from "conf";
+
+// src/utils/errors.ts
+var CLIError = class extends Error {
+  exitCode;
+  constructor(message, exitCode = 1 /* GeneralError */) {
+    super(message);
+    this.name = "CLIError";
+    this.exitCode = exitCode;
+  }
+};
+var AuthenticationError = class extends CLIError {
+  constructor(message) {
+    super(message, 2 /* AuthError */);
+    this.name = "AuthenticationError";
+  }
+};
+var ApiRequestError = class extends CLIError {
+  statusCode;
+  responseBody;
+  constructor(message, statusCode, responseBody) {
+    super(message, 4 /* ApiError */);
+    this.name = "ApiRequestError";
+    this.statusCode = statusCode;
+    this.responseBody = responseBody;
+  }
+};
+var TimeoutError = class extends CLIError {
+  constructor(message) {
+    super(message, 5 /* Timeout */);
+    this.name = "TimeoutError";
+  }
+};
+
+// src/utils/logger.ts
+import pc from "picocolors";
+var LOG_LEVELS = {
+  debug: 0,
+  info: 1,
+  warn: 2,
+  error: 3,
+  silent: 4
+};
+var currentLevel = "info";
+var quietMode = false;
+function setLogLevel(level) {
+  currentLevel = level;
+}
+function setQuietMode(quiet) {
+  quietMode = quiet;
+  if (quiet) currentLevel = "error";
+}
+function shouldLog(level) {
+  return LOG_LEVELS[level] >= LOG_LEVELS[currentLevel];
+}
+var logger = {
+  debug(message, ...args) {
+    if (shouldLog("debug")) {
+      console.error(pc.gray(`[debug] ${message}`), ...args);
+    }
+  },
+  info(message, ...args) {
+    if (shouldLog("info") && !quietMode) {
+      console.error(message, ...args);
+    }
+  },
+  success(message, ...args) {
+    if (shouldLog("info") && !quietMode) {
+      console.error(pc.green(`\u2713 ${message}`), ...args);
+    }
+  },
+  warn(message, ...args) {
+    if (shouldLog("warn")) {
+      console.error(pc.yellow(`\u26A0 ${message}`), ...args);
+    }
+  },
+  error(message, ...args) {
+    if (shouldLog("error")) {
+      console.error(pc.red(`\u2717 ${message}`), ...args);
+    }
+  },
+  /**
+   * Output data to stdout (not stderr).
+   * This is for machine-readable output (JSON, tables).
+   */
+  output(data) {
+    console.log(data);
+  },
+  newline() {
+    if (!quietMode) console.error("");
+  },
+  /**
+   * Print a styled header.
+   */
+  header(text) {
+    if (!quietMode) {
+      console.error(pc.bold(pc.cyan(text)));
+    }
+  }
+};
+
+// src/auth/store.ts
+var TOKEN_PREFIX_LIVE = "sck_live_";
+var TOKEN_PREFIX_TEST = "sck_test_";
+var TOKEN_PREFIX_TRIGGER = "sck_trigger_";
+var TOKEN_PREFIX_TRIGGER_LEGACY = "job_";
+var VALID_CLI_PREFIXES = [TOKEN_PREFIX_LIVE, TOKEN_PREFIX_TEST];
+var VALID_TRIGGER_PREFIXES = [TOKEN_PREFIX_TRIGGER, TOKEN_PREFIX_TRIGGER_LEGACY];
+var store = new Conf({
+  projectName: "supercheck-cli",
+  schema: {
+    token: { type: "string" },
+    baseUrl: { type: "string" },
+    organization: { type: "string" },
+    project: { type: "string" }
+  },
+  // Static obfuscation key — see SECURITY NOTE above.
+  encryptionKey: "supercheck-cli-v1"
+});
+function validateTokenFormat(token) {
+  return VALID_CLI_PREFIXES.some((prefix) => token.startsWith(prefix));
+}
+function validateTriggerKeyFormat(token) {
+  return VALID_TRIGGER_PREFIXES.some((prefix) => token.startsWith(prefix));
+}
+function getToken() {
+  const envToken = process.env.SUPERCHECK_TOKEN;
+  if (envToken) {
+    const trimmed = envToken.trim();
+    if (!validateTokenFormat(trimmed)) {
+      logger.warn("SUPERCHECK_TOKEN must be a CLI token (sck_live_* or sck_test_*).");
+      return null;
+    }
+    return trimmed;
+  }
+  const stored = store.get("token");
+  if (!stored) return null;
+  return validateTokenFormat(stored) ? stored : null;
+}
+function getTriggerKey() {
+  const envKey = process.env.SUPERCHECK_TRIGGER_KEY;
+  if (envKey) {
+    const trimmed = envKey.trim();
+    if (!validateTriggerKeyFormat(trimmed)) {
+      logger.warn("SUPERCHECK_TRIGGER_KEY must start with sck_trigger_ or job_.");
+      return null;
+    }
+    return trimmed;
+  }
+  const token = process.env.SUPERCHECK_TOKEN;
+  if (token && validateTriggerKeyFormat(token.trim())) {
+    logger.warn("Using SUPERCHECK_TOKEN as a trigger key. Prefer setting SUPERCHECK_TRIGGER_KEY instead.");
+    return token.trim();
+  }
+  return null;
+}
+function setToken(token) {
+  if (!validateTokenFormat(token)) {
+    throw new AuthenticationError(
+      `Invalid token format. Token must start with one of: ${VALID_CLI_PREFIXES.join(", ")}`
+    );
+  }
+  store.set("token", token);
+}
+function clearAuth() {
+  store.delete("token");
+  store.delete("baseUrl");
+  store.delete("organization");
+  store.delete("project");
+}
+function getStoredBaseUrl() {
+  return process.env.SUPERCHECK_URL ?? store.get("baseUrl") ?? null;
+}
+function setBaseUrl(url) {
+  store.set("baseUrl", url);
+}
+function getStoredOrganization() {
+  return process.env.SUPERCHECK_ORG ?? store.get("organization") ?? null;
+}
+function getStoredProject() {
+  return process.env.SUPERCHECK_PROJECT ?? store.get("project") ?? null;
+}
+function requireAuth() {
+  const token = getToken();
+  if (!token) {
+    throw new AuthenticationError(
+      "Not authenticated. Run `supercheck login` or set SUPERCHECK_TOKEN environment variable."
+    );
+  }
+  return token;
+}
+function requireTriggerKey() {
+  const key = getTriggerKey();
+  if (!key) {
+    throw new AuthenticationError(
+      "Missing trigger key. Set SUPERCHECK_TRIGGER_KEY (sck_trigger_* or job_*) to use `supercheck job trigger`."
+    );
+  }
+  return key;
+}
+
+// src/version.ts
+var CLI_VERSION = true ? "0.1.0-beta.1" : "0.0.0-dev";
+
+// src/api/client.ts
+import { ProxyAgent } from "undici";
+var DEFAULT_BASE_URL = "https://app.supercheck.io";
+var DEFAULT_TIMEOUT_MS = 3e4;
+var MAX_RETRIES = 3;
+var RETRY_BACKOFF_MS = 1e3;
+var proxyAgents = /* @__PURE__ */ new Map();
+function getProxyAgent(proxyUrl) {
+  const existing = proxyAgents.get(proxyUrl);
+  if (existing) return existing;
+  const created = new ProxyAgent(proxyUrl);
+  proxyAgents.set(proxyUrl, created);
+  return created;
+}
+var ApiClient = class {
+  baseUrl;
+  token;
+  timeout;
+  proxy;
+  constructor(options = {}) {
+    this.baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/, "");
+    this.token = options.token ?? null;
+    this.timeout = options.timeout ?? DEFAULT_TIMEOUT_MS;
+    this.proxy = options.proxy ?? null;
+  }
+  setToken(token) {
+    this.token = token;
+  }
+  setBaseUrl(url) {
+    this.baseUrl = url.replace(/\/$/, "");
+  }
+  setTimeout(timeout) {
+    this.timeout = timeout;
+  }
+  setProxy(proxy) {
+    this.proxy = proxy;
+  }
+  buildHeaders(extraHeaders) {
+    const headers = new Headers({
+      "Content-Type": "application/json",
+      "User-Agent": `supercheck-cli/${CLI_VERSION}`,
+      ...extraHeaders
+    });
+    if (this.token) {
+      headers.set("Authorization", `Bearer ${this.token}`);
+    }
+    return headers;
+  }
+  buildUrl(path, params) {
+    const url = new URL(`${this.baseUrl}${path}`);
+    if (params) {
+      for (const [key, value] of Object.entries(params)) {
+        if (value !== void 0) {
+          url.searchParams.set(key, String(value));
+        }
+      }
+    }
+    return url.toString();
+  }
+  getProxyEnv(url) {
+    if (this.proxy) return this.proxy;
+    const noProxyRaw = process.env.NO_PROXY ?? process.env.no_proxy;
+    if (noProxyRaw && this.isNoProxyMatch(url, noProxyRaw)) {
+      return null;
+    }
+    if (url.protocol === "https:") {
+      return process.env.HTTPS_PROXY ?? process.env.https_proxy ?? process.env.HTTP_PROXY ?? process.env.http_proxy ?? null;
+    }
+    if (url.protocol === "http:") {
+      return process.env.HTTP_PROXY ?? process.env.http_proxy ?? null;
+    }
+    return null;
+  }
+  isNoProxyMatch(url, noProxyRaw) {
+    const hostname = url.hostname;
+    const port = url.port || (url.protocol === "https:" ? "443" : "80");
+    const entries = noProxyRaw.split(",").map((entry) => entry.trim()).filter(Boolean);
+    if (entries.includes("*")) return true;
+    for (const entry of entries) {
+      const [hostPart, portPart] = entry.split(":");
+      const host = hostPart.trim();
+      const entryPort = portPart?.trim();
+      if (!host) continue;
+      if (entryPort && entryPort !== port) continue;
+      if (host.startsWith(".")) {
+        if (hostname.endsWith(host)) return true;
+        continue;
+      }
+      if (hostname === host) return true;
+      if (hostname.endsWith(`.${host}`)) return true;
+    }
+    return false;
+  }
+  /**
+   * Execute an HTTP request with retries, timeout, and rate limit handling.
+   */
+  async request(method, path, options) {
+    const url = this.buildUrl(path, options?.params);
+    const parsedUrl = new URL(url);
+    const headers = this.buildHeaders(options?.headers);
+    const maxRetries = options?.retries ?? MAX_RETRIES;
+    let lastError = null;
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+      let timeoutId = null;
+      try {
+        const controller = new AbortController();
+        timeoutId = setTimeout(() => controller.abort(), this.timeout);
+        const proxy = this.getProxyEnv(parsedUrl);
+        const fetchOptions = {
+          method,
+          headers,
+          body: options?.body ? JSON.stringify(options.body) : void 0,
+          signal: controller.signal
+        };
+        if (proxy) {
+          fetchOptions.dispatcher = getProxyAgent(proxy);
+        }
+        const response = await fetch(url, fetchOptions);
+        clearTimeout(timeoutId);
+        timeoutId = null;
+        if (response.status === 429) {
+          if (attempt >= maxRetries) {
+            throw new ApiRequestError(
+              `Rate limited after ${maxRetries + 1} attempts: ${method} ${path}`,
+              429
+            );
+          }
+          const retryAfter = response.headers.get("Retry-After");
+          const parsedSeconds = retryAfter ? Number(retryAfter) : NaN;
+          const waitMs = Number.isFinite(parsedSeconds) && parsedSeconds > 0 ? parsedSeconds * 1e3 : RETRY_BACKOFF_MS * Math.pow(2, attempt);
+          logger.warn(`Rate limited. Retrying in ${Math.round(waitMs / 1e3)}s...`);
+          await this.sleep(waitMs);
+          continue;
+        }
+        if (response.status >= 500 && attempt < maxRetries) {
+          const waitMs = RETRY_BACKOFF_MS * Math.pow(2, attempt);
+          logger.debug(`Server error ${response.status}. Retrying in ${waitMs}ms...`);
+          await this.sleep(waitMs);
+          continue;
+        }
+        const text = await response.text();
+        if (!response.ok) {
+          let responseBody;
+          try {
+            responseBody = JSON.parse(text);
+          } catch {
+            responseBody = text;
+          }
+          throw new ApiRequestError(
+            `API request failed: ${method} ${path} \u2192 ${response.status}`,
+            response.status,
+            responseBody
+          );
+        }
+        const data = text ? JSON.parse(text) : {};
+        return {
+          data,
+          status: response.status,
+          headers: response.headers
+        };
+      } catch (err) {
+        if (err instanceof ApiRequestError) throw err;
+        if (err instanceof DOMException && err.name === "AbortError") {
+          throw new TimeoutError(`Request timed out after ${this.timeout}ms: ${method} ${path}`);
+        }
+        lastError = err;
+        if (attempt < maxRetries) {
+          const waitMs = RETRY_BACKOFF_MS * Math.pow(2, attempt);
+          logger.debug(`Network error: ${err.message}. Retrying in ${waitMs}ms...`);
+          await this.sleep(waitMs);
+        }
+      } finally {
+        if (timeoutId !== null) clearTimeout(timeoutId);
+      }
+    }
+    throw new ApiRequestError(
+      `Request failed after ${maxRetries + 1} attempts: ${lastError?.message ?? "Unknown error"}`
+    );
+  }
+  async get(path, params) {
+    return this.request("GET", path, { params });
+  }
+  async post(path, body) {
+    return this.request("POST", path, { body });
+  }
+  async put(path, body) {
+    return this.request("PUT", path, { body });
+  }
+  async patch(path, body) {
+    return this.request("PATCH", path, { body });
+  }
+  async delete(path) {
+    return this.request("DELETE", path);
+  }
+  sleep(ms) {
+    return new Promise((resolve5) => setTimeout(resolve5, ms));
+  }
+};
+var defaultClient = null;
+function getApiClient(options) {
+  if (!defaultClient) {
+    defaultClient = new ApiClient(options);
+  } else if (options) {
+    if (options.token !== void 0) defaultClient.setToken(options.token);
+    if (options.baseUrl !== void 0) defaultClient.setBaseUrl(options.baseUrl);
+    if (options.timeout !== void 0) defaultClient.setTimeout(options.timeout);
+    if (options.proxy !== void 0) defaultClient.setProxy(options.proxy);
+  }
+  return defaultClient;
+}
+
+// src/utils/discovery.ts
+import { readdirSync, statSync, readFileSync } from "fs";
+import { resolve, relative, basename } from "path";
+function matchGlob(filePath, pattern) {
+  const withPlaceholders = pattern.replace(/\*\*/g, "{{GLOBSTAR}}").replace(/\*/g, "{{STAR}}");
+  const escaped = withPlaceholders.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
+  const regexStr = escaped.replace(/\{\{GLOBSTAR\}\}/g, ".*").replace(/\{\{STAR\}\}/g, "[^/]*");
+  return new RegExp(`^${regexStr}$`).test(filePath);
+}
+var SKIP_DIRS = /* @__PURE__ */ new Set([
+  "node_modules",
+  ".git",
+  ".next",
+  ".nuxt",
+  "dist",
+  "build",
+  "out",
+  "coverage",
+  ".turbo",
+  ".cache",
+  ".vercel",
+  "vendor"
+]);
+function walkDir(dir) {
+  const results = [];
+  try {
+    const entries = readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      const fullPath = resolve(dir, entry.name);
+      if (entry.isDirectory()) {
+        if (SKIP_DIRS.has(entry.name)) continue;
+        results.push(...walkDir(fullPath));
+      } else if (entry.isFile()) {
+        results.push(fullPath);
+      }
+    }
+  } catch {
+  }
+  return results;
+}
+function getGlobStaticPrefix(pattern) {
+  const parts = pattern.split("/");
+  const staticParts = [];
+  for (const part of parts) {
+    if (part.includes("*") || part.includes("?") || part.includes("{") || part.includes("[")) break;
+    staticParts.push(part);
+  }
+  return staticParts.length > 0 ? staticParts.join("/") : null;
+}
+function discoverFiles(cwd, patterns) {
+  const walkRoots = /* @__PURE__ */ new Set();
+  for (const pattern of [patterns.playwright, patterns.k6]) {
+    if (!pattern) continue;
+    const prefix = getGlobStaticPrefix(pattern);
+    if (prefix) {
+      walkRoots.add(resolve(cwd, prefix));
+    } else {
+      walkRoots.add(cwd);
+    }
+  }
+  if (walkRoots.has(cwd) && walkRoots.size > 1) {
+    walkRoots.clear();
+    walkRoots.add(cwd);
+  }
+  const allFiles = [];
+  for (const root of walkRoots) {
+    allFiles.push(...walkDir(root));
+  }
+  const discovered = [];
+  for (const absPath of allFiles) {
+    const relPath = relative(cwd, absPath);
+    const name = basename(absPath);
+    if (patterns.playwright && matchGlob(relPath, patterns.playwright)) {
+      discovered.push({
+        absolutePath: absPath,
+        relativePath: relPath,
+        filename: name,
+        type: "playwright"
+      });
+    } else if (patterns.k6 && matchGlob(relPath, patterns.k6)) {
+      discovered.push({
+        absolutePath: absPath,
+        relativePath: relPath,
+        filename: name,
+        type: "k6"
+      });
+    }
+  }
+  logger.debug(`Discovered ${discovered.length} test files`);
+  return discovered;
+}
+function readFileContent(filePath) {
+  try {
+    return readFileSync(filePath, "utf-8");
+  } catch {
+    logger.warn(`Cannot read file: ${filePath}`);
+    return null;
+  }
+}
+
+// src/utils/resources.ts
+var UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function buildLocalResources(config, cwd) {
+  const resources = [];
+  if (config.jobs) {
+    for (const job of config.jobs) {
+      resources.push({
+        id: job.id,
+        type: "job",
+        name: job.name,
+        definition: { ...job }
+      });
+    }
+  }
+  if (config.variables) {
+    for (const v of config.variables) {
+      resources.push({
+        id: v.id,
+        type: "variable",
+        name: v.key,
+        definition: { key: v.key, value: v.value, isSecret: v.isSecret, description: v.description }
+      });
+    }
+  }
+  if (config.tags) {
+    for (const t of config.tags) {
+      resources.push({
+        id: t.id,
+        type: "tag",
+        name: t.name,
+        definition: { name: t.name, color: t.color }
+      });
+    }
+  }
+  if (Array.isArray(config.monitors)) {
+    for (const m of config.monitors) {
+      resources.push({
+        id: m.id,
+        type: "monitor",
+        name: m.name,
+        definition: { ...m }
+      });
+    }
+  } else if (typeof config.monitors === "string") {
+    logger.warn(
+      `monitors is set to a glob pattern ("${config.monitors}") but glob-based monitor discovery is not yet implemented. Define monitors as an inline array in your config, or remove the monitors field.`
+    );
+  }
+  if (Array.isArray(config.statusPages)) {
+    for (const sp of config.statusPages) {
+      resources.push({
+        id: sp.id,
+        type: "statusPage",
+        name: sp.name,
+        definition: { ...sp }
+      });
+    }
+  } else if (typeof config.statusPages === "string") {
+    logger.warn(
+      `statusPages is set to a glob pattern ("${config.statusPages}") but glob-based status page discovery is not yet implemented. Define status pages as an inline array in your config, or remove the statusPages field.`
+    );
+  }
+  const patterns = {
+    playwright: config.tests?.playwright?.testMatch,
+    k6: config.tests?.k6?.testMatch
+  };
+  const files = discoverFiles(cwd, patterns);
+  for (const file of files) {
+    const script = readFileContent(file.absolutePath);
+    if (script) {
+      const stem = file.filename.replace(/\.(pw|k6)\.ts$/, "");
+      const testId = UUID_REGEX.test(stem) ? stem : void 0;
+      if (!testId) {
+        logger.debug(`Test file "${file.filename}" does not have a UUID-based filename \u2014 will be treated as a new resource`);
+      }
+      resources.push({
+        id: testId,
+        type: "test",
+        name: file.filename,
+        definition: {
+          id: testId,
+          title: stem,
+          testType: file.type === "playwright" ? "playwright" : "k6",
+          script
+        }
+      });
+    }
+  }
+  return resources;
+}
+var PAGE_LIMIT = 200;
+async function fetchAllPages(client, endpoint, label) {
+  const items = [];
+  let page = 1;
+  let totalPages = 1;
+  do {
+    const { data } = await client.get(endpoint, {
+      limit: String(PAGE_LIMIT),
+      page: String(page)
+    });
+    items.push(...data.data);
+    if (data.pagination) {
+      totalPages = data.pagination.totalPages;
+    }
+    page++;
+  } while (page <= totalPages);
+  if (totalPages > 1) {
+    logger.debug(`Fetched ${totalPages} pages of ${label} (${items.length} total)`);
+  }
+  return items;
+}
+function safeId(value) {
+  if (value === void 0 || value === null) return void 0;
+  const str = String(value);
+  if (str === "undefined" || str === "null" || str === "") return void 0;
+  return str;
+}
+async function fetchRemoteResources(client) {
+  const resources = [];
+  try {
+    const jobs = await fetchAllPages(client, "/api/jobs", "jobs");
+    for (const job of jobs) {
+      const id = safeId(job.id);
+      if (!id) {
+        logger.debug("Skipping job with missing id");
+        continue;
+      }
+      resources.push({ id, type: "job", name: String(job.name ?? ""), raw: job });
+    }
+  } catch (err) {
+    logFetchError("jobs", err);
+  }
+  try {
+    const tests = await fetchAllPages(client, "/api/tests", "tests");
+    for (const test of tests) {
+      const id = safeId(test.id);
+      if (!id) {
+        logger.debug("Skipping test with missing id");
+        continue;
+      }
+      resources.push({ id, type: "test", name: String(test.title ?? ""), raw: test });
+    }
+  } catch (err) {
+    logFetchError("tests", err);
+  }
+  try {
+    const monitors = await fetchAllPages(client, "/api/monitors", "monitors");
+    for (const monitor of monitors) {
+      const id = safeId(monitor.id);
+      if (!id) {
+        logger.debug("Skipping monitor with missing id");
+        continue;
+      }
+      resources.push({ id, type: "monitor", name: String(monitor.name ?? ""), raw: monitor });
+    }
+  } catch (err) {
+    logFetchError("monitors", err);
+  }
+  try {
+    const { data } = await client.get("/api/variables");
+    for (const v of data) {
+      const id = safeId(v.id);
+      if (!id) {
+        logger.debug("Skipping variable with missing id");
+        continue;
+      }
+      resources.push({ id, type: "variable", name: String(v.key ?? ""), raw: v });
+    }
+  } catch (err) {
+    logFetchError("variables", err);
+  }
+  try {
+    const { data } = await client.get("/api/tags");
+    for (const t of data) {
+      const id = safeId(t.id);
+      if (!id) {
+        logger.debug("Skipping tag with missing id");
+        continue;
+      }
+      resources.push({ id, type: "tag", name: String(t.name ?? ""), raw: t });
+    }
+  } catch (err) {
+    logFetchError("tags", err);
+  }
+  try {
+    const statusPages = await fetchAllPages(client, "/api/status-pages", "status-pages");
+    for (const sp of statusPages) {
+      const id = safeId(sp.id);
+      if (!id) {
+        logger.debug("Skipping status page with missing id");
+        continue;
+      }
+      resources.push({ id, type: "statusPage", name: String(sp.name ?? ""), raw: sp });
+    }
+  } catch (err) {
+    logFetchError("status-pages", err);
+  }
+  return resources;
+}
+function logFetchError(resourceType, err) {
+  if (err instanceof ApiRequestError && err.statusCode === 404) {
+    logger.debug(`Could not fetch ${resourceType} (not found)`);
+  } else {
+    const msg = err instanceof Error ? err.message : String(err);
+    logger.warn(`Could not fetch ${resourceType}: ${msg}`);
+  }
+}
+function getApiEndpoint(type) {
+  switch (type) {
+    case "job":
+      return "/api/jobs";
+    case "test":
+      return "/api/tests";
+    case "monitor":
+      return "/api/monitors";
+    case "variable":
+      return "/api/variables";
+    case "tag":
+      return "/api/tags";
+    case "statusPage":
+      return "/api/status-pages";
+    default:
+      throw new Error(`Unknown resource type: ${type}`);
+  }
+}
+function safeTokenPreview(token) {
+  if (!token || token.length === 0) return "(empty)";
+  if (token.length <= 4) return `${token.substring(0, 1)}***`;
+  if (token.length <= 8) {
+    return `${token.substring(0, 4)}...`;
+  }
+  if (token.length <= 20) {
+    return `${token.substring(0, Math.min(token.length - 4, 12))}...`;
+  }
+  return `${token.substring(0, 12)}...${token.substring(token.length - 4)}`;
+}
+
+// src/commands/login.ts
+var loginCommand = new Command("login").description("Authenticate with Supercheck").option("--token <token>", "Provide a CLI token directly (for CI/CD)").option("--url <url>", "Supercheck API URL (for self-hosted instances)").action(async (options) => {
+  if (options.token) {
+    const token = options.token.trim();
+    if (!validateTokenFormat(token)) {
+      throw new CLIError(
+        "Invalid token. `supercheck login` requires a CLI token (sck_live_* or sck_test_*). Trigger keys (sck_trigger_* / job_*) are only for `supercheck job trigger` via SUPERCHECK_TRIGGER_KEY.",
+        2 /* AuthError */
+      );
+    }
+    const client = getApiClient({
+      baseUrl: options.url,
+      token
+    });
+    try {
+      await client.get("/api/cli-tokens");
+    } catch {
+      throw new CLIError(
+        "Token verification failed. Please check your token and try again.",
+        2 /* AuthError */
+      );
+    }
+    setToken(token);
+    if (options.url) {
+      setBaseUrl(options.url);
+    }
+    const tokenPreview = safeTokenPreview(token);
+    logger.success("Authentication successful");
+    logger.info(`  Token: ${tokenPreview}`);
+    if (options.url) {
+      logger.info(`  API URL: ${options.url}`);
+    }
+    return;
+  }
+  logger.newline();
+  logger.info("To authenticate, create a CLI token in the Dashboard:");
+  logger.info("  Dashboard \u2192 Project Settings \u2192 CLI Tokens \u2192 Create Token");
+  logger.newline();
+  if (options.url) {
+    logger.info(`Then run: supercheck login --token <your-token> --url ${options.url}`);
+  } else {
+    logger.info("Then run: supercheck login --token <your-token>");
+  }
+  logger.newline();
+  logger.warn("Browser-based OAuth login is not yet implemented.");
+});
+var logoutCommand = new Command("logout").description("Remove stored authentication credentials").action(() => {
+  clearAuth();
+  logger.success("Logged out successfully. Stored credentials removed.");
+});
+var whoamiCommand = new Command("whoami").description("Show current authentication context").action(async () => {
+  const token = getToken();
+  if (!token) {
+    throw new CLIError(
+      "Not authenticated. Run `supercheck login` to authenticate.",
+      2 /* AuthError */
+    );
+  }
+  const baseUrl = getStoredBaseUrl();
+  const client = getApiClient({ token, baseUrl: baseUrl ?? void 0 });
+  try {
+    const { data } = await client.get("/api/cli-tokens");
+    const tokenPreview = safeTokenPreview(token);
+    const activeToken = data.tokens?.find((t) => t.start && token.startsWith(t.start.replace(/\.+$/, "")));
+    logger.newline();
+    logger.header("Current Context");
+    logger.newline();
+    if (activeToken?.createdByName && activeToken.createdByName !== "-") {
+      logger.info(`  User:    ${activeToken.createdByName}`);
+    }
+    if (activeToken?.name) {
+      logger.info(`  Token:   ${activeToken.name} (${tokenPreview})`);
+    } else {
+      logger.info(`  Token:   ${tokenPreview}`);
+    }
+    logger.info(`  API URL: ${baseUrl ?? "https://app.supercheck.io"}`);
+    if (activeToken?.expiresAt) {
+      logger.info(`  Expires: ${activeToken.expiresAt}`);
+    }
+    if (activeToken?.lastRequest) {
+      logger.info(`  Last used: ${activeToken.lastRequest}`);
+    }
+    logger.newline();
+  } catch {
+    throw new CLIError(
+      "Failed to verify authentication. Your token may be expired or invalid.",
+      2 /* AuthError */
+    );
+  }
+});
+
+// src/commands/health.ts
+import { Command as Command2 } from "commander";
+
+// src/config/loader.ts
+import { createJiti } from "jiti";
+import { deepmerge } from "deepmerge-ts";
+import { existsSync } from "fs";
+import { resolve as resolve2, dirname } from "path";
+
+// src/config/schema.ts
+import { z } from "zod";
+var tagDefinitionSchema = z.object({
+  /** Database UUID. Present for existing resources, omitted for new ones. */
+  id: z.string().uuid().optional(),
+  name: z.string().min(1),
+  color: z.string().optional()
+});
+var variableDefinitionSchema = z.object({
+  /** Database UUID. Present for existing resources, omitted for new ones. */
+  id: z.string().uuid().optional(),
+  key: z.string().min(1),
+  value: z.string(),
+  isSecret: z.boolean().default(false),
+  description: z.string().optional()
+});
+var notificationProviderDefinitionSchema = z.object({
+  /** Database UUID. Present for existing resources, omitted for new ones. */
+  id: z.string().uuid().optional(),
+  name: z.string().min(1),
+  type: z.enum(["email", "slack", "webhook", "telegram", "discord", "teams"]),
+  config: z.record(z.unknown())
+});
+var alertConfigSchema = z.object({
+  enabled: z.boolean().optional(),
+  notificationProviders: z.array(z.string()).optional(),
+  alertOnFailure: z.boolean().optional(),
+  alertOnSuccess: z.boolean().optional(),
+  alertOnTimeout: z.boolean().optional(),
+  alertOnRecovery: z.boolean().optional(),
+  alertOnSslExpiration: z.boolean().optional(),
+  failureThreshold: z.number().int().positive().optional(),
+  recoveryThreshold: z.number().int().positive().optional(),
+  customMessage: z.string().optional()
+}).passthrough();
+var playwrightTestConfigSchema = z.object({
+  testMatch: z.string().default("_supercheck_/tests/**/*.pw.ts"),
+  browser: z.enum(["chromium", "firefox", "webkit"]).default("chromium")
+});
+var k6TestConfigSchema = z.object({
+  testMatch: z.string().default("_supercheck_/tests/**/*.k6.ts")
+});
+var testsConfigSchema = z.object({
+  playwright: playwrightTestConfigSchema.optional(),
+  k6: k6TestConfigSchema.optional()
+});
+var monitorDefinitionSchema = z.object({
+  /** Database UUID. Present for existing resources, omitted for new ones. */
+  id: z.string().uuid().optional(),
+  name: z.string().min(1),
+  description: z.string().optional(),
+  type: z.enum(["http_request", "website", "ping_host", "port_check", "synthetic_test"]),
+  target: z.string().optional(),
+  frequencyMinutes: z.number().int().positive().optional(),
+  enabled: z.boolean().optional(),
+  config: z.record(z.unknown()).optional(),
+  alertConfig: alertConfigSchema.optional(),
+  tags: z.array(z.string()).optional()
+});
+var jobDefinitionSchema = z.object({
+  /** Database UUID. Present for existing resources, omitted for new ones. */
+  id: z.string().uuid().optional(),
+  name: z.string().min(1),
+  description: z.string().optional(),
+  jobType: z.enum(["playwright", "k6"]).optional(),
+  tests: z.array(z.string()).min(1),
+  cronSchedule: z.string().optional(),
+  status: z.string().optional(),
+  alertConfig: alertConfigSchema.optional(),
+  tags: z.array(z.string()).optional()
+});
+var statusPageComponentDefinitionSchema = z.object({
+  /** Database UUID. Present for existing resources, omitted for new ones. */
+  id: z.string().uuid().optional(),
+  name: z.string().min(1),
+  description: z.string().optional(),
+  monitors: z.array(z.string()).optional(),
+  position: z.number().int().min(0).optional()
+});
+var statusPageDefinitionSchema = z.object({
+  /** Database UUID. Present for existing resources, omitted for new ones. */
+  id: z.string().uuid().optional(),
+  name: z.string().min(1),
+  subdomain: z.string().optional(),
+  status: z.enum(["draft", "published", "archived"]).optional(),
+  description: z.string().optional(),
+  headline: z.string().optional(),
+  supportUrl: z.string().optional(),
+  components: z.array(statusPageComponentDefinitionSchema).optional(),
+  branding: z.object({
+    bodyBackgroundColor: z.string().optional(),
+    fontColor: z.string().optional(),
+    greens: z.string().optional(),
+    reds: z.string().optional()
+  }).optional(),
+  notifications: z.object({
+    allowEmailSubscribers: z.boolean().default(true),
+    allowWebhookSubscribers: z.boolean().default(false),
+    allowRssFeed: z.boolean().default(true)
+  }).optional()
+});
+var projectConfigSchema = z.object({
+  organization: z.string().min(1),
+  project: z.string().min(1)
+});
+var apiConfigSchema = z.object({
+  baseUrl: z.string().url().default("https://app.supercheck.io")
+});
+var defaultsConfigSchema = z.object({
+  runLocation: z.string().optional(),
+  timeout: z.number().int().positive().optional()
+});
+var supercheckConfigSchema = z.object({
+  schemaVersion: z.literal("1.0"),
+  project: projectConfigSchema,
+  api: apiConfigSchema.optional(),
+  defaults: defaultsConfigSchema.optional(),
+  tests: testsConfigSchema.optional(),
+  monitors: z.union([
+    z.string(),
+    z.array(monitorDefinitionSchema)
+  ]).optional(),
+  statusPages: z.union([
+    z.string(),
+    z.array(statusPageDefinitionSchema)
+  ]).optional(),
+  jobs: z.array(jobDefinitionSchema).optional(),
+  notificationProviders: z.array(notificationProviderDefinitionSchema).optional(),
+  variables: z.array(variableDefinitionSchema).optional(),
+  tags: z.array(tagDefinitionSchema).optional()
+});
+
+// src/config/loader.ts
+var CONFIG_FILES = [
+  "supercheck.config.ts",
+  "supercheck.config.js",
+  "supercheck.config.mjs"
+];
+var LOCAL_CONFIG_FILES = [
+  "supercheck.config.local.ts",
+  "supercheck.config.local.js",
+  "supercheck.config.local.mjs"
+];
+function resolveConfigPath(cwd, explicitPath) {
+  if (explicitPath) {
+    const abs = resolve2(cwd, explicitPath);
+    if (!existsSync(abs)) {
+      throw new CLIError(
+        `Config file not found: ${abs}`,
+        3 /* ConfigError */
+      );
+    }
+    return abs;
+  }
+  for (const file of CONFIG_FILES) {
+    const abs = resolve2(cwd, file);
+    if (existsSync(abs)) return abs;
+  }
+  return null;
+}
+function resolveLocalConfigPath(cwd) {
+  for (const file of LOCAL_CONFIG_FILES) {
+    const abs = resolve2(cwd, file);
+    if (existsSync(abs)) return abs;
+  }
+  return null;
+}
+async function loadConfigFile(filePath) {
+  const jiti = createJiti(dirname(filePath), {
+    interopDefault: true
+  });
+  const mod = await jiti.import(filePath);
+  return mod.default ?? mod;
+}
+function applyEnvOverrides(config) {
+  const result = { ...config };
+  if (process.env.SUPERCHECK_URL) {
+    result.api = {
+      ...result.api,
+      baseUrl: process.env.SUPERCHECK_URL
+    };
+  }
+  if (process.env.SUPERCHECK_ORG) {
+    result.project = {
+      ...result.project,
+      organization: process.env.SUPERCHECK_ORG
+    };
+  }
+  if (process.env.SUPERCHECK_PROJECT) {
+    result.project = {
+      ...result.project,
+      project: process.env.SUPERCHECK_PROJECT
+    };
+  }
+  return result;
+}
+function validateNoSecrets(config) {
+  const configStr = JSON.stringify(config);
+  const secretPatterns = [
+    /sck_live_[a-zA-Z0-9]+/,
+    /sck_trigger_[a-zA-Z0-9]+/,
+    /sck_test_[a-zA-Z0-9]+/
+  ];
+  for (const pattern of secretPatterns) {
+    if (pattern.test(configStr)) {
+      throw new CLIError(
+        "Config file contains what appears to be an API token. Tokens must be stored in environment variables (SUPERCHECK_TOKEN) or the OS keychain, never in config files.",
+        3 /* ConfigError */
+      );
+    }
+  }
+}
+async function loadConfig(options = {}) {
+  const cwd = options.cwd ?? process.cwd();
+  const configPath = resolveConfigPath(cwd, options.configPath);
+  if (!configPath) {
+    throw new CLIError(
+      "No supercheck.config.ts found. Run `supercheck init` to create one.",
+      3 /* ConfigError */
+    );
+  }
+  let config = await loadConfigFile(configPath);
+  const localConfigPath = resolveLocalConfigPath(cwd);
+  if (localConfigPath) {
+    const localConfig = await loadConfigFile(localConfigPath);
+    config = deepmerge(config, localConfig);
+  }
+  config = applyEnvOverrides(config);
+  validateNoSecrets(config);
+  const parsed = supercheckConfigSchema.safeParse(config);
+  if (!parsed.success) {
+    const issues = parsed.error.issues.map((i) => `  - ${i.path.join(".")}: ${i.message}`).join("\n");
+    throw new CLIError(
+      `Invalid configuration:
+${issues}`,
+      3 /* ConfigError */
+    );
+  }
+  return {
+    config: parsed.data,
+    configPath
+  };
+}
+async function tryLoadConfig(options = {}) {
+  try {
+    return await loadConfig(options);
+  } catch (err) {
+    if (err instanceof CLIError && err.message.includes("No supercheck.config.ts found")) {
+      return null;
+    }
+    throw err;
+  }
+}
+
+// src/output/formatter.ts
+import Table from "cli-table3";
+import pc2 from "picocolors";
+var currentFormat = "table";
+function setOutputFormat(format) {
+  currentFormat = format;
+}
+function getOutputFormat() {
+  return currentFormat;
+}
+function output(data, options) {
+  switch (currentFormat) {
+    case "json":
+      logger.output(JSON.stringify(data, null, 2));
+      break;
+    case "quiet":
+      if (Array.isArray(data)) {
+        for (const item of data) {
+          if ("id" in item) logger.output(String(item.id));
+        }
+      } else if ("id" in data) {
+        logger.output(String(data.id));
+      }
+      break;
+    case "table":
+    default:
+      outputTable(data, options?.columns);
+      break;
+  }
+}
+function outputTable(data, columns) {
+  if (data === void 0 || data === null) {
+    logger.info("No results found.");
+    return;
+  }
+  const rawItems = Array.isArray(data) ? data : [data];
+  const items = rawItems.filter((item) => item !== void 0 && item !== null);
+  if (items.length === 0) {
+    logger.info("No results found.");
+    return;
+  }
+  const cols = columns ?? Object.keys(items[0]).map((key) => ({
+    key,
+    header: key.charAt(0).toUpperCase() + key.slice(1)
+  }));
+  const table = new Table({
+    head: cols.map((c) => c.header),
+    style: {
+      head: ["cyan"],
+      border: ["gray"]
+    }
+  });
+  for (const item of items) {
+    table.push(cols.map((c) => formatValue(item?.[c.key], c, item)));
+  }
+  logger.output(table.toString());
+}
+var STATUS_COLORS = {
+  // Success states (green)
+  up: "success",
+  ok: "success",
+  success: "success",
+  passed: "success",
+  active: "success",
+  sent: "success",
+  enabled: "success",
+  healthy: "success",
+  running: "success",
+  completed: "success",
+  // Error states (red)
+  down: "error",
+  failed: "error",
+  error: "error",
+  blocked: "error",
+  unhealthy: "error",
+  cancelled: "error",
+  canceled: "error",
+  // Warning states (yellow)
+  paused: "warning",
+  pending: "warning",
+  disabled: "warning",
+  degraded: "warning",
+  unknown: "warning",
+  queued: "warning",
+  warning: "warning",
+  skipped: "warning",
+  inactive: "warning"
+};
+function formatStatus(status) {
+  const normalizedStatus = status.toLowerCase();
+  const colorType = STATUS_COLORS[normalizedStatus];
+  if (!colorType) {
+    return status;
+  }
+  switch (colorType) {
+    case "success":
+      return pc2.green(`\u25CF ${status}`);
+    case "error":
+      return pc2.red(`\u25CF ${status}`);
+    case "warning":
+      return pc2.yellow(`\u25CF ${status}`);
+    default:
+      return status;
+  }
+}
+function formatValue(value, column, row) {
+  if (column?.format && row) {
+    return column.format(value, row);
+  }
+  if (value === null || value === void 0) return pc2.dim("-");
+  if (typeof value === "boolean") {
+    return value ? pc2.green("\u2713") : pc2.red("\u2717");
+  }
+  if (value instanceof Date) return formatDate(value);
+  if (Array.isArray(value)) return value.join(", ");
+  if (typeof value === "number") {
+    const dateForNumber = maybeFormatDate(value, column?.key);
+    if (dateForNumber) return dateForNumber;
+    return String(value);
+  }
+  if (typeof value === "object") return JSON.stringify(value);
+  const strValue = String(value);
+  const dateForString = maybeFormatDate(strValue, column?.key);
+  if (dateForString) return dateForString;
+  if (STATUS_COLORS[strValue.toLowerCase()]) {
+    return formatStatus(strValue);
+  }
+  return strValue;
+}
+var DATE_KEY_PATTERN = /(At|Date|Time|Timestamp)$/i;
+function maybeFormatDate(value, key) {
+  if (!key && typeof value !== "string") return null;
+  if (key && !DATE_KEY_PATTERN.test(key) && typeof value !== "string") return null;
+  const date = new Date(value);
+  if (Number.isNaN(date.getTime())) return null;
+  if (typeof value === "string") {
+    const isIsoLike = value.includes("T") || value.endsWith("Z") || /[+-]\d{2}:?\d{2}$/.test(value);
+    if (!isIsoLike) return null;
+    return formatDate(date);
+  }
+  return formatDate(date);
+}
+function formatDate(date) {
+  return date.toISOString().replace("T", " ").replace("Z", "");
+}
+function outputDetail(data) {
+  if (currentFormat === "json") {
+    logger.output(JSON.stringify(data, null, 2));
+    return;
+  }
+  if (currentFormat === "quiet") {
+    if ("id" in data) logger.output(String(data.id));
+    return;
+  }
+  const keys = Object.keys(data);
+  if (keys.length === 0) {
+    logger.info("No details available.");
+    return;
+  }
+  const maxKeyLen = Math.max(...keys.map((k) => k.length));
+  for (const [key, value] of Object.entries(data)) {
+    const label = key.padEnd(maxKeyLen + 2);
+    logger.output(`  ${label}${formatValue(value, { key, header: key }, data)}`);
+  }
+}
+
+// src/commands/health.ts
+var healthCommand = new Command2("health").description("Check Supercheck API health").option("--url <url>", "Supercheck API URL").action(async (options) => {
+  const configResult = await tryLoadConfig();
+  const baseUrl = options.url ?? getStoredBaseUrl() ?? configResult?.config.api?.baseUrl ?? "https://app.supercheck.io";
+  const client = getApiClient({ baseUrl });
+  try {
+    const { data } = await client.get("/api/health");
+    const checks = data.checks ?? {};
+    const displayData = {
+      status: data.status,
+      database: checks.database?.status ?? "n/a",
+      redis: checks.redis?.status ?? "n/a",
+      s3: checks.s3?.status ?? "n/a",
+      latencyMs: data.latencyMs
+    };
+    output(displayData, {
+      columns: [
+        { key: "status", header: "Status" },
+        { key: "database", header: "Database" },
+        { key: "redis", header: "Redis" },
+        { key: "s3", header: "S3" },
+        { key: "latencyMs", header: "Latency (ms)" }
+      ]
+    });
+    if (data.status === "ok") {
+      logger.success(`API is healthy at ${baseUrl}`);
+    } else {
+      throw new CLIError(`API reports degraded status at ${baseUrl}`, 4 /* ApiError */);
+    }
+  } catch (err) {
+    if (err instanceof CLIError) throw err;
+    logger.error(`Cannot reach API at ${baseUrl}`);
+    if (err instanceof Error) {
+      logger.debug(err.message);
+    }
+    throw new CLIError(`Cannot reach API at ${baseUrl}`, 4 /* ApiError */);
+  }
+});
+var locationsCommand = new Command2("locations").description("List available execution locations").action(async () => {
+  const configResult = await tryLoadConfig();
+  const baseUrl = getStoredBaseUrl() ?? configResult?.config.api?.baseUrl ?? "https://app.supercheck.io";
+  const client = getApiClient({ baseUrl });
+  const { data } = await client.get("/api/locations");
+  const locations = "locations" in data ? data.locations : data.data ?? [];
+  output(locations, {
+    columns: [
+      { key: "code", header: "Code" },
+      { key: "name", header: "Name" },
+      { key: "region", header: "Region" }
+    ]
+  });
+});
+
+// src/commands/config.ts
+import { Command as Command3 } from "commander";
+var configCommand = new Command3("config").description("Configuration management");
+configCommand.command("validate").description("Validate supercheck.config.ts").action(async () => {
+  const { config, configPath } = await loadConfig();
+  logger.success(`Valid configuration loaded from ${configPath}`);
+  logger.info(`  Organization: ${config.project.organization}`);
+  logger.info(`  Project:      ${config.project.project}`);
+});
+configCommand.command("print").description("Print the resolved configuration").action(async () => {
+  const { config } = await loadConfig();
+  output(config);
+});
+
+// src/commands/init.ts
+import { Command as Command4 } from "commander";
+import { existsSync as existsSync2, mkdirSync, writeFileSync, readFileSync as readFileSync2, appendFileSync } from "fs";
+import { resolve as resolve3, basename as basename2 } from "path";
+
+// src/utils/spinner.ts
+import ora from "ora";
+function createSpinner(text) {
+  const format = getOutputFormat();
+  const isInteractive = format === "table";
+  const spinner = ora({
+    text,
+    // Disable spinner in non-interactive modes
+    isSilent: !isInteractive,
+    // Use dots style for a clean look
+    spinner: "dots"
+  });
+  return spinner;
+}
+async function withSpinner(text, fn, options) {
+  const spinner = createSpinner(text);
+  spinner.start();
+  try {
+    const result = await fn();
+    const successMessage = typeof options?.successText === "function" ? options.successText(result) : options?.successText ?? text.replace(/\.\.\.?$/, "");
+    spinner.succeed(successMessage);
+    return result;
+  } catch (error) {
+    const failMessage = options?.failText ?? text.replace(/\.\.\.?$/, " failed");
+    spinner.fail(failMessage);
+    throw error;
+  }
+}
+
+// src/commands/init.ts
+var CONFIG_TEMPLATE = `import { defineConfig } from '@supercheck/cli'
+
+export default defineConfig({
+  schemaVersion: '1.0',
+  project: {
+    organization: 'my-org',
+    project: 'my-project',
+  },
+  api: {
+    baseUrl: process.env.SUPERCHECK_URL ?? 'https://app.supercheck.io',
+  },
+  tests: {
+    playwright: {
+      testMatch: '_supercheck_/tests/**/*.pw.ts',
+      browser: 'chromium',
+    },
+    k6: {
+      testMatch: '_supercheck_/tests/**/*.k6.ts',
+    },
+  },
+})
+`;
+var EXAMPLE_PW_TEST = `import { test, expect } from '@playwright/test'
+
+test('homepage loads successfully', async ({ page }) => {
+  await page.goto('https://example.com')
+  await expect(page).toHaveTitle(/Example/)
+})
+`;
+var EXAMPLE_K6_TEST = `import http from 'k6/http'
+import { check, sleep } from 'k6'
+
+export const options = {
+  vus: 10,
+  duration: '30s',
+}
+
+export default function () {
+  const res = http.get('https://example.com')
+  check(res, {
+    'status is 200': (r) => r.status === 200,
+    'response time < 500ms': (r) => r.timings.duration < 500,
+  })
+  sleep(1)
+}
+`;
+var SUPERCHECK_TSCONFIG = `{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "esModuleInterop": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "noEmit": true,
+    "types": ["node"]
+  },
+  "include": [
+    "supercheck.config.ts",
+    "supercheck.config.local.ts",
+    "_supercheck_/**/*.ts"
+  ]
+}
+`;
+var GITIGNORE_ADDITIONS = `
+# Supercheck CLI
+supercheck.config.local.ts
+supercheck.config.local.js
+supercheck.config.local.mjs
+`;
+function detectPackageManager(cwd) {
+  if (existsSync2(resolve3(cwd, "bun.lockb")) || existsSync2(resolve3(cwd, "bun.lock"))) return "bun";
+  if (existsSync2(resolve3(cwd, "pnpm-lock.yaml"))) return "pnpm";
+  if (existsSync2(resolve3(cwd, "yarn.lock"))) return "yarn";
+  return "npm";
+}
+function getInstallCommand(pm, packages) {
+  const pkgs = packages.join(" ");
+  switch (pm) {
+    case "bun":
+      return `bun add -d ${pkgs}`;
+    case "pnpm":
+      return `pnpm add -D ${pkgs}`;
+    case "yarn":
+      return `yarn add -D ${pkgs}`;
+    case "npm":
+      return `npm install --save-dev ${pkgs}`;
+  }
+}
+function ensurePackageJson(cwd) {
+  const pkgPath = resolve3(cwd, "package.json");
+  if (existsSync2(pkgPath)) return false;
+  const projectName = basename2(cwd).toLowerCase().replace(/[^a-z0-9-]/g, "-");
+  const minimalPkg = {
+    name: projectName,
+    private: true,
+    type: "module",
+    scripts: {
+      "supercheck:deploy": "supercheck deploy",
+      "supercheck:diff": "supercheck diff",
+      "supercheck:pull": "supercheck pull"
+    }
+  };
+  writeFileSync(pkgPath, JSON.stringify(minimalPkg, null, 2) + "\n", "utf-8");
+  return true;
+}
+async function installDependencies(cwd, pm, opts) {
+  if (opts.skipInstall) {
+    logger.info("Skipping dependency installation (--skip-install)");
+    return;
+  }
+  const devDeps = ["@supercheck/cli", "typescript", "@types/node"];
+  if (opts.playwright) {
+    devDeps.push("@playwright/test");
+  }
+  const cmd = getInstallCommand(pm, devDeps);
+  logger.info(`Installing dependencies with ${pm}...`);
+  logger.debug(`Running: ${cmd}`);
+  await withSpinner(
+    `Installing ${devDeps.length} packages...`,
+    async () => {
+      const { execSync } = await import("child_process");
+      try {
+        execSync(cmd, {
+          cwd,
+          stdio: "pipe",
+          timeout: 12e4,
+          // 2 minute timeout
+          env: { ...process.env, NODE_ENV: "development" }
+        });
+      } catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        throw new CLIError(
+          `Failed to install dependencies. Run manually:
+  ${cmd}
+
+Error: ${message}`,
+          1 /* GeneralError */
+        );
+      }
+    },
+    { successText: "Dependencies installed" }
+  );
+}
+var initCommand = new Command4("init").description("Initialize a new Supercheck project with config and example tests").option("--force", "Overwrite existing config file").option("--skip-install", "Skip automatic dependency installation").option("--skip-examples", "Skip creating example test files").option("--pm <manager>", "Package manager to use (npm, yarn, pnpm, bun)").action(async (options) => {
+  const cwd = process.cwd();
+  const configPath = resolve3(cwd, "supercheck.config.ts");
+  if (existsSync2(configPath) && !options.force) {
+    throw new CLIError(
+      "supercheck.config.ts already exists. Use --force to overwrite.",
+      3 /* ConfigError */
+    );
+  }
+  logger.newline();
+  logger.header("Initializing Supercheck project...");
+  logger.newline();
+  writeFileSync(configPath, CONFIG_TEMPLATE, "utf-8");
+  logger.success("Created supercheck.config.ts");
+  const tsconfigPath = resolve3(cwd, "tsconfig.supercheck.json");
+  if (!existsSync2(tsconfigPath) || options.force) {
+    writeFileSync(tsconfigPath, SUPERCHECK_TSCONFIG, "utf-8");
+    logger.success("Created tsconfig.supercheck.json (IDE IntelliSense)");
+  }
+  const dirs = [
+    "_supercheck_/tests",
+    "_supercheck_/monitors",
+    "_supercheck_/status-pages"
+  ];
+  for (const dir of dirs) {
+    const dirPath = resolve3(cwd, dir);
+    if (!existsSync2(dirPath)) {
+      mkdirSync(dirPath, { recursive: true });
+    }
+    if (dir !== "_supercheck_/tests") {
+      const gitkeepPath = resolve3(dirPath, ".gitkeep");
+      if (!existsSync2(gitkeepPath)) {
+        writeFileSync(gitkeepPath, "", "utf-8");
+      }
+    }
+  }
+  logger.success("Created _supercheck_/ directory structure");
+  if (!options.skipExamples) {
+    const pwTestPath = resolve3(cwd, "_supercheck_/tests/homepage.pw.ts");
+    if (!existsSync2(pwTestPath)) {
+      writeFileSync(pwTestPath, EXAMPLE_PW_TEST, "utf-8");
+      logger.success("Created _supercheck_/tests/homepage.pw.ts (Playwright example)");
+    }
+    const k6TestPath = resolve3(cwd, "_supercheck_/tests/load-test.k6.ts");
+    if (!existsSync2(k6TestPath)) {
+      writeFileSync(k6TestPath, EXAMPLE_K6_TEST, "utf-8");
+      logger.success("Created _supercheck_/tests/load-test.k6.ts (k6 example)");
+    }
+  }
+  const gitignorePath = resolve3(cwd, ".gitignore");
+  if (existsSync2(gitignorePath)) {
+    const content = readFileSync2(gitignorePath, "utf-8");
+    if (!content.includes("supercheck.config.local")) {
+      appendFileSync(gitignorePath, GITIGNORE_ADDITIONS, "utf-8");
+      logger.success("Updated .gitignore with Supercheck entries");
+    }
+  }
+  const pm = options.pm ?? detectPackageManager(cwd);
+  logger.debug(`Detected package manager: ${pm}`);
+  const createdPkg = ensurePackageJson(cwd);
+  if (createdPkg) {
+    logger.success("Created package.json");
+  }
+  await installDependencies(cwd, pm, {
+    playwright: !options.skipExamples,
+    skipInstall: options.skipInstall ?? false
+  });
+  logger.newline();
+  logger.header("Supercheck project initialized!");
+  logger.newline();
+  logger.info("Next steps:");
+  logger.info("  1. Edit supercheck.config.ts with your org/project details");
+  logger.info("  2. Run `supercheck login --token <your-token>` to authenticate");
+  logger.info("  3. Write tests in _supercheck_/tests/ (*.pw.ts for Playwright, *.k6.ts for k6)");
+  logger.info("  4. Run `supercheck diff` to preview changes against the cloud");
+  logger.info("  5. Run `supercheck deploy` to push to Supercheck");
+  logger.info("  6. Run `supercheck pull` to sync cloud resources locally");
+  logger.newline();
+  logger.info("Useful commands:");
+  logger.info("  supercheck pull        Pull tests & config from the cloud");
+  logger.info("  supercheck diff        Preview local vs remote differences");
+  logger.info("  supercheck deploy      Push local config to Supercheck");
+  logger.info("  supercheck whoami      Check authentication status");
+  logger.newline();
+});
+
+// src/commands/jobs.ts
+import { Command as Command5 } from "commander";
+
+// src/api/authenticated-client.ts
+function createAuthenticatedClient() {
+  const token = requireAuth();
+  const baseUrl = getStoredBaseUrl();
+  return getApiClient({ token, baseUrl: baseUrl ?? void 0 });
+}
+
+// src/utils/validation.ts
+function parseIntStrict(value, name, opts) {
+  const parsed = parseInt(value, 10);
+  if (!Number.isFinite(parsed)) {
+    throw new CLIError(
+      `Invalid value for ${name}: "${value}" is not a valid integer.`,
+      3 /* ConfigError */
+    );
+  }
+  if (opts?.min !== void 0 && parsed < opts.min) {
+    throw new CLIError(
+      `Invalid value for ${name}: ${parsed} is below the minimum of ${opts.min}.`,
+      3 /* ConfigError */
+    );
+  }
+  if (opts?.max !== void 0 && parsed > opts.max) {
+    throw new CLIError(
+      `Invalid value for ${name}: ${parsed} exceeds the maximum of ${opts.max}.`,
+      3 /* ConfigError */
+    );
+  }
+  return parsed;
+}
+
+// src/commands/jobs.ts
+var jobCommand = new Command5("job").description("Manage jobs");
+jobCommand.command("list").description("List all jobs").option("--page <page>", "Page number", "1").option("--limit <limit>", "Items per page", "50").action(async (options) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(
+    "/api/jobs",
+    { page: options.page, limit: options.limit }
+  );
+  output(data.data, {
+    columns: [
+      { key: "id", header: "ID" },
+      { key: "name", header: "Name" },
+      { key: "status", header: "Status" },
+      { key: "cronSchedule", header: "Schedule" },
+      { key: "createdAt", header: "Created" }
+    ]
+  });
+  if (data.pagination) {
+    logger.info(
+      `
+Page ${data.pagination.page}/${data.pagination.totalPages} (${data.pagination.total} total)`
+    );
+  }
+});
+var keysCommand = jobCommand.command("keys").description("Manage job trigger keys");
+keysCommand.argument("<jobId>", "Job ID").action(async (jobId) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(
+    `/api/jobs/${jobId}/api-keys`
+  );
+  output(data.apiKeys ?? [], {
+    columns: [
+      { key: "id", header: "ID" },
+      { key: "name", header: "Name" },
+      { key: "start", header: "Prefix" },
+      { key: "enabled", header: "Enabled" },
+      { key: "expiresAt", header: "Expires" },
+      { key: "lastRequest", header: "Last used" }
+    ]
+  });
+});
+keysCommand.command("create").description("Create a new trigger key for a job").argument("<jobId>", "Job ID").requiredOption("--name <name>", "Key name").option("--expires-in <seconds>", "Expiry in seconds (min 60)").action(async (jobId, options) => {
+  const client = createAuthenticatedClient();
+  const body = { name: options.name };
+  if (options.expiresIn !== void 0) {
+    body.expiresIn = parseIntStrict(options.expiresIn, "--expires-in", { min: 60 });
+  }
+  const { data } = await client.post(
+    `/api/jobs/${jobId}/api-keys`,
+    body
+  );
+  logger.success("Trigger key created");
+  logger.warn("Save the `key` value now. It will only be shown once.");
+  outputDetail(data.apiKey);
+});
+keysCommand.command("delete").description("Revoke a trigger key").argument("<jobId>", "Job ID").argument("<keyId>", "Key ID").action(async (jobId, keyId) => {
+  const client = createAuthenticatedClient();
+  await client.delete(`/api/jobs/${jobId}/api-keys/${keyId}`);
+  logger.success(`Trigger key ${keyId} revoked`);
+});
+jobCommand.command("get <id>").description("Get job details").action(async (id) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(`/api/jobs/${id}`);
+  outputDetail(data);
+});
+jobCommand.command("create").description("Create a new job").requiredOption("--name <name>", "Job name").option("--description <description>", "Job description", "").option("--schedule <cron>", "Cron schedule expression").option("--timeout <seconds>", "Timeout in seconds", "300").option("--retries <count>", "Retry count on failure", "0").action(async (options) => {
+  const client = createAuthenticatedClient();
+  const body = {
+    name: options.name,
+    description: options.description,
+    timeoutSeconds: parseIntStrict(options.timeout, "--timeout", { min: 1 }),
+    retryCount: parseIntStrict(options.retries, "--retries", { min: 0 }),
+    config: {},
+    tests: []
+  };
+  if (options.schedule) body.cronSchedule = options.schedule;
+  const { data } = await client.post("/api/jobs", body);
+  logger.success(`Job "${options.name}" created (${data.id})`);
+  outputDetail(data);
+});
+jobCommand.command("update <id>").description("Update job configuration").option("--name <name>", "Job name").option("--description <description>", "Job description").option("--schedule <cron>", "Cron schedule expression").option("--timeout <seconds>", "Timeout in seconds").option("--retries <count>", "Retry count on failure").option("--status <status>", "Job status (active, paused)").action(async (id, options) => {
+  const client = createAuthenticatedClient();
+  const body = {};
+  if (options.name !== void 0) body.name = options.name;
+  if (options.description !== void 0) body.description = options.description;
+  if (options.schedule !== void 0) body.cronSchedule = options.schedule;
+  if (options.timeout !== void 0) body.timeoutSeconds = parseIntStrict(options.timeout, "--timeout", { min: 1 });
+  if (options.retries !== void 0) body.retryCount = parseIntStrict(options.retries, "--retries", { min: 0 });
+  if (options.status !== void 0) body.status = options.status;
+  if (Object.keys(body).length === 0) {
+    logger.warn("No fields to update. Use --name, --description, --schedule, --timeout, --retries, or --status.");
+    return;
+  }
+  const { data } = await client.patch(`/api/jobs/${id}`, body);
+  logger.success(`Job ${id} updated`);
+  outputDetail(data);
+});
+jobCommand.command("delete <id>").description("Delete a job").option("--force", "Skip confirmation").action(async (id, options) => {
+  if (!options.force) {
+    const { createInterface } = await import("readline");
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    const answer = await new Promise((resolve5) => {
+      rl.question(`Are you sure you want to delete job ${id}? (y/N) `, resolve5);
+    });
+    rl.close();
+    if (answer.toLowerCase() !== "y") {
+      logger.info("Aborted");
+      return;
+    }
+  }
+  const client = createAuthenticatedClient();
+  await client.delete(`/api/jobs/${id}`);
+  logger.success(`Job ${id} deleted`);
+});
+jobCommand.command("run").description("Run a job immediately").requiredOption("--id <id>", "Job ID to run").action(async (options) => {
+  const client = createAuthenticatedClient();
+  const { data: jobData } = await client.get(
+    `/api/jobs/${options.id}`
+  );
+  const tests = Array.isArray(jobData.tests) ? jobData.tests : [];
+  if (tests.length === 0) {
+    throw new CLIError(
+      `Job ${options.id} has no tests. Add tests to the job before running it.`,
+      1 /* GeneralError */
+    );
+  }
+  const payloadTests = tests.map((test) => ({
+    id: test.id,
+    name: test.name ?? test.title ?? ""
+  }));
+  logger.info(`Running job ${options.id}...`);
+  const { data } = await client.post(
+    "/api/jobs/run",
+    { jobId: options.id, tests: payloadTests, trigger: "manual" }
+  );
+  logger.success(`Job started. Run ID: ${data.runId}`);
+  outputDetail(data);
+});
+jobCommand.command("trigger <id>").description("Trigger a job run").option("--wait", "Wait for the run to complete").option("--timeout <seconds>", "Maximum wait time in seconds", "300").action(async (id, options) => {
+  const triggerClient = new ApiClient({
+    token: requireTriggerKey(),
+    baseUrl: getStoredBaseUrl() ?? void 0
+  });
+  logger.info(`Triggering job ${id}...`);
+  const { data } = await triggerClient.post(
+    `/api/jobs/${id}/trigger`
+  );
+  logger.success(`Job triggered. Run ID: ${data.runId}`);
+  if (options.wait) {
+    let statusClient;
+    try {
+      statusClient = createAuthenticatedClient();
+    } catch {
+      throw new CLIError(
+        "Waiting for completion requires a CLI token. Set SUPERCHECK_TOKEN (sck_live_* or sck_test_).",
+        2 /* AuthError */
+      );
+    }
+    logger.info("Waiting for run to complete...");
+    const timeoutMs = parseIntStrict(options.timeout, "--timeout", { min: 1 }) * 1e3;
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeoutMs) {
+      await new Promise((resolve5) => setTimeout(resolve5, 3e3));
+      const { data: runData } = await statusClient.get(
+        `/api/runs/${data.runId}`
+      );
+      const status = typeof runData.status === "string" ? runData.status.toLowerCase() : "";
+      if (["passed", "failed", "error", "blocked"].includes(status)) {
+        if (status === "passed") {
+          logger.success(`Run ${data.runId} passed`);
+        } else if (status === "blocked") {
+          logger.error(`Run ${data.runId} blocked`);
+          throw new CLIError(`Run ${data.runId} blocked`, 1 /* GeneralError */);
+        } else {
+          logger.error(`Run ${data.runId} ${status}`);
+          throw new CLIError(`Run ${data.runId} ${status}`, 1 /* GeneralError */);
+        }
+        outputDetail(runData);
+        return;
+      }
+      logger.debug(`Run status: ${status || "(unknown)"}`);
+    }
+    throw new CLIError(
+      `Timed out waiting for run to complete after ${options.timeout}s`,
+      5 /* Timeout */
+    );
+  }
+});
+
+// src/commands/runs.ts
+import { Command as Command6 } from "commander";
+import { ProxyAgent as ProxyAgent2 } from "undici";
+var proxyAgents2 = /* @__PURE__ */ new Map();
+function getProxyAgent2(proxyUrl) {
+  const existing = proxyAgents2.get(proxyUrl);
+  if (existing) return existing;
+  const created = new ProxyAgent2(proxyUrl);
+  proxyAgents2.set(proxyUrl, created);
+  return created;
+}
+function isNoProxyMatch(url, noProxyRaw) {
+  const hostname = url.hostname;
+  const port = url.port || (url.protocol === "https:" ? "443" : "80");
+  const entries = noProxyRaw.split(",").map((entry) => entry.trim()).filter(Boolean);
+  if (entries.includes("*")) return true;
+  for (const entry of entries) {
+    const [hostPart, portPart] = entry.split(":");
+    const host = hostPart.trim();
+    const entryPort = portPart?.trim();
+    if (!host) continue;
+    if (entryPort && entryPort !== port) continue;
+    if (host.startsWith(".")) {
+      if (hostname.endsWith(host)) return true;
+      continue;
+    }
+    if (hostname === host) return true;
+    if (hostname.endsWith(`.${host}`)) return true;
+  }
+  return false;
+}
+function getProxyEnv(url) {
+  const noProxyRaw = process.env.NO_PROXY ?? process.env.no_proxy;
+  if (noProxyRaw && isNoProxyMatch(url, noProxyRaw)) {
+    return null;
+  }
+  if (url.protocol === "https:") {
+    return process.env.HTTPS_PROXY ?? process.env.https_proxy ?? process.env.HTTP_PROXY ?? process.env.http_proxy ?? null;
+  }
+  if (url.protocol === "http:") {
+    return process.env.HTTP_PROXY ?? process.env.http_proxy ?? null;
+  }
+  return null;
+}
+var runCommand = new Command6("run").description("Manage runs");
+runCommand.command("list").description("List runs").option("--page <page>", "Page number", "1").option("--limit <limit>", "Items per page", "50").option("--job <jobId>", "Filter by job ID").option("--status <status>", "Filter by status (queued, running, passed, failed, error, blocked)").action(async (options) => {
+  const client = createAuthenticatedClient();
+  const params = {
+    page: options.page,
+    limit: options.limit
+  };
+  if (options.job) params.jobId = options.job;
+  if (options.status) params.status = options.status;
+  const { data } = await client.get(
+    "/api/runs",
+    params
+  );
+  output(data.data, {
+    columns: [
+      { key: "id", header: "ID" },
+      { key: "jobName", header: "Job" },
+      { key: "status", header: "Status" },
+      { key: "trigger", header: "Trigger" },
+      { key: "duration", header: "Duration" },
+      { key: "startedAt", header: "Started" }
+    ]
+  });
+  if (data.pagination) {
+    logger.info(
+      `
+Page ${data.pagination.page}/${data.pagination.totalPages} (${data.pagination.total} total)`
+    );
+  }
+});
+runCommand.command("get <id>").description("Get run details").action(async (id) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(`/api/runs/${id}`);
+  outputDetail(data);
+});
+runCommand.command("permissions <id>").description("Get run access permissions").action(async (id) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(`/api/runs/${id}/permissions`);
+  outputDetail(data);
+});
+runCommand.command("cancel <id>").description("Cancel a running execution").action(async (id) => {
+  const client = createAuthenticatedClient();
+  await client.post(`/api/runs/${id}/cancel`);
+  logger.success(`Run ${id} cancelled`);
+});
+runCommand.command("status <id>").description("Get run status").action(async (id) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(`/api/runs/${id}/status`);
+  outputDetail(data);
+});
+runCommand.command("stream <id>").description("Stream live console output from a run").option("--idle-timeout <seconds>", "Abort if no data received within this period", "60").action(async (id, options) => {
+  const token = requireAuth();
+  const baseUrl = getStoredBaseUrl() ?? "https://app.supercheck.io";
+  const idleTimeoutMs = Math.max(Number(options.idleTimeout) || 60, 10) * 1e3;
+  const url = `${baseUrl}/api/runs/${id}/stream`;
+  const parsedUrl = new URL(url);
+  logger.info(`Streaming output for run ${id}...`);
+  logger.newline();
+  const controller = new AbortController();
+  const connectTimeout = setTimeout(() => controller.abort(), 3e4);
+  try {
+    const proxy = getProxyEnv(parsedUrl);
+    const response = await fetch(url, {
+      headers: {
+        "Authorization": `Bearer ${token}`,
+        "Accept": "text/event-stream",
+        "User-Agent": `supercheck-cli/${CLI_VERSION}`
+      },
+      ...proxy ? { dispatcher: getProxyAgent2(proxy) } : {},
+      signal: controller.signal
+    });
+    clearTimeout(connectTimeout);
+    if (!response.ok) {
+      throw new CLIError(`Failed to connect to stream: ${response.status}`, 4 /* ApiError */);
+    }
+    const reader = response.body?.getReader();
+    if (!reader) {
+      throw new CLIError("No response body for SSE stream", 4 /* ApiError */);
+    }
+    const decoder = new TextDecoder();
+    let buffer = "";
+    let currentEvent = "";
+    let idleTimer;
+    const resetIdleTimer = () => {
+      if (idleTimer) clearTimeout(idleTimer);
+      idleTimer = setTimeout(() => controller.abort(), idleTimeoutMs);
+    };
+    resetIdleTimer();
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      resetIdleTimer();
+      buffer += decoder.decode(value, { stream: true });
+      const lines = buffer.split("\n");
+      buffer = lines.pop() ?? "";
+      for (const line of lines) {
+        if (line.startsWith(":")) continue;
+        if (line.startsWith("event: ")) {
+          currentEvent = line.slice(7).trim();
+          continue;
+        }
+        if (line.startsWith("retry:")) continue;
+        if (line.startsWith("data: ")) {
+          const data = line.slice(6);
+          try {
+            const parsed = JSON.parse(data);
+            switch (currentEvent) {
+              case "console":
+                if (parsed.line !== void 0) {
+                  process.stdout.write(parsed.line + "\n");
+                }
+                break;
+              case "complete":
+                logger.newline();
+                if (parsed.status === "completed" || parsed.status === "success") {
+                  logger.success(`Run ${id} ${parsed.status}`);
+                } else {
+                  logger.warn(`Run ${id} finished with status: ${parsed.status}`);
+                }
+                if (idleTimer) clearTimeout(idleTimer);
+                return;
+              case "ready":
+                logger.debug(`Stream ready for run ${parsed.runId ?? id}`);
+                break;
+              case "error":
+                logger.error(`Stream error: ${parsed.message ?? JSON.stringify(parsed)}`);
+                break;
+              case "heartbeat":
+                break;
+              default:
+                if (parsed.output) {
+                  process.stdout.write(parsed.output);
+                } else if (parsed.status) {
+                  logger.info(`Status: ${parsed.status}`);
+                }
+                break;
+            }
+          } catch {
+            process.stdout.write(data);
+          }
+          currentEvent = "";
+          continue;
+        }
+        if (line.trim() === "") {
+          currentEvent = "";
+        }
+      }
+    }
+    if (idleTimer) clearTimeout(idleTimer);
+  } catch (err) {
+    if (err instanceof CLIError) throw err;
+    if (err instanceof Error && err.name === "AbortError") {
+      throw new CLIError(
+        `Stream timed out (no data received for ${Math.round(idleTimeoutMs / 1e3)}s)`,
+        5 /* Timeout */
+      );
+    }
+    throw new CLIError(
+      `Stream error: ${err instanceof Error ? err.message : String(err)}`,
+      4 /* ApiError */
+    );
+  }
+});
+
+// src/commands/tests.ts
+import { Command as Command7 } from "commander";
+import { ProxyAgent as ProxyAgent3 } from "undici";
+import { Buffer as Buffer2 } from "buffer";
+var proxyAgents3 = /* @__PURE__ */ new Map();
+function getProxyAgent3(proxyUrl) {
+  const existing = proxyAgents3.get(proxyUrl);
+  if (existing) return existing;
+  const created = new ProxyAgent3(proxyUrl);
+  proxyAgents3.set(proxyUrl, created);
+  return created;
+}
+function isNoProxyMatch2(url, noProxyRaw) {
+  const hostname = url.hostname;
+  const port = url.port || (url.protocol === "https:" ? "443" : "80");
+  const entries = noProxyRaw.split(",").map((entry) => entry.trim()).filter(Boolean);
+  if (entries.includes("*")) return true;
+  for (const entry of entries) {
+    const [hostPart, portPart] = entry.split(":");
+    const host = hostPart.trim();
+    const entryPort = portPart?.trim();
+    if (!host) continue;
+    if (entryPort && entryPort !== port) continue;
+    if (host.startsWith(".")) {
+      if (hostname.endsWith(host)) return true;
+      continue;
+    }
+    if (hostname === host) return true;
+    if (hostname.endsWith(`.${host}`)) return true;
+  }
+  return false;
+}
+function getProxyEnv2(url) {
+  const noProxyRaw = process.env.NO_PROXY ?? process.env.no_proxy;
+  if (noProxyRaw && isNoProxyMatch2(url, noProxyRaw)) {
+    return null;
+  }
+  if (url.protocol === "https:") {
+    return process.env.HTTPS_PROXY ?? process.env.https_proxy ?? process.env.HTTP_PROXY ?? process.env.http_proxy ?? null;
+  }
+  if (url.protocol === "http:") {
+    return process.env.HTTP_PROXY ?? process.env.http_proxy ?? null;
+  }
+  return null;
+}
+function normalizeTestType(input) {
+  const normalized = input.trim().toLowerCase();
+  if (normalized === "k6") return "performance";
+  if (normalized === "performance") return "performance";
+  if (normalized === "playwright") return "browser";
+  if (normalized === "browser") return "browser";
+  return normalized;
+}
+var testCommand = new Command7("test").description("Manage tests");
+testCommand.command("list").description("List all tests").option("--page <page>", "Page number", "1").option("--limit <limit>", "Items per page", "50").option("--search <query>", "Search by title").option("--type <type>", "Filter by type (playwright, k6)").action(async (options) => {
+  const client = createAuthenticatedClient();
+  const params = {
+    page: options.page,
+    limit: options.limit
+  };
+  if (options.search) params.search = options.search;
+  if (options.type) params.type = normalizeTestType(options.type);
+  const { data } = await client.get(
+    "/api/tests",
+    params
+  );
+  output(data.data, {
+    columns: [
+      { key: "id", header: "ID" },
+      { key: "title", header: "Title" },
+      { key: "type", header: "Type" },
+      { key: "createdAt", header: "Created" }
+    ]
+  });
+  if (data.pagination) {
+    logger.info(
+      `
+Page ${data.pagination.page}/${data.pagination.totalPages} (${data.pagination.total} total)`
+    );
+  }
+});
+testCommand.command("get <id>").description("Get test details").option("--include-script", "Include the test script content").action(async (id, options) => {
+  const client = createAuthenticatedClient();
+  const params = {};
+  if (options.includeScript) params.includeScript = "true";
+  const { data } = await client.get(`/api/tests/${id}`, params);
+  outputDetail(data);
+});
+testCommand.command("create").description("Create a new test").requiredOption("--title <title>", "Test title").requiredOption("--file <path>", "Path to the test script file").option("--type <type>", "Test type (playwright, k6)", "playwright").option("--description <description>", "Test description").action(async (options) => {
+  const { readFileSync: readFileSync4 } = await import("fs");
+  const { resolve: resolve5 } = await import("path");
+  const filePath = resolve5(process.cwd(), options.file);
+  let script;
+  try {
+    script = readFileSync4(filePath, "utf-8");
+  } catch {
+    throw new CLIError(`Cannot read file: ${filePath}`, 1 /* GeneralError */);
+  }
+  const client = createAuthenticatedClient();
+  const encodedScript = Buffer2.from(script, "utf-8").toString("base64");
+  const body = {
+    title: options.title,
+    script: encodedScript,
+    type: normalizeTestType(options.type)
+  };
+  if (options.description) body.description = options.description;
+  const { data } = await client.post("/api/tests", body);
+  const createdId = data.test?.id ?? data.id;
+  logger.success(`Test "${options.title}" created${createdId ? ` (${createdId})` : ""}`);
+  outputDetail(data);
+});
+testCommand.command("update <id>").description("Update a test").option("--title <title>", "Test title").option("--file <path>", "Path to updated test script").option("--description <description>", "Test description").action(async (id, options) => {
+  const client = createAuthenticatedClient();
+  const body = {};
+  if (options.title !== void 0) body.title = options.title;
+  if (options.description !== void 0) body.description = options.description;
+  if (options.file) {
+    const { readFileSync: readFileSync4 } = await import("fs");
+    const { resolve: resolve5 } = await import("path");
+    const filePath = resolve5(process.cwd(), options.file);
+    try {
+      const raw = readFileSync4(filePath, "utf-8");
+      body.script = Buffer2.from(raw, "utf-8").toString("base64");
+    } catch {
+      throw new CLIError(`Cannot read file: ${filePath}`, 1 /* GeneralError */);
+    }
+  }
+  if (Object.keys(body).length === 0) {
+    logger.warn("No fields to update. Use --title, --file, or --description.");
+    return;
+  }
+  const { data } = await client.patch(`/api/tests/${id}`, body);
+  logger.success(`Test ${id} updated`);
+  outputDetail(data);
+});
+testCommand.command("delete <id>").description("Delete a test").option("--force", "Skip confirmation").action(async (id, options) => {
+  if (!options.force) {
+    const { createInterface } = await import("readline");
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    const answer = await new Promise((resolve5) => {
+      rl.question(`Are you sure you want to delete test ${id}? (y/N) `, resolve5);
+    });
+    rl.close();
+    if (answer.toLowerCase() !== "y") {
+      logger.info("Aborted");
+      return;
+    }
+  }
+  const client = createAuthenticatedClient();
+  await client.delete(`/api/tests/${id}`);
+  logger.success(`Test ${id} deleted`);
+});
+testCommand.command("execute <id>").description("Execute a test immediately").option("--location <location>", "Execution location (k6 only)").action(async (id, options) => {
+  const client = createAuthenticatedClient();
+  const body = {};
+  if (options.location) body.location = options.location;
+  const { data } = await client.post(`/api/tests/${id}/execute`, body);
+  outputDetail(data);
+});
+testCommand.command("tags <id>").description("Get test tags").action(async (id) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(`/api/tests/${id}/tags`);
+  output(data, {
+    columns: [
+      { key: "id", header: "ID" },
+      { key: "name", header: "Name" },
+      { key: "color", header: "Color" }
+    ]
+  });
+});
+testCommand.command("validate").description("Validate a test script").requiredOption("--file <path>", "Path to the test script file").option("--type <type>", "Test type (playwright, k6)", "playwright").action(async (options) => {
+  const { readFileSync: readFileSync4 } = await import("fs");
+  const { resolve: resolve5 } = await import("path");
+  const filePath = resolve5(process.cwd(), options.file);
+  let script;
+  try {
+    script = readFileSync4(filePath, "utf-8");
+  } catch {
+    throw new CLIError(`Cannot read file: ${filePath}`, 1 /* GeneralError */);
+  }
+  const client = createAuthenticatedClient();
+  const { data } = await client.post(
+    "/api/validate-script",
+    { script, testType: normalizeTestType(options.type) }
+  );
+  if (data.valid) {
+    logger.success(`Script is valid (${options.type})`);
+  } else {
+    logger.error("Script validation failed:");
+    if (data.errors) {
+      for (const err of data.errors) {
+        logger.error(`  - ${err}`);
+      }
+    }
+    throw new CLIError("Script validation failed", 1 /* GeneralError */);
+  }
+});
+testCommand.command("status <id>").description("Stream live status events for a test").option("--idle-timeout <seconds>", "Abort if no data received within this period", "60").action(async (id, options) => {
+  const token = requireAuth();
+  const baseUrl = getStoredBaseUrl() ?? "https://app.supercheck.io";
+  const idleTimeoutMs = Math.max(Number(options.idleTimeout) || 60, 10) * 1e3;
+  const url = `${baseUrl}/api/test-status/events/${id}`;
+  const parsedUrl = new URL(url);
+  logger.info(`Streaming status for test ${id}...`);
+  logger.newline();
+  const controller = new AbortController();
+  const connectTimeout = setTimeout(() => controller.abort(), 3e4);
+  try {
+    const proxy = getProxyEnv2(parsedUrl);
+    const response = await fetch(url, {
+      headers: {
+        "Authorization": `Bearer ${token}`,
+        "Accept": "text/event-stream",
+        "User-Agent": `supercheck-cli/${CLI_VERSION}`
+      },
+      ...proxy ? { dispatcher: getProxyAgent3(proxy) } : {},
+      signal: controller.signal
+    });
+    clearTimeout(connectTimeout);
+    if (!response.ok) {
+      throw new CLIError(`Failed to connect to status stream: ${response.status}`, 4 /* ApiError */);
+    }
+    const reader = response.body?.getReader();
+    if (!reader) {
+      throw new CLIError("No response body for SSE stream", 4 /* ApiError */);
+    }
+    const decoder = new TextDecoder();
+    let buffer = "";
+    let idleTimer;
+    const resetIdleTimer = () => {
+      if (idleTimer) clearTimeout(idleTimer);
+      idleTimer = setTimeout(() => controller.abort(), idleTimeoutMs);
+    };
+    resetIdleTimer();
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      resetIdleTimer();
+      buffer += decoder.decode(value, { stream: true });
+      const lines = buffer.split("\n");
+      buffer = lines.pop() ?? "";
+      for (const line of lines) {
+        if (line.startsWith(":")) continue;
+        if (line.startsWith("data: ")) {
+          const payload = line.slice(6);
+          try {
+            const parsed = JSON.parse(payload);
+            outputDetail(parsed);
+          } catch {
+            process.stdout.write(payload + "\n");
+          }
+        }
+      }
+    }
+    if (idleTimer) clearTimeout(idleTimer);
+  } catch (err) {
+    if (err instanceof CLIError) throw err;
+    if (err instanceof Error && err.name === "AbortError") {
+      throw new CLIError(
+        `Stream timed out (no data received for ${Math.round(idleTimeoutMs / 1e3)}s)`,
+        5 /* Timeout */
+      );
+    }
+    throw new CLIError(
+      `Stream error: ${err instanceof Error ? err.message : String(err)}`,
+      4 /* ApiError */
+    );
+  }
+});
+
+// src/commands/monitors.ts
+import { Command as Command8 } from "commander";
+var monitorCommand = new Command8("monitor").description("Manage monitors");
+monitorCommand.command("list").description("List all monitors").option("--page <page>", "Page number", "1").option("--limit <limit>", "Items per page", "50").action(async (options) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(
+    "/api/monitors",
+    { page: options.page, limit: options.limit }
+  );
+  output(data.data, {
+    columns: [
+      { key: "id", header: "ID" },
+      { key: "name", header: "Name" },
+      { key: "type", header: "Type" },
+      { key: "status", header: "Status" },
+      { key: "frequencyMinutes", header: "Freq (min)" }
+    ]
+  });
+  if (data.pagination) {
+    logger.info(
+      `
+Page ${data.pagination.page}/${data.pagination.totalPages} (${data.pagination.total} total)`
+    );
+  }
+});
+monitorCommand.command("get <id>").description("Get monitor details").action(async (id) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(`/api/monitors/${id}`);
+  outputDetail(data);
+});
+monitorCommand.command("results <id>").description("Get monitor check results").option("--limit <limit>", "Number of results", "20").action(async (id, options) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(
+    `/api/monitors/${id}/results`,
+    { limit: options.limit }
+  );
+  output(data.results, {
+    columns: [
+      { key: "timestamp", header: "Time" },
+      { key: "status", header: "Status" },
+      { key: "responseTime", header: "Response (ms)" },
+      { key: "location", header: "Location" }
+    ]
+  });
+});
+monitorCommand.command("stats <id>").description("Get monitor performance statistics").action(async (id) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(`/api/monitors/${id}/stats`);
+  outputDetail(data);
+});
+monitorCommand.command("status <id>").description("Get current monitor status").action(async (id) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(`/api/monitors/${id}`);
+  const statusInfo = {
+    id: data.id,
+    name: data.name,
+    status: data.status,
+    lastCheckAt: data.lastCheckAt,
+    responseTime: data.responseTime
+  };
+  outputDetail(statusInfo);
+});
+monitorCommand.command("create").description("Create a new monitor").requiredOption("--name <name>", "Monitor name").requiredOption("--url <url>", "URL to monitor").option("--type <type>", "Monitor type (http_request, website, ping_host, port_check, synthetic_test)", "http_request").option("--interval <seconds>", "Check interval in seconds", "300").option("--timeout <seconds>", "Request timeout in seconds", "30").option("--method <method>", "HTTP method (GET, POST, HEAD)", "GET").action(async (options) => {
+  const client = createAuthenticatedClient();
+  const intervalSeconds = parseInt(options.interval, 10);
+  if (!Number.isFinite(intervalSeconds) || intervalSeconds <= 0) {
+    logger.error("Invalid --interval value: must be a positive number of seconds");
+    return;
+  }
+  const frequencyMinutes = Math.max(1, Math.ceil(intervalSeconds / 60));
+  const body = {
+    name: options.name,
+    target: options.url,
+    type: options.type,
+    frequencyMinutes,
+    config: {
+      timeout: parseInt(options.timeout, 10) * 1e3,
+      // API expects milliseconds
+      method: options.method
+    }
+  };
+  const { data } = await client.post("/api/monitors", body);
+  logger.success(`Monitor "${options.name}" created (${data.id})`);
+  outputDetail(data);
+});
+monitorCommand.command("update <id>").description("Update a monitor").option("--name <name>", "Monitor name").option("--url <url>", "URL to monitor").option("--interval <seconds>", "Check interval in seconds").option("--timeout <seconds>", "Request timeout in seconds").option("--method <method>", "HTTP method").option("--active <boolean>", "Enable or disable monitor (true/false)").action(async (id, options) => {
+  const client = createAuthenticatedClient();
+  const body = {};
+  if (options.name !== void 0) body.name = options.name;
+  if (options.url !== void 0) body.target = options.url;
+  if (options.interval !== void 0) {
+    const intervalSeconds = parseInt(options.interval, 10);
+    if (!Number.isFinite(intervalSeconds) || intervalSeconds <= 0) {
+      logger.error("Invalid --interval value: must be a positive number of seconds");
+      return;
+    }
+    body.frequencyMinutes = Math.max(1, Math.ceil(intervalSeconds / 60));
+  }
+  if (options.active !== void 0) body.enabled = options.active === "true";
+  const config = {};
+  if (options.timeout !== void 0) config.timeout = parseInt(options.timeout, 10) * 1e3;
+  if (options.method !== void 0) config.method = options.method;
+  if (Object.keys(config).length > 0) body.config = config;
+  if (Object.keys(body).length === 0) {
+    logger.warn("No fields to update. Use --name, --url, --interval, --timeout, --method, or --active.");
+    return;
+  }
+  const { data } = await client.patch(`/api/monitors/${id}`, body);
+  logger.success(`Monitor ${id} updated`);
+  outputDetail(data);
+});
+monitorCommand.command("delete <id>").description("Delete a monitor").option("--force", "Skip confirmation").action(async (id, options) => {
+  if (!options.force) {
+    const { createInterface } = await import("readline");
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    const answer = await new Promise((resolve5) => {
+      rl.question(`Are you sure you want to delete monitor ${id}? (y/N) `, resolve5);
+    });
+    rl.close();
+    if (answer.toLowerCase() !== "y") {
+      logger.info("Aborted");
+      return;
+    }
+  }
+  const client = createAuthenticatedClient();
+  await client.delete(`/api/monitors/${id}`);
+  logger.success(`Monitor ${id} deleted`);
+});
+
+// src/commands/variables.ts
+import { Command as Command9 } from "commander";
+var varCommand = new Command9("var").description("Manage project variables");
+varCommand.command("list").description("List all variables").action(async () => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get("/api/variables");
+  output(data, {
+    columns: [
+      { key: "id", header: "ID" },
+      { key: "key", header: "Key" },
+      { key: "isSecret", header: "Secret" },
+      { key: "createdAt", header: "Created" }
+    ]
+  });
+});
+varCommand.command("get <key>").description("Get a variable by key name").action(async (key) => {
+  const client = createAuthenticatedClient();
+  const { data: variables } = await client.get("/api/variables");
+  const variable = variables.find((v) => v.key === key);
+  if (!variable) {
+    throw new CLIError(`Variable "${key}" not found`, 1 /* GeneralError */);
+  }
+  outputDetail(variable);
+});
+varCommand.command("set <key> <value>").description("Create or update a variable").option("--secret", "Mark as secret (value will be encrypted)").option("--description <description>", "Variable description").action(async (key, value, options) => {
+  const client = createAuthenticatedClient();
+  const { data: variables } = await client.get("/api/variables");
+  const existing = variables.find((v) => v.key === key);
+  if (existing) {
+    await client.put(`/api/variables/${existing.id}`, {
+      key,
+      value,
+      isSecret: options.secret ?? existing.isSecret,
+      ...options.description !== void 0 && { description: options.description }
+    });
+    logger.success(`Variable "${key}" updated`);
+  } else {
+    await client.post("/api/variables", {
+      key,
+      value,
+      isSecret: options.secret ?? false,
+      ...options.description !== void 0 && { description: options.description }
+    });
+    logger.success(`Variable "${key}" created`);
+  }
+});
+varCommand.command("delete <key>").description("Delete a variable").action(async (key) => {
+  const client = createAuthenticatedClient();
+  const { data: variables } = await client.get("/api/variables");
+  const variable = variables.find((v) => v.key === key);
+  if (!variable) {
+    throw new CLIError(`Variable "${key}" not found`, 1 /* GeneralError */);
+  }
+  await client.delete(`/api/variables/${variable.id}`);
+  logger.success(`Variable "${key}" deleted`);
+});
+
+// src/commands/tags.ts
+import { Command as Command10 } from "commander";
+var tagCommand = new Command10("tag").description("Manage tags");
+tagCommand.command("list").description("List all tags").action(async () => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get("/api/tags");
+  output(data, {
+    columns: [
+      { key: "id", header: "ID" },
+      { key: "name", header: "Name" },
+      { key: "color", header: "Color" }
+    ]
+  });
+});
+tagCommand.command("create <name>").description("Create a new tag").option("--color <color>", "Tag color (hex)").action(async (name, options) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.post("/api/tags", {
+    name,
+    color: options.color
+  });
+  logger.success(`Tag "${name}" created (${data.id})`);
+});
+tagCommand.command("delete <id>").description("Delete a tag").action(async (id) => {
+  const client = createAuthenticatedClient();
+  await client.delete(`/api/tags/${id}`);
+  logger.success(`Tag ${id} deleted`);
+});
+
+// src/commands/diff.ts
+import { Command as Command11 } from "commander";
+
+// src/utils/reconcile.ts
+import pc3 from "picocolors";
+function reconcile(local, remote) {
+  const changes = [];
+  const remoteByKey = /* @__PURE__ */ new Map();
+  for (const r of remote) {
+    remoteByKey.set(`${r.type}:${r.id}`, r);
+  }
+  const localByKey = /* @__PURE__ */ new Map();
+  for (const l of local) {
+    if (l.id) {
+      localByKey.set(`${l.type}:${l.id}`, l);
+    }
+  }
+  for (const l of local) {
+    if (!l.id) {
+      changes.push({
+        action: "create",
+        type: l.type,
+        name: l.name,
+        local: l
+      });
+      continue;
+    }
+    const key = `${l.type}:${l.id}`;
+    const r = remoteByKey.get(key);
+    if (!r) {
+      changes.push({
+        action: "create",
+        type: l.type,
+        id: l.id,
+        name: l.name,
+        local: l
+      });
+    } else {
+      const diffs = diffFields(l.definition, r.raw);
+      if (diffs.length > 0) {
+        changes.push({
+          action: "update",
+          type: l.type,
+          id: l.id,
+          name: l.name,
+          local: l,
+          remote: r,
+          details: diffs
+        });
+      } else {
+        changes.push({
+          action: "no-change",
+          type: l.type,
+          id: l.id,
+          name: l.name,
+          local: l,
+          remote: r
+        });
+      }
+    }
+  }
+  for (const r of remote) {
+    const key = `${r.type}:${r.id}`;
+    if (!localByKey.has(key)) {
+      changes.push({
+        action: "delete",
+        type: r.type,
+        id: r.id,
+        name: r.name,
+        remote: r
+      });
+    }
+  }
+  return changes;
+}
+function stableStringify(value) {
+  return JSON.stringify(value, (_, v) => {
+    if (v && typeof v === "object" && !Array.isArray(v)) {
+      return Object.keys(v).sort().reduce((sorted, k) => {
+        sorted[k] = v[k];
+        return sorted;
+      }, {});
+    }
+    return v;
+  });
+}
+function diffFields(local, remote) {
+  const diffs = [];
+  for (const [key, localVal] of Object.entries(local)) {
+    if (["id", "createdAt", "updatedAt", "projectId", "organizationId", "createdByUserId"].includes(key)) continue;
+    const remoteVal = remote[key];
+    if (stableStringify(localVal) !== stableStringify(remoteVal)) {
+      diffs.push(`${key}: ${JSON.stringify(remoteVal)} -> ${JSON.stringify(localVal)}`);
+    }
+  }
+  return diffs;
+}
+function formatChangePlan(changes) {
+  const creates = changes.filter((c) => c.action === "create");
+  const updates = changes.filter((c) => c.action === "update");
+  const deletes = changes.filter((c) => c.action === "delete");
+  const unchanged = changes.filter((c) => c.action === "no-change");
+  logger.newline();
+  logger.header("Change Plan");
+  logger.newline();
+  if (creates.length > 0) {
+    logger.info(pc3.green(`  + ${creates.length} to create`));
+    for (const c of creates) {
+      logger.info(pc3.green(`    + ${c.type}/${c.name}`));
+    }
+  }
+  if (updates.length > 0) {
+    logger.info(pc3.yellow(`  ~ ${updates.length} to update`));
+    for (const c of updates) {
+      logger.info(pc3.yellow(`    ~ ${c.type}/${c.name} (${c.id})`));
+      if (c.details) {
+        for (const d of c.details) {
+          logger.info(pc3.gray(`        ${d}`));
+        }
+      }
+    }
+  }
+  if (deletes.length > 0) {
+    logger.info(pc3.red(`  - ${deletes.length} to delete`));
+    for (const c of deletes) {
+      logger.info(pc3.red(`    - ${c.type}/${c.name} (${c.id})`));
+    }
+  }
+  if (unchanged.length > 0) {
+    logger.info(pc3.gray(`  = ${unchanged.length} unchanged`));
+  }
+  logger.newline();
+  const totalChanges = creates.length + updates.length + deletes.length;
+  if (totalChanges === 0) {
+    logger.success("No changes detected. Everything is in sync.");
+  } else {
+    logger.info(`${pc3.bold(String(totalChanges))} change(s) detected.`);
+  }
+  logger.newline();
+}
+
+// src/commands/diff.ts
+var diffCommand = new Command11("diff").description("Preview changes between local config and the remote Supercheck project").option("--config <path>", "Path to config file").action(async (options) => {
+  const cwd = process.cwd();
+  const { config } = await loadConfig({ cwd, configPath: options.config });
+  const client = createAuthenticatedClient();
+  logger.info("Comparing local config with remote project...");
+  logger.newline();
+  const localResources = buildLocalResources(config, cwd);
+  const remoteResources = await fetchRemoteResources(client);
+  logger.debug(`Local: ${localResources.length} resources, Remote: ${remoteResources.length} resources`);
+  const changes = reconcile(localResources, remoteResources);
+  formatChangePlan(changes);
+});
+
+// src/commands/deploy.ts
+import { Command as Command12 } from "commander";
+import pc4 from "picocolors";
+async function applyChange(client, change) {
+  try {
+    const endpoint = getApiEndpoint(change.type);
+    switch (change.action) {
+      case "create": {
+        const body = { ...change.local.definition };
+        await client.post(endpoint, body);
+        return { success: true };
+      }
+      case "update": {
+        const id = change.id ?? change.remote.id;
+        const { id: _id, ...body } = change.local.definition;
+        await client.put(`${endpoint}/${id}`, body);
+        return { success: true };
+      }
+      case "delete": {
+        const id = change.id ?? change.remote.id;
+        await client.delete(`${endpoint}/${id}`);
+        return { success: true };
+      }
+      default:
+        return { success: true };
+    }
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { success: false, error: message };
+  }
+}
+var deployCommand = new Command12("deploy").description("Push local config resources to the Supercheck project").option("--config <path>", "Path to config file").option("--dry-run", "Show what would change without applying").option("--force", "Skip confirmation prompt").option("--no-delete", "Do not delete remote resources missing from config").action(async (options) => {
+  const cwd = process.cwd();
+  const { config, configPath } = await loadConfig({ cwd, configPath: options.config });
+  const client = createAuthenticatedClient();
+  logger.info(`Deploying from ${configPath ?? "config"}...`);
+  logger.newline();
+  const localResources = buildLocalResources(config, cwd);
+  const remoteResources = await fetchRemoteResources(client);
+  let changes = reconcile(localResources, remoteResources);
+  if (options.delete === false) {
+    changes = changes.filter((c) => c.action !== "delete");
+  }
+  const actionable = changes.filter((c) => c.action !== "no-change");
+  if (actionable.length === 0) {
+    logger.success("No changes to deploy. Everything is in sync.");
+    return;
+  }
+  formatChangePlan(changes);
+  if (options.dryRun) {
+    logger.info(pc4.yellow("Dry run \u2014 no changes applied."));
+    return;
+  }
+  if (!options.force) {
+    const { createInterface } = await import("readline");
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    const answer = await new Promise((resolve5) => {
+      rl.question("Do you want to apply these changes? (y/N) ", resolve5);
+    });
+    rl.close();
+    if (!answer || answer.toLowerCase() !== "y") {
+      logger.info("Deploy aborted.");
+      return;
+    }
+  }
+  logger.info("Applying changes...");
+  logger.newline();
+  let succeeded = 0;
+  let failed = 0;
+  const ordered = [
+    ...actionable.filter((c) => c.action === "create"),
+    ...actionable.filter((c) => c.action === "update"),
+    ...actionable.filter((c) => c.action === "delete")
+  ];
+  for (const change of ordered) {
+    const actionLabel = change.action === "create" ? "+" : change.action === "update" ? "~" : "-";
+    const color = change.action === "create" ? pc4.green : change.action === "update" ? pc4.yellow : pc4.red;
+    const result = await applyChange(client, change);
+    if (result.success) {
+      logger.info(color(`  ${actionLabel} ${change.type}/${change.name} \u2713`));
+      succeeded++;
+    } else {
+      logger.error(`  ${actionLabel} ${change.type}/${change.name} \u2717 ${result.error}`);
+      failed++;
+    }
+  }
+  logger.newline();
+  if (failed > 0) {
+    throw new CLIError(
+      `Deploy completed with errors: ${succeeded} succeeded, ${failed} failed`,
+      1 /* GeneralError */
+    );
+  } else {
+    logger.success(`Deploy complete: ${succeeded} change(s) applied successfully`);
+  }
+});
+
+// src/commands/destroy.ts
+import { Command as Command13 } from "commander";
+import pc5 from "picocolors";
+async function fetchManagedResources(client, config) {
+  const resources = [];
+  const managedIds = /* @__PURE__ */ new Set();
+  if (config.jobs) {
+    for (const j of config.jobs) {
+      if (j.id) managedIds.add(`job:${j.id}`);
+    }
+  }
+  if (config.variables) {
+    for (const v of config.variables) {
+      if (v.id) managedIds.add(`variable:${v.id}`);
+    }
+  }
+  if (config.tags) {
+    for (const t of config.tags) {
+      if (t.id) managedIds.add(`tag:${t.id}`);
+    }
+  }
+  if (Array.isArray(config.monitors)) {
+    for (const m of config.monitors) {
+      if (m.id) managedIds.add(`monitor:${m.id}`);
+    }
+  }
+  if (Array.isArray(config.statusPages)) {
+    for (const sp of config.statusPages) {
+      if (sp.id) managedIds.add(`statusPage:${sp.id}`);
+    }
+  }
+  const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+  const patterns = {
+    playwright: config.tests?.playwright?.testMatch,
+    k6: config.tests?.k6?.testMatch
+  };
+  const cwd = process.cwd();
+  const files = discoverFiles(cwd, patterns);
+  const testIds = /* @__PURE__ */ new Set();
+  for (const f of files) {
+    const stem = f.filename.replace(/\.(pw|k6)\.ts$/, "");
+    if (UUID_RE.test(stem)) {
+      testIds.add(stem);
+    }
+  }
+  try {
+    const jobs = await fetchAllPages(client, "/api/jobs", "jobs");
+    for (const job of jobs) {
+      if (job.id && managedIds.has(`job:${String(job.id)}`)) {
+        resources.push({ id: String(job.id), type: "job", name: String(job.name ?? "") });
+      }
+    }
+  } catch (err) {
+    logDestroyFetchError("jobs", err);
+  }
+  try {
+    const tests = await fetchAllPages(client, "/api/tests", "tests");
+    for (const test of tests) {
+      if (test.id && testIds.has(String(test.id))) {
+        resources.push({ id: String(test.id), type: "test", name: String(test.title ?? "") });
+      }
+    }
+  } catch (err) {
+    logDestroyFetchError("tests", err);
+  }
+  try {
+    const monitors = await fetchAllPages(client, "/api/monitors", "monitors");
+    for (const monitor of monitors) {
+      if (monitor.id && managedIds.has(`monitor:${String(monitor.id)}`)) {
+        resources.push({ id: String(monitor.id), type: "monitor", name: String(monitor.name ?? "") });
+      }
+    }
+  } catch (err) {
+    logDestroyFetchError("monitors", err);
+  }
+  try {
+    const { data } = await client.get("/api/variables");
+    for (const v of data) {
+      if (v.id && managedIds.has(`variable:${String(v.id)}`)) {
+        resources.push({ id: String(v.id), type: "variable", name: String(v.key ?? "") });
+      }
+    }
+  } catch (err) {
+    logDestroyFetchError("variables", err);
+  }
+  try {
+    const { data } = await client.get("/api/tags");
+    for (const t of data) {
+      if (t.id && managedIds.has(`tag:${String(t.id)}`)) {
+        resources.push({ id: String(t.id), type: "tag", name: String(t.name ?? "") });
+      }
+    }
+  } catch (err) {
+    logDestroyFetchError("tags", err);
+  }
+  try {
+    const statusPages = await fetchAllPages(client, "/api/status-pages", "status-pages");
+    for (const sp of statusPages) {
+      if (sp.id && managedIds.has(`statusPage:${String(sp.id)}`)) {
+        resources.push({ id: String(sp.id), type: "statusPage", name: String(sp.name ?? "") });
+      }
+    }
+  } catch (err) {
+    logDestroyFetchError("status-pages", err);
+  }
+  return resources;
+}
+function logDestroyFetchError(resourceType, err) {
+  if (err instanceof ApiRequestError && err.statusCode === 404) {
+    logger.debug(`Could not fetch ${resourceType} (not found)`);
+  } else {
+    const msg = err instanceof Error ? err.message : String(err);
+    logger.warn(`Could not fetch ${resourceType}: ${msg}`);
+  }
+}
+var destroyCommand = new Command13("destroy").description("Tear down managed resources from the Supercheck project").option("--config <path>", "Path to config file").option("--dry-run", "Show what would be destroyed without applying").option("--force", "Skip confirmation prompt").action(async (options) => {
+  const cwd = process.cwd();
+  const { config } = await loadConfig({ cwd, configPath: options.config });
+  const client = createAuthenticatedClient();
+  logger.info("Scanning for managed resources to destroy...");
+  logger.newline();
+  const managed = await fetchManagedResources(client, config);
+  if (managed.length === 0) {
+    logger.success("No managed resources found on the remote project.");
+    return;
+  }
+  logger.header("Resources to destroy:");
+  logger.newline();
+  for (const r of managed) {
+    logger.info(pc5.red(`  - ${r.type}/${r.name} [${r.id}]`));
+  }
+  logger.newline();
+  logger.warn(`This will permanently delete ${pc5.bold(String(managed.length))} resource(s).`);
+  logger.newline();
+  if (options.dryRun) {
+    logger.info(pc5.yellow("Dry run \u2014 no resources destroyed."));
+    return;
+  }
+  if (!options.force) {
+    throw new CLIError(
+      "Use --force to confirm destruction, or --dry-run to preview.",
+      1 /* GeneralError */
+    );
+  }
+  logger.info("Destroying resources...");
+  logger.newline();
+  let succeeded = 0;
+  let failed = 0;
+  const deleteOrder = ["test", "monitor", "statusPage", "job", "variable", "tag"];
+  const sorted = [...managed].sort((a, b) => deleteOrder.indexOf(a.type) - deleteOrder.indexOf(b.type));
+  for (const resource of sorted) {
+    try {
+      const endpoint = getApiEndpoint(resource.type);
+      await client.delete(`${endpoint}/${resource.id}`);
+      logger.info(pc5.red(`  - ${resource.type}/${resource.name} \u2713`));
+      succeeded++;
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      logger.error(`  - ${resource.type}/${resource.name} \u2717 ${msg}`);
+      failed++;
+    }
+  }
+  logger.newline();
+  if (failed > 0) {
+    throw new CLIError(
+      `Destroy completed with errors: ${succeeded} destroyed, ${failed} failed`,
+      1 /* GeneralError */
+    );
+  } else {
+    logger.success(`Destroy complete: ${succeeded} resource(s) removed`);
+  }
+});
+
+// src/commands/pull.ts
+import { Command as Command14 } from "commander";
+import { existsSync as existsSync3, mkdirSync as mkdirSync2, writeFileSync as writeFileSync2, readFileSync as readFileSync3 } from "fs";
+import { resolve as resolve4, dirname as dirname2 } from "path";
+import pc6 from "picocolors";
+function mapTestType(apiType) {
+  if (apiType === "performance" || apiType === "k6") return "k6";
+  return "playwright";
+}
+function testFileExtension(testType) {
+  return testType === "k6" ? ".k6.ts" : ".pw.ts";
+}
+function testFilename(testId, testType) {
+  const ext = testFileExtension(testType);
+  return `${testId}${ext}`;
+}
+function writeIfChanged(filePath, content) {
+  if (existsSync3(filePath)) {
+    const existing = readFileSync3(filePath, "utf-8");
+    if (existing === content) return false;
+  }
+  const dir = dirname2(filePath);
+  if (!existsSync3(dir)) {
+    mkdirSync2(dir, { recursive: true });
+  }
+  writeFileSync2(filePath, content, "utf-8");
+  return true;
+}
+function decodeScript(script) {
+  if (!script) return null;
+  try {
+    const trimmed = script.trim();
+    const decoded = Buffer.from(trimmed, "base64").toString("utf-8");
+    const reEncoded = Buffer.from(decoded, "utf-8").toString("base64");
+    if (reEncoded !== trimmed) {
+      return script;
+    }
+    if (/^[\x09\x0a\x0d\x20-\x7e\u00a0-\uffff]*$/.test(decoded) && decoded.length > 0) {
+      return decoded;
+    }
+  } catch {
+  }
+  return script;
+}
+async function fetchContext(client) {
+  try {
+    const { data } = await client.get("/api/context");
+    if (data?.organization?.id && data?.project?.id) {
+      return data;
+    }
+    logger.debug("Context response missing organization or project ID");
+    return null;
+  } catch (err) {
+    logger.warn(`Could not fetch project context: ${err instanceof Error ? err.message : String(err)}`);
+    logger.debug("Organization and project will be set to placeholder values. Re-run after fixing connectivity.");
+    return null;
+  }
+}
+async function fetchTests(client) {
+  try {
+    return await fetchAllPages(client, "/api/tests", "tests");
+  } catch (err) {
+    if (err instanceof ApiRequestError && err.statusCode === 404) return [];
+    throw err;
+  }
+}
+async function fetchMonitors(client) {
+  try {
+    return await fetchAllPages(client, "/api/monitors", "monitors");
+  } catch (err) {
+    if (err instanceof ApiRequestError && err.statusCode === 404) return [];
+    throw err;
+  }
+}
+async function fetchJobs(client) {
+  try {
+    return await fetchAllPages(client, "/api/jobs", "jobs");
+  } catch (err) {
+    if (err instanceof ApiRequestError && err.statusCode === 404) return [];
+    throw err;
+  }
+}
+async function fetchVariables(client) {
+  try {
+    const { data } = await client.get("/api/variables");
+    return data;
+  } catch (err) {
+    if (err instanceof ApiRequestError && err.statusCode === 404) return [];
+    throw err;
+  }
+}
+async function fetchTags(client) {
+  try {
+    const { data } = await client.get("/api/tags");
+    return data;
+  } catch (err) {
+    if (err instanceof ApiRequestError && err.statusCode === 404) return [];
+    throw err;
+  }
+}
+async function fetchStatusPages(client) {
+  try {
+    return await fetchAllPages(client, "/api/status-pages", "status-pages");
+  } catch (err) {
+    if (err instanceof ApiRequestError && err.statusCode === 404) return [];
+    throw err;
+  }
+}
+function pullTests(tests, cwd, summary) {
+  const testsDir = resolve4(cwd, "_supercheck_/tests");
+  if (!existsSync3(testsDir)) {
+    mkdirSync2(testsDir, { recursive: true });
+  }
+  for (const test of tests) {
+    try {
+      const testType = mapTestType(test.type);
+      const filename = testFilename(test.id, testType);
+      const relPath = `_supercheck_/tests/${filename}`;
+      const script = decodeScript(test.script);
+      if (!script) {
+        logger.debug(`Skipping test "${test.title}" \u2014 no script content`);
+        summary.skipped++;
+        continue;
+      }
+      const filePath = resolve4(cwd, relPath);
+      const written = writeIfChanged(filePath, script);
+      if (written) {
+        logger.info(pc6.green(`  + ${relPath}`));
+        summary.tests++;
+      } else {
+        logger.debug(`  = ${relPath} (unchanged)`);
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      summary.errors.push(`test "${test.title}": ${msg}`);
+    }
+  }
+}
+function buildMonitorDefinitions(monitors) {
+  return monitors.map((m) => {
+    const def = {
+      id: m.id,
+      name: m.name,
+      type: m.type
+    };
+    if (m.description) def.description = m.description;
+    if (m.target) def.target = m.target;
+    if (m.frequencyMinutes !== void 0) def.frequencyMinutes = m.frequencyMinutes;
+    if (m.enabled !== void 0) def.enabled = m.enabled;
+    if (m.config && typeof m.config === "object") {
+      const config = { ...m.config };
+      delete config.sslLastCheckedAt;
+      if (config.playwrightOptions && typeof config.playwrightOptions === "object") {
+        const opts = { ...config.playwrightOptions };
+        if (opts.retries === 0) delete opts.retries;
+        if (opts.timeout === 3e5) delete opts.timeout;
+        if (opts.headless === true) delete opts.headless;
+        config.playwrightOptions = Object.keys(opts).length > 0 ? opts : void 0;
+        if (!config.playwrightOptions) delete config.playwrightOptions;
+      }
+      if (config.locationConfig && typeof config.locationConfig === "object") {
+        const loc = { ...config.locationConfig };
+        const hasLocations = Array.isArray(loc.locations) && loc.locations.length > 0;
+        if (!loc.enabled || !hasLocations) {
+          delete config.locationConfig;
+        } else {
+          if (loc.enabled === true) delete loc.enabled;
+          if (loc.strategy === "majority") delete loc.strategy;
+          if (loc.threshold === 50) delete loc.threshold;
+          config.locationConfig = Object.keys(loc).length > 0 ? loc : void 0;
+          if (!config.locationConfig) delete config.locationConfig;
+        }
+      }
+      if (Object.keys(config).length > 0) def.config = config;
+    }
+    if (m.alertConfig && typeof m.alertConfig === "object") {
+      const alert = { ...m.alertConfig };
+      if (alert.customMessage === "" || alert.customMessage === null) delete alert.customMessage;
+      if (alert.failureThreshold === 1) delete alert.failureThreshold;
+      if (alert.recoveryThreshold === 1) delete alert.recoveryThreshold;
+      for (const key of ["alertOnFailure", "alertOnRecovery", "alertOnSslExpiration", "alertOnSuccess", "alertOnTimeout"]) {
+        if (alert[key] === false) delete alert[key];
+      }
+      if (Array.isArray(alert.notificationProviders) && alert.notificationProviders.length === 0) {
+        delete alert.notificationProviders;
+      }
+      if (Object.keys(alert).length > 0) def.alertConfig = alert;
+    }
+    return def;
+  });
+}
+function buildJobDefinitions(jobs, testMap) {
+  return jobs.map((j) => {
+    const def = {
+      id: j.id,
+      name: j.name,
+      tests: (j.tests ?? []).map((t) => {
+        return testMap.get(t.id) ?? t.id;
+      })
+    };
+    if (j.description) def.description = j.description;
+    if (j.jobType) def.jobType = j.jobType;
+    if (j.cronSchedule) def.cronSchedule = j.cronSchedule;
+    if (j.alertConfig && typeof j.alertConfig === "object") {
+      const alert = { ...j.alertConfig };
+      if (alert.customMessage === "" || alert.customMessage === null) delete alert.customMessage;
+      if (alert.failureThreshold === 1) delete alert.failureThreshold;
+      if (alert.recoveryThreshold === 1) delete alert.recoveryThreshold;
+      for (const key of ["alertOnFailure", "alertOnRecovery", "alertOnSslExpiration", "alertOnSuccess", "alertOnTimeout"]) {
+        if (alert[key] === false) delete alert[key];
+      }
+      if (Array.isArray(alert.notificationProviders) && alert.notificationProviders.length === 0) {
+        delete alert.notificationProviders;
+      }
+      if (Object.keys(alert).length > 0) def.alertConfig = alert;
+    }
+    return def;
+  });
+}
+function buildVariableDefinitions(variables) {
+  return variables.map((v) => {
+    const def = {
+      id: v.id,
+      key: v.key,
+      isSecret: v.isSecret
+    };
+    if (v.description) def.description = v.description;
+    if (v.isSecret) {
+      const envVarName = v.key.toUpperCase();
+      const isValidIdentifier = /^[a-zA-Z_$][a-zA-Z0-9_$]*$/.test(envVarName);
+      def.value = isValidIdentifier ? `\${${envVarName}}` : `\${[${envVarName}]}`;
+    } else {
+      def.value = v.value ?? "";
+    }
+    return def;
+  });
+}
+function buildTagDefinitions(tags) {
+  return tags.map((t) => {
+    const def = {
+      id: t.id,
+      name: t.name
+    };
+    if (t.color) def.color = t.color;
+    return def;
+  });
+}
+function buildStatusPageDefinitions(pages) {
+  return pages.map((p) => {
+    const def = {
+      id: p.id,
+      name: p.name
+    };
+    if (p.subdomain) def.subdomain = p.subdomain;
+    if (p.status) def.status = p.status;
+    if (p.pageDescription) def.description = p.pageDescription;
+    if (p.headline) def.headline = p.headline;
+    if (p.supportUrl) def.supportUrl = p.supportUrl;
+    return def;
+  });
+}
+function generateConfigContent(opts) {
+  const parts = [];
+  parts.push(`import { defineConfig } from '@supercheck/cli'`);
+  parts.push("");
+  parts.push("export default defineConfig({");
+  parts.push(`  schemaVersion: '1.0',`);
+  parts.push("  project: {");
+  parts.push(`    organization: '${opts.orgId}',`);
+  parts.push(`    project: '${opts.projectId}',`);
+  parts.push("  },");
+  parts.push("  api: {");
+  parts.push(`    baseUrl: process.env.SUPERCHECK_URL ?? '${opts.baseUrl}',`);
+  parts.push("  },");
+  parts.push("  tests: {");
+  parts.push("    playwright: {");
+  parts.push(`      testMatch: '_supercheck_/tests/**/*.pw.ts',`);
+  parts.push("    },");
+  parts.push("    k6: {");
+  parts.push(`      testMatch: '_supercheck_/tests/**/*.k6.ts',`);
+  parts.push("    },");
+  parts.push("  },");
+  if (opts.monitors.length > 0) {
+    parts.push(`  monitors: ${formatArray(opts.monitors, 2)},`);
+  }
+  if (opts.jobs.length > 0) {
+    parts.push(`  jobs: ${formatArray(opts.jobs, 2)},`);
+  }
+  if (opts.variables.length > 0) {
+    parts.push(`  variables: ${formatArray(opts.variables, 2)},`);
+  }
+  if (opts.tags.length > 0) {
+    parts.push(`  tags: ${formatArray(opts.tags, 2)},`);
+  }
+  if (opts.statusPages.length > 0) {
+    parts.push(`  statusPages: ${formatArray(opts.statusPages, 2)},`);
+  }
+  parts.push("})");
+  parts.push("");
+  return parts.join("\n");
+}
+function formatArray(arr, baseIndent) {
+  const indent = "  ".repeat(baseIndent);
+  const innerIndent = "  ".repeat(baseIndent + 1);
+  if (arr.length === 0) return "[]";
+  const items = arr.map((obj) => {
+    const fields = Object.entries(obj).map(([key, value]) => `${innerIndent}  ${key}: ${formatValue2(value, baseIndent + 2)},`).join("\n");
+    return `${innerIndent}{
+${fields}
+${innerIndent}}`;
+  });
+  return `[
+${items.join(",\n")}
+${indent}]`;
+}
+function formatValue2(value, indent = 0) {
+  if (typeof value === "string") {
+    if (value.startsWith("${") && value.endsWith("}")) {
+      const inner = value.slice(2, -1);
+      if (inner.startsWith("[") && inner.endsWith("]")) {
+        const varName = inner.slice(1, -1);
+        return `process.env['${varName.replace(/'/g, "\\'")}'] ?? ''`;
+      }
+      return `process.env.${inner} ?? ''`;
+    }
+    return `'${value.replace(/'/g, "\\'")}'`;
+  }
+  if (typeof value === "number" || typeof value === "boolean") return String(value);
+  if (value === null || value === void 0) return "undefined";
+  if (Array.isArray(value)) {
+    if (value.length === 0) return "[]";
+    if (value.every((v) => typeof v === "string")) {
+      return `[${value.map((v) => `'${String(v).replace(/'/g, "\\'")}'`).join(", ")}]`;
+    }
+    const innerIndent = "  ".repeat(indent + 1);
+    const items = value.map((v) => `${innerIndent}${formatValue2(v, indent + 1)}`);
+    return `[
+${items.join(",\n")}
+${"  ".repeat(indent)}]`;
+  }
+  if (typeof value === "object") {
+    const entries = Object.entries(value);
+    if (entries.length === 0) return "{}";
+    const innerIndent = "  ".repeat(indent + 1);
+    const fields = entries.map(([key, v]) => `${innerIndent}${key}: ${formatValue2(v, indent + 1)}`).join(",\n");
+    return `{
+${fields},
+${"  ".repeat(indent)}}`;
+  }
+  return String(value);
+}
+var pullCommand = new Command14("pull").description("Pull tests, monitors, jobs, status pages, and config from the Supercheck cloud into the local project").option("--config <path>", "Path to config file").option("--force", "Overwrite existing local files without prompting").option("--tests-only", "Only pull test scripts").option("--config-only", "Only pull config (monitors, jobs, variables, tags, status pages)").option("--dry-run", "Show what would be pulled without writing files").action(async (options) => {
+  if (options.testsOnly && options.configOnly) {
+    throw new CLIError(
+      "--tests-only and --config-only are mutually exclusive. Use one or neither.",
+      3 /* ConfigError */
+    );
+  }
+  const cwd = process.cwd();
+  const client = createAuthenticatedClient();
+  const existing = await tryLoadConfig({ cwd, configPath: options.config });
+  logger.newline();
+  logger.header("Pulling from Supercheck cloud...");
+  logger.newline();
+  const [context, tests, monitors, jobs, variables, tags, statusPages] = await withSpinner(
+    "Fetching remote resources...",
+    async () => {
+      const results = await Promise.all([
+        fetchContext(client),
+        options.configOnly ? Promise.resolve([]) : fetchTests(client),
+        options.testsOnly ? Promise.resolve([]) : fetchMonitors(client),
+        options.testsOnly ? Promise.resolve([]) : fetchJobs(client),
+        options.testsOnly ? Promise.resolve([]) : fetchVariables(client),
+        options.testsOnly ? Promise.resolve([]) : fetchTags(client),
+        options.testsOnly ? Promise.resolve([]) : fetchStatusPages(client)
+      ]);
+      return results;
+    },
+    { successText: "Fetched remote resources" }
+  );
+  logger.debug(`Found: ${tests.length} tests, ${monitors.length} monitors, ${jobs.length} jobs, ${variables.length} variables, ${tags.length} tags, ${statusPages.length} status pages`);
+  const totalResources = tests.length + monitors.length + jobs.length + variables.length + tags.length + statusPages.length;
+  if (totalResources === 0) {
+    logger.warn("No resources found on the remote project.");
+    logger.info("Hint: Create tests and monitors in the Supercheck dashboard, then run `supercheck pull` again.");
+    return;
+  }
+  if (options.dryRun) {
+    logger.newline();
+    logger.header("Resources that would be pulled:");
+    logger.newline();
+    if (tests.length > 0) {
+      logger.info(pc6.cyan(`  Tests (${tests.length}):`));
+      for (const t of tests) {
+        const testType = mapTestType(t.type);
+        logger.info(`    ${t.title} (${testType})`);
+      }
+    }
+    if (monitors.length > 0) {
+      logger.info(pc6.cyan(`  Monitors (${monitors.length}):`));
+      for (const m of monitors) logger.info(`    ${m.name} (${m.type}, every ${m.frequencyMinutes ?? "?"}min)`);
+    }
+    if (jobs.length > 0) {
+      logger.info(pc6.cyan(`  Jobs (${jobs.length}):`));
+      for (const j of jobs) logger.info(`    ${j.name}${j.cronSchedule ? ` (${j.cronSchedule})` : ""}`);
+    }
+    if (variables.length > 0) {
+      logger.info(pc6.cyan(`  Variables (${variables.length}):`));
+      for (const v of variables) logger.info(`    ${v.key}${v.isSecret ? " (secret)" : ""}`);
+    }
+    if (tags.length > 0) {
+      logger.info(pc6.cyan(`  Tags (${tags.length}):`));
+      for (const t of tags) logger.info(`    ${t.name}`);
+    }
+    if (statusPages.length > 0) {
+      logger.info(pc6.cyan(`  Status Pages (${statusPages.length}):`));
+      for (const sp of statusPages) logger.info(`    ${sp.name} (${sp.status ?? "draft"})`);
+    }
+    logger.newline();
+    logger.info(pc6.yellow("Dry run \u2014 no files written."));
+    logger.newline();
+    return;
+  }
+  if (!options.force) {
+    logger.info(`Found ${pc6.bold(String(totalResources))} resources to pull.`);
+    logger.info("This will write test scripts and update supercheck.config.ts.");
+    logger.newline();
+    const { createInterface } = await import("readline");
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    const answer = await new Promise((resolvePrompt) => {
+      rl.question("Continue? (y/N) ", resolvePrompt);
+    });
+    rl.close();
+    if (!answer || answer.toLowerCase() !== "y") {
+      logger.info("Pull aborted.");
+      return;
+    }
+    logger.newline();
+  }
+  const summary = {
+    tests: 0,
+    monitors: 0,
+    jobs: 0,
+    variables: 0,
+    tags: 0,
+    statusPages: 0,
+    skipped: 0,
+    errors: []
+  };
+  if (!options.configOnly && tests.length > 0) {
+    logger.header("Tests:");
+    const fullTests = [];
+    for (const t of tests) {
+      if (t.script) {
+        fullTests.push(t);
+      } else {
+        try {
+          const { data } = await client.get(
+            `/api/tests/${t.id}`,
+            { includeScript: "true" }
+          );
+          fullTests.push(data);
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : String(err);
+          logger.warn(`  Could not fetch script for "${t.title}": ${msg}`);
+          summary.errors.push(`test "${t.title}": ${msg}`);
+        }
+      }
+    }
+    pullTests(fullTests, cwd, summary);
+    logger.newline();
+  }
+  if (!options.testsOnly) {
+    const testMap = /* @__PURE__ */ new Map();
+    for (const t of tests) {
+      const testType = mapTestType(t.type);
+      const filePath = `_supercheck_/tests/${testFilename(t.id, testType)}`;
+      testMap.set(t.id, filePath);
+    }
+    const monitorDefs = buildMonitorDefinitions(monitors);
+    const jobDefs = buildJobDefinitions(jobs, testMap);
+    const variableDefs = buildVariableDefinitions(variables);
+    const tagDefs = buildTagDefinitions(tags);
+    const statusPageDefs = buildStatusPageDefinitions(statusPages);
+    summary.monitors = monitors.length;
+    summary.jobs = jobs.length;
+    summary.variables = variables.length;
+    summary.tags = tags.length;
+    summary.statusPages = statusPages.length;
+    const existingOrg = existing?.config?.project?.organization;
+    const existingProject = existing?.config?.project?.project;
+    const firstMonitor = monitors[0];
+    const orgId = context?.organization?.id ?? firstMonitor?.organizationId ?? getStoredOrganization() ?? (existingOrg && !existingOrg.startsWith("unknown") ? existingOrg : null) ?? "unknown-org";
+    const projectId = context?.project?.id ?? firstMonitor?.projectId ?? getStoredProject() ?? (existingProject && !existingProject.startsWith("unknown") ? existingProject : null) ?? "unknown-project";
+    const baseUrl = existing?.config?.api?.baseUrl ?? getStoredBaseUrl() ?? "https://app.supercheck.io";
+    const configContent = generateConfigContent({
+      orgId,
+      projectId,
+      baseUrl,
+      monitors: monitorDefs,
+      jobs: jobDefs,
+      variables: variableDefs,
+      tags: tagDefs,
+      statusPages: statusPageDefs
+    });
+    const configPath = resolve4(cwd, "supercheck.config.ts");
+    const configChanged = writeIfChanged(configPath, configContent);
+    if (configChanged) {
+      logger.header("Config:");
+      if (monitorDefs.length > 0) logger.info(pc6.green(`  + ${monitorDefs.length} monitor(s)`));
+      if (jobDefs.length > 0) logger.info(pc6.green(`  + ${jobDefs.length} job(s)`));
+      if (variableDefs.length > 0) logger.info(pc6.green(`  + ${variableDefs.length} variable(s)`));
+      if (tagDefs.length > 0) logger.info(pc6.green(`  + ${tagDefs.length} tag(s)`));
+      if (statusPageDefs.length > 0) logger.info(pc6.green(`  + ${statusPageDefs.length} status page(s)`));
+      logger.success("Updated supercheck.config.ts");
+    } else {
+      logger.info("supercheck.config.ts is already up to date");
+    }
+  }
+  logger.newline();
+  const totalWritten = summary.tests + summary.monitors + summary.jobs + summary.variables + summary.tags + summary.statusPages;
+  const totalErrors = summary.errors.length;
+  if (totalErrors > 0) {
+    logger.header("Errors:");
+    for (const err of summary.errors) {
+      logger.error(`  ${err}`);
+    }
+    logger.newline();
+  }
+  if (totalWritten === 0 && summary.skipped === 0 && totalErrors === 0) {
+    logger.success("Everything is already in sync.");
+  } else {
+    const resultParts = [];
+    if (summary.tests > 0) resultParts.push(`${summary.tests} test(s)`);
+    if (summary.monitors > 0) resultParts.push(`${summary.monitors} monitor(s)`);
+    if (summary.jobs > 0) resultParts.push(`${summary.jobs} job(s)`);
+    if (summary.variables > 0) resultParts.push(`${summary.variables} variable(s)`);
+    if (summary.tags > 0) resultParts.push(`${summary.tags} tag(s)`);
+    if (summary.statusPages > 0) resultParts.push(`${summary.statusPages} status page(s)`);
+    if (summary.skipped > 0) resultParts.push(`${summary.skipped} skipped`);
+    if (resultParts.length > 0) {
+      logger.success(`Pull complete: ${resultParts.join(", ")}`);
+    }
+    if (totalErrors > 0) {
+      throw new CLIError(
+        `Pull completed with ${totalErrors} error(s)`,
+        1 /* GeneralError */
+      );
+    }
+  }
+  logger.newline();
+  logger.info("Tip: Review the changes, then commit to version control.");
+  logger.info("     Run `supercheck diff` to compare local vs remote.");
+  logger.newline();
+});
+
+// src/commands/notifications.ts
+import { Command as Command15 } from "commander";
+var notificationCommand = new Command15("notification").alias("notifications").description("Manage notification providers");
+notificationCommand.command("list").description("List notification providers").action(async () => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get("/api/notification-providers");
+  output(data, {
+    columns: [
+      { key: "id", header: "ID" },
+      { key: "name", header: "Name" },
+      { key: "type", header: "Type" },
+      { key: "enabled", header: "Enabled" },
+      { key: "lastUsed", header: "Last Used" }
+    ]
+  });
+});
+notificationCommand.command("get <id>").description("Get notification provider details").action(async (id) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get(`/api/notification-providers/${id}`);
+  outputDetail(data);
+});
+notificationCommand.command("create").description("Create a notification provider").requiredOption("--type <type>", "Provider type (email, slack, webhook, telegram, discord, teams)").requiredOption("--name <name>", "Provider name").option("--config <json>", "Provider config as JSON string").action(async (options) => {
+  const validTypes = ["email", "slack", "webhook", "telegram", "discord", "teams"];
+  if (!validTypes.includes(options.type)) {
+    throw new CLIError(
+      `Invalid provider type. Must be one of: ${validTypes.join(", ")}`,
+      1 /* GeneralError */
+    );
+  }
+  let config = {};
+  if (options.config) {
+    try {
+      config = JSON.parse(options.config);
+    } catch {
+      throw new CLIError("Invalid JSON in --config", 1 /* GeneralError */);
+    }
+  }
+  const client = createAuthenticatedClient();
+  const { data } = await client.post("/api/notification-providers", {
+    name: options.name,
+    type: options.type,
+    config: { name: options.name, ...config }
+  });
+  logger.success(`Notification provider "${options.name}" created (${data.id})`);
+  outputDetail(data);
+});
+notificationCommand.command("update <id>").description("Update a notification provider").option("--name <name>", "Provider name").option("--type <type>", "Provider type").option("--config <json>", "Provider config as JSON string").action(async (id, options) => {
+  const client = createAuthenticatedClient();
+  if (!options.name && !options.type && !options.config) {
+    logger.warn("No fields to update. Use --name, --type, or --config.");
+    return;
+  }
+  const { data: existing } = await client.get(`/api/notification-providers/${id}`);
+  let updatedConfig = existing.config ?? {};
+  if (options.config) {
+    try {
+      updatedConfig = { ...updatedConfig, ...JSON.parse(options.config) };
+    } catch {
+      throw new CLIError("Invalid JSON in --config", 1 /* GeneralError */);
+    }
+  }
+  const updatedName = options.name ?? String(existing.name ?? "");
+  const updatedType = options.type ?? String(existing.type ?? "");
+  updatedConfig.name = updatedName;
+  const body = {
+    name: updatedName,
+    type: updatedType,
+    config: updatedConfig
+  };
+  const { data } = await client.put(`/api/notification-providers/${id}`, body);
+  logger.success(`Notification provider ${id} updated`);
+  outputDetail(data);
+});
+notificationCommand.command("delete <id>").description("Delete a notification provider").option("--force", "Skip confirmation").action(async (id, options) => {
+  if (!options.force) {
+    const { createInterface } = await import("readline");
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    const answer = await new Promise((resolve5) => {
+      rl.question(`Are you sure you want to delete notification provider ${id}? (y/N) `, resolve5);
+    });
+    rl.close();
+    if (answer.toLowerCase() !== "y") {
+      logger.info("Aborted");
+      return;
+    }
+  }
+  const client = createAuthenticatedClient();
+  await client.delete(`/api/notification-providers/${id}`);
+  logger.success(`Notification provider ${id} deleted`);
+});
+notificationCommand.command("test").description("Send a test notification to verify provider configuration").requiredOption("--type <type>", "Provider type (email, slack, webhook, telegram, discord, teams)").requiredOption("--config <json>", "Provider config as JSON string").action(async (options) => {
+  const validTypes = ["email", "slack", "webhook", "telegram", "discord", "teams"];
+  if (!validTypes.includes(options.type)) {
+    throw new CLIError(
+      `Invalid provider type. Must be one of: ${validTypes.join(", ")}`,
+      1 /* GeneralError */
+    );
+  }
+  let config = {};
+  try {
+    config = JSON.parse(options.config);
+  } catch {
+    throw new CLIError("Invalid JSON in --config", 1 /* GeneralError */);
+  }
+  const client = createAuthenticatedClient();
+  const { data } = await client.post(
+    "/api/notification-providers/test",
+    { type: options.type, config }
+  );
+  if (data.success) {
+    logger.success(data.message ?? "Test notification sent successfully");
+  } else {
+    throw new CLIError(data.error ?? "Test notification failed", 1 /* GeneralError */);
+  }
+});
+
+// src/commands/alerts.ts
+import { Command as Command16 } from "commander";
+var alertCommand = new Command16("alert").alias("alerts").description("View alert history");
+alertCommand.command("history").description("Get alert history").option("--page <page>", "Page number", "1").option("--limit <limit>", "Number of results per page", "50").action(async (options) => {
+  const client = createAuthenticatedClient();
+  const { data } = await client.get("/api/alerts/history", { page: options.page, limit: options.limit });
+  const items = Array.isArray(data) ? data : data.data;
+  const pagination = Array.isArray(data) ? null : data.pagination;
+  output(items, {
+    columns: [
+      { key: "id", header: "ID" },
+      { key: "targetType", header: "Target Type" },
+      { key: "targetName", header: "Target" },
+      { key: "type", header: "Alert Type" },
+      { key: "status", header: "Status" },
+      { key: "timestamp", header: "Time" }
+    ]
+  });
+  if (pagination) {
+    logger.info(
+      `
+Page ${pagination.page}/${pagination.totalPages} (${pagination.total} total)`
+    );
+  }
+});
+
+// src/commands/audit.ts
+import { Command as Command17 } from "commander";
+var auditCommand = new Command17("audit").description("View audit logs (admin)").option("--page <page>", "Page number", "1").option("--limit <limit>", "Items per page", "20").option("--search <query>", "Search by action").option("--action <action>", "Filter by action type").action(async (options) => {
+  const client = createAuthenticatedClient();
+  const params = {
+    page: options.page,
+    limit: options.limit
+  };
+  if (options.search) params.search = options.search;
+  if (options.action) params.action = options.action;
+  const { data } = await client.get("/api/audit", params);
+  if (!data.success) {
+    throw new CLIError("Failed to fetch audit logs", 4 /* ApiError */);
+  }
+  const rows = data.data.logs.map((log) => ({
+    id: log.id,
+    action: log.action,
+    user: log.user?.email ?? log.user?.name ?? "-",
+    createdAt: log.createdAt
+  }));
+  output(rows, {
+    columns: [
+      { key: "id", header: "ID" },
+      { key: "action", header: "Action" },
+      { key: "user", header: "User" },
+      { key: "createdAt", header: "Date" }
+    ]
+  });
+  const { pagination } = data.data;
+  if (pagination) {
+    logger.info(
+      `
+Page ${pagination.currentPage}/${pagination.totalPages} (${pagination.totalCount} total)`
+    );
+  }
+});
+
+// src/bin/supercheck.ts
+var program = new Command18().name("supercheck").description("Open-source testing, monitoring, and reliability \u2014 as code").version(CLI_VERSION, "-v, --version").option("--json", "Output in JSON format").option("--quiet", "Suppress non-essential output").option("--debug", "Enable debug logging").hook("preAction", (_thisCommand, actionCommand) => {
+  const opts = program.opts();
+  if (opts.json) {
+    setOutputFormat("json");
+  }
+  if (opts.quiet) {
+    setQuietMode(true);
+    setOutputFormat("quiet");
+  }
+  if (opts.debug) {
+    setLogLevel("debug");
+  }
+  void actionCommand;
+});
+program.addCommand(loginCommand);
+program.addCommand(logoutCommand);
+program.addCommand(whoamiCommand);
+program.addCommand(initCommand);
+program.addCommand(configCommand);
+program.addCommand(jobCommand);
+program.addCommand(runCommand);
+program.addCommand(testCommand);
+program.addCommand(monitorCommand);
+program.addCommand(varCommand);
+program.addCommand(tagCommand);
+program.addCommand(diffCommand);
+program.addCommand(deployCommand);
+program.addCommand(destroyCommand);
+program.addCommand(pullCommand);
+program.addCommand(notificationCommand);
+program.addCommand(alertCommand);
+program.addCommand(auditCommand);
+program.addCommand(healthCommand);
+program.addCommand(locationsCommand);
+program.exitOverride();
+async function main() {
+  try {
+    await program.parseAsync(process.argv);
+  } catch (err) {
+    if (err instanceof CLIError) {
+      if (err.exitCode !== 0 /* Success */) {
+        console.error(pc7.red(`
+\u2717 ${err.message}
+`));
+      }
+      process.exit(err.exitCode);
+    }
+    if (err && typeof err === "object" && "exitCode" in err && typeof err.exitCode === "number") {
+      process.exit(err.exitCode);
+    }
+    console.error(pc7.red(`
+\u2717 Unexpected error: ${err instanceof Error ? err.message : String(err)}
+`));
+    process.exit(1 /* GeneralError */);
+  }
+}
+main();
+//# sourceMappingURL=supercheck.js.map