@thecorporation/cli 26.3.21 → 26.3.22

package/dist/index.js

@@ -90,9 +90,13 @@ function allowUnsafeApiUrl() {
   return process.env.CORP_UNSAFE_API_URL === "1";
 }
 function validateApiUrl(value) {
+  const trimmed = value.trim();
+  if (trimmed.startsWith("process://")) {
+    return trimmed;
+  }
   let parsed;
   try {
-    parsed = new URL(value.trim());
+    parsed = new URL(trimmed);
   } catch {
     throw new Error("api_url must be a valid absolute URL");
   }
@@ -217,6 +221,7 @@ function normalizeConfig(raw) {
   cfg.workspace_id = normalizeString(raw.workspace_id) ?? cfg.workspace_id;
   cfg.hosting_mode = normalizeString(raw.hosting_mode) ?? cfg.hosting_mode;
   cfg.active_entity_id = normalizeString(raw.active_entity_id) ?? cfg.active_entity_id;
+  cfg.data_dir = normalizeString(raw.data_dir) ?? cfg.data_dir;
   if (isObject(raw.llm)) {
     cfg.llm.provider = normalizeString(raw.llm.provider) ?? cfg.llm.provider;
     cfg.llm.api_key = normalizeString(raw.llm.api_key) ?? cfg.llm.api_key;
@@ -263,7 +268,8 @@ function serializeConfig(cfg) {
       name: normalized.user.name,
       email: normalized.user.email
     },
-    active_entity_id: normalized.active_entity_id
+    active_entity_id: normalized.active_entity_id,
+    ...normalized.data_dir ? { data_dir: normalized.data_dir } : {}
   };
   if (normalized.active_entity_ids && Object.keys(normalized.active_entity_ids).length > 0) {
     serialized.active_entity_ids = normalized.active_entity_ids;
@@ -283,6 +289,20 @@ function serializeAuth(cfg) {
   if (normalized.llm.api_key) {
     serialized.llm = { api_key: normalized.llm.api_key };
   }
+  const existingAuth = readJsonFile(AUTH_FILE);
+  if (isObject(existingAuth) && isObject(existingAuth.server_secrets)) {
+    const ss = existingAuth.server_secrets;
+    if (typeof ss.jwt_secret === "string" && typeof ss.secrets_master_key === "string" && typeof ss.internal_worker_token === "string") {
+      serialized.server_secrets = {
+        jwt_secret: ss.jwt_secret,
+        secrets_master_key: ss.secrets_master_key,
+        internal_worker_token: ss.internal_worker_token
+      };
+    }
+  }
+  if (cfg._server_secrets) {
+    serialized.server_secrets = cfg._server_secrets;
+  }
   return JSON.stringify(serialized, null, 2) + "\n";
 }
 function requireSupportedConfigKey(dotPath) {
@@ -311,6 +331,9 @@ function setKnownConfigValue(cfg, dotPath, value) {
     case "hosting_mode":
       cfg.hosting_mode = value.trim();
       return;
+    case "data_dir":
+      cfg.data_dir = value.trim();
+      return;
     case "llm.provider":
       cfg.llm.provider = value.trim();
       return;
@@ -492,7 +515,8 @@ var init_config = __esm({
       "llm.base_url",
       "user.name",
       "user.email",
-      "active_entity_id"
+      "active_entity_id",
+      "data_dir"
     ]);
     SENSITIVE_CONFIG_KEYS = /* @__PURE__ */ new Set(["api_url", "api_key", "workspace_id"]);
     DEFAULTS = {
@@ -507,7 +531,8 @@ var init_config = __esm({
         base_url: process.env.CORP_LLM_BASE_URL || void 0
       },
       user: { name: "", email: "" },
-      active_entity_id: ""
+      active_entity_id: "",
+      data_dir: ""
     };
   }
 });
@@ -658,7 +683,11 @@ function describeReferenceRecord(kind, record) {
       idFields: ["share_class_id", "id"],
       labelFields: ["class_code", "name", "share_class"]
     },
-    round: { idFields: ["round_id", "equity_round_id", "id"], labelFields: ["name"] }
+    round: { idFields: ["round_id", "equity_round_id", "id"], labelFields: ["name"] },
+    service_request: {
+      idFields: ["request_id", "service_request_id", "id"],
+      labelFields: ["service_slug", "status"]
+    }
   };
   const spec = specs[kind];
   const id = extractId(record, spec.idFields);
@@ -726,7 +755,8 @@ var init_references = __esm({
       "safe_note",
       "instrument",
       "share_class",
-      "round"
+      "round",
+      "service_request"
     ];
     VALID_RESOURCE_KINDS = new Set(RESOURCE_KINDS);
     MAX_REFERENCE_INPUT_LEN = 256;
@@ -755,6 +785,7 @@ var init_references = __esm({
       valuationsCache = /* @__PURE__ */ new Map();
       safeNotesCache = /* @__PURE__ */ new Map();
       roundsCache = /* @__PURE__ */ new Map();
+      serviceRequestsCache = /* @__PURE__ */ new Map();
       capTableCache = /* @__PURE__ */ new Map();
       agentsCache;
       constructor(client, cfg) {
@@ -869,6 +900,9 @@ var init_references = __esm({
       async resolveRound(entityId, ref) {
         return this.resolve("round", ref, { entityId });
       }
+      async resolveServiceRequest(entityId, ref) {
+        return this.resolve("service_request", ref, { entityId });
+      }
       async find(kind, query, scope = {}) {
         const trimmedQuery = validateReferenceInput(query, "query", { allowEmpty: true });
         const records = await this.listRecords(kind, scope);
@@ -1056,6 +1090,8 @@ var init_references = __esm({
               return this.listShareClasses(scope.entityId);
             case "round":
               return this.listRounds(scope.entityId);
+            case "service_request":
+              return this.listServiceRequestRecords(scope.entityId);
           }
         })();
         return this.attachStableHandles(kind, records, scope.entityId);
@@ -1320,6 +1356,14 @@ var init_references = __esm({
         const capTable = await this.getCapTable(entityId);
         return Array.isArray(capTable.share_classes) ? capTable.share_classes : [];
       }
+      async listServiceRequestRecords(entityId) {
+        if (!entityId) throw new Error("An entity context is required to resolve service requests.");
+        const cached = this.serviceRequestsCache.get(entityId);
+        if (cached) return cached;
+        const requests = await this.client.listServiceRequests(entityId);
+        this.serviceRequestsCache.set(entityId, requests);
+        return requests;
+      }
     };
   }
 });
@@ -1882,6 +1926,33 @@ function printAgentsTable(agents) {
   }
   console.log(table.toString());
 }
+function printServiceCatalogTable(items) {
+  const table = makeTable("Service Catalog", ["Slug", "Name", "Price", "Type"]);
+  for (const item of items) {
+    table.push([
+      s(item.slug),
+      s(item.name),
+      money(item.amount_cents),
+      s(item.price_type)
+    ]);
+  }
+  console.log(table.toString());
+}
+function printServiceRequestsTable(requests) {
+  const table = makeTable("Service Requests", ["Ref", "Service", "Amount", "Status", "Created"]);
+  for (const r of requests) {
+    const status = s(r.status);
+    const colored = status === "fulfilled" ? chalk.green(status) : status === "paid" ? chalk.cyan(status) : status === "checkout" ? chalk.yellow(status) : status === "failed" ? chalk.dim(status) : status;
+    table.push([
+      formatReferenceCell("service_request", r),
+      s(r.service_slug),
+      money(r.amount_cents),
+      colored,
+      date(r.created_at)
+    ]);
+  }
+  console.log(table.toString());
+}
 function printBillingPanel(status, plans) {
   const plan = s(status.plan ?? status.tier) || "free";
   const subStatus = s(status.status) || "active";
@@ -1935,7 +2006,15 @@ var setup_exports = {};
 __export(setup_exports, {
   setupCommand: () => setupCommand
 });
-import { input, confirm } from "@inquirer/prompts";
+import { input, select } from "@inquirer/prompts";
+import { homedir as homedir2 } from "os";
+import { join as join2 } from "path";
+import { existsSync as existsSync2, mkdirSync as mkdirSync2, readdirSync } from "fs";
+import {
+  generateSecret,
+  generateFernetKey,
+  processRequest
+} from "@thecorporation/corp-tools";
 async function requestMagicLink(apiUrl, email, tosAccepted) {
   const resp = await fetch(`${apiUrl}/v1/auth/magic-link`, {
     method: "POST",
@@ -1971,9 +2050,6 @@ async function verifyMagicLinkCode(apiUrl, code) {
     workspace_id: data.workspace_id
   };
 }
-function isCloudApi(url) {
-  return url.replace(/\/+$/, "").includes("thecorporation.ai");
-}
 async function magicLinkAuth(apiUrl, email) {
   console.log("\nSending magic link to " + email + "...");
   await requestMagicLink(apiUrl, email, true);
@@ -1989,22 +2065,46 @@ async function magicLinkAuth(apiUrl, email) {
   console.log("Verifying...");
   return verifyMagicLinkCode(apiUrl, trimmed);
 }
+function setupDataDir(dirPath) {
+  if (!existsSync2(dirPath)) {
+    mkdirSync2(dirPath, { recursive: true });
+    return { isNew: true };
+  }
+  try {
+    const entries = readdirSync(dirPath);
+    if (entries.length > 0) {
+      console.log("Found existing data, reusing.");
+      return { isNew: false };
+    }
+  } catch {
+  }
+  return { isNew: true };
+}
+async function localProvision(dataDir, name) {
+  const resp = processRequest(
+    "process://",
+    "POST",
+    "/v1/workspaces/provision",
+    { "Content-Type": "application/json" },
+    JSON.stringify({ name }),
+    { dataDir }
+  );
+  if (!resp.ok) {
+    const detail = await resp.text();
+    throw new Error(`Provision failed: HTTP ${resp.status} \u2014 ${detail}`);
+  }
+  const body = await resp.json();
+  if (!body.api_key || !body.workspace_id) {
+    throw new Error("Provision response missing api_key or workspace_id");
+  }
+  return {
+    api_key: body.api_key,
+    workspace_id: body.workspace_id
+  };
+}
 async function setupCommand() {
   const cfg = loadConfig();
   console.log("Welcome to corp \u2014 corporate governance from the terminal.\n");
-  const customUrl = process.env.CORP_API_URL;
-  if (customUrl) {
-    try {
-      cfg.api_url = validateApiUrl(customUrl);
-    } catch (err) {
-      printError(`Invalid CORP_API_URL: ${err}`);
-      process.exit(1);
-    }
-    console.log(`Using API: ${cfg.api_url}
-`);
-  } else {
-    cfg.api_url = CLOUD_API_URL;
-  }
   console.log("--- User Info ---");
   const user = cfg.user ?? { name: "", email: "" };
   user.name = await input({
@@ -2016,10 +2116,53 @@ async function setupCommand() {
     default: user.email || void 0
   });
   cfg.user = user;
-  const needsAuth = !cfg.api_key || !cfg.workspace_id;
-  const cloud = isCloudApi(cfg.api_url);
-  if (needsAuth) {
-    if (cloud) {
+  console.log("\n--- Hosting Mode ---");
+  const hostingMode = await select({
+    message: "How would you like to run corp?",
+    choices: [
+      { value: "local", name: "Local (your machine)" },
+      { value: "cloud", name: "TheCorporation cloud" },
+      { value: "self-hosted", name: "Self-hosted server (custom URL)" }
+    ],
+    default: cfg.hosting_mode || "local"
+  });
+  cfg.hosting_mode = hostingMode;
+  if (hostingMode === "local") {
+    const dataDir = await input({
+      message: "Data directory",
+      default: cfg.data_dir || DEFAULT_DATA_DIR
+    });
+    cfg.data_dir = dataDir;
+    cfg.api_url = "process://";
+    const { isNew } = setupDataDir(dataDir);
+    const serverSecrets = {
+      jwt_secret: generateSecret(),
+      secrets_master_key: generateFernetKey(),
+      internal_worker_token: generateSecret()
+    };
+    process.env.JWT_SECRET = serverSecrets.jwt_secret;
+    process.env.SECRETS_MASTER_KEY = serverSecrets.secrets_master_key;
+    process.env.INTERNAL_WORKER_TOKEN = serverSecrets.internal_worker_token;
+    cfg._server_secrets = serverSecrets;
+    if (isNew || !cfg.workspace_id) {
+      console.log("\nProvisioning workspace...");
+      try {
+        const result = await localProvision(dataDir, `${user.name}'s workspace`);
+        cfg.api_key = result.api_key;
+        cfg.workspace_id = result.workspace_id;
+        printSuccess(`Local workspace ready: ${result.workspace_id}`);
+      } catch (err) {
+        printError(`Workspace provisioning failed: ${err}`);
+        console.log("You can retry with 'corp setup'.");
+      }
+    } else {
+      console.log("\nExisting workspace found.");
+    }
+  } else if (hostingMode === "cloud") {
+    cfg.api_url = CLOUD_API_URL;
+    cfg.data_dir = "";
+    const needsAuth = !cfg.api_key || !cfg.workspace_id;
+    if (needsAuth) {
       try {
         const result = await magicLinkAuth(cfg.api_url, user.email);
         cfg.api_key = result.api_key;
@@ -2032,6 +2175,22 @@ async function setupCommand() {
         );
       }
     } else {
+      console.log("\nExisting credentials found. Run 'corp status' to verify.");
+    }
+  } else {
+    const url = await input({
+      message: "Server URL",
+      default: cfg.api_url !== CLOUD_API_URL && !cfg.api_url.startsWith("process://") ? cfg.api_url : void 0
+    });
+    try {
+      cfg.api_url = validateApiUrl(url);
+    } catch (err) {
+      printError(`Invalid URL: ${err}`);
+      process.exit(1);
+    }
+    cfg.data_dir = "";
+    const needsAuth = !cfg.api_key || !cfg.workspace_id;
+    if (needsAuth) {
       console.log("\nProvisioning workspace...");
       try {
         const result = await provisionWorkspace(
@@ -2048,57 +2207,13 @@ async function setupCommand() {
         );
       }
     }
-  } else {
-    console.log("\nVerifying existing credentials...");
-    let keyValid = false;
-    try {
-      const resp = await fetch(
-        `${cfg.api_url.replace(/\/+$/, "")}/v1/workspaces/${cfg.workspace_id}/status`,
-        { headers: { Authorization: `Bearer ${cfg.api_key}` } }
-      );
-      keyValid = resp.status !== 401;
-    } catch {
-    }
-    if (keyValid) {
-      console.log("Credentials OK.");
-    } else {
-      console.log("API key is no longer valid.");
-      const reauth = await confirm({
-        message: cloud ? "Re-authenticate via magic link?" : "Provision a new workspace? (This will replace your current credentials)",
-        default: true
-      });
-      if (reauth) {
-        try {
-          if (cloud) {
-            const result = await magicLinkAuth(cfg.api_url, user.email);
-            cfg.api_key = result.api_key;
-            cfg.workspace_id = result.workspace_id;
-            printSuccess(`Authenticated. Workspace: ${result.workspace_id}`);
-          } else {
-            const result = await provisionWorkspace(
-              cfg.api_url,
-              `${user.name}'s workspace`
-            );
-            cfg.api_key = result.api_key;
-            cfg.workspace_id = result.workspace_id;
-            console.log(`Workspace provisioned: ${result.workspace_id}`);
-          }
-        } catch (err) {
-          printError(`Authentication failed: ${err}`);
-        }
-      } else {
-        console.log(
-          "Keeping existing credentials. You can manually update with: corp config set api_key <key>"
-        );
-      }
-    }
   }
   saveConfig(cfg);
   console.log("\nSettings saved to ~/.corp/config.json");
   console.log("Credentials saved to ~/.corp/auth.json");
   console.log("Run 'corp status' to verify your connection.");
 }
-var CLOUD_API_URL;
+var CLOUD_API_URL, DEFAULT_DATA_DIR;
 var init_setup = __esm({
   "src/commands/setup.ts"() {
     "use strict";
@@ -2106,6 +2221,7 @@ var init_setup = __esm({
     init_api_client();
     init_output();
     CLOUD_API_URL = "https://api.thecorporation.ai";
+    DEFAULT_DATA_DIR = join2(homedir2(), ".corp", "data");
   }
 });
 
@@ -3114,11 +3230,11 @@ import {
   isWriteTool as _isWriteTool,
   executeTool as _executeTool
 } from "@thecorporation/corp-tools";
-import { join as join2 } from "path";
-import { homedir as homedir2 } from "os";
+import { join as join3 } from "path";
+import { homedir as homedir3 } from "os";
 async function executeTool(name, args, client) {
   return _executeTool(name, args, client, {
-    dataDir: join2(homedir2(), ".corp"),
+    dataDir: join3(homedir3(), ".corp"),
     onEntityFormed: (entityId) => {
       try {
         updateConfig((cfg) => {
@@ -6127,6 +6243,171 @@ var init_work_items = __esm({
   }
 });
 
+// src/commands/services.ts
+var services_exports = {};
+__export(services_exports, {
+  servicesBuyCommand: () => servicesBuyCommand,
+  servicesCancelCommand: () => servicesCancelCommand,
+  servicesCatalogCommand: () => servicesCatalogCommand,
+  servicesFulfillCommand: () => servicesFulfillCommand,
+  servicesListCommand: () => servicesListCommand,
+  servicesShowCommand: () => servicesShowCommand
+});
+import chalk11 from "chalk";
+async function servicesCatalogCommand(opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  try {
+    const items = await client.listServiceCatalog();
+    if (opts.json) {
+      printJson(items);
+      return;
+    }
+    printServiceCatalogTable(items);
+  } catch (err) {
+    printError(`Failed to list service catalog: ${err}`);
+    process.exit(1);
+  }
+}
+async function servicesBuyCommand(slug, opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const payload = { entity_id: eid, service_slug: slug };
+    if (opts.dryRun) {
+      printDryRun("services.create_request", payload);
+      return;
+    }
+    const result = await client.createServiceRequest(payload);
+    await resolver.stabilizeRecord("service_request", result, eid);
+    resolver.rememberFromRecord("service_request", result, eid);
+    const requestId = String(result.request_id ?? result.id ?? "");
+    if (requestId) {
+      const checkout = await client.beginServiceCheckout(requestId, { entity_id: eid });
+      if (opts.json) {
+        printJson(checkout);
+        return;
+      }
+      printSuccess(`Service request created: ${requestId}`);
+      printReferenceSummary("service_request", result, { showReuseHint: true });
+      if (checkout.checkout_url) {
+        console.log(`
+  ${chalk11.bold("Checkout URL:")} ${checkout.checkout_url}`);
+      }
+      console.log(chalk11.dim("\n  Next steps:"));
+      console.log(chalk11.dim("    Complete payment at the checkout URL above"));
+      console.log(chalk11.dim("    corp services list --entity-id <id>"));
+    } else {
+      printWriteResult(result, "Service request created", {
+        referenceKind: "service_request",
+        showReuseHint: true
+      });
+    }
+  } catch (err) {
+    printError(`Failed to create service request: ${err}`);
+    process.exit(1);
+  }
+}
+async function servicesListCommand(opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const requests = await client.listServiceRequests(eid);
+    const stable = await resolver.stabilizeRecords("service_request", requests, eid);
+    if (opts.json) {
+      printJson(stable);
+      return;
+    }
+    printServiceRequestsTable(stable);
+  } catch (err) {
+    printError(`Failed to list service requests: ${err}`);
+    process.exit(1);
+  }
+}
+async function servicesShowCommand(ref_, opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const requestId = await resolver.resolveServiceRequest(eid, ref_);
+    const result = await client.getServiceRequest(requestId, eid);
+    await resolver.stabilizeRecord("service_request", result, eid);
+    resolver.rememberFromRecord("service_request", result, eid);
+    if (opts.json) {
+      printJson(result);
+      return;
+    }
+    printReferenceSummary("service_request", result);
+    printJson(result);
+  } catch (err) {
+    printError(`Failed to show service request: ${err}`);
+    process.exit(1);
+  }
+}
+async function servicesFulfillCommand(ref_, opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const requestId = await resolver.resolveServiceRequest(eid, ref_);
+    const result = await client.fulfillServiceRequest(requestId, {
+      entity_id: eid,
+      note: opts.note
+    });
+    await resolver.stabilizeRecord("service_request", result, eid);
+    resolver.rememberFromRecord("service_request", result, eid);
+    if (opts.json) {
+      printJson(result);
+      return;
+    }
+    printSuccess(`Service request fulfilled: ${requestId}`);
+    printReferenceSummary("service_request", result, { showReuseHint: true });
+    printJson(result);
+  } catch (err) {
+    printError(`Failed to fulfill service request: ${err}`);
+    process.exit(1);
+  }
+}
+async function servicesCancelCommand(ref_, opts) {
+  const cfg = requireConfig("api_url", "api_key", "workspace_id");
+  const client = new CorpAPIClient(cfg.api_url, cfg.api_key, cfg.workspace_id);
+  const resolver = new ReferenceResolver(client, cfg);
+  try {
+    const eid = await resolver.resolveEntity(opts.entityId);
+    const requestId = await resolver.resolveServiceRequest(eid, ref_);
+    const result = await client.cancelServiceRequest(requestId, {
+      entity_id: eid
+    });
+    await resolver.stabilizeRecord("service_request", result, eid);
+    resolver.rememberFromRecord("service_request", result, eid);
+    if (opts.json) {
+      printJson(result);
+      return;
+    }
+    printSuccess(`Service request cancelled: ${requestId}`);
+    printReferenceSummary("service_request", result, { showReuseHint: true });
+    printJson(result);
+  } catch (err) {
+    printError(`Failed to cancel service request: ${err}`);
+    process.exit(1);
+  }
+}
+var init_services = __esm({
+  "src/commands/services.ts"() {
+    "use strict";
+    init_config();
+    init_api_client();
+    init_output();
+    init_references();
+  }
+});
+
 // src/commands/billing.ts
 var billing_exports = {};
 __export(billing_exports, {
@@ -6237,8 +6518,8 @@ __export(form_exports, {
   formCreateCommand: () => formCreateCommand,
   formFinalizeCommand: () => formFinalizeCommand
 });
-import { input as input2, select, confirm as confirm2, number } from "@inquirer/prompts";
-import chalk11 from "chalk";
+import { input as input2, select as select2, confirm as confirm2, number } from "@inquirer/prompts";
+import chalk12 from "chalk";
 import Table3 from "cli-table3";
 import { readFileSync as readFileSync3, realpathSync as realpathSync2 } from "fs";
 import { relative as relative2, resolve as resolve2 } from "path";
@@ -6248,9 +6529,9 @@ function isCorp(entityType) {
 }
 function sectionHeader(title) {
   console.log();
-  console.log(chalk11.blue("\u2500".repeat(50)));
-  console.log(chalk11.blue.bold(`  ${title}`));
-  console.log(chalk11.blue("\u2500".repeat(50)));
+  console.log(chalk12.blue("\u2500".repeat(50)));
+  console.log(chalk12.blue.bold(`  ${title}`));
+  console.log(chalk12.blue("\u2500".repeat(50)));
 }
 function officerTitleLabel(title) {
   switch (title) {
@@ -6410,7 +6691,7 @@ async function phaseEntityDetails(opts, serverCfg, scripted) {
     if (scripted) {
       entityType = "llc";
     } else {
-      entityType = await select({
+      entityType = await select2({
         message: "Entity type",
         choices: [
           { value: "llc", name: "LLC" },
@@ -6469,13 +6750,13 @@ async function phasePeople(opts, entityType, scripted) {
   }
   const founderCount = await number({ message: "Number of founders (1-6)", default: 1 }) ?? 1;
   for (let i = 0; i < founderCount; i++) {
-    console.log(chalk11.dim(`
+    console.log(chalk12.dim(`
   Founder ${i + 1} of ${founderCount}:`));
     const name = await input2({ message: `  Name` });
     const email = await input2({ message: `  Email` });
     let role = "member";
     if (isCorp(entityType)) {
-      role = await select({
+      role = await select2({
         message: "  Role",
         choices: [
           { value: "director", name: "Director" },
@@ -6490,7 +6771,7 @@ async function phasePeople(opts, entityType, scripted) {
     if (isCorp(entityType)) {
       const wantOfficer = role === "officer" || await confirm2({ message: "  Assign officer title?", default: i === 0 });
       if (wantOfficer) {
-        officerTitle = await select({
+        officerTitle = await select2({
           message: "  Officer title",
           choices: OfficerTitle.map((t) => ({
             value: t,
@@ -6515,7 +6796,7 @@ async function phaseStock(opts, entityType, founders, scripted) {
   const rofr = opts.rofr ?? (!scripted && isCorp(entityType) ? await confirm2({ message: "Right of first refusal?", default: true }) : isCorp(entityType));
   if (!scripted) {
     for (const f of founders) {
-      console.log(chalk11.dim(`
+      console.log(chalk12.dim(`
   Equity for ${f.name}:`));
       if (isCorp(entityType)) {
         const shares = await number({ message: `  Shares to purchase`, default: 0 });
@@ -6536,7 +6817,7 @@ async function phaseStock(opts, entityType, founders, scripted) {
         if (wantVesting) {
           const totalMonths = await number({ message: "  Total vesting months", default: 48 }) ?? 48;
           const cliffMonths = await number({ message: "  Cliff months", default: 12 }) ?? 12;
-          const acceleration = await select({
+          const acceleration = await select2({
             message: "  Acceleration",
             choices: [
               { value: "none", name: "None" },
@@ -6561,17 +6842,17 @@ async function phaseStock(opts, entityType, founders, scripted) {
 }
 function printSummary(entityType, name, jurisdiction, fiscalYearEnd, sCorpElection, founders, transferRestrictions, rofr) {
   sectionHeader("Formation Summary");
-  console.log(`  ${chalk11.bold("Entity:")} ${name}`);
-  console.log(`  ${chalk11.bold("Type:")} ${entityType}`);
-  console.log(`  ${chalk11.bold("Jurisdiction:")} ${jurisdiction}`);
-  console.log(`  ${chalk11.bold("Fiscal Year End:")} ${fiscalYearEnd}`);
+  console.log(`  ${chalk12.bold("Entity:")} ${name}`);
+  console.log(`  ${chalk12.bold("Type:")} ${entityType}`);
+  console.log(`  ${chalk12.bold("Jurisdiction:")} ${jurisdiction}`);
+  console.log(`  ${chalk12.bold("Fiscal Year End:")} ${fiscalYearEnd}`);
   if (isCorp(entityType)) {
-    console.log(`  ${chalk11.bold("S-Corp Election:")} ${sCorpElection ? "Yes" : "No"}`);
-    console.log(`  ${chalk11.bold("Transfer Restrictions:")} ${transferRestrictions ? "Yes" : "No"}`);
-    console.log(`  ${chalk11.bold("Right of First Refusal:")} ${rofr ? "Yes" : "No"}`);
+    console.log(`  ${chalk12.bold("S-Corp Election:")} ${sCorpElection ? "Yes" : "No"}`);
+    console.log(`  ${chalk12.bold("Transfer Restrictions:")} ${transferRestrictions ? "Yes" : "No"}`);
+    console.log(`  ${chalk12.bold("Right of First Refusal:")} ${rofr ? "Yes" : "No"}`);
   }
   const table = new Table3({
-    head: [chalk11.dim("Name"), chalk11.dim("Email"), chalk11.dim("Role"), chalk11.dim("Equity"), chalk11.dim("Officer")]
+    head: [chalk12.dim("Name"), chalk12.dim("Email"), chalk12.dim("Role"), chalk12.dim("Equity"), chalk12.dim("Officer")]
   });
   for (const f of founders) {
     const equity = f.shares_purchased ? `${f.shares_purchased.toLocaleString()} shares` : f.ownership_pct ? `${f.ownership_pct}%` : "\u2014";
@@ -6598,7 +6879,7 @@ async function formCommand(opts) {
     printSummary(entityType, name, jurisdiction, fiscalYearEnd, sCorpElection, founders, transferRestrictions, rofr);
     const shouldProceed = scripted ? true : await confirm2({ message: "Proceed with formation?", default: true });
     if (!shouldProceed) {
-      console.log(chalk11.yellow("Formation cancelled."));
+      console.log(chalk12.yellow("Formation cancelled."));
       return;
     }
     const members = founders.map((f) => {
@@ -6654,17 +6935,17 @@ async function formCommand(opts) {
     if (holders.length > 0) {
       console.log();
       const table = new Table3({
-        head: [chalk11.dim("Holder"), chalk11.dim("Shares"), chalk11.dim("Ownership %")]
+        head: [chalk12.dim("Holder"), chalk12.dim("Shares"), chalk12.dim("Ownership %")]
       });
       for (const h of holders) {
         const pct = typeof h.ownership_pct === "number" ? `${h.ownership_pct.toFixed(1)}%` : "\u2014";
         table.push([String(h.name ?? "?"), String(h.shares ?? 0), pct]);
       }
-      console.log(chalk11.bold("  Cap Table:"));
+      console.log(chalk12.bold("  Cap Table:"));
       console.log(table.toString());
     }
     if (result.next_action) {
-      console.log(chalk11.yellow(`
+      console.log(chalk12.yellow(`
   Next: ${result.next_action}`));
     }
   } catch (err) {
@@ -6735,7 +7016,7 @@ async function formCreateCommand(opts) {
     console.log(`  Type: ${result.entity_type}`);
     console.log(`  Jurisdiction: ${result.jurisdiction}`);
     console.log(`  Status: ${result.formation_status}`);
-    console.log(chalk11.yellow(`
+    console.log(chalk12.yellow(`
   Next: corp form add-founder @last:entity --name "..." --email "..." --role member --pct 50`));
   } catch (err) {
     printError(`Failed to create pending entity: ${err}`);
@@ -6773,7 +7054,7 @@ async function formAddFounderCommand(entityId, opts) {
       const pct = typeof m.ownership_pct === "number" ? ` (${m.ownership_pct}%)` : "";
       console.log(`  - ${m.name} <${m.email ?? "no email"}> [${m.role ?? "member"}]${pct}`);
     }
-    console.log(chalk11.yellow(`
+    console.log(chalk12.yellow(`
   Next: add more founders or run: corp form finalize @last:entity`));
   } catch (err) {
     printError(`Failed to add founder: ${err}`);
@@ -6837,17 +7118,17 @@ async function formFinalizeCommand(entityId, opts) {
     if (holders.length > 0) {
       console.log();
       const table = new Table3({
-        head: [chalk11.dim("Holder"), chalk11.dim("Shares"), chalk11.dim("Ownership %")]
+        head: [chalk12.dim("Holder"), chalk12.dim("Shares"), chalk12.dim("Ownership %")]
       });
       for (const h of holders) {
         const pct = typeof h.ownership_pct === "number" ? `${h.ownership_pct.toFixed(1)}%` : "\u2014";
         table.push([String(h.name ?? "?"), String(h.shares ?? 0), pct]);
       }
-      console.log(chalk11.bold("  Cap Table:"));
+      console.log(chalk12.bold("  Cap Table:"));
       console.log(table.toString());
     }
     if (result.next_action) {
-      console.log(chalk11.yellow(`
+      console.log(chalk12.yellow(`
   Next: ${result.next_action}`));
     }
   } catch (err) {
@@ -6920,7 +7201,7 @@ var api_keys_exports = {};
 __export(api_keys_exports, {
   apiKeysCommand: () => apiKeysCommand
 });
-import chalk12 from "chalk";
+import chalk13 from "chalk";
 import Table4 from "cli-table3";
 async function apiKeysCommand(opts) {
   const cfg = requireConfig("api_url", "api_key", "workspace_id");
@@ -6940,9 +7221,9 @@ async function apiKeysCommand(opts) {
       return;
     }
     console.log(`
-${chalk12.bold("API Keys")}`);
+${chalk13.bold("API Keys")}`);
     const table = new Table4({
-      head: [chalk12.dim("ID"), chalk12.dim("Name"), chalk12.dim("Key"), chalk12.dim("Created")]
+      head: [chalk13.dim("ID"), chalk13.dim("Name"), chalk13.dim("Key"), chalk13.dim("Created")]
     });
     for (const k of keys) {
       table.push([
@@ -7224,7 +7505,7 @@ var feedback_exports = {};
 __export(feedback_exports, {
   feedbackCommand: () => feedbackCommand
 });
-import chalk13 from "chalk";
+import chalk14 from "chalk";
 async function feedbackCommand(message, opts) {
   if (!message || message.trim().length === 0) {
     printError("Feedback message cannot be empty");
@@ -7243,7 +7524,7 @@ async function feedbackCommand(message, opts) {
       return;
     }
     console.log(`
-${chalk13.green("\u2713")} Feedback submitted (${chalk13.dim(result.feedback_id)})`);
+${chalk14.green("\u2713")} Feedback submitted (${chalk14.dim(result.feedback_id)})`);
   } catch (err) {
     const detail = String(err);
     if (detail.includes("404")) {
@@ -7273,38 +7554,8 @@ var serve_exports = {};
 __export(serve_exports, {
   serveCommand: () => serveCommand
 });
-import { readFileSync as readFileSync4, writeFileSync as writeFileSync2, existsSync as existsSync2 } from "fs";
 import { resolve as resolve3 } from "path";
-import { randomBytes } from "crypto";
-function generateFernetKey() {
-  return randomBytes(32).toString("base64url") + "=";
-}
-function generateSecret(length = 32) {
-  return randomBytes(length).toString("hex");
-}
-function loadEnvFile(path) {
-  if (!existsSync2(path)) return;
-  const content = readFileSync4(path, "utf-8");
-  for (const line of content.split("\n")) {
-    const trimmed = line.trim();
-    if (!trimmed || trimmed.startsWith("#")) continue;
-    const eqIdx = trimmed.indexOf("=");
-    if (eqIdx === -1) continue;
-    const key = trimmed.slice(0, eqIdx).trim();
-    const value = trimmed.slice(eqIdx + 1).trim().replace(/^["']|["']$/g, "");
-    if (!process.env[key]) {
-      process.env[key] = value;
-    }
-  }
-}
-function ensureEnvFile(envPath) {
-  if (existsSync2(envPath)) return;
-  console.log("No .env file found. Generating one with dev defaults...\n");
-  const content = ENV_TEMPLATE.replace("{{JWT_SECRET}}", generateSecret()).replace("{{SECRETS_MASTER_KEY}}", generateFernetKey()).replace("{{INTERNAL_WORKER_TOKEN}}", generateSecret());
-  writeFileSync2(envPath, content, "utf-8");
-  console.log(`  Created ${envPath}
-`);
-}
+import { ensureEnvFile, loadEnvFile } from "@thecorporation/corp-tools";
 async function serveCommand(opts) {
   let server;
   try {
@@ -7349,40 +7600,9 @@ async function serveCommand(opts) {
     process.exit(code ?? 0);
   });
 }
-var ENV_TEMPLATE;
 var init_serve = __esm({
   "src/commands/serve.ts"() {
     "use strict";
-    ENV_TEMPLATE = `# Corporation API server configuration
-# Generated by: corp serve
-
-# Required \u2014 secret for signing JWTs
-JWT_SECRET={{JWT_SECRET}}
-
-# Required \u2014 Fernet key for encrypting secrets at rest (base64url, 32 bytes)
-SECRETS_MASTER_KEY={{SECRETS_MASTER_KEY}}
-
-# Required \u2014 bearer token for internal worker-to-server auth
-INTERNAL_WORKER_TOKEN={{INTERNAL_WORKER_TOKEN}}
-
-# Server port (default: 8000)
-# PORT=8000
-
-# Data directory for git repos (default: ./data/repos)
-# DATA_DIR=./data/repos
-
-# Redis URL for agent job queue (optional)
-# REDIS_URL=redis://localhost:6379/0
-
-# LLM proxy upstream (default: https://openrouter.ai/api/v1)
-# LLM_UPSTREAM_URL=https://openrouter.ai/api/v1
-
-# PEM-encoded Ed25519 key for signing git commits (optional)
-# COMMIT_SIGNING_KEY=
-
-# Max agent queue depth (default: 1000)
-# MAX_QUEUE_DEPTH=1000
-`;
   }
 });
 
@@ -8140,6 +8360,59 @@ workItemsCmd.command("cancel <item-ref>").option("--json", "Output as JSON").des
     json: inheritOption(opts.json, parent.json)
   });
 });
+var servicesCmd = program.command("services").description("Service catalog and fulfillment").option("--entity-id <ref>", "Entity reference (ID, short ID, @last, or unique name)").option("--json", "Output as JSON");
+servicesCmd.command("catalog").option("--json", "Output as JSON").description("List the service catalog").action(async (opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesCatalogCommand: servicesCatalogCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesCatalogCommand2({
+    json: inheritOption(opts.json, parent.json)
+  });
+});
+servicesCmd.command("buy <slug>").option("--json", "Output as JSON").option("--dry-run", "Show the request without executing").description("Purchase a service from the catalog").action(async (slug, opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesBuyCommand: servicesBuyCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesBuyCommand2(slug, {
+    ...opts,
+    entityId: parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
+servicesCmd.command("list").option("--json", "Output as JSON").description("List service requests for an entity").action(async (opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesListCommand: servicesListCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesListCommand2({
+    ...opts,
+    entityId: parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
+servicesCmd.command("show <ref>").option("--json", "Output as JSON").description("Show service request detail").action(async (ref_, opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesShowCommand: servicesShowCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesShowCommand2(ref_, {
+    ...opts,
+    entityId: parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
+servicesCmd.command("fulfill <ref>").option("--note <note>", "Fulfillment note").option("--json", "Output as JSON").description("Mark a service request as fulfilled (operator)").action(async (ref_, opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesFulfillCommand: servicesFulfillCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesFulfillCommand2(ref_, {
+    ...opts,
+    entityId: parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
+servicesCmd.command("cancel <ref>").option("--json", "Output as JSON").description("Cancel a service request").action(async (ref_, opts, cmd) => {
+  const parent = cmd.parent.opts();
+  const { servicesCancelCommand: servicesCancelCommand2 } = await Promise.resolve().then(() => (init_services(), services_exports));
+  await servicesCancelCommand2(ref_, {
+    ...opts,
+    entityId: parent.entityId,
+    json: inheritOption(opts.json, parent.json)
+  });
+});
 var billingCmd = program.command("billing").description("Billing status, plans, and subscription management").option("--json", "Output as JSON").action(async (opts) => {
   const { billingCommand: billingCommand2 } = await Promise.resolve().then(() => (init_billing(), billing_exports));
   await billingCommand2(opts);