@tolinax/ayoune-cli 2026.8.2 → 2026.9.0

package/lib/commands/createProgram.js

@@ -1,60 +1,46 @@
-//Defines the main program structure for command line interface
+// Defines the main program structure for the `ay` command line interface.
+//
+// This module is on the cold-start path of EVERY `ay` invocation, so it must
+// stay free of heavy imports. Two patterns enforce that:
+//
+//   1. **Lazy command loading.** Instead of statically importing all 41
+//      command modules, we look up the user's argv in COMMAND_REGISTRY
+//      (`./_registry.ts`) and dynamic-import only the one they're running.
+//      Help / version / unknown-command paths fall back to registering
+//      lightweight stubs for every command so the help listing still works.
+//
+//   2. **Lazy logo.** `logo.ts` no longer top-level-imports `figlet`. The
+//      help-text thunks below only resolve when commander actually shows
+//      help, so the cost is paid once per `--help` invocation, not on every
+//      `ay <real-command>`.
+//
+// See `_registry.ts` for the registry, and `bench-startup.mjs` for the
+// benchmark used to verify cold-start improvements.
 import { Command, Option } from "commander";
-import chalk from "chalk";
 import path from "path";
 import os from "os";
 import { spinner } from "../../index.js";
-import { createModulesCommand } from "./createModulesCommand.js";
-import { createListCommand } from "./createListCommand.js";
-import { createGetCommand } from "./createGetCommand.js";
-import { createEditCommand } from "./createEditCommand.js";
-import { createLoginCommand } from "./createLoginCommand.js";
-import { createDescribeCommand } from "./createDescribeCommand.js";
-import { createCopyCommand } from "./createCopyCommand.js";
-import { createCreateCommand } from "./createCreateCommand.js";
-import { createStorageCommand } from "./createStorageCommand.js";
-import { createAuditCommand } from "./createAuditCommand.js";
-import { createStreamCommand } from "./createStreamCommand.js";
-import { createEventsCommand } from "./createEventsCommand.js";
-import { createWhoAmICommand } from "./createWhoAmICommand.js";
-import { createLogoutCommand } from "./createLogoutCommand.js";
-import { createCompletionsCommand } from "./createCompletionsCommand.js";
-import { createAliasCommand, registerUserAliases } from "./createAliasCommand.js";
-import { createConfigCommand } from "./createConfigCommand.js";
-import { createActionsCommand } from "./createActionsCommand.js";
-import { createExecCommand } from "./createExecCommand.js";
-import { createAiCommand } from "./createAiCommand.js";
-import { enableDebug } from "../api/apiClient.js";
-import { enableDryRun } from "../api/apiCallHandler.js";
+import { findCommandSpec, registerStubsForHelp } from "./_registry.js";
+// Cheap helpers — these are pure-TS modules with no heavy transitive imports,
+// so they can stay top-level without affecting cold-start.
 import { setJsonErrorsEnabled } from "../helpers/cliError.js";
 import { disableContext } from "../helpers/contextInjector.js";
-import { createServicesCommand } from "./createServicesCommand.js";
-import { createDeployCommand } from "./createDeployCommand.js";
-import { createMonitorCommand } from "./createMonitorCommand.js";
-import { createDeleteCommand } from "./createDeleteCommand.js";
-import { createUpdateCommand } from "./createUpdateCommand.js";
-import { createBatchCommand } from "./createBatchCommand.js";
-import { createSearchCommand } from "./createSearchCommand.js";
-import { createWebhooksCommand } from "./createWebhooksCommand.js";
-import { createJobsCommand } from "./createJobsCommand.js";
-import { createExportCommand } from "./createExportCommand.js";
-import { createUsersCommand } from "./createUsersCommand.js";
-import { createSyncCommand } from "./createSyncCommand.js";
-import { createPermissionsCommand } from "./createPermissionsCommand.js";
-import { createTemplateCommand } from "./createTemplateCommand.js";
-import { createSetupCommand } from "./createSetupCommand.js";
-import { createStatusCommand } from "./createStatusCommand.js";
-import { createSelfHostUpdateCommand } from "./createSelfHostUpdateCommand.js";
-import { createContextCommand } from "./createContextCommand.js";
-import { createAccessCommand } from "./createAccessCommand.js";
-import { createAggregateCommand } from "./createAggregateCommand.js";
-import { createDbCommand } from "./createDbCommand.js";
-import { secureStorage } from "../helpers/secureStorage.js";
-import { login } from "../api/login.js";
 import { loadConfig } from "../helpers/configLoader.js";
-import { getLogo, getDescription, BRAND_BLUE } from "../helpers/logo.js";
-import { checkForUpdates } from "../helpers/updateNotifier.js";
+import { loadAliases } from "./createAliasCommand.js";
+// logo.ts is intentionally lightweight: it does NOT top-level-import chalk
+// or figlet, so static-importing it here is free. The expensive bits live
+// inside getLogoSync()/brandHighlight()/dim(), each of which lazily requires
+// chalk/figlet only on first call.
+import { getLogoSync, brandHighlight, dim } from "../helpers/logo.js";
 import { createRequire } from "module";
+// HEAVY modules deliberately NOT imported at the top of this file:
+//   - ../api/apiClient (pulls in @tolinax/ayoune-core HTTP client + axios)
+//   - ../api/apiCallHandler (pulls in apiClient + secureStorage + login)
+//   - ../helpers/secureStorage (pulls in node-localstorage + crypto)
+//   - ../api/login (pulls in socket.io-client)
+//   - ../helpers/updateNotifier (pulls in node-localstorage)
+// They are lazy-imported inside the preAction hook (which only fires for real
+// command runs, never for --version/--help/unknown-command paths).
 const require = createRequire(import.meta.url);
 let pkg;
 try {
@@ -63,120 +49,103 @@ try {
 catch (_a) {
     pkg = require("../../../package.json"); // source tree (tests)
 }
-export function createProgram(program) {
-    program
-        .version(pkg.version || "0.0.0")
-        .addOption(new Option("-r, --responseFormat <format>", "Set the output format")
-        .choices(["json", "csv", "yaml", "table"])
-        .default("json"))
-        .addOption(new Option("-v, --verbosity <level>", "Set the verbosity level of the returned meta information")
-        .choices(["default", "extended", "minimal"])
-        .default("default")
-        .conflicts("hideMeta"))
-        .addOption(new Option("-m, --hideMeta", "Returns only the payload without meta information. ")
-        .default(false)
-        .conflicts("verbosity"))
-        .addOption(new Option("-s, --save", "Saves the response as file"))
-        .addOption(new Option("-d, --debug", "Show detailed request/response information"))
-        .addOption(new Option("-o, --outPath [filePath]", "Lets you set a path").default(path.join(os.homedir(), "aYOUne")))
-        .addOption(new Option("-n, --name [fileName]", "Lets you set a filename"))
-        .addOption(new Option("-q, --quiet", "Suppress all output except errors and results"))
-        .addOption(new Option("--force", "Skip confirmation prompts for destructive actions"))
-        .addOption(new Option("--dry-run", "Preview what a command would do without executing"))
-        .addOption(new Option("--jq <expression>", "Filter JSON output using JMESPath expression"))
-        .addOption(new Option("--columns <fields>", "Comma-separated list of columns to display"))
-        .addOption(new Option("--no-color", "Disable colored output"))
-        .addOption(new Option("--json-errors", "Output errors as JSON to stderr (for AI agents/scripts)"))
-        .addOption(new Option("--token <jwt>", "Authenticate with a JWT token for this session"))
-        .addOption(new Option("--no-context", "Disable context injection for this command"))
-        .description(getDescription());
-    program.showHelpAfterError();
-    program.showSuggestionAfterError(true);
-    createModulesCommand(program);
-    createListCommand(program);
-    createGetCommand(program);
-    createEditCommand(program);
-    createCopyCommand(program);
-    createDescribeCommand(program);
-    createCreateCommand(program);
-    createStorageCommand(program);
-    createAuditCommand(program);
-    createStreamCommand(program);
-    createEventsCommand(program);
-    createWhoAmICommand(program);
-    createLogoutCommand(program);
-    createActionsCommand(program);
-    createExecCommand(program);
-    createAiCommand(program);
-    createServicesCommand(program);
-    createDeployCommand(program);
-    createMonitorCommand(program);
-    createDeleteCommand(program);
-    createUpdateCommand(program);
-    createBatchCommand(program);
-    createSearchCommand(program);
-    createWebhooksCommand(program);
-    createJobsCommand(program);
-    createExportCommand(program);
-    createUsersCommand(program);
-    createSyncCommand(program);
-    createPermissionsCommand(program);
-    createTemplateCommand(program);
-    createAccessCommand(program);
-    createAggregateCommand(program);
-    createDbCommand(program);
-    createSetupCommand(program);
-    createStatusCommand(program);
-    createSelfHostUpdateCommand(program);
-    createContextCommand(program);
-    createCompletionsCommand(program);
-    createAliasCommand(program);
-    createConfigCommand(program);
-    registerUserAliases(program);
-    createLoginCommand(program);
-    program.addHelpText("beforeAll", getLogo());
-    program.addHelpText("afterAll", chalk.dim("\n  Run ay <command> --help for more info\n"));
-    program.configureHelp({
-        sortOptions: true,
-        sortSubcommands: true,
-        showGlobalOptions: true,
-        formatHelp: (cmd, helper) => {
-            const defaultHelp = Command.prototype.createHelp().formatHelp(cmd, helper);
-            return defaultHelp.replace(/^(Usage:|Commands:|Options:|Global Options:)/gm, (match) => chalk.hex(BRAND_BLUE).bold(match));
-        },
-    });
-    // Respect NO_COLOR env var (no-color.org standard)
-    if (process.env.NO_COLOR !== undefined) {
-        chalk.level = 0;
+/**
+ * Find the first non-flag argument in argv (skipping `node` + script path).
+ * This is the command name candidate that we'll feed to the registry.
+ *
+ * Returns `undefined` if argv has no command (e.g. plain `ay`).
+ */
+function findFirstCommandArg(argv) {
+    for (let i = 2; i < argv.length; i++) {
+        const arg = argv[i];
+        if (!arg.startsWith("-"))
+            return arg;
     }
+    return undefined;
+}
+/**
+ * Expand a user alias in argv. If `argv[2]` is a key in `~/.config/ayoune/aliases.json`,
+ * replace it with the alias value (split on whitespace) and return the new argv.
+ * Otherwise return argv unchanged.
+ *
+ * Example: alias `ll` → `list leads`, invocation `ay ll --limit 5` becomes
+ * `ay list leads --limit 5`.
+ */
+function expandUserAlias(argv) {
+    const cmdArg = findFirstCommandArg(argv);
+    if (!cmdArg)
+        return argv;
+    // Cheap if no alias file exists; loadAliases() returns {} on miss.
+    const aliases = loadAliases();
+    const expansion = aliases[cmdArg];
+    if (!expansion)
+        return argv;
+    // Find where the alias sits in argv so we can splice in its expansion
+    // without disturbing leading global flags.
+    const idx = argv.indexOf(cmdArg, 2);
+    if (idx < 0)
+        return argv;
+    const expanded = expansion.split(/\s+/).filter(Boolean);
+    return [...argv.slice(0, idx), ...expanded, ...argv.slice(idx + 1)];
+}
+function classifyInvocation(argv) {
+    const args = argv.slice(2);
+    // --version trumps everything; commander handles it before any subcommand.
+    if (args.includes("--version") || args.includes("-V"))
+        return "version";
+    // Bare `ay` → root help
+    if (args.length === 0)
+        return "rootHelp";
+    // `ay help [subcmd?]`
+    if (args[0] === "help") {
+        return args.length >= 2 && !args[1].startsWith("-") ? "cmdHelp" : "rootHelp";
+    }
+    // `ay --help` / `ay -h` with no command before the flag → root help
+    const helpIdx = args.findIndex((a) => a === "--help" || a === "-h");
+    if (helpIdx === 0)
+        return "rootHelp";
+    // `ay <cmd> --help` / `ay <cmd> -h` → cmd-specific help
+    if (helpIdx > 0)
+        return "cmdHelp";
+    return "command";
+}
+/**
+ * Apply global option side-effects (debug, dry-run, quiet, etc.) and
+ * config-file defaults. Runs in commander's preAction hook so it sees the
+ * fully-parsed global flags before any subcommand action fires.
+ */
+function installPreActionHook(program) {
     program.hook("preAction", async (thisCommand) => {
         var _a;
         // Apply saved defaults — only when the user didn't pass the flag explicitly
         const config = loadConfig();
         const defaults = (_a = config.defaults) !== null && _a !== void 0 ? _a : {};
         const rawArgs = process.argv.slice(2);
-        if (defaults.responseFormat && !rawArgs.some(a => ["-r", "--responseFormat"].includes(a)))
+        if (defaults.responseFormat && !rawArgs.some((a) => ["-r", "--responseFormat"].includes(a)))
             program.setOptionValue("responseFormat", defaults.responseFormat);
-        if (defaults.verbosity && !rawArgs.some(a => ["-v", "--verbosity"].includes(a)))
+        if (defaults.verbosity && !rawArgs.some((a) => ["-v", "--verbosity"].includes(a)))
             program.setOptionValue("verbosity", defaults.verbosity);
-        if (defaults.outPath && !rawArgs.some(a => ["-o", "--outPath"].includes(a)))
+        if (defaults.outPath && !rawArgs.some((a) => ["-o", "--outPath"].includes(a)))
             program.setOptionValue("outPath", defaults.outPath);
-        if (defaults.hideMeta && !rawArgs.some(a => ["-m", "--hideMeta"].includes(a)))
+        if (defaults.hideMeta && !rawArgs.some((a) => ["-m", "--hideMeta"].includes(a)))
             program.setOptionValue("hideMeta", defaults.hideMeta);
-        if (defaults.quiet && !rawArgs.some(a => ["-q", "--quiet"].includes(a)))
+        if (defaults.quiet && !rawArgs.some((a) => ["-q", "--quiet"].includes(a)))
             program.setOptionValue("quiet", defaults.quiet);
-        if (defaults.force && !rawArgs.some(a => ["--force"].includes(a)))
+        if (defaults.force && !rawArgs.some((a) => ["--force"].includes(a)))
             program.setOptionValue("force", defaults.force);
-        if (defaults.dryRun && !rawArgs.some(a => ["--dry-run"].includes(a)))
+        if (defaults.dryRun && !rawArgs.some((a) => ["--dry-run"].includes(a)))
             program.setOptionValue("dryRun", defaults.dryRun);
         const opts = program.opts();
         if (opts.color === false) {
+            const { default: chalk } = await import("chalk");
             chalk.level = 0;
         }
         if (opts.debug) {
+            const { enableDebug } = await import("../api/apiClient.js");
             enableDebug();
         }
         if (opts.dryRun) {
+            const { enableDryRun } = await import("../api/apiCallHandler.js");
             enableDryRun();
         }
         if (opts.jsonErrors) {
@@ -192,30 +161,151 @@ export function createProgram(program) {
             spinner.stop = () => spinner;
             // spinner.error left intact
         }
-        // Token from --token flag (highest priority), then env var, then stored token
-        if (opts.token) {
-            secureStorage.setItem("token", opts.token);
-        }
-        else {
-            const envToken = process.env.AYOUNE_TOKEN;
-            if (envToken && !secureStorage.getItem("token")) {
-                secureStorage.setItem("token", envToken);
-            }
-        }
-        // First-run onboarding: auto-login if no token stored
+        // secureStorage is heavy (node-localstorage + crypto), so only load it
+        // when the user actually has a token to set or we need to check for one.
+        const hasTokenFlag = !!opts.token;
+        const hasTokenEnv = !!process.env.AYOUNE_TOKEN;
         const cmdName = thisCommand.name();
-        const skipAuth = ["login", "logout", "whoami", "completions", "alias", "config", "help", "setup", "status", "self-host-update", "context", "db"];
-        if (!skipAuth.includes(cmdName) && process.stdin.isTTY) {
-            const token = secureStorage.getItem("token");
-            if (!token) {
-                console.error(chalk.hex('#2B8DC6').bold("\n  Welcome to aYOUne CLI!\n"));
-                console.error(chalk.dim("  You need to authenticate before using this command.\n"));
-                await login();
+        const skipAuth = [
+            "login",
+            "logout",
+            "whoami",
+            "completions",
+            "alias",
+            "config",
+            "help",
+            "setup",
+            "status",
+            "self-host-update",
+            "context",
+            "db",
+        ];
+        const needsAuthCheck = !skipAuth.includes(cmdName) && process.stdin.isTTY;
+        if (hasTokenFlag || hasTokenEnv || needsAuthCheck) {
+            const { secureStorage } = await import("../helpers/secureStorage.js");
+            // Token from --token flag (highest priority), then env var, then stored token
+            if (hasTokenFlag) {
+                secureStorage.setItem("token", opts.token);
+            }
+            else if (hasTokenEnv && !secureStorage.getItem("token")) {
+                secureStorage.setItem("token", process.env.AYOUNE_TOKEN);
+            }
+            // First-run onboarding: auto-login if no token stored
+            if (needsAuthCheck) {
+                const token = secureStorage.getItem("token");
+                if (!token) {
+                    const { default: chalk } = await import("chalk");
+                    const { login } = await import("../api/login.js");
+                    console.error(chalk.hex("#2B8DC6").bold("\n  Welcome to aYOUne CLI!\n"));
+                    console.error(chalk.dim("  You need to authenticate before using this command.\n"));
+                    await login();
+                }
             }
         }
         // Non-blocking update check (throttled, silent on errors)
+        const { checkForUpdates } = await import("../helpers/updateNotifier.js");
         checkForUpdates(pkg.version || "0.0.0");
     });
-    //Parse command line arguments
-    program.parse(process.argv);
+}
+/**
+ * Wire global options that exist on every command (responseFormat, verbosity,
+ * etc.). These must be added to the root program BEFORE subcommand
+ * registration so they're inherited.
+ */
+function installGlobalOptions(program) {
+    program
+        .version(pkg.version || "0.0.0")
+        .addOption(new Option("-r, --responseFormat <format>", "Set the output format")
+        .choices(["json", "csv", "yaml", "table"])
+        .default("json"))
+        .addOption(new Option("-v, --verbosity <level>", "Set the verbosity level of the returned meta information")
+        .choices(["default", "extended", "minimal"])
+        .default("default")
+        .conflicts("hideMeta"))
+        .addOption(new Option("-m, --hideMeta", "Returns only the payload without meta information. ")
+        .default(false)
+        .conflicts("verbosity"))
+        .addOption(new Option("-s, --save", "Saves the response as file"))
+        .addOption(new Option("-d, --debug", "Show detailed request/response information"))
+        .addOption(new Option("-o, --outPath [filePath]", "Lets you set a path").default(path.join(os.homedir(), "aYOUne")))
+        .addOption(new Option("-n, --name [fileName]", "Lets you set a filename"))
+        .addOption(new Option("-q, --quiet", "Suppress all output except errors and results"))
+        .addOption(new Option("--force", "Skip confirmation prompts for destructive actions"))
+        .addOption(new Option("--dry-run", "Preview what a command would do without executing"))
+        .addOption(new Option("--jq <expression>", "Filter JSON output using JMESPath expression"))
+        .addOption(new Option("--columns <fields>", "Comma-separated list of columns to display"))
+        .addOption(new Option("--no-color", "Disable colored output"))
+        .addOption(new Option("--json-errors", "Output errors as JSON to stderr (for AI agents/scripts)"))
+        .addOption(new Option("--token <jwt>", "Authenticate with a JWT token for this session"))
+        .addOption(new Option("--no-context", "Disable context injection for this command"));
+}
+/**
+ * Configure help output: the brand logo, custom formatter that highlights
+ * section headings, and respect for NO_COLOR. The thunks (`() => getLogo()`)
+ * are critical — they defer the figlet/chalk import until commander actually
+ * needs to render help, keeping the cold-start path tiny.
+ */
+function installHelp(program) {
+    program.showHelpAfterError();
+    program.showSuggestionAfterError(true);
+    // Help-text thunks: commander only invokes these when --help is rendered,
+    // so the figlet/chalk loads inside getLogoSync()/dim() are paid once per
+    // help invocation, never on the hot path.
+    program.addHelpText("beforeAll", () => getLogoSync());
+    program.addHelpText("afterAll", () => dim("\n  Run ay <command> --help for more info\n"));
+    program.configureHelp({
+        sortOptions: true,
+        sortSubcommands: true,
+        showGlobalOptions: true,
+        formatHelp: (cmd, helper) => {
+            const defaultHelp = Command.prototype.createHelp().formatHelp(cmd, helper);
+            return defaultHelp.replace(/^(Usage:|Commands:|Options:|Global Options:)/gm, (match) => brandHighlight(match));
+        },
+    });
+    // Respect NO_COLOR env var (no-color.org standard) — applied here so it
+    // affects help output even before preAction fires.
+    if (process.env.NO_COLOR !== undefined) {
+        // chalk is needed for the color level toggle; cheap to import.
+        // We do it lazily so it doesn't pollute non-color paths.
+        import("chalk").then(({ default: chalk }) => {
+            chalk.level = 0;
+        });
+    }
+    program.description("aYOUne — Business as a Service CLI");
+}
+export async function createProgram(program) {
+    installGlobalOptions(program);
+    installHelp(program);
+    installPreActionHook(program);
+    // Step 1: expand any user-defined alias in argv (e.g. `ay ll` → `ay list leads`).
+    // The expansion happens BEFORE registry lookup so the resolved name is what
+    // gets matched.
+    process.argv = expandUserAlias(process.argv);
+    // Step 2: classify the invocation and load only what's needed.
+    const kind = classifyInvocation(process.argv);
+    const firstCmd = findFirstCommandArg(process.argv);
+    const spec = firstCmd ? findCommandSpec(firstCmd) : undefined;
+    if (kind === "version") {
+        // Nothing to register — commander handles -V before any subcommand action.
+    }
+    else if (kind === "rootHelp") {
+        // Lightweight stubs for every command so the help listing is complete and
+        // commander can suggest similar names for typos.
+        registerStubsForHelp(program);
+    }
+    else if (kind === "cmdHelp" || kind === "command") {
+        if (spec) {
+            // Hot path: load and register the ONE full command the user is running
+            // (or asking help for). Its options/examples will be available to
+            // commander's help formatter.
+            const register = await spec.loader();
+            register(program);
+        }
+        else {
+            // Unknown command — register all stubs so commander's "did you mean"
+            // can suggest similar names. parseAsync will exit non-zero.
+            registerStubsForHelp(program);
+        }
+    }
+    await program.parseAsync(process.argv);
 }

package/lib/commands/createServicesCommand.js

@@ -127,16 +127,15 @@ Examples:
             // Deduplicate by host
             const uniqueTargets = [...new Map(targets.map((t) => [t.host, t])).values()];
             spinner.start({ text: `Checking ${uniqueTargets.length} service(s)...`, color: "magenta" });
-            const { default: axios } = await import("axios");
-            const https = await import("https");
-            const agent = new https.Agent({ rejectUnauthorized: false });
+            const { http } = await import("@tolinax/ayoune-core/lib/http");
             const results = await Promise.allSettled(uniqueTargets.map(async (t) => {
                 const start = Date.now();
                 try {
-                    const resp = await axios.get(`https://${t.host}/`, {
+                    const resp = await http.get(`https://${t.host}/`, {
                         timeout: opts.timeout,
-                        httpsAgent: agent,
                         validateStatus: () => true,
+                        logging: false,
+                        metrics: false,
                     });
                     return {
                         host: t.host,

package/lib/commands/createWhoAmICommand.js

@@ -1,5 +1,5 @@
 import chalk from "chalk";
-import moment from "moment";
+import { formatIsoLocal, fromNow, fromUnix, isBefore } from "../helpers/dateFormat.js";
 import { secureStorage } from "../helpers/secureStorage.js";
 import { decodeToken } from "../api/decodeToken.js";
 import { login } from "../api/login.js";
@@ -22,10 +22,10 @@ const LABEL_MAP = {
 const SKIP_FIELDS = new Set(["password", "hash", "salt", "__v"]);
 function formatValue(key, value) {
     if ((key === "iat" || key === "exp") && typeof value === "number") {
-        const m = moment.unix(value);
-        const relative = m.fromNow();
-        const formatted = m.format("YYYY-MM-DD HH:mm:ss");
-        if (key === "exp" && m.isBefore(moment())) {
+        const date = fromUnix(value);
+        const relative = fromNow(date);
+        const formatted = formatIsoLocal(date);
+        if (key === "exp" && isBefore(date, new Date())) {
             return chalk.red(`${formatted} (expired ${relative})`);
         }
         return `${formatted} ${chalk.dim(`(${relative})`)}`;

package/lib/commands/deploy/_token.js

@@ -0,0 +1,8 @@
+// Shared helper used by deploy subcommands that bypass apiCallHandler and
+// hit the DevOps API directly (e.g. the SSE log stream in
+// `deployments/logs --follow`). secureStorage is the canonical token source;
+// AYOUNE_TOKEN env var is the script-friendly fallback.
+import { secureStorage } from "../../helpers/secureStorage.js";
+export function getDeployToken() {
+    return secureStorage.getItem("token") || process.env.AYOUNE_TOKEN || "";
+}

package/lib/commands/deploy/alerts.js

@@ -0,0 +1,43 @@
+// `ay deploy alerts` — surface active deployment alerts (pod crashes,
+// OOM kills, image pull errors, etc.). Read-only filter view; ack/resolve
+// lives under `ay monitor` so we don't duplicate state mutation here.
+import { apiCallHandler } from "../../api/apiCallHandler.js";
+import { handleResponseFormatOptions } from "../../helpers/handleResponseFormatOptions.js";
+import { saveFile } from "../../helpers/saveFile.js";
+import { spinner } from "../../../index.js";
+import { EXIT_GENERAL_ERROR } from "../../exitCodes.js";
+import { cliError } from "../../helpers/cliError.js";
+export function addAlertsSubcommands(deploy, rootProgram) {
+    deploy
+        .command("alerts")
+        .description("List active deployment alerts")
+        .option("--severity <level>", "Filter: critical, warning, info")
+        .option("--type <type>", "Filter: pod_crash, oom_killed, image_pull_error, deployment_failed, pipeline_failed, cluster_unreachable, high_restart_count, custom")
+        .option("-l, --limit <number>", "Limit", parseInt, 50)
+        .action(async (options) => {
+        var _a, _b, _c;
+        try {
+            const opts = { ...rootProgram.opts(), ...options };
+            spinner.start({ text: "Fetching alerts...", color: "magenta" });
+            const params = {
+                limit: opts.limit,
+                responseFormat: opts.responseFormat,
+                verbosity: opts.verbosity,
+            };
+            if (opts.severity)
+                params.severity = opts.severity;
+            if (opts.type)
+                params.type = opts.type;
+            const res = await apiCallHandler("devops", "alerts", "get", null, params);
+            handleResponseFormatOptions(opts, res);
+            const total = (_c = (_b = (_a = res.meta) === null || _a === void 0 ? void 0 : _a.pageInfo) === null || _b === void 0 ? void 0 : _b.totalEntries) !== null && _c !== void 0 ? _c : 0;
+            spinner.success({ text: `Found ${total} alerts` });
+            spinner.stop();
+            if (opts.save)
+                await saveFile("deploy-alerts", opts, res);
+        }
+        catch (e) {
+            cliError(e.message || "Failed to fetch alerts", EXIT_GENERAL_ERROR);
+        }
+    });
+}

package/lib/commands/deploy/clusters.js

@@ -0,0 +1,62 @@
+// `ay deploy {clusters, cluster-sync}` — Kubernetes cluster discovery and
+// manual reconcile trigger. The DevOps API maintains a registry of clusters
+// the customer has connected; `clusters` lists them and `cluster-sync` kicks
+// off a re-scan of resources for one cluster.
+import { apiCallHandler } from "../../api/apiCallHandler.js";
+import { handleResponseFormatOptions } from "../../helpers/handleResponseFormatOptions.js";
+import { saveFile } from "../../helpers/saveFile.js";
+import { spinner } from "../../../index.js";
+import { EXIT_GENERAL_ERROR } from "../../exitCodes.js";
+import { cliError } from "../../helpers/cliError.js";
+export function addClustersSubcommands(deploy, rootProgram) {
+    // ay deploy clusters
+    deploy
+        .command("clusters")
+        .alias("cl")
+        .description("List Kubernetes clusters and their health status")
+        .addHelpText("after", `
+Examples:
+  ay deploy clusters                   List all clusters
+  ay deploy clusters -r table          Show clusters in table format`)
+        .option("-l, --limit <number>", "Limit", parseInt, 50)
+        .action(async (options) => {
+        var _a, _b, _c;
+        try {
+            const opts = { ...rootProgram.opts(), ...options };
+            spinner.start({ text: "Fetching clusters...", color: "magenta" });
+            const res = await apiCallHandler("devops", "clusters", "get", null, {
+                limit: opts.limit,
+                responseFormat: opts.responseFormat,
+                verbosity: opts.verbosity,
+            });
+            handleResponseFormatOptions(opts, res);
+            const total = (_c = (_b = (_a = res.meta) === null || _a === void 0 ? void 0 : _a.pageInfo) === null || _b === void 0 ? void 0 : _b.totalEntries) !== null && _c !== void 0 ? _c : 0;
+            spinner.success({ text: `Found ${total} clusters` });
+            spinner.stop();
+            if (opts.save)
+                await saveFile("deploy-clusters", opts, res);
+        }
+        catch (e) {
+            cliError(e.message || "Failed to list clusters", EXIT_GENERAL_ERROR);
+        }
+    });
+    // ay deploy cluster-sync <id>
+    deploy
+        .command("cluster-sync <id>")
+        .description("Trigger sync for a Kubernetes cluster")
+        .action(async (id, options) => {
+        try {
+            const opts = { ...rootProgram.opts(), ...options };
+            spinner.start({ text: `Syncing cluster ${id}...`, color: "magenta" });
+            const res = await apiCallHandler("devops", `clusters/${id}/sync`, "post", null, {
+                responseFormat: opts.responseFormat,
+            });
+            handleResponseFormatOptions(opts, res);
+            spinner.success({ text: `Cluster ${id} sync initiated` });
+            spinner.stop();
+        }
+        catch (e) {
+            cliError(e.message || "Failed to sync cluster", EXIT_GENERAL_ERROR);
+        }
+    });
+}

package/lib/commands/deploy/dashboard.js

@@ -0,0 +1,31 @@
+// `ay deploy dashboard` — single-call overview that returns the same
+// summary the web devops dashboard renders (cluster health, deployment
+// counts, active alerts, recent pipelines). Useful as a one-shot health
+// check during incident response.
+import { apiCallHandler } from "../../api/apiCallHandler.js";
+import { handleResponseFormatOptions } from "../../helpers/handleResponseFormatOptions.js";
+import { spinner } from "../../../index.js";
+import { EXIT_GENERAL_ERROR } from "../../exitCodes.js";
+import { cliError } from "../../helpers/cliError.js";
+export function addDashboardSubcommands(deploy, rootProgram) {
+    deploy
+        .command("dashboard")
+        .alias("dash")
+        .description("Show deployment overview dashboard (clusters, deployments, alerts, pipelines)")
+        .action(async (options) => {
+        try {
+            const opts = { ...rootProgram.opts(), ...options };
+            spinner.start({ text: "Fetching dashboard...", color: "magenta" });
+            const res = await apiCallHandler("devops", "dashboard", "get", null, {
+                responseFormat: opts.responseFormat,
+                verbosity: opts.verbosity,
+            });
+            handleResponseFormatOptions(opts, res);
+            spinner.success({ text: "Dashboard loaded" });
+            spinner.stop();
+        }
+        catch (e) {
+            cliError(e.message || "Failed to load dashboard", EXIT_GENERAL_ERROR);
+        }
+    });
+}