@useorgx/wizard 0.1.0

package/dist/cli.js

@@ -0,0 +1,3799 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import * as clack from "@clack/prompts";
+import { hostname } from "os";
+import { Command } from "commander";
+import pc3 from "picocolors";
+
+// src/banner.ts
+import pc from "picocolors";
+function renderBanner() {
+  const lines = [
+    "  ____  ____   _______  __",
+    " / __ \\/ __ \\ / ____/ |/ /",
+    "/ / / / /_/ // / __ |   / ",
+    "/ /_/ / _, _// /_/ //   | ",
+    "\\____/_/ |_| \\____//_/|_| "
+  ];
+  return lines.map((line) => pc.cyan(line)).join("\n");
+}
+
+// src/constants.ts
+import { homedir } from "os";
+import { join } from "path";
+var ORGX_HOSTED_MCP_KEY = "orgx";
+var ORGX_LOCAL_MCP_KEY = "orgx-openclaw";
+var ORGX_HOSTED_MCP_URL = "https://mcp.useorgx.com/mcp";
+var ORGX_HOSTED_MCP_HEALTH_URL = "https://mcp.useorgx.com/health";
+var ORGX_WIZARD_NPM_PACKAGE_NAME = "@useorgx/wizard";
+var NPM_REGISTRY_BASE_URL = "https://registry.npmjs.org";
+var DEFAULT_OPENCLAW_GATEWAY_PORT = 18789;
+var DEFAULT_ORGX_BASE_URL = process.env.ORGX_BASE_URL?.trim() || "https://useorgx.com";
+var HOME = homedir();
+var APPDATA = process.env.APPDATA?.trim();
+var LOCAL_APPDATA = process.env.LOCALAPPDATA?.trim();
+var XDG_CONFIG_HOME = process.env.XDG_CONFIG_HOME?.trim() || join(HOME, ".config");
+var ORGX_WIZARD_CONFIG_HOME = process.env.ORGX_WIZARD_CONFIG_HOME?.trim() || join(XDG_CONFIG_HOME, "useorgx", "wizard");
+var ORGX_WIZARD_AUTH_PATH = join(ORGX_WIZARD_CONFIG_HOME, "auth.json");
+var ORGX_WIZARD_STATE_PATH = join(ORGX_WIZARD_CONFIG_HOME, "state.json");
+var ORGX_WIZARD_KEYTAR_SERVICE = "@useorgx/wizard";
+var ORGX_WIZARD_KEYTAR_ACCOUNT = "orgx-api-key";
+function normalizeOrgxApiBaseUrl(baseUrl) {
+  const normalized = baseUrl.replace(/\/+$/, "");
+  if (/\/api(\/|$)/.test(normalized)) {
+    return normalized;
+  }
+  return `${normalized}/api`;
+}
+var ORGX_API_BASE_URL = normalizeOrgxApiBaseUrl(DEFAULT_ORGX_BASE_URL);
+var ORGX_SETUP_STATUS_URL = `${ORGX_API_BASE_URL}/setup/status`;
+var ORGX_AUTH_VERIFY_URL = `${ORGX_API_BASE_URL}/auth/verify`;
+var ORGX_CLIENT_SYNC_URL = `${ORGX_API_BASE_URL}/client/sync`;
+function uniquePaths(paths) {
+  return [...new Set(paths.filter((path) => Boolean(path)))];
+}
+var CLAUDE_DIR = join(HOME, ".claude");
+var CURSOR_DIR = join(HOME, ".cursor");
+var CODEX_DIR = join(HOME, ".codex");
+var OPENCLAW_DIR = join(HOME, ".openclaw");
+var CLAUDE_SKILLS_DIR = join(CLAUDE_DIR, "skills");
+var CLAUDE_ORGX_SKILL_DIR = join(CLAUDE_SKILLS_DIR, "orgx");
+var CLAUDE_ORGX_SKILL_PATH = join(CLAUDE_ORGX_SKILL_DIR, "SKILL.md");
+var CURSOR_RULES_DIR = join(CURSOR_DIR, "rules");
+var CURSOR_ORGX_RULE_PATH = join(CURSOR_RULES_DIR, "orgx.md");
+var CLAUDE_MCP_PATHS = uniquePaths([join(CLAUDE_DIR, "mcp.json")]);
+var CURSOR_MCP_PATHS = uniquePaths([join(CURSOR_DIR, "mcp.json")]);
+var CODEX_CONFIG_PATHS = uniquePaths([join(CODEX_DIR, "config.toml")]);
+var OPENCLAW_CONFIG_PATHS = uniquePaths([
+  join(OPENCLAW_DIR, "openclaw.json")
+]);
+var CLAUDE_MCP_PATH = CLAUDE_MCP_PATHS[0];
+var CURSOR_MCP_PATH = CURSOR_MCP_PATHS[0];
+var CODEX_CONFIG_PATH = CODEX_CONFIG_PATHS[0];
+var OPENCLAW_CONFIG_PATH = OPENCLAW_CONFIG_PATHS[0];
+var CLAUDE_INSTALL_PATHS = uniquePaths([CLAUDE_DIR]);
+var CURSOR_INSTALL_PATHS = uniquePaths([CURSOR_DIR]);
+var CODEX_INSTALL_PATHS = uniquePaths([CODEX_DIR]);
+var OPENCLAW_INSTALL_PATHS = uniquePaths([OPENCLAW_DIR]);
+var VSCODE_MCP_PATHS = uniquePaths([
+  join(HOME, "Library", "Application Support", "Code", "User", "mcp.json"),
+  join(XDG_CONFIG_HOME, "Code", "User", "mcp.json"),
+  APPDATA ? join(APPDATA, "Code", "User", "mcp.json") : void 0
+]);
+var VSCODE_INSTALL_PATHS = uniquePaths([
+  join(HOME, "Library", "Application Support", "Code", "User"),
+  join(XDG_CONFIG_HOME, "Code", "User"),
+  APPDATA ? join(APPDATA, "Code", "User") : void 0,
+  LOCAL_APPDATA ? join(LOCAL_APPDATA, "Programs", "Microsoft VS Code") : void 0
+]);
+var WINDSURF_MCP_PATHS = uniquePaths([
+  join(HOME, ".codeium", "windsurf", "mcp_config.json")
+]);
+var WINDSURF_INSTALL_PATHS = uniquePaths([
+  join(HOME, ".codeium", "windsurf"),
+  LOCAL_APPDATA ? join(LOCAL_APPDATA, "Programs", "Windsurf") : void 0
+]);
+var ZED_SETTINGS_PATHS = uniquePaths([
+  join(HOME, "Library", "Application Support", "Zed", "settings.json"),
+  join(XDG_CONFIG_HOME, "zed", "settings.json"),
+  APPDATA ? join(APPDATA, "Zed", "settings.json") : void 0
+]);
+var ZED_INSTALL_PATHS = uniquePaths([
+  join(HOME, "Library", "Application Support", "Zed"),
+  join(XDG_CONFIG_HOME, "zed"),
+  APPDATA ? join(APPDATA, "Zed") : void 0,
+  LOCAL_APPDATA ? join(LOCAL_APPDATA, "Programs", "Zed") : void 0
+]);
+var CHATGPT_APP_PATHS = uniquePaths([
+  join(HOME, "Library", "Application Support", "OpenAI"),
+  join(HOME, "Library", "Application Support", "com.openai.chat"),
+  join(XDG_CONFIG_HOME, "OpenAI"),
+  join(XDG_CONFIG_HOME, "openai"),
+  APPDATA ? join(APPDATA, "OpenAI") : void 0,
+  LOCAL_APPDATA ? join(LOCAL_APPDATA, "OpenAI") : void 0
+]);
+
+// src/lib/browser-auth.ts
+import { spawnSync } from "child_process";
+
+// src/lib/fs.ts
+import {
+  chmodSync,
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  statSync,
+  unlinkSync,
+  writeFileSync
+} from "fs";
+import { dirname } from "path";
+function readTextIfExists(path) {
+  if (!existsSync(path)) return null;
+  try {
+    if (!statSync(path).isFile()) {
+      return null;
+    }
+    return readFileSync(path, "utf8");
+  } catch (error) {
+    const code = typeof error === "object" && error && "code" in error ? String(error.code) : void 0;
+    if (code === "ENOENT" || code === "ENOTDIR" || code === "EISDIR") {
+      return null;
+    }
+    throw error;
+  }
+}
+function writeTextFile(path, content, options = {}) {
+  mkdirSync(dirname(path), { recursive: true });
+  writeFileSync(path, content, {
+    encoding: "utf8",
+    ...options.mode === void 0 ? {} : { mode: options.mode }
+  });
+  if (options.mode !== void 0) {
+    chmodSync(path, options.mode);
+  }
+}
+function writeJsonFile(path, value, options = {}) {
+  writeTextFile(path, `${JSON.stringify(value, null, 2)}
+`, options);
+}
+function deleteFileIfExists(path) {
+  if (!existsSync(path)) return false;
+  try {
+    if (!statSync(path).isFile()) {
+      return false;
+    }
+    unlinkSync(path);
+    return true;
+  } catch (error) {
+    const code = typeof error === "object" && error && "code" in error ? String(error.code) : void 0;
+    if (code === "ENOENT" || code === "ENOTDIR" || code === "EISDIR") {
+      return false;
+    }
+    throw error;
+  }
+}
+function isRecord(value) {
+  return Boolean(value && typeof value === "object" && !Array.isArray(value));
+}
+function parseJsonObject(input) {
+  if (!input) return {};
+  try {
+    const parsed = JSON.parse(input);
+    return isRecord(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function readObject(value, fallback = {}) {
+  return isRecord(value) ? value : fallback;
+}
+
+// src/surfaces/openclaw-config.ts
+function cleanupEmptyObjects(value) {
+  for (const [key, child] of Object.entries(value)) {
+    if (!isRecord(child)) continue;
+    cleanupEmptyObjects(child);
+    if (Object.keys(child).length === 0) {
+      delete value[key];
+    }
+  }
+}
+function readOpenClawGatewayPort(raw) {
+  const isValidPort = (value) => Number.isFinite(value) && value >= 1 && value <= 65535;
+  const root = isRecord(raw) ? raw : {};
+  const gateway = readObject(root.gateway);
+  const port = gateway.port;
+  if (typeof port === "number" && isValidPort(port)) {
+    return Math.floor(port);
+  }
+  if (typeof port === "string") {
+    const parsed = Number.parseInt(port, 10);
+    if (isValidPort(parsed)) {
+      return parsed;
+    }
+  }
+  return DEFAULT_OPENCLAW_GATEWAY_PORT;
+}
+function buildLocalMcpUrl(raw) {
+  return `http://127.0.0.1:${readOpenClawGatewayPort(raw)}/orgx/mcp`;
+}
+function resolvePluginKey(entries) {
+  if (isRecord(entries["openclaw-plugin"])) {
+    return "openclaw-plugin";
+  }
+  if (isRecord(entries.orgx)) {
+    return "orgx";
+  }
+  return "orgx";
+}
+function readOpenClawAuth(input) {
+  const current = parseJsonObject(input);
+  const plugins = readObject(current.plugins);
+  const entries = readObject(plugins.entries);
+  const pluginKey = isRecord(entries["openclaw-plugin"]) ? "openclaw-plugin" : isRecord(entries.orgx) ? "orgx" : null;
+  const entry = pluginKey ? readObject(entries[pluginKey]) : {};
+  const config = readObject(entry.config);
+  return {
+    apiKey: typeof config.apiKey === "string" ? config.apiKey.trim() : "",
+    baseUrl: typeof config.baseUrl === "string" && config.baseUrl.trim().length > 0 ? config.baseUrl.trim() : DEFAULT_ORGX_BASE_URL,
+    pluginKey,
+    enabled: entry.enabled !== false
+  };
+}
+function patchOpenClawConfig(input, auth = {}) {
+  const current = parseJsonObject(input);
+  const plugins = readObject(current.plugins);
+  const entries = readObject(plugins.entries);
+  const pluginKey = resolvePluginKey(entries);
+  const entry = readObject(entries[pluginKey]);
+  const config = readObject(entry.config);
+  const apiKey = typeof auth.apiKey === "string" && auth.apiKey.trim().length > 0 ? auth.apiKey.trim() : typeof config.apiKey === "string" && config.apiKey.trim().length > 0 ? config.apiKey.trim() : void 0;
+  const baseUrl = typeof auth.baseUrl === "string" && auth.baseUrl.trim().length > 0 ? auth.baseUrl.trim() : typeof config.baseUrl === "string" && config.baseUrl.trim().length > 0 ? config.baseUrl.trim() : DEFAULT_ORGX_BASE_URL;
+  entries[pluginKey] = {
+    ...entry,
+    enabled: true,
+    config: {
+      ...config,
+      ...apiKey ? { apiKey } : {},
+      baseUrl,
+      dashboardEnabled: typeof config.dashboardEnabled === "boolean" ? config.dashboardEnabled : true,
+      autoInstallAgentSuiteOnConnect: typeof config.autoInstallAgentSuiteOnConnect === "boolean" ? config.autoInstallAgentSuiteOnConnect : true,
+      autoConfigureMcpClientsOnConnect: typeof config.autoConfigureMcpClientsOnConnect === "boolean" ? config.autoConfigureMcpClientsOnConnect : true
+    }
+  };
+  plugins.entries = entries;
+  current.plugins = plugins;
+  return `${JSON.stringify(current, null, 2)}
+`;
+}
+function removeOpenClawConfig(input) {
+  const current = parseJsonObject(input);
+  const plugins = readObject(current.plugins);
+  const entries = readObject(plugins.entries);
+  for (const key of ["openclaw-plugin", "orgx"]) {
+    const entry = readObject(entries[key]);
+    if (!Object.keys(entry).length) continue;
+    const config = readObject(entry.config);
+    delete config.baseUrl;
+    delete config.dashboardEnabled;
+    delete config.autoInstallAgentSuiteOnConnect;
+    delete config.autoConfigureMcpClientsOnConnect;
+    if (Object.keys(config).length > 0) {
+      entry.config = config;
+    } else {
+      delete entry.config;
+    }
+    entries[key] = entry;
+  }
+  plugins.entries = entries;
+  current.plugins = plugins;
+  cleanupEmptyObjects(current);
+  return `${JSON.stringify(current, null, 2)}
+`;
+}
+function inspectOpenClawConfig(input) {
+  const current = parseJsonObject(input);
+  const plugins = readObject(current.plugins);
+  const entries = readObject(plugins.entries);
+  const installs = readObject(plugins.installs);
+  const pluginKey = isRecord(entries["openclaw-plugin"]) ? "openclaw-plugin" : isRecord(entries.orgx) ? "orgx" : null;
+  const entry = pluginKey ? readObject(entries[pluginKey]) : {};
+  const config = readObject(entry.config);
+  const installed = pluginKey !== null || isRecord(installs["openclaw-plugin"]) || isRecord(installs.orgx);
+  const configured = installed && entry.enabled === true && (typeof config.baseUrl === "string" || typeof config.autoInstallAgentSuiteOnConnect === "boolean" || typeof config.autoConfigureMcpClientsOnConnect === "boolean");
+  return {
+    configured,
+    installed,
+    pluginKey,
+    details: [
+      `plugin key: ${pluginKey ?? "missing"}`,
+      `enabled: ${entry.enabled === true ? "yes" : "no"}`,
+      `gateway port: ${readOpenClawGatewayPort(current)}`
+    ]
+  };
+}
+
+// src/lib/auth-store.ts
+function isNonEmptyString(value) {
+  return typeof value === "string" && value.trim().length > 0;
+}
+function extractKeyPrefix(apiKey) {
+  return apiKey.trim().slice(0, 12);
+}
+function parseStoredWizardAuthRecord(raw) {
+  const parsed = parseJsonObject(raw);
+  if (!isNonEmptyString(parsed.keyPrefix) || !isNonEmptyString(parsed.baseUrl) || !isNonEmptyString(parsed.verifiedAt)) {
+    return null;
+  }
+  const storage = parsed.storage === "keytar" ? "keytar" : "file";
+  return {
+    baseUrl: parsed.baseUrl.trim(),
+    ...isNonEmptyString(parsed.apiKey) ? { apiKey: parsed.apiKey.trim() } : {},
+    keyPrefix: parsed.keyPrefix.trim(),
+    storage,
+    verifiedAt: parsed.verifiedAt.trim()
+  };
+}
+async function loadDefaultSecretStore() {
+  if (process.env.ORGX_WIZARD_DISABLE_KEYTAR === "1") {
+    return null;
+  }
+  try {
+    const imported = await import("keytar");
+    const candidate = "default" in imported && imported.default ? imported.default : imported;
+    if (typeof candidate.getPassword === "function" && typeof candidate.setPassword === "function" && typeof candidate.deletePassword === "function") {
+      return candidate;
+    }
+  } catch {
+    return null;
+  }
+  return null;
+}
+async function resolveSecretStore(options) {
+  if (options.secretStore !== void 0) {
+    return options.secretStore;
+  }
+  return loadDefaultSecretStore();
+}
+function buildStoredRecord(value) {
+  return {
+    ...value.storage === "file" ? { apiKey: value.apiKey } : {},
+    baseUrl: value.baseUrl,
+    keyPrefix: value.keyPrefix,
+    storage: value.storage,
+    verifiedAt: value.verifiedAt
+  };
+}
+async function readWizardAuth(authPath = ORGX_WIZARD_AUTH_PATH, options = {}) {
+  const stored = parseStoredWizardAuthRecord(readTextIfExists(authPath));
+  if (!stored) {
+    return null;
+  }
+  const apiKeyFromFile = stored.storage === "file" && isNonEmptyString(stored.apiKey) ? stored.apiKey.trim() : null;
+  if (apiKeyFromFile) {
+    return {
+      apiKey: apiKeyFromFile,
+      baseUrl: stored.baseUrl,
+      keyPrefix: stored.keyPrefix,
+      source: "manual",
+      storage: "file",
+      verifiedAt: stored.verifiedAt
+    };
+  }
+  if (stored.storage !== "keytar") {
+    return null;
+  }
+  const secretStore = await resolveSecretStore(options);
+  if (!secretStore) {
+    return null;
+  }
+  const apiKey = await secretStore.getPassword(
+    ORGX_WIZARD_KEYTAR_SERVICE,
+    ORGX_WIZARD_KEYTAR_ACCOUNT
+  );
+  if (!isNonEmptyString(apiKey)) {
+    return null;
+  }
+  return {
+    apiKey: apiKey.trim(),
+    baseUrl: stored.baseUrl,
+    keyPrefix: stored.keyPrefix,
+    source: "manual",
+    storage: "keytar",
+    verifiedAt: stored.verifiedAt
+  };
+}
+async function writeWizardAuth(value, authPath = ORGX_WIZARD_AUTH_PATH, options = {}) {
+  const secretStore = options.preferSecureStorage === false ? null : await resolveSecretStore(options);
+  const record = {
+    apiKey: value.apiKey.trim(),
+    keyPrefix: value.keyPrefix?.trim() || extractKeyPrefix(value.apiKey),
+    baseUrl: value.baseUrl.trim(),
+    source: "manual",
+    storage: secretStore ? "keytar" : "file",
+    verifiedAt: value.verifiedAt.trim()
+  };
+  if (secretStore) {
+    await secretStore.setPassword(
+      ORGX_WIZARD_KEYTAR_SERVICE,
+      ORGX_WIZARD_KEYTAR_ACCOUNT,
+      record.apiKey
+    );
+  }
+  writeJsonFile(authPath, buildStoredRecord(record), { mode: 384 });
+  return record;
+}
+async function clearWizardAuth(authPath = ORGX_WIZARD_AUTH_PATH, options = {}) {
+  const secretStore = await resolveSecretStore(options);
+  const secretRemoved = secretStore ? await secretStore.deletePassword(
+    ORGX_WIZARD_KEYTAR_SERVICE,
+    ORGX_WIZARD_KEYTAR_ACCOUNT
+  ) : false;
+  const fileRemoved = deleteFileIfExists(authPath);
+  return secretRemoved || fileRemoved;
+}
+
+// src/lib/auth.ts
+function normalizeHost(value) {
+  return value.trim().toLowerCase().replace(/^\[|\]$/g, "");
+}
+function isLoopbackHostname(hostname2) {
+  const normalized = normalizeHost(hostname2);
+  return normalized === "localhost" || normalized === "127.0.0.1" || normalized === "::1";
+}
+function normalizeOrgxBaseUrl(raw) {
+  const candidate = raw?.trim() || DEFAULT_ORGX_BASE_URL;
+  try {
+    const parsed = new URL(candidate);
+    if (parsed.protocol !== "https:" && parsed.protocol !== "http:") {
+      return DEFAULT_ORGX_BASE_URL;
+    }
+    if (parsed.username || parsed.password) {
+      return DEFAULT_ORGX_BASE_URL;
+    }
+    if (parsed.protocol === "http:" && !isLoopbackHostname(parsed.hostname)) {
+      return DEFAULT_ORGX_BASE_URL;
+    }
+    parsed.search = "";
+    parsed.hash = "";
+    parsed.pathname = parsed.pathname.replace(/\/api\/?$/, "").replace(/\/+$/, "");
+    return parsed.toString().replace(/\/+$/, "");
+  } catch {
+    return DEFAULT_ORGX_BASE_URL;
+  }
+}
+function buildOrgxApiUrl(path, baseUrl) {
+  const normalizedBase = normalizeOrgxBaseUrl(baseUrl).replace(/\/+$/, "");
+  const apiBase = normalizedBase.endsWith("/api") ? normalizedBase : `${normalizedBase}/api`;
+  const normalizedPath = path.startsWith("/") ? path : `/${path}`;
+  return `${apiBase}${normalizedPath}`;
+}
+function withResolvedBaseUrl(baseUrl, envBaseUrl) {
+  return normalizeOrgxBaseUrl(envBaseUrl?.trim() || baseUrl);
+}
+function buildResolvedAuth(apiKey, baseUrl, source, extras = {}) {
+  return {
+    apiKey: apiKey.trim(),
+    keyPrefix: extractKeyPrefix(apiKey),
+    baseUrl,
+    source,
+    ...extras.path ? { path: extras.path } : {},
+    ...extras.verifiedAt ? { verifiedAt: extras.verifiedAt } : {}
+  };
+}
+async function resolveOrgxAuth(options = {}) {
+  const envApiKey = process.env.ORGX_API_KEY?.trim();
+  const envBaseUrl = process.env.ORGX_BASE_URL?.trim();
+  if (envApiKey) {
+    return buildResolvedAuth(
+      envApiKey,
+      withResolvedBaseUrl(DEFAULT_ORGX_BASE_URL, envBaseUrl),
+      "environment"
+    );
+  }
+  const authPath = options.authPath ?? ORGX_WIZARD_AUTH_PATH;
+  const stored = await readWizardAuth(authPath);
+  if (stored) {
+    return buildResolvedAuth(
+      stored.apiKey,
+      withResolvedBaseUrl(stored.baseUrl, envBaseUrl),
+      "wizard-store",
+      {
+        path: authPath,
+        verifiedAt: stored.verifiedAt
+      }
+    );
+  }
+  const openclawConfigPath = options.openclawConfigPath ?? OPENCLAW_CONFIG_PATH;
+  const openclawAuth = readOpenClawAuth(
+    openclawConfigPath ? readTextIfExists(openclawConfigPath) : null
+  );
+  if (openclawAuth.apiKey && openclawConfigPath) {
+    return buildResolvedAuth(
+      openclawAuth.apiKey,
+      withResolvedBaseUrl(openclawAuth.baseUrl || DEFAULT_ORGX_BASE_URL, envBaseUrl),
+      "openclaw-config-file",
+      { path: openclawConfigPath }
+    );
+  }
+  return null;
+}
+async function parseResponseBody(response) {
+  const text2 = await response.text();
+  if (!text2) return null;
+  try {
+    return JSON.parse(text2);
+  } catch {
+    return text2;
+  }
+}
+async function verifyOrgxAuth(auth) {
+  const url = buildOrgxApiUrl("/client/sync", auth.baseUrl);
+  try {
+    const response = await fetch(url, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${auth.apiKey}`,
+        "Content-Type": "application/json"
+      },
+      body: "{}",
+      signal: AbortSignal.timeout(7e3)
+    });
+    const data = await parseResponseBody(response);
+    return {
+      configured: true,
+      ok: response.ok,
+      skipped: false,
+      source: auth.source,
+      keyPrefix: auth.keyPrefix,
+      baseUrl: auth.baseUrl,
+      ...auth.path ? { path: auth.path } : {},
+      ...auth.verifiedAt ? { verifiedAt: auth.verifiedAt } : {},
+      status: response.status,
+      url,
+      data,
+      ...response.ok ? {} : { error: `HTTP ${response.status}` }
+    };
+  } catch (error) {
+    return {
+      configured: true,
+      ok: false,
+      skipped: false,
+      source: auth.source,
+      keyPrefix: auth.keyPrefix,
+      baseUrl: auth.baseUrl,
+      ...auth.path ? { path: auth.path } : {},
+      ...auth.verifiedAt ? { verifiedAt: auth.verifiedAt } : {},
+      url,
+      error: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function checkOrgxAuth(options = {}) {
+  const auth = await resolveOrgxAuth(options);
+  if (!auth) {
+    return {
+      configured: false,
+      ok: false,
+      skipped: true,
+      source: "none",
+      error: "No OrgX API key found in ORGX_API_KEY, the wizard auth store, or OpenClaw config.",
+      url: buildOrgxApiUrl("/client/sync", DEFAULT_ORGX_BASE_URL)
+    };
+  }
+  return verifyOrgxAuth(auth);
+}
+function describeSetupStatusScope() {
+  return "The setup-status endpoint is still service-key-only and uses ORGX_SERVICE_KEY.";
+}
+
+// src/lib/browser-auth.ts
+function asString(value) {
+  return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
+}
+function parseJsonBody(text2) {
+  if (!text2) return null;
+  try {
+    return JSON.parse(text2);
+  } catch {
+    return text2;
+  }
+}
+async function fetchJson({
+  url,
+  method,
+  body,
+  fetchImpl = fetch
+}) {
+  const response = await fetchImpl(url, {
+    method,
+    headers: {
+      Accept: "application/json",
+      ...body ? { "Content-Type": "application/json" } : {}
+    },
+    ...body ? { body } : {},
+    signal: AbortSignal.timeout(7e3)
+  });
+  const payload = parseJsonBody(await response.text());
+  if (!response.ok) {
+    const errorMessage = isRecord(payload) ? asString(payload.error) ?? asString(payload.message) : typeof payload === "string" ? payload : null;
+    throw new Error(errorMessage ?? `HTTP ${response.status}`);
+  }
+  if (isRecord(payload) && payload.ok === true && "data" in payload) {
+    return payload.data;
+  }
+  return payload;
+}
+function parsePairingStartResult(value) {
+  if (!isRecord(value)) {
+    throw new Error("OrgX pairing start returned an invalid response.");
+  }
+  const pairingId = asString(value.pairingId);
+  const pollToken = asString(value.pollToken);
+  const connectUrl = asString(value.connectUrl);
+  const expiresAt = asString(value.expiresAt);
+  const pollIntervalMs = typeof value.pollIntervalMs === "number" ? value.pollIntervalMs : Number.NaN;
+  if (!pairingId || !pollToken || !connectUrl || !expiresAt || !Number.isFinite(pollIntervalMs)) {
+    throw new Error("OrgX pairing start returned an incomplete response.");
+  }
+  return { pairingId, pollToken, connectUrl, expiresAt, pollIntervalMs };
+}
+function parsePairingPollResult(value) {
+  if (!isRecord(value)) {
+    throw new Error("OrgX pairing poll returned an invalid response.");
+  }
+  const pairingId = asString(value.pairingId);
+  const status = asString(value.status);
+  const expiresAt = asString(value.expiresAt);
+  if (!pairingId || !status || !expiresAt) {
+    throw new Error("OrgX pairing poll returned an incomplete response.");
+  }
+  return {
+    pairingId,
+    status,
+    expiresAt,
+    workspaceName: asString(value.workspaceName),
+    keyPrefix: asString(value.keyPrefix),
+    executionMode: value.executionMode === "cloud" || value.executionMode === "local" ? value.executionMode : null,
+    errorCode: asString(value.errorCode),
+    errorMessage: asString(value.errorMessage),
+    ...asString(value.key) ? { key: asString(value.key) } : {}
+  };
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+async function startBrowserPairing(options, fetchImpl) {
+  const data = await fetchJson({
+    url: buildOrgxApiUrl("/plugin/openclaw/pairings", options.baseUrl),
+    method: "POST",
+    body: JSON.stringify({
+      installationId: options.installationId,
+      ...options.deviceName ? { deviceName: options.deviceName } : {},
+      ...options.platform ? { platform: options.platform } : {}
+    }),
+    fetchImpl
+  });
+  return parsePairingStartResult(data);
+}
+async function pollBrowserPairing(options, fetchImpl) {
+  const baseUrl = normalizeOrgxBaseUrl(options.baseUrl);
+  const url = new URL(buildOrgxApiUrl(`/plugin/openclaw/pairings/${options.pairingId}`, baseUrl));
+  url.searchParams.set("pollToken", options.pollToken);
+  const data = await fetchJson({
+    url: url.toString(),
+    method: "GET",
+    fetchImpl
+  });
+  return parsePairingPollResult(data);
+}
+async function waitForBrowserPairing(options, fetchImpl) {
+  const timeoutMs = options.timeoutMs ?? 10 * 6e4;
+  const pollIntervalMs = options.pollIntervalMs ?? 1500;
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() <= deadline) {
+    const result = await pollBrowserPairing(
+      {
+        baseUrl: options.baseUrl,
+        pairingId: options.pairingId,
+        pollToken: options.pollToken
+      },
+      fetchImpl
+    );
+    if (result.status === "ready") {
+      if (!result.key) {
+        throw new Error("OrgX pairing completed without returning an API key.");
+      }
+      return result;
+    }
+    if (result.status === "failed") {
+      throw new Error(result.errorMessage ?? "OrgX pairing failed.");
+    }
+    if (result.status === "expired") {
+      throw new Error("OrgX pairing expired before it was approved.");
+    }
+    if (result.status === "cancelled") {
+      throw new Error("OrgX pairing was cancelled in the browser.");
+    }
+    if (result.status === "consumed") {
+      throw new Error("OrgX pairing was already consumed by another client.");
+    }
+    await sleep(Math.min(5e3, Math.max(350, pollIntervalMs)));
+  }
+  throw new Error(
+    `Timed out waiting for OrgX pairing after ${Math.round(timeoutMs / 1e3)} seconds.`
+  );
+}
+async function acknowledgeBrowserPairing(options, fetchImpl) {
+  await fetchJson({
+    url: buildOrgxApiUrl(`/plugin/openclaw/pairings/${options.pairingId}/ack`, options.baseUrl),
+    method: "POST",
+    body: JSON.stringify({ pollToken: options.pollToken }),
+    fetchImpl
+  });
+}
+function openBrowser(url) {
+  const platform = process.platform;
+  const result = platform === "darwin" ? spawnSync("open", [url], { stdio: "ignore" }) : platform === "win32" ? spawnSync("cmd", ["/c", "start", "", url], { stdio: "ignore" }) : spawnSync("xdg-open", [url], { stdio: "ignore" });
+  if (result.error) {
+    return { ok: false, error: result.error.message };
+  }
+  if (typeof result.status === "number" && result.status !== 0) {
+    return { ok: false, error: `Browser open command exited with code ${result.status}.` };
+  }
+  return { ok: true };
+}
+
+// src/lib/setup-status.ts
+async function fetchSetupStatus(apiKey = process.env.ORGX_SERVICE_KEY?.trim()) {
+  if (!apiKey) {
+    return {
+      ok: false,
+      skipped: true,
+      error: "ORGX_SERVICE_KEY is not set; /api/setup/status is a service-level check and was skipped.",
+      url: ORGX_SETUP_STATUS_URL
+    };
+  }
+  try {
+    const response = await fetch(ORGX_SETUP_STATUS_URL, {
+      headers: {
+        Authorization: `Bearer ${apiKey}`
+      },
+      signal: AbortSignal.timeout(7e3)
+    });
+    const text2 = await response.text();
+    let data = text2;
+    try {
+      data = text2.length > 0 ? JSON.parse(text2) : null;
+    } catch {
+      data = text2;
+    }
+    return {
+      ok: response.ok,
+      skipped: false,
+      status: response.status,
+      data,
+      url: ORGX_SETUP_STATUS_URL,
+      ...response.ok ? {} : { error: `HTTP ${response.status}` }
+    };
+  } catch (error) {
+    return {
+      ok: false,
+      skipped: false,
+      error: error instanceof Error ? error.message : String(error),
+      url: ORGX_SETUP_STATUS_URL
+    };
+  }
+}
+
+// src/lib/openclaw-health.ts
+import { spawnSync as spawnSync2 } from "child_process";
+function trimOutput(value) {
+  const next = value?.trim();
+  return next ? next : void 0;
+}
+async function checkOpenClawHealth(configPath) {
+  const rawConfig = configPath ? readTextIfExists(configPath) : null;
+  const port = readOpenClawGatewayPort(rawConfig);
+  const url = `http://127.0.0.1:${port}/orgx/live`;
+  const cli = spawnSync2("openclaw", ["gateway", "status"], {
+    encoding: "utf8",
+    timeout: 5e3
+  });
+  if (!cli.error) {
+    const stdout = trimOutput(cli.stdout);
+    const stderr = trimOutput(cli.stderr);
+    const details = [`gateway port: ${port}`];
+    if (stdout) details.push(`cli: ${stdout}`);
+    if (stderr) details.push(`cli stderr: ${stderr}`);
+    if (cli.status === 0) {
+      return {
+        ok: true,
+        skipped: false,
+        method: "cli",
+        url,
+        details
+      };
+    }
+  }
+  try {
+    const response = await fetch(url, {
+      redirect: "manual",
+      signal: AbortSignal.timeout(5e3)
+    });
+    if (response.ok || response.status >= 300 && response.status < 400) {
+      return {
+        ok: true,
+        skipped: false,
+        method: "http",
+        url,
+        details: [`gateway port: ${port}`, `http status: ${response.status}`]
+      };
+    }
+    return {
+      ok: false,
+      skipped: false,
+      method: "http",
+      url,
+      error: `HTTP ${response.status}`,
+      details: [`gateway port: ${port}`, `http status: ${response.status}`]
+    };
+  } catch (error) {
+    const cliError = cli.error instanceof Error ? cli.error.message : void 0;
+    return {
+      ok: false,
+      skipped: false,
+      method: cliError ? "none" : "http",
+      url,
+      error: error instanceof Error ? error.message : String(error),
+      details: [
+        `gateway port: ${port}`,
+        ...cliError ? [`openclaw cli unavailable: ${cliError}`] : []
+      ]
+    };
+  }
+}
+
+// src/lib/hosted-mcp-health.ts
+function trimBody(value) {
+  const next = value.trim();
+  if (!next) return void 0;
+  return next.length > 120 ? `${next.slice(0, 117)}...` : next;
+}
+async function checkHostedMcpHealth() {
+  try {
+    const response = await fetch(ORGX_HOSTED_MCP_HEALTH_URL, {
+      method: "GET",
+      signal: AbortSignal.timeout(5e3)
+    });
+    const text2 = await response.text();
+    const body = trimBody(text2);
+    return {
+      ok: response.ok,
+      skipped: false,
+      status: response.status,
+      url: ORGX_HOSTED_MCP_HEALTH_URL,
+      ...body ? { body } : {},
+      ...response.ok ? {} : { error: `HTTP ${response.status}` },
+      details: [
+        `http status: ${response.status}`,
+        ...body ? [`body: ${body}`] : []
+      ]
+    };
+  } catch (error) {
+    return {
+      ok: false,
+      skipped: false,
+      url: ORGX_HOSTED_MCP_HEALTH_URL,
+      error: error instanceof Error ? error.message : String(error),
+      details: []
+    };
+  }
+}
+
+// src/lib/hosted-mcp-tool-check.ts
+var DEFAULT_TOOL_NAME = "get_setup_status";
+function buildHeaders(apiKey, sessionId) {
+  const headers = {
+    Authorization: `Bearer ${apiKey}`,
+    "Content-Type": "application/json",
+    Accept: "application/json, text/event-stream"
+  };
+  if (sessionId) {
+    headers["Mcp-Session-Id"] = sessionId;
+  }
+  return headers;
+}
+async function readJsonSafe(response) {
+  const text2 = await response.text();
+  if (!text2) return null;
+  try {
+    return JSON.parse(text2);
+  } catch {
+    return text2;
+  }
+}
+function readJsonRpcError(payload) {
+  if (!payload || typeof payload !== "object") {
+    return void 0;
+  }
+  const maybeError = payload.error;
+  if (!maybeError || typeof maybeError !== "object") {
+    return void 0;
+  }
+  return typeof maybeError.message === "string" ? maybeError.message : "Unknown MCP JSON-RPC error.";
+}
+function readSessionId(response) {
+  return response.headers.get("mcp-session-id") ?? response.headers.get("Mcp-Session-Id") ?? void 0;
+}
+async function checkHostedMcpToolAccess(options = {}, toolName = DEFAULT_TOOL_NAME) {
+  const auth = await resolveOrgxAuth(options);
+  if (!auth) {
+    return {
+      configured: false,
+      ok: false,
+      skipped: true,
+      source: "none",
+      toolName,
+      url: ORGX_HOSTED_MCP_URL,
+      error: "No OrgX API key configured; hosted MCP tool verification skipped.",
+      details: []
+    };
+  }
+  try {
+    const initializeResponse = await fetch(ORGX_HOSTED_MCP_URL, {
+      method: "POST",
+      headers: buildHeaders(auth.apiKey),
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method: "initialize",
+        params: {
+          protocolVersion: "2024-11-05",
+          clientInfo: {
+            name: "orgx-wizard",
+            version: "0.1.0"
+          },
+          capabilities: {}
+        }
+      }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    const initializePayload = await readJsonSafe(initializeResponse);
+    const initializeError = readJsonRpcError(initializePayload);
+    const sessionId = readSessionId(initializeResponse);
+    if (!initializeResponse.ok) {
+      return {
+        configured: true,
+        ok: false,
+        skipped: false,
+        source: auth.source,
+        toolName,
+        url: ORGX_HOSTED_MCP_URL,
+        baseUrl: auth.baseUrl,
+        initializeStatus: initializeResponse.status,
+        error: `MCP initialize failed with HTTP ${initializeResponse.status}.`,
+        details: [`auth source: ${auth.source}`],
+        response: initializePayload
+      };
+    }
+    if (initializeError) {
+      return {
+        configured: true,
+        ok: false,
+        skipped: false,
+        source: auth.source,
+        toolName,
+        url: ORGX_HOSTED_MCP_URL,
+        baseUrl: auth.baseUrl,
+        initializeStatus: initializeResponse.status,
+        error: `MCP initialize returned JSON-RPC error: ${initializeError}`,
+        details: [`auth source: ${auth.source}`],
+        response: initializePayload
+      };
+    }
+    if (!sessionId) {
+      return {
+        configured: true,
+        ok: false,
+        skipped: false,
+        source: auth.source,
+        toolName,
+        url: ORGX_HOSTED_MCP_URL,
+        baseUrl: auth.baseUrl,
+        initializeStatus: initializeResponse.status,
+        error: "MCP initialize succeeded but no Mcp-Session-Id header was returned.",
+        details: [`auth source: ${auth.source}`],
+        response: initializePayload
+      };
+    }
+    const callResponse = await fetch(ORGX_HOSTED_MCP_URL, {
+      method: "POST",
+      headers: buildHeaders(auth.apiKey, sessionId),
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 2,
+        method: "tools/call",
+        params: {
+          name: toolName,
+          arguments: {}
+        }
+      }),
+      signal: AbortSignal.timeout(1e4)
+    });
+    const callPayload = await readJsonSafe(callResponse);
+    const callError = readJsonRpcError(callPayload);
+    if (!callResponse.ok) {
+      return {
+        configured: true,
+        ok: false,
+        skipped: false,
+        source: auth.source,
+        toolName,
+        url: ORGX_HOSTED_MCP_URL,
+        baseUrl: auth.baseUrl,
+        initializeStatus: initializeResponse.status,
+        callStatus: callResponse.status,
+        error: `MCP tool call failed with HTTP ${callResponse.status}.`,
+        details: [
+          `auth source: ${auth.source}`,
+          `session established: ${sessionId}`
+        ],
+        response: callPayload
+      };
+    }
+    if (callError) {
+      return {
+        configured: true,
+        ok: false,
+        skipped: false,
+        source: auth.source,
+        toolName,
+        url: ORGX_HOSTED_MCP_URL,
+        baseUrl: auth.baseUrl,
+        initializeStatus: initializeResponse.status,
+        callStatus: callResponse.status,
+        error: `MCP tool call returned JSON-RPC error: ${callError}`,
+        details: [
+          `auth source: ${auth.source}`,
+          `session established: ${sessionId}`
+        ],
+        response: callPayload
+      };
+    }
+    return {
+      configured: true,
+      ok: true,
+      skipped: false,
+      source: auth.source,
+      toolName,
+      url: ORGX_HOSTED_MCP_URL,
+      baseUrl: auth.baseUrl,
+      initializeStatus: initializeResponse.status,
+      callStatus: callResponse.status,
+      details: [
+        `auth source: ${auth.source}`,
+        `session established: ${sessionId}`,
+        `tool call: ${toolName}`
+      ],
+      response: callPayload
+    };
+  } catch (error) {
+    return {
+      configured: true,
+      ok: false,
+      skipped: false,
+      source: auth.source,
+      toolName,
+      url: ORGX_HOSTED_MCP_URL,
+      baseUrl: auth.baseUrl,
+      error: error instanceof Error ? error.message : String(error),
+      details: [`auth source: ${auth.source}`]
+    };
+  }
+}
+
+// src/lib/npm-registry-health.ts
+function resolvePackageUrl(packageName) {
+  return `${NPM_REGISTRY_BASE_URL}/${encodeURIComponent(packageName)}`;
+}
+function getLatestVersion(payload) {
+  if (!isRecord(payload) || !isRecord(payload["dist-tags"])) {
+    return void 0;
+  }
+  const latest = payload["dist-tags"].latest;
+  return typeof latest === "string" && latest.trim().length > 0 ? latest : void 0;
+}
+async function checkNpmRegistryHealth(packageName = ORGX_WIZARD_NPM_PACKAGE_NAME) {
+  const url = resolvePackageUrl(packageName);
+  try {
+    const response = await fetch(url, {
+      method: "GET",
+      headers: { Accept: "application/json" },
+      signal: AbortSignal.timeout(7e3)
+    });
+    const text2 = await response.text();
+    let payload = text2;
+    try {
+      payload = text2.length > 0 ? JSON.parse(text2) : null;
+    } catch {
+      payload = text2;
+    }
+    if (response.ok) {
+      const version = getLatestVersion(payload);
+      return {
+        ok: true,
+        skipped: false,
+        reachable: true,
+        published: true,
+        url,
+        packageName,
+        ...version ? { version } : {},
+        details: [
+          `http status: ${response.status}`,
+          ...version ? [`latest version: ${version}`] : ["latest version: unavailable"]
+        ]
+      };
+    }
+    if (response.status === 404) {
+      return {
+        ok: true,
+        skipped: false,
+        reachable: true,
+        published: false,
+        url,
+        packageName,
+        error: `${packageName} is not published on npm yet.`,
+        details: [`http status: ${response.status}`]
+      };
+    }
+    return {
+      ok: false,
+      skipped: false,
+      reachable: false,
+      published: false,
+      url,
+      packageName,
+      error: `npm registry returned HTTP ${response.status}`,
+      details: [`http status: ${response.status}`]
+    };
+  } catch (error) {
+    return {
+      ok: false,
+      skipped: false,
+      reachable: false,
+      published: false,
+      url,
+      packageName,
+      error: error instanceof Error ? error.message : String(error),
+      details: []
+    };
+  }
+}
+
+// src/lib/workspaces.ts
+async function requireOrgxAuth(options = {}) {
+  const auth = await resolveOrgxAuth(options);
+  if (!auth) {
+    throw new Error(
+      "No OrgX API key configured. Run `wizard auth login` or `wizard auth set-key <oxk_...>` first."
+    );
+  }
+  return auth;
+}
+async function parseResponseBody2(response) {
+  const text2 = await response.text();
+  if (!text2) return null;
+  try {
+    return JSON.parse(text2);
+  } catch {
+    return text2;
+  }
+}
+function parseWorkspace(value) {
+  if (!isRecord(value)) return null;
+  const id = typeof value.id === "string" ? value.id : null;
+  const name = typeof value.name === "string" ? value.name : null;
+  if (!id || !name) return null;
+  return {
+    id,
+    name,
+    ...typeof value.description === "string" && value.description.trim().length > 0 ? { description: value.description } : {},
+    isDefault: value.is_default === true,
+    ...typeof value.created_at === "string" ? { createdAt: value.created_at } : {},
+    ...typeof value.updated_at === "string" ? { updatedAt: value.updated_at } : {}
+  };
+}
+function sortWorkspaces(workspaces) {
+  return [...workspaces].sort((left, right) => {
+    if (left.isDefault !== right.isDefault) {
+      return left.isDefault ? -1 : 1;
+    }
+    const nameCompare = left.name.localeCompare(right.name);
+    if (nameCompare !== 0) {
+      return nameCompare;
+    }
+    return left.id.localeCompare(right.id);
+  });
+}
+function parseWorkspaceList(payload) {
+  if (!isRecord(payload) || !Array.isArray(payload.data)) {
+    return [];
+  }
+  return sortWorkspaces(payload.data.map(parseWorkspace).filter((item) => item !== null));
+}
+function parseWorkspaceResponse(payload) {
+  if (!isRecord(payload)) return null;
+  return parseWorkspace(payload.data);
+}
+function parseCurrentWorkspaceResponse(payload) {
+  if (!isRecord(payload)) return null;
+  const id = typeof payload.id === "string" ? payload.id : null;
+  const name = typeof payload.name === "string" ? payload.name : null;
+  if (!id || !name) return null;
+  return {
+    id,
+    name,
+    isDefault: true,
+    ...typeof payload.createdAt === "string" ? { createdAt: payload.createdAt } : {}
+  };
+}
+function buildRequestHeaders(apiKey) {
+  return {
+    Authorization: `Bearer ${apiKey}`,
+    "Content-Type": "application/json"
+  };
+}
+function formatHttpError(status, body) {
+  if (typeof body === "string" && body.trim().length > 0) {
+    return `HTTP ${status}: ${body}`;
+  }
+  if (isRecord(body) && typeof body.error === "string" && body.error.trim().length > 0) {
+    return `HTTP ${status}: ${body.error}`;
+  }
+  return `HTTP ${status}`;
+}
+async function listWorkspaces(options = {}) {
+  const auth = await requireOrgxAuth(options);
+  const url = buildOrgxApiUrl("/entities?type=command_center&limit=100", auth.baseUrl);
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      Authorization: `Bearer ${auth.apiKey}`
+    },
+    signal: AbortSignal.timeout(7e3)
+  });
+  const body = await parseResponseBody2(response);
+  if (!response.ok) {
+    throw new Error(`Failed to list workspaces. ${formatHttpError(response.status, body)}`);
+  }
+  return parseWorkspaceList(body);
+}
+async function getCurrentWorkspace(options = {}) {
+  const auth = await requireOrgxAuth(options);
+  const url = buildOrgxApiUrl("/v1/workspaces/current", auth.baseUrl);
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      Authorization: `Bearer ${auth.apiKey}`
+    },
+    signal: AbortSignal.timeout(7e3)
+  });
+  const body = await parseResponseBody2(response);
+  if (response.ok) {
+    const workspace = parseCurrentWorkspaceResponse(body);
+    if (!workspace) {
+      throw new Error("OrgX returned an unexpected current workspace payload.");
+    }
+    return workspace;
+  }
+  if (response.status === 404) {
+    const workspaces = await listWorkspaces(options);
+    return workspaces[0] ?? null;
+  }
+  throw new Error(`Failed to load current workspace. ${formatHttpError(response.status, body)}`);
+}
+async function createWorkspace(input, options = {}) {
+  const name = input.name.trim();
+  if (!name) {
+    throw new Error("Workspace name is required.");
+  }
+  const auth = await requireOrgxAuth(options);
+  const url = buildOrgxApiUrl("/entities", auth.baseUrl);
+  const payload = {
+    type: "command_center",
+    name,
+    ...input.description?.trim() ? { description: input.description.trim() } : {}
+  };
+  const response = await fetch(url, {
+    method: "POST",
+    headers: buildRequestHeaders(auth.apiKey),
+    body: JSON.stringify(payload),
+    signal: AbortSignal.timeout(7e3)
+  });
+  const body = await parseResponseBody2(response);
+  if (!response.ok) {
+    throw new Error(`Failed to create workspace. ${formatHttpError(response.status, body)}`);
+  }
+  const workspace = parseWorkspaceResponse(body);
+  if (!workspace) {
+    throw new Error("OrgX returned an unexpected workspace payload.");
+  }
+  return workspace;
+}
+async function updateWorkspace(input, patch, options = {}) {
+  const auth = await requireOrgxAuth(options);
+  const url = buildOrgxApiUrl("/entities", auth.baseUrl);
+  const response = await fetch(url, {
+    method: "PATCH",
+    headers: buildRequestHeaders(auth.apiKey),
+    body: JSON.stringify({
+      type: "command_center",
+      id: input.id,
+      ...patch
+    }),
+    signal: AbortSignal.timeout(7e3)
+  });
+  const body = await parseResponseBody2(response);
+  if (!response.ok) {
+    throw new Error(`Failed to update workspace. ${formatHttpError(response.status, body)}`);
+  }
+  const workspace = parseWorkspaceResponse(body);
+  if (!workspace) {
+    throw new Error("OrgX returned an unexpected workspace update payload.");
+  }
+  return workspace;
+}
+async function setDefaultWorkspace(input, options = {}) {
+  const workspaceId = input.id.trim();
+  if (!workspaceId) {
+    throw new Error("Workspace id is required.");
+  }
+  const workspaces = await listWorkspaces(options);
+  const target = workspaces.find((workspace) => workspace.id === workspaceId);
+  if (!target) {
+    throw new Error(`Workspace ${workspaceId} was not found in the current OrgX account.`);
+  }
+  if (target.isDefault) {
+    return {
+      changed: false,
+      workspace: target
+    };
+  }
+  const currentDefault = workspaces.find((workspace) => workspace.isDefault);
+  if (currentDefault) {
+    await updateWorkspace({ id: currentDefault.id }, { is_default: false }, options);
+  }
+  try {
+    const updated = await updateWorkspace({ id: workspaceId }, { is_default: true }, options);
+    return {
+      changed: true,
+      workspace: updated
+    };
+  } catch (error) {
+    if (currentDefault) {
+      try {
+        await updateWorkspace({ id: currentDefault.id }, { is_default: true }, options);
+      } catch {
+      }
+    }
+    throw error;
+  }
+}
+
+// src/lib/workspace-connectivity.ts
+async function checkWorkspaceConnectivity(options = {}) {
+  const auth = await resolveOrgxAuth(options);
+  if (!auth) {
+    return {
+      configured: false,
+      ok: false,
+      skipped: true,
+      source: "none",
+      error: "No OrgX API key configured; workspace connectivity check skipped.",
+      details: []
+    };
+  }
+  try {
+    const workspace = await getCurrentWorkspace(options);
+    if (!workspace) {
+      return {
+        configured: true,
+        ok: false,
+        skipped: false,
+        source: auth.source,
+        baseUrl: auth.baseUrl,
+        error: "OrgX auth resolved, but no accessible workspace was returned.",
+        details: []
+      };
+    }
+    return {
+      configured: true,
+      ok: true,
+      skipped: false,
+      source: auth.source,
+      baseUrl: auth.baseUrl,
+      workspace,
+      details: [
+        `workspace id: ${workspace.id}`,
+        ...workspace.isDefault ? ["workspace is marked as default"] : []
+      ]
+    };
+  } catch (error) {
+    return {
+      configured: true,
+      ok: false,
+      skipped: false,
+      source: auth.source,
+      baseUrl: auth.baseUrl,
+      error: error instanceof Error ? error.message : String(error),
+      details: []
+    };
+  }
+}
+
+// src/surfaces/mcp-config.ts
+import * as TOML from "@iarna/toml";
+function cloneConfigCollection(config, key) {
+  return { ...readObject(config[key]) };
+}
+function removeLegacyScopedMcpServers(servers) {
+  const scopedPrefix = `${ORGX_LOCAL_MCP_KEY}-`;
+  let updated = false;
+  for (const key of Object.keys(servers)) {
+    if (key === ORGX_LOCAL_MCP_KEY) continue;
+    if (!key.startsWith(scopedPrefix)) continue;
+    delete servers[key];
+    updated = true;
+  }
+  return updated;
+}
+function stringifyJsonConfig(config) {
+  return `${JSON.stringify(config, null, 2)}
+`;
+}
+function clearStdioFields(entry) {
+  const next = { ...entry };
+  delete next.command;
+  delete next.args;
+  delete next.env;
+  return next;
+}
+function matchHttpEntry(value, url) {
+  if (!isRecord(value)) return false;
+  return value.type === "http" && value.url === url;
+}
+function matchUrlEntry(value, url) {
+  if (!isRecord(value)) return false;
+  return value.url === url;
+}
+function patchClaudeMcpConfig(input, localMcpUrl) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "mcpServers");
+  const existingOrgx = readObject(servers[ORGX_HOSTED_MCP_KEY]);
+  const existingLocal = readObject(servers[ORGX_LOCAL_MCP_KEY]);
+  const hostedUrl = typeof existingOrgx.url === "string" ? existingOrgx.url : "";
+  const hostedType = typeof existingOrgx.type === "string" ? existingOrgx.type : "";
+  const shouldSetHostedOrgx = !isRecord(servers[ORGX_HOSTED_MCP_KEY]) || hostedUrl === localMcpUrl && hostedType === "http";
+  if (shouldSetHostedOrgx) {
+    servers[ORGX_HOSTED_MCP_KEY] = {
+      ...existingOrgx,
+      type: "http",
+      url: ORGX_HOSTED_MCP_URL,
+      description: typeof existingOrgx.description === "string" && existingOrgx.description.trim().length > 0 ? existingOrgx.description : "OrgX cloud MCP (OAuth)"
+    };
+  }
+  if (localMcpUrl) {
+    servers[ORGX_LOCAL_MCP_KEY] = {
+      ...existingLocal,
+      type: "http",
+      url: localMcpUrl,
+      description: typeof existingLocal.description === "string" && existingLocal.description.trim().length > 0 ? existingLocal.description : "OrgX platform via local OpenClaw plugin (no OAuth)"
+    };
+  }
+  removeLegacyScopedMcpServers(servers);
+  return stringifyJsonConfig({
+    ...current,
+    mcpServers: servers
+  });
+}
+function removeClaudeMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "mcpServers");
+  if (isRecord(servers[ORGX_LOCAL_MCP_KEY])) {
+    delete servers[ORGX_LOCAL_MCP_KEY];
+  }
+  if (matchHttpEntry(servers[ORGX_HOSTED_MCP_KEY], ORGX_HOSTED_MCP_URL)) {
+    delete servers[ORGX_HOSTED_MCP_KEY];
+  }
+  removeLegacyScopedMcpServers(servers);
+  return stringifyJsonConfig({
+    ...current,
+    mcpServers: servers
+  });
+}
+function inspectClaudeMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "mcpServers");
+  const local = readObject(servers[ORGX_LOCAL_MCP_KEY]);
+  const hostedConfigured = matchHttpEntry(servers[ORGX_HOSTED_MCP_KEY], ORGX_HOSTED_MCP_URL);
+  const localConfigured = local.type === "http" && typeof local.url === "string";
+  const localUrl = localConfigured ? String(local.url) : "missing";
+  return {
+    configured: hostedConfigured && localConfigured,
+    hostedConfigured,
+    localConfigured,
+    details: [
+      `hosted orgx: ${hostedConfigured ? "ok" : "missing"}`,
+      `local orgx-openclaw: ${localUrl}`
+    ]
+  };
+}
+function patchCursorMcpConfig(input, localMcpUrl) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "mcpServers");
+  const existingLocal = readObject(servers[ORGX_LOCAL_MCP_KEY]);
+  servers[ORGX_LOCAL_MCP_KEY] = {
+    ...clearStdioFields(existingLocal),
+    url: localMcpUrl
+  };
+  removeLegacyScopedMcpServers(servers);
+  return stringifyJsonConfig({
+    ...current,
+    mcpServers: servers
+  });
+}
+function removeCursorMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "mcpServers");
+  if (isRecord(servers[ORGX_LOCAL_MCP_KEY])) {
+    delete servers[ORGX_LOCAL_MCP_KEY];
+  }
+  removeLegacyScopedMcpServers(servers);
+  return stringifyJsonConfig({
+    ...current,
+    mcpServers: servers
+  });
+}
+function inspectCursorMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "mcpServers");
+  const local = readObject(servers[ORGX_LOCAL_MCP_KEY]);
+  const localConfigured = typeof local.url === "string";
+  const localUrl = localConfigured ? String(local.url) : "missing";
+  return {
+    configured: localConfigured,
+    localConfigured,
+    details: [`local orgx-openclaw: ${localUrl}`]
+  };
+}
+function patchVscodeMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "servers");
+  const existingHosted = readObject(servers[ORGX_HOSTED_MCP_KEY]);
+  servers[ORGX_HOSTED_MCP_KEY] = {
+    ...clearStdioFields(existingHosted),
+    type: "http",
+    url: ORGX_HOSTED_MCP_URL
+  };
+  return stringifyJsonConfig({
+    ...current,
+    servers
+  });
+}
+function removeVscodeMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "servers");
+  if (matchHttpEntry(servers[ORGX_HOSTED_MCP_KEY], ORGX_HOSTED_MCP_URL)) {
+    delete servers[ORGX_HOSTED_MCP_KEY];
+  }
+  return stringifyJsonConfig({
+    ...current,
+    servers
+  });
+}
+function inspectVscodeMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "servers");
+  const hostedConfigured = matchHttpEntry(servers[ORGX_HOSTED_MCP_KEY], ORGX_HOSTED_MCP_URL);
+  return {
+    configured: hostedConfigured,
+    hostedConfigured,
+    details: [`hosted orgx: ${hostedConfigured ? "ok" : "missing"}`]
+  };
+}
+function matchServerUrlEntry(value, url) {
+  if (!isRecord(value)) return false;
+  return value.serverUrl === url || value.url === url;
+}
+function patchWindsurfMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "mcpServers");
+  const existingHosted = readObject(servers[ORGX_HOSTED_MCP_KEY]);
+  const nextEntry = clearStdioFields(existingHosted);
+  delete nextEntry.url;
+  servers[ORGX_HOSTED_MCP_KEY] = {
+    ...nextEntry,
+    serverUrl: ORGX_HOSTED_MCP_URL
+  };
+  return stringifyJsonConfig({
+    ...current,
+    mcpServers: servers
+  });
+}
+function removeWindsurfMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "mcpServers");
+  if (matchServerUrlEntry(servers[ORGX_HOSTED_MCP_KEY], ORGX_HOSTED_MCP_URL)) {
+    delete servers[ORGX_HOSTED_MCP_KEY];
+  }
+  return stringifyJsonConfig({
+    ...current,
+    mcpServers: servers
+  });
+}
+function inspectWindsurfMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "mcpServers");
+  const hostedConfigured = matchServerUrlEntry(servers[ORGX_HOSTED_MCP_KEY], ORGX_HOSTED_MCP_URL);
+  return {
+    configured: hostedConfigured,
+    hostedConfigured,
+    details: [`hosted orgx: ${hostedConfigured ? "ok" : "missing"}`]
+  };
+}
+function patchZedMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "context_servers");
+  const existingHosted = readObject(servers[ORGX_HOSTED_MCP_KEY]);
+  servers[ORGX_HOSTED_MCP_KEY] = {
+    ...clearStdioFields(existingHosted),
+    url: ORGX_HOSTED_MCP_URL
+  };
+  return stringifyJsonConfig({
+    ...current,
+    context_servers: servers
+  });
+}
+function removeZedMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "context_servers");
+  if (matchUrlEntry(servers[ORGX_HOSTED_MCP_KEY], ORGX_HOSTED_MCP_URL)) {
+    delete servers[ORGX_HOSTED_MCP_KEY];
+  }
+  return stringifyJsonConfig({
+    ...current,
+    context_servers: servers
+  });
+}
+function inspectZedMcpConfig(input) {
+  const current = parseJsonObject(input);
+  const servers = cloneConfigCollection(current, "context_servers");
+  const hostedConfigured = matchUrlEntry(servers[ORGX_HOSTED_MCP_KEY], ORGX_HOSTED_MCP_URL);
+  return {
+    configured: hostedConfigured,
+    hostedConfigured,
+    details: [`hosted orgx: ${hostedConfigured ? "ok" : "missing"}`]
+  };
+}
+function parseTomlDocument(input) {
+  if (!input) return {};
+  try {
+    const parsed = TOML.parse(input);
+    return isRecord(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function stringifyTomlDocument(document) {
+  const rendered = TOML.stringify(document);
+  return rendered.endsWith("\n") ? rendered : `${rendered}
+`;
+}
+function upsertCodexEntry(servers, key, url) {
+  const current = readObject(servers[key]);
+  const next = {
+    ...current,
+    url
+  };
+  delete next.command;
+  delete next.args;
+  delete next.startup_timeout_sec;
+  servers[key] = next;
+}
+function removeLegacyCodexEntries(servers) {
+  const scopedPrefix = `${ORGX_LOCAL_MCP_KEY}-`;
+  let updated = false;
+  for (const key of Object.keys(servers)) {
+    if (key === ORGX_LOCAL_MCP_KEY) continue;
+    if (!key.startsWith(scopedPrefix)) continue;
+    delete servers[key];
+    updated = true;
+  }
+  return updated;
+}
+function patchCodexConfigToml(input, localMcpUrl) {
+  const current = parseTomlDocument(input);
+  const servers = readObject(current.mcp_servers);
+  upsertCodexEntry(servers, ORGX_HOSTED_MCP_KEY, ORGX_HOSTED_MCP_URL);
+  if (localMcpUrl) {
+    upsertCodexEntry(servers, ORGX_LOCAL_MCP_KEY, localMcpUrl);
+  }
+  removeLegacyCodexEntries(servers);
+  current.mcp_servers = servers;
+  return stringifyTomlDocument(current);
+}
+function removeCodexConfigToml(input) {
+  const current = parseTomlDocument(input);
+  const servers = readObject(current.mcp_servers);
+  const hosted = readObject(servers[ORGX_HOSTED_MCP_KEY]);
+  if (isRecord(servers[ORGX_LOCAL_MCP_KEY])) {
+    delete servers[ORGX_LOCAL_MCP_KEY];
+  }
+  if (hosted.url === ORGX_HOSTED_MCP_URL) {
+    delete servers[ORGX_HOSTED_MCP_KEY];
+  }
+  removeLegacyCodexEntries(servers);
+  current.mcp_servers = servers;
+  return stringifyTomlDocument(current);
+}
+function inspectCodexConfigToml(input) {
+  const current = parseTomlDocument(input);
+  const servers = readObject(current.mcp_servers);
+  const hosted = readObject(servers[ORGX_HOSTED_MCP_KEY]);
+  const local = readObject(servers[ORGX_LOCAL_MCP_KEY]);
+  const hostedConfigured = hosted.url === ORGX_HOSTED_MCP_URL;
+  const localConfigured = typeof local.url === "string";
+  return {
+    configured: hostedConfigured && localConfigured,
+    hostedConfigured,
+    localConfigured,
+    details: [
+      `hosted orgx: ${hostedConfigured ? "ok" : "missing"}`,
+      `local orgx-openclaw: ${localConfigured ? local.url : "missing"}`
+    ]
+  };
+}
+
+// src/surfaces/names.ts
+var SURFACE_NAMES = [
+  "claude",
+  "cursor",
+  "codex",
+  "openclaw",
+  "vscode",
+  "windsurf",
+  "zed",
+  "chatgpt"
+];
+var AUTOMATED_SURFACE_NAMES = [
+  "claude",
+  "cursor",
+  "codex",
+  "openclaw",
+  "vscode",
+  "windsurf",
+  "zed"
+];
+var MCP_SURFACE_NAMES = [
+  "claude",
+  "cursor",
+  "codex",
+  "vscode",
+  "windsurf",
+  "zed"
+];
+
+// src/surfaces/detection.ts
+import { existsSync as existsSync2 } from "fs";
+import { dirname as dirname2 } from "path";
+var SURFACE_LOCATORS = {
+  claude: {
+    configPaths: CLAUDE_MCP_PATHS,
+    installPaths: CLAUDE_INSTALL_PATHS
+  },
+  cursor: {
+    configPaths: CURSOR_MCP_PATHS,
+    installPaths: CURSOR_INSTALL_PATHS
+  },
+  codex: {
+    configPaths: CODEX_CONFIG_PATHS,
+    installPaths: CODEX_INSTALL_PATHS
+  },
+  openclaw: {
+    configPaths: OPENCLAW_CONFIG_PATHS,
+    installPaths: OPENCLAW_INSTALL_PATHS
+  },
+  vscode: {
+    configPaths: VSCODE_MCP_PATHS,
+    installPaths: VSCODE_INSTALL_PATHS
+  },
+  windsurf: {
+    configPaths: WINDSURF_MCP_PATHS,
+    installPaths: WINDSURF_INSTALL_PATHS
+  },
+  zed: {
+    configPaths: ZED_SETTINGS_PATHS,
+    installPaths: ZED_INSTALL_PATHS
+  },
+  chatgpt: {
+    configPaths: [],
+    installPaths: CHATGPT_APP_PATHS
+  }
+};
+function firstExistingPath(paths, exists) {
+  return paths.find((path) => exists(path));
+}
+function buildFallbackInstallPaths(configPaths) {
+  return [...new Set(configPaths.map((path) => dirname2(path)))];
+}
+function getSurfaceLocator(name) {
+  return SURFACE_LOCATORS[name];
+}
+function detectSurface(name, exists = existsSync2) {
+  const locator = getSurfaceLocator(name);
+  const existingConfigPath = firstExistingPath(locator.configPaths, exists);
+  const preferredPath = locator.configPaths[0] ?? locator.installPaths[0];
+  const installCandidates = [
+    ...locator.installPaths,
+    ...buildFallbackInstallPaths(locator.configPaths)
+  ];
+  const existingInstallPath = firstExistingPath(installCandidates, exists);
+  const existingPath = existingConfigPath ?? existingInstallPath;
+  const evidence = [];
+  if (existingConfigPath) {
+    evidence.push(`config found: ${existingConfigPath}`);
+  }
+  if (existingInstallPath && existingInstallPath !== existingConfigPath) {
+    evidence.push(`install marker found: ${existingInstallPath}`);
+  }
+  if (!existingConfigPath && !existingInstallPath) {
+    evidence.push("no candidate paths found on disk");
+  }
+  const detection = {
+    detected: Boolean(existingConfigPath || existingInstallPath),
+    evidence
+  };
+  if (preferredPath) {
+    detection.preferredPath = preferredPath;
+  }
+  if (existingPath) {
+    detection.existingPath = existingPath;
+  }
+  return detection;
+}
+
+// src/surfaces/registry.ts
+function getSurfacePath(name) {
+  const detection = detectSurface(name);
+  const locator = getSurfaceLocator(name);
+  const existingPath = detection.existingPath;
+  if (existingPath && locator.configPaths.includes(existingPath)) {
+    return existingPath;
+  }
+  return locator.configPaths[0] ?? detection.preferredPath ?? existingPath;
+}
+function getOpenClawDependencyState() {
+  const detection = detectSurface("openclaw");
+  const path = detection.existingPath ?? detection.preferredPath;
+  const raw = path ? readTextIfExists(path) : null;
+  const inspection = inspectOpenClawConfig(raw);
+  const result = {
+    detected: detection.detected,
+    configured: inspection.configured
+  };
+  if (path) {
+    result.path = path;
+  }
+  if (detection.detected) {
+    result.url = buildLocalMcpUrl(raw);
+  }
+  return result;
+}
+function automatedSurfaceStatus(name) {
+  const detection = detectSurface(name);
+  const path = detection.existingPath ?? detection.preferredPath;
+  const openclaw = getOpenClawDependencyState();
+  if (name === "claude") {
+    const inspection2 = inspectClaudeMcpConfig(path ? readTextIfExists(path) : null);
+    const configured = inspection2.hostedConfigured === true && (openclaw.detected ? inspection2.localConfigured === true : true);
+    return {
+      name,
+      mode: "automated",
+      detected: detection.detected,
+      configured,
+      ...path ? { path } : {},
+      details: [
+        ...inspection2.details,
+        ...openclaw.detected ? [`OpenClaw bridge: ${openclaw.configured ? "configured" : "detected but not configured"}`] : ["OpenClaw bridge: not detected; hosted OrgX is the only available route."],
+        ...detection.evidence
+      ],
+      summary: configured ? openclaw.detected ? "OrgX is connected in Claude with the local OpenClaw bridge." : "OrgX cloud MCP is connected in Claude." : detection.detected ? openclaw.detected ? `Claude is missing either hosted OrgX or the local OpenClaw bridge (${openclaw.url ?? "unknown"}).` : "Claude is missing the hosted OrgX MCP entry." : "Claude config directory was not detected on disk."
+    };
+  }
+  if (name === "cursor") {
+    const inspection2 = inspectCursorMcpConfig(path ? readTextIfExists(path) : null);
+    const configured = openclaw.detected && inspection2.localConfigured === true;
+    return {
+      name,
+      mode: "automated",
+      detected: detection.detected,
+      configured,
+      ...path ? { path } : {},
+      details: [
+        ...inspection2.details,
+        ...openclaw.detected ? [`OpenClaw bridge: ${openclaw.configured ? "configured" : "detected but not configured"}`] : ["OpenClaw bridge: not detected; Cursor cannot use the local OrgX bridge yet."],
+        ...detection.evidence
+      ],
+      summary: configured ? "OrgX is connected in Cursor through the local OpenClaw bridge." : detection.detected ? openclaw.detected ? `Cursor is missing the local OrgX OpenClaw bridge (${openclaw.url ?? "unknown"}).` : "Cursor is ready to wire, but OpenClaw must be installed first." : "Cursor config directory was not detected on disk."
+    };
+  }
+  if (name === "codex") {
+    const inspection2 = inspectCodexConfigToml(path ? readTextIfExists(path) : null);
+    const configured = inspection2.hostedConfigured === true && (openclaw.detected ? inspection2.localConfigured === true : true);
+    return {
+      name,
+      mode: "automated",
+      detected: detection.detected,
+      configured,
+      ...path ? { path } : {},
+      details: [
+        ...inspection2.details,
+        ...openclaw.detected ? [`OpenClaw bridge: ${openclaw.configured ? "configured" : "detected but not configured"}`] : ["OpenClaw bridge: not detected; hosted OrgX is the only available route."],
+        ...detection.evidence
+      ],
+      summary: configured ? openclaw.detected ? "OrgX is connected in Codex with the local OpenClaw bridge." : "OrgX cloud MCP is connected in Codex." : detection.detected ? openclaw.detected ? `Codex is missing either hosted OrgX or the local OpenClaw bridge (${openclaw.url ?? "unknown"}).` : "Codex is missing the hosted OrgX MCP entry." : "Codex config directory was not detected on disk."
+    };
+  }
+  if (name === "vscode") {
+    const inspection2 = inspectVscodeMcpConfig(path ? readTextIfExists(path) : null);
+    return {
+      name,
+      mode: "automated",
+      detected: detection.detected,
+      configured: inspection2.hostedConfigured === true,
+      ...path ? { path } : {},
+      details: [...inspection2.details, ...detection.evidence],
+      summary: inspection2.hostedConfigured ? "OrgX cloud MCP is connected in VS Code." : detection.detected ? "VS Code is missing the hosted OrgX MCP entry." : "VS Code config directory was not detected on disk."
+    };
+  }
+  if (name === "windsurf") {
+    const inspection2 = inspectWindsurfMcpConfig(path ? readTextIfExists(path) : null);
+    return {
+      name,
+      mode: "automated",
+      detected: detection.detected,
+      configured: inspection2.hostedConfigured === true,
+      ...path ? { path } : {},
+      details: [...inspection2.details, ...detection.evidence],
+      summary: inspection2.hostedConfigured ? "OrgX cloud MCP is connected in Windsurf." : detection.detected ? "Windsurf is missing the hosted OrgX MCP entry." : "Windsurf config directory was not detected on disk."
+    };
+  }
+  if (name === "zed") {
+    const inspection2 = inspectZedMcpConfig(path ? readTextIfExists(path) : null);
+    return {
+      name,
+      mode: "automated",
+      detected: detection.detected,
+      configured: inspection2.hostedConfigured === true,
+      ...path ? { path } : {},
+      details: [...inspection2.details, ...detection.evidence],
+      summary: inspection2.hostedConfigured ? "OrgX cloud MCP is connected in Zed." : detection.detected ? "Zed is missing the hosted OrgX MCP entry." : "Zed config directory was not detected on disk."
+    };
+  }
+  const inspection = inspectOpenClawConfig(path ? readTextIfExists(path) : null);
+  return {
+    name,
+    mode: "automated",
+    detected: detection.detected,
+    configured: inspection.configured,
+    ...path ? { path } : {},
+    details: [...inspection.details, ...detection.evidence],
+    summary: inspection.configured ? `OpenClaw plugin entry ${inspection.pluginKey ?? "missing"} is configured.` : inspection.installed ? "OpenClaw is installed but OrgX defaults have not been written." : detection.detected ? "OpenClaw support files exist but no OrgX plugin entry was found." : "OpenClaw is not installed or no support files were found."
+  };
+}
+function manualSurfaceStatus(name) {
+  const detection = detectSurface(name);
+  const path = detection.existingPath ?? detection.preferredPath;
+  const shared = {
+    name,
+    mode: "manual",
+    detected: detection.detected,
+    configured: false,
+    ...path ? { path } : {}
+  };
+  switch (name) {
+    case "chatgpt":
+      return {
+        ...shared,
+        details: [
+          ...detection.evidence,
+          "ChatGPT desktop support is not automated yet.",
+          "Manual follow-up: wire the OrgX surface once the app-side config contract is finalized."
+        ],
+        summary: detection.detected ? "ChatGPT support files detected; manual OrgX wiring still required." : "ChatGPT desktop support files were not found on disk."
+      };
+  }
+}
+function getSurfaceStatus(name) {
+  if (AUTOMATED_SURFACE_NAMES.includes(name)) {
+    return automatedSurfaceStatus(
+      name
+    );
+  }
+  return manualSurfaceStatus(name);
+}
+function listSurfaceStatuses() {
+  return SURFACE_NAMES.map(getSurfaceStatus);
+}
+function resolveTargets(selection, allTargets) {
+  const values = Array.isArray(selection) ? selection : [selection];
+  if (values.includes("all")) {
+    return [...allTargets];
+  }
+  return [...new Set(values)];
+}
+function resolveSurfaceSelection(selection) {
+  return resolveTargets(selection, SURFACE_NAMES);
+}
+function resolveMcpSurfaceSelection(selection) {
+  return resolveTargets(selection, MCP_SURFACE_NAMES);
+}
+async function addAutomatedSurface(name) {
+  const path = getSurfacePath(name);
+  const openclaw = getOpenClawDependencyState();
+  if (!path) {
+    return {
+      name,
+      changed: false,
+      message: `${name} has no writable config path on this platform.`
+    };
+  }
+  switch (name) {
+    case "claude": {
+      const previous = readTextIfExists(path);
+      const next = patchClaudeMcpConfig(previous, openclaw.url);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: openclaw.detected ? "OrgX is connected in Claude with the local OpenClaw bridge." : "OrgX cloud MCP is connected in Claude."
+      };
+    }
+    case "cursor": {
+      if (!openclaw.detected || !openclaw.url) {
+        return {
+          name,
+          changed: false,
+          path,
+          message: "Cursor needs OpenClaw installed before OrgX can be connected locally."
+        };
+      }
+      const previous = readTextIfExists(path);
+      const next = patchCursorMcpConfig(previous, openclaw.url);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: "OrgX is connected in Cursor through the local OpenClaw bridge."
+      };
+    }
+    case "codex": {
+      const previous = readTextIfExists(path);
+      const next = patchCodexConfigToml(previous, openclaw.url);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: openclaw.detected ? "OrgX is connected in Codex with the local OpenClaw bridge." : "OrgX cloud MCP is connected in Codex."
+      };
+    }
+    case "openclaw": {
+      const previous = readTextIfExists(path);
+      const auth = await resolveOrgxAuth();
+      const next = patchOpenClawConfig(previous, auth ?? {});
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: auth ? "OpenClaw is configured as the local OrgX bridge with the resolved OrgX auth." : "OpenClaw is configured as the local OrgX bridge."
+      };
+    }
+    case "vscode": {
+      const previous = readTextIfExists(path);
+      const next = patchVscodeMcpConfig(previous);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: "OrgX cloud MCP is connected in VS Code."
+      };
+    }
+    case "windsurf": {
+      const previous = readTextIfExists(path);
+      const next = patchWindsurfMcpConfig(previous);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: "OrgX cloud MCP is connected in Windsurf."
+      };
+    }
+    case "zed": {
+      const previous = readTextIfExists(path);
+      const next = patchZedMcpConfig(previous);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: "OrgX cloud MCP is connected in Zed."
+      };
+    }
+    default:
+      return {
+        name,
+        changed: false,
+        message: `${name} is not automated yet.`
+      };
+  }
+}
+function removeAutomatedSurface(name) {
+  const path = getSurfacePath(name);
+  if (!path) {
+    return {
+      name,
+      changed: false,
+      message: `${name} has no writable config path on this platform.`
+    };
+  }
+  switch (name) {
+    case "claude": {
+      const previous = readTextIfExists(path);
+      const next = removeClaudeMcpConfig(previous);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: "OrgX connection was removed from Claude."
+      };
+    }
+    case "cursor": {
+      const previous = readTextIfExists(path);
+      const next = removeCursorMcpConfig(previous);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: "OrgX connection was removed from Cursor."
+      };
+    }
+    case "codex": {
+      const previous = readTextIfExists(path);
+      const next = removeCodexConfigToml(previous);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: "OrgX connection was removed from Codex."
+      };
+    }
+    case "openclaw": {
+      const previous = readTextIfExists(path);
+      const next = removeOpenClawConfig(previous);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: "OpenClaw OrgX defaults were removed."
+      };
+    }
+    case "vscode": {
+      const previous = readTextIfExists(path);
+      const next = removeVscodeMcpConfig(previous);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: "OrgX connection was removed from VS Code."
+      };
+    }
+    case "windsurf": {
+      const previous = readTextIfExists(path);
+      const next = removeWindsurfMcpConfig(previous);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: "OrgX connection was removed from Windsurf."
+      };
+    }
+    case "zed": {
+      const previous = readTextIfExists(path);
+      const next = removeZedMcpConfig(previous);
+      writeTextFile(path, next);
+      return {
+        name,
+        changed: previous !== next,
+        path,
+        message: "OrgX connection was removed from Zed."
+      };
+    }
+    default:
+      return {
+        name,
+        changed: false,
+        message: `${name} is not automated yet.`
+      };
+  }
+}
+async function addSurface(selection) {
+  const targets = resolveSurfaceSelection(selection);
+  const results = [];
+  for (const surface of targets) {
+    results.push(await addAutomatedSurface(surface));
+  }
+  return results;
+}
+function removeSurface(selection) {
+  const targets = resolveSurfaceSelection(selection);
+  return targets.map((surface) => removeAutomatedSurface(surface));
+}
+async function addMcpSurface(selection) {
+  const targets = resolveMcpSurfaceSelection(selection);
+  const results = [];
+  for (const surface of targets) {
+    results.push(await addAutomatedSurface(surface));
+  }
+  return results;
+}
+function removeMcpSurface(selection) {
+  const targets = resolveMcpSurfaceSelection(selection);
+  return targets.map((surface) => removeAutomatedSurface(surface));
+}
+async function setupDetectedSurfaces() {
+  const targets = AUTOMATED_SURFACE_NAMES.filter((name) => getSurfaceStatus(name).detected);
+  targets.sort((left, right) => {
+    if (left === "openclaw") return -1;
+    if (right === "openclaw") return 1;
+    return 0;
+  });
+  const results = [];
+  for (const name of targets) {
+    results.push(await addAutomatedSurface(name));
+  }
+  return results;
+}
+function skippedOpenClawHealth() {
+  return {
+    ok: false,
+    skipped: true,
+    method: "none",
+    error: "OpenClaw support files were not detected; skipping gateway health check.",
+    details: []
+  };
+}
+async function runDoctor() {
+  const surfaces = listSurfaceStatuses();
+  const openclawSurface = surfaces.find((surface) => surface.name === "openclaw");
+  const auth = await checkOrgxAuth();
+  const hostedMcp = await checkHostedMcpHealth();
+  const hostedMcpTool = await checkHostedMcpToolAccess();
+  const npmRegistry = await checkNpmRegistryHealth();
+  const workspace = await checkWorkspaceConnectivity();
+  const remote = await fetchSetupStatus();
+  const openclaw = openclawSurface?.detected ? await checkOpenClawHealth(openclawSurface.path) : skippedOpenClawHealth();
+  return { surfaces, auth, hostedMcp, hostedMcpTool, npmRegistry, workspace, remote, openclaw };
+}
+function assessDoctorReport(report) {
+  const issues = [];
+  if (!report.hostedMcp.ok) {
+    issues.push({
+      level: "error",
+      title: "Hosted OrgX MCP is unreachable.",
+      suggestion: "Retry later or verify https://mcp.useorgx.com/health. Hosted-only clients will stay broken until that endpoint recovers."
+    });
+  }
+  if (report.hostedMcp.ok && report.hostedMcpTool.configured && !report.hostedMcpTool.ok && !report.hostedMcpTool.skipped) {
+    issues.push({
+      level: "error",
+      title: `Hosted OrgX MCP tool verification failed (${report.hostedMcpTool.toolName}).`,
+      suggestion: "Re-run `wizard auth login` to refresh the per-user key, then retry `wizard doctor` to confirm the hosted MCP can initialize and execute tools."
+    });
+  }
+  if (report.auth.configured && !report.auth.ok && !report.auth.skipped) {
+    issues.push({
+      level: "error",
+      title: "OrgX user auth could not be verified.",
+      suggestion: "Run `wizard auth set-key <oxk_...>` again or correct the resolved ORGX_API_KEY / base URL before retrying."
+    });
+  }
+  if (report.workspace.configured && !report.workspace.ok) {
+    issues.push({
+      level: "error",
+      title: "Current workspace lookup failed.",
+      suggestion: "Verify the resolved OrgX base URL and that the authenticated user still has access to a workspace."
+    });
+  }
+  if (!report.npmRegistry.reachable) {
+    issues.push({
+      level: "warning",
+      title: "npm registry is unreachable.",
+      suggestion: "Check outbound network access to https://registry.npmjs.org before relying on npm-based installation flows."
+    });
+  } else if (!report.npmRegistry.published) {
+    issues.push({
+      level: "warning",
+      title: `${report.npmRegistry.packageName} is not published on npm yet.`,
+      suggestion: "This is expected before launch. Publish the package in the release workstream before asking users to install from npm."
+    });
+  }
+  if (!report.openclaw.skipped && !report.openclaw.ok) {
+    issues.push({
+      level: "warning",
+      title: "OpenClaw is installed but its local gateway health check failed.",
+      suggestion: "Run `openclaw doctor` or `openclaw doctor --repair` before relying on local bridge clients like Cursor."
+    });
+  }
+  if (!report.remote.skipped && !report.remote.ok) {
+    issues.push({
+      level: "warning",
+      title: "Remote setup status check failed.",
+      suggestion: "If you expected the service-key check to pass, verify ORGX_SERVICE_KEY before trusting setup-status output."
+    });
+  }
+  return {
+    ok: !issues.some((issue) => issue.level === "error"),
+    issues
+  };
+}
+
+// src/lib/wizard-state.ts
+import { randomUUID } from "crypto";
+function isNonEmptyString2(value) {
+  return typeof value === "string" && value.trim().length > 0;
+}
+function isSurfaceName(value) {
+  return typeof value === "string" && SURFACE_NAMES.includes(value);
+}
+function parseContinuityDefaults(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    return void 0;
+  }
+  const record = value;
+  const parsed = {};
+  if (record.executionMode === "cloud" || record.executionMode === "local") {
+    parsed.executionMode = record.executionMode;
+  }
+  if (isSurfaceName(record.reviewSurface)) {
+    parsed.reviewSurface = record.reviewSurface;
+  }
+  if (isNonEmptyString2(record.workspaceId)) {
+    parsed.workspaceId = record.workspaceId.trim();
+  }
+  if (isNonEmptyString2(record.workspaceName)) {
+    parsed.workspaceName = record.workspaceName.trim();
+  }
+  return Object.keys(parsed).length > 0 ? parsed : void 0;
+}
+function parseDemoInitiative(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    return void 0;
+  }
+  const record = value;
+  if (!isNonEmptyString2(record.id) || !isNonEmptyString2(record.title) || !isNonEmptyString2(record.liveUrl) || !isNonEmptyString2(record.createdAt)) {
+    return void 0;
+  }
+  return {
+    createdAt: record.createdAt.trim(),
+    id: record.id.trim(),
+    liveUrl: record.liveUrl.trim(),
+    title: record.title.trim(),
+    ...isNonEmptyString2(record.workspaceId) ? { workspaceId: record.workspaceId.trim() } : {},
+    ...isNonEmptyString2(record.workspaceName) ? { workspaceName: record.workspaceName.trim() } : {}
+  };
+}
+function createWizardState(now = (/* @__PURE__ */ new Date()).toISOString()) {
+  return {
+    installationId: `wizard-${randomUUID()}`,
+    createdAt: now,
+    updatedAt: now
+  };
+}
+function sanitizeWizardStateRecord(record) {
+  const continuity = parseContinuityDefaults(record.continuity);
+  const demoInitiative = parseDemoInitiative(record.demoInitiative);
+  return {
+    installationId: record.installationId.trim(),
+    createdAt: record.createdAt.trim(),
+    updatedAt: record.updatedAt.trim(),
+    ...continuity ? { continuity } : {},
+    ...demoInitiative ? { demoInitiative } : {}
+  };
+}
+function readWizardState(statePath = ORGX_WIZARD_STATE_PATH) {
+  const parsed = parseJsonObject(readTextIfExists(statePath));
+  if (!isNonEmptyString2(parsed.installationId) || !isNonEmptyString2(parsed.createdAt) || !isNonEmptyString2(parsed.updatedAt)) {
+    return null;
+  }
+  const state = {
+    installationId: parsed.installationId.trim(),
+    createdAt: parsed.createdAt.trim(),
+    updatedAt: parsed.updatedAt.trim()
+  };
+  const continuity = parseContinuityDefaults(parsed.continuity);
+  if (continuity !== void 0) state.continuity = continuity;
+  const demoInitiative = parseDemoInitiative(parsed.demoInitiative);
+  if (demoInitiative !== void 0) state.demoInitiative = demoInitiative;
+  return state;
+}
+function writeWizardState(value, statePath = ORGX_WIZARD_STATE_PATH) {
+  const record = sanitizeWizardStateRecord(value);
+  writeJsonFile(statePath, record, { mode: 384 });
+  return record;
+}
+function updateWizardState(updater, statePath = ORGX_WIZARD_STATE_PATH) {
+  const current = readWizardState(statePath) ?? createWizardState();
+  const next = updater(current);
+  const sanitized = sanitizeWizardStateRecord({
+    ...next,
+    installationId: next.installationId || current.installationId,
+    createdAt: next.createdAt || current.createdAt,
+    updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  writeJsonFile(statePath, sanitized, { mode: 384 });
+  return sanitized;
+}
+function getOrCreateWizardInstallationId(statePath = ORGX_WIZARD_STATE_PATH) {
+  const existing = readWizardState(statePath);
+  if (existing) {
+    return existing.installationId;
+  }
+  const record = createWizardState();
+  writeWizardState(record, statePath);
+  return record.installationId;
+}
+
+// src/lib/continuity.ts
+var REVIEW_SURFACE_ORDER = [
+  "claude",
+  "cursor",
+  "codex",
+  "vscode",
+  "windsurf",
+  "zed",
+  "chatgpt"
+];
+function selectReviewSurface(statuses) {
+  for (const name of REVIEW_SURFACE_ORDER) {
+    const configured = statuses.find((status) => status.name === name && status.configured);
+    if (configured) {
+      return configured.name;
+    }
+  }
+  for (const name of REVIEW_SURFACE_ORDER) {
+    const detected = statuses.find((status) => status.name === name && status.detected);
+    if (detected) {
+      return detected.name;
+    }
+  }
+  return void 0;
+}
+function inferExecutionMode(explicitMode, statuses) {
+  if (explicitMode) {
+    return explicitMode;
+  }
+  const openclaw = statuses.find((status) => status.name === "openclaw");
+  if (openclaw?.configured || openclaw?.detected) {
+    return "local";
+  }
+  const hostedSurface = statuses.find(
+    (status) => status.name !== "openclaw" && (status.configured || status.detected)
+  );
+  return hostedSurface ? "cloud" : void 0;
+}
+function inferContinuityDefaults(seed = {}) {
+  const statuses = seed.statuses ?? listSurfaceStatuses();
+  const continuity = {};
+  const reviewSurface = selectReviewSurface(statuses);
+  if (reviewSurface) {
+    continuity.reviewSurface = reviewSurface;
+  }
+  const executionMode = inferExecutionMode(seed.executionMode, statuses);
+  if (executionMode) {
+    continuity.executionMode = executionMode;
+  }
+  if (seed.workspace?.id) {
+    continuity.workspaceId = seed.workspace.id;
+  }
+  const workspaceName = seed.workspace?.name ?? seed.workspaceName ?? void 0;
+  if (workspaceName?.trim()) {
+    continuity.workspaceName = workspaceName.trim();
+  }
+  return continuity;
+}
+function mergeContinuityDefaults(current, next) {
+  return {
+    ...current ?? {},
+    ...next
+  };
+}
+function persistContinuityDefaults(seed = {}, statePath) {
+  const next = inferContinuityDefaults(seed);
+  return updateWizardState(
+    (current) => ({
+      ...current,
+      continuity: mergeContinuityDefaults(current.continuity, next)
+    }),
+    statePath
+  );
+}
+
+// src/lib/initiatives.ts
+var FOUNDER_DEMO_INITIATIVE_TITLE = "Founder Demo Initiative";
+var FOUNDER_DEMO_INITIATIVE_SUMMARY = "Starter initiative created by @useorgx/wizard to validate workspace routing, live views, and the default OrgX skill pack.";
+function parseResponseBody3(text2) {
+  if (!text2) {
+    return null;
+  }
+  try {
+    return JSON.parse(text2);
+  } catch {
+    return text2;
+  }
+}
+function formatHttpError2(status, body) {
+  if (typeof body === "string" && body.trim().length > 0) {
+    return `HTTP ${status}: ${body}`;
+  }
+  if (isRecord(body) && typeof body.error === "string" && body.error.trim().length > 0) {
+    return `HTTP ${status}: ${body.error}`;
+  }
+  return `HTTP ${status}`;
+}
+function parseInitiative(payload) {
+  const entity = isRecord(payload) && isRecord(payload.data) ? payload.data : payload;
+  if (!isRecord(entity)) {
+    throw new Error("OrgX returned an unexpected initiative payload.");
+  }
+  const id = typeof entity.id === "string" ? entity.id.trim() : "";
+  const title = typeof entity.title === "string" ? entity.title.trim() : typeof entity.name === "string" ? entity.name.trim() : "";
+  if (!id || !title) {
+    throw new Error("OrgX returned an incomplete initiative payload.");
+  }
+  return {
+    id,
+    title,
+    ...typeof entity.summary === "string" && entity.summary.trim().length > 0 ? { summary: entity.summary.trim() } : {}
+  };
+}
+function toDemoInitiativeRecord(initiative, liveUrl, workspace) {
+  return {
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    id: initiative.id,
+    liveUrl,
+    title: initiative.title,
+    workspaceId: workspace.id,
+    workspaceName: workspace.name
+  };
+}
+async function requireOrgxAuth2(options = {}) {
+  const auth = await resolveOrgxAuth(options);
+  if (!auth) {
+    throw new Error(
+      "No OrgX API key configured. Run `wizard auth login` or `wizard auth set-key <oxk_...>` first."
+    );
+  }
+  return auth;
+}
+async function createInitiative(input, options = {}) {
+  const title = input.title.trim();
+  if (!title) {
+    throw new Error("Initiative title is required.");
+  }
+  const auth = await requireOrgxAuth2(options);
+  const response = await fetch(buildOrgxApiUrl("/entities", auth.baseUrl), {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${auth.apiKey}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      type: "initiative",
+      title,
+      status: "active",
+      ...input.summary?.trim() ? { summary: input.summary.trim() } : {},
+      ...input.workspaceId?.trim() ? { workspace_id: input.workspaceId.trim() } : {}
+    }),
+    signal: AbortSignal.timeout(7e3)
+  });
+  const body = parseResponseBody3(await response.text());
+  if (!response.ok) {
+    throw new Error(`Failed to create initiative. ${formatHttpError2(response.status, body)}`);
+  }
+  return parseInitiative(body);
+}
+async function ensureFounderDemoInitiative(workspace, options = {}) {
+  const existingRecord = readWizardState(options.statePath)?.demoInitiative;
+  if (existingRecord?.workspaceId === workspace.id) {
+    return {
+      created: false,
+      initiative: {
+        id: existingRecord.id,
+        title: existingRecord.title
+      },
+      liveUrl: existingRecord.liveUrl
+    };
+  }
+  const auth = await requireOrgxAuth2(options);
+  const initiative = await createInitiative(
+    {
+      title: FOUNDER_DEMO_INITIATIVE_TITLE,
+      summary: FOUNDER_DEMO_INITIATIVE_SUMMARY,
+      workspaceId: workspace.id
+    },
+    options
+  );
+  const liveUrl = `${auth.baseUrl.replace(/\/+$/, "")}/live/${initiative.id}`;
+  const record = toDemoInitiativeRecord(initiative, liveUrl, workspace);
+  updateWizardState(
+    (current) => ({
+      ...current,
+      demoInitiative: record
+    }),
+    options.statePath
+  );
+  return {
+    created: true,
+    initiative,
+    liveUrl
+  };
+}
+
+// src/lib/skills.ts
+import { join as join2 } from "path";
+var DEFAULT_ORGX_SKILL_PACKS = [
+  "morning-briefing",
+  "initiative-kickoff",
+  "bulk-create",
+  "nightly-recap"
+];
+var EXCLUDED_PACK_DIRS = /* @__PURE__ */ new Set([".github", "scripts"]);
+var ORGX_SKILLS_OWNER = "useorgx";
+var ORGX_SKILLS_REPO = "skills";
+var ORGX_SKILLS_REF = "main";
+var CURSOR_RULES_CONTENT = `# OrgX Rules
+
+- Prefer \`workspace_id\` on OrgX tool calls. \`command_center_id\` is a deprecated alias and should only be used for backwards compatibility. If both are present, they must match.
+- Treat \`entity_action\` with \`force: true\` as an escape hatch. It bypasses hierarchy and proof checks, so only use it when the user explicitly wants that behavior and say why.
+- Treat \`scaffold_initiative continue_on_error\` as best-effort creation. Use it only when partial scaffolds are acceptable, and follow up on any failed children.
+- Preserve \`_context\` when widget or app-rendering flows depend on client, conversation, session, or user metadata. Do not strip or rename it.
+- Prefer \`list_entities\` for pending approvals and state inspection before reaching for legacy aliases.
+- Keep hosted OrgX MCP calls distinct from local OpenClaw/plugin surfaces before mutating config or entity state.
+`;
+var CLAUDE_ORGX_SKILL_CONTENT = `---
+name: orgx
+description: Use when working against the hosted OrgX MCP server for workspace-scoped planning, entity mutations, progress reporting, and decision handling.
+version: 1.0.0
+user-invocable: true
+tags:
+  - orchestration
+  - productivity
+  - workspace
+---
+
+# OrgX Hosted MCP
+
+Use this skill when Claude is connected to the hosted OrgX MCP server at \`https://mcp.useorgx.com/mcp\`.
+
+This skill is for the hosted OrgX tool surface, not the local OpenClaw plugin. Keep those surfaces distinct before mutating config or entity state.
+
+## Operating Rules
+
+- Prefer \`workspace_id\` on OrgX tools. \`command_center_id\` is a deprecated alias kept for compatibility.
+- Treat \`entity_action\` with \`force: true\` as a deliberate override only. It bypasses hierarchy and proof-chain checks.
+- Treat \`scaffold_initiative continue_on_error\` as best-effort scaffolding. Use it only when partial creation is acceptable and inspect failures afterward.
+- Preserve \`_context\` when widget or app rendering depends on client, conversation, session, or user metadata.
+- Prefer \`list_entities\` over older aliases when you need pending decisions, blockers, or entity state.
+
+## Suggested Skill Packs
+
+Install and use these packs alongside this base skill:
+
+- \`morning-briefing\`
+- \`initiative-kickoff\`
+- \`bulk-create\`
+- \`nightly-recap\`
+
+## Suggested Workflow
+
+1. Inspect state with \`mcp__orgx__list_entities\`, \`mcp__orgx__get_initiative_pulse\`, or the relevant workspace-scoped read tool.
+2. Mutate state with the narrowest tool that matches the task.
+3. When you need a hard override, explain why before using \`force: true\`.
+4. When you scaffold, decide up front whether \`continue_on_error\` is acceptable.
+5. Carry \`_context\` through any widget-producing flows so the UI can render and resume correctly.
+`;
+function encodeRepoPath(value) {
+  return value.split("/").filter((segment) => segment.length > 0).map((segment) => encodeURIComponent(segment)).join("/");
+}
+function buildContentsUrl(path, ref) {
+  const encodedPath = encodeRepoPath(path);
+  return `https://api.github.com/repos/${ORGX_SKILLS_OWNER}/${ORGX_SKILLS_REPO}/contents/${encodedPath}?ref=${encodeURIComponent(ref)}`;
+}
+function resolveGitHubError(status, path) {
+  if (status === 404) {
+    return `OrgX skill pack '${path}' was not found in ${ORGX_SKILLS_OWNER}/${ORGX_SKILLS_REPO}.`;
+  }
+  return `GitHub returned HTTP ${status} while loading '${path}' from ${ORGX_SKILLS_OWNER}/${ORGX_SKILLS_REPO}.`;
+}
+async function readResponseText(response) {
+  return response.text();
+}
+async function fetchDirectoryEntries(path, fetchImpl, ref) {
+  const response = await fetchImpl(buildContentsUrl(path, ref), {
+    headers: {
+      Accept: "application/vnd.github+json"
+    },
+    signal: AbortSignal.timeout(1e4)
+  });
+  if (!response.ok) {
+    throw new Error(resolveGitHubError(response.status, path));
+  }
+  const data = await response.json();
+  if (!Array.isArray(data)) {
+    throw new Error(`Expected '${path}' to be a directory in ${ORGX_SKILLS_OWNER}/${ORGX_SKILLS_REPO}.`);
+  }
+  return data.filter((entry) => {
+    if (!entry || typeof entry !== "object") return false;
+    return entry.type === "file" || entry.type === "dir";
+  }).sort((left, right) => left.path.localeCompare(right.path));
+}
+async function listRemoteSkillFiles(path, fetchImpl, ref) {
+  const entries = await fetchDirectoryEntries(path, fetchImpl, ref);
+  const files = [];
+  for (const entry of entries) {
+    if (entry.type === "dir") {
+      files.push(...await listRemoteSkillFiles(entry.path, fetchImpl, ref));
+      continue;
+    }
+    if (!entry.download_url) {
+      throw new Error(`GitHub did not provide a download URL for '${entry.path}'.`);
+    }
+    files.push({
+      path: entry.path,
+      sourceUrl: entry.download_url
+    });
+  }
+  return files;
+}
+async function fetchRemoteText(sourceUrl, fetchImpl) {
+  const response = await fetchImpl(sourceUrl, {
+    headers: {
+      Accept: "text/plain"
+    },
+    signal: AbortSignal.timeout(1e4)
+  });
+  if (!response.ok) {
+    throw new Error(`GitHub returned HTTP ${response.status} while downloading ${sourceUrl}.`);
+  }
+  return readResponseText(response);
+}
+function writeManagedFile(path, content, label, sourceUrl) {
+  const existing = readTextIfExists(path);
+  const changed = existing !== content;
+  if (changed) {
+    writeTextFile(path, content);
+  }
+  return {
+    label,
+    path,
+    changed,
+    ...sourceUrl ? { sourceUrl } : {}
+  };
+}
+function resolveSkillPackNames(requested = []) {
+  if (requested.length === 0 || requested.includes("all")) {
+    return [...DEFAULT_ORGX_SKILL_PACKS];
+  }
+  const seen = /* @__PURE__ */ new Set();
+  const normalized = [];
+  for (const name of requested) {
+    const next = name.trim();
+    if (!next || seen.has(next)) {
+      continue;
+    }
+    seen.add(next);
+    normalized.push(next);
+  }
+  return normalized;
+}
+async function fetchAvailablePackNames(fetchImpl, ref) {
+  const entries = await fetchDirectoryEntries("", fetchImpl, ref);
+  return entries.filter((e) => e.type === "dir" && !EXCLUDED_PACK_DIRS.has(e.name)).map((e) => e.name);
+}
+async function installSkillPack(skillName, claudeSkillsDir, fetchImpl, ref) {
+  const rootPath = skillName;
+  const files = await listRemoteSkillFiles(rootPath, fetchImpl, ref);
+  const writes = [];
+  for (const file of files) {
+    const content = await fetchRemoteText(file.sourceUrl, fetchImpl);
+    const relativePath = file.path.slice(`${rootPath}/`.length);
+    writes.push(
+      writeManagedFile(
+        join2(claudeSkillsDir, skillName, relativePath),
+        content,
+        `${skillName}/${relativePath}`,
+        file.sourceUrl
+      )
+    );
+  }
+  return {
+    name: skillName,
+    files: writes
+  };
+}
+async function installOrgxSkills(options = {}) {
+  const fetchImpl = options.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error("Global fetch is unavailable in this runtime.");
+  }
+  const ref = options.ref ?? ORGX_SKILLS_REF;
+  const claudeSkillsDir = options.claudeSkillsDir ?? CLAUDE_SKILLS_DIR;
+  const claudeOrgxSkillPath = options.claudeOrgxSkillPath ?? CLAUDE_ORGX_SKILL_PATH;
+  const cursorRulePath = options.cursorRulePath ?? CURSOR_ORGX_RULE_PATH;
+  const requestedNames = options.skillNames ?? [];
+  let skillNames;
+  if (requestedNames.length === 0 || requestedNames.includes("all")) {
+    try {
+      skillNames = await fetchAvailablePackNames(fetchImpl, ref);
+    } catch {
+      skillNames = [...DEFAULT_ORGX_SKILL_PACKS];
+    }
+  } else {
+    skillNames = resolveSkillPackNames(requestedNames);
+  }
+  const writes = [
+    writeManagedFile(cursorRulePath, CURSOR_RULES_CONTENT, "cursor-rules"),
+    writeManagedFile(claudeOrgxSkillPath, CLAUDE_ORGX_SKILL_CONTENT, "claude-orgx-skill")
+  ];
+  const packs = [];
+  for (const skillName of skillNames) {
+    packs.push(await installSkillPack(skillName, claudeSkillsDir, fetchImpl, ref));
+  }
+  return {
+    writes,
+    packs
+  };
+}
+
+// src/lib/setup-workspace.ts
+var CREATE_WORKSPACE_VALUE = "__create_workspace__";
+var SKIP_WORKSPACE_VALUE = "__skip_workspace__";
+function trimDescription(value) {
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : void 0;
+}
+function cancelResult(prompts, message = "Workspace bootstrap cancelled.") {
+  prompts.cancel(message);
+  return {
+    message,
+    status: "cancelled"
+  };
+}
+function buildWorkspaceLabel(workspace, currentWorkspaceId) {
+  const suffixes = [];
+  if (workspace.isDefault) {
+    suffixes.push("default");
+  }
+  if (workspace.id === currentWorkspaceId) {
+    suffixes.push("current");
+  }
+  if (suffixes.length === 0) {
+    return workspace.name;
+  }
+  return `${workspace.name} (${suffixes.join(", ")})`;
+}
+function buildWorkspaceSelectOptions(workspaces, currentWorkspaceId) {
+  const options = workspaces.map((workspace) => ({
+    value: workspace.id,
+    label: buildWorkspaceLabel(workspace, currentWorkspaceId),
+    ...workspace.description ? { hint: workspace.description } : {}
+  }));
+  options.push(
+    {
+      value: CREATE_WORKSPACE_VALUE,
+      label: "Create a new workspace",
+      hint: "Name it here and set it as the default for this machine."
+    },
+    {
+      value: SKIP_WORKSPACE_VALUE,
+      label: "Skip for now",
+      hint: "Leave workspace selection unchanged and finish setup."
+    }
+  );
+  return options;
+}
+async function promptForWorkspaceName(prompts) {
+  return prompts.text({
+    message: "Workspace name",
+    placeholder: "Founders",
+    validate(value) {
+      if (!value || value.trim().length === 0) {
+        return "Workspace name is required.";
+      }
+      return void 0;
+    }
+  });
+}
+async function promptForWorkspaceDescription(prompts) {
+  return prompts.text({
+    message: "Workspace description",
+    placeholder: "Optional"
+  });
+}
+async function createAndSelectWorkspace(client, prompts) {
+  const name = await promptForWorkspaceName(prompts);
+  if (prompts.isCancel(name)) {
+    return cancelResult(prompts);
+  }
+  if (typeof name !== "string") {
+    return cancelResult(prompts);
+  }
+  const description = await promptForWorkspaceDescription(prompts);
+  if (prompts.isCancel(description)) {
+    return cancelResult(prompts);
+  }
+  if (typeof description !== "string") {
+    return cancelResult(prompts);
+  }
+  const trimmedDescription = trimDescription(description);
+  const createWorkspaceInput = trimmedDescription ? { name, description: trimmedDescription } : { name };
+  const created = await client.createWorkspace(createWorkspaceInput);
+  if (created.isDefault) {
+    return {
+      created: true,
+      defaultChanged: false,
+      message: `Created "${created.name}" and it is already the default OrgX workspace.`,
+      status: "updated",
+      workspace: created
+    };
+  }
+  const promoted = await client.setDefaultWorkspace({ id: created.id });
+  return {
+    created: true,
+    defaultChanged: promoted.changed,
+    message: `Created "${promoted.workspace.name}" and set it as the default OrgX workspace.`,
+    status: "updated",
+    workspace: promoted.workspace
+  };
+}
+async function runWorkspaceSetup(client, prompts, options) {
+  if (!options.interactive) {
+    return {
+      message: "Interactive workspace bootstrap skipped because this shell is not attached to a TTY.",
+      status: "skipped"
+    };
+  }
+  const workspaces = await client.listWorkspaces();
+  const currentWorkspace = workspaces.length > 0 ? await client.getCurrentWorkspace().catch(() => workspaces.find((workspace) => workspace.isDefault) ?? null) : null;
+  if (workspaces.length === 0) {
+    const action = await prompts.select({
+      message: "No OrgX workspaces were found. What should setup do next?",
+      options: [
+        {
+          value: CREATE_WORKSPACE_VALUE,
+          label: "Create a new workspace",
+          hint: "Create one now and set it as the default for this machine."
+        },
+        {
+          value: SKIP_WORKSPACE_VALUE,
+          label: "Skip for now",
+          hint: "Finish surface setup without creating a workspace."
+        }
+      ],
+      initialValue: CREATE_WORKSPACE_VALUE
+    });
+    if (prompts.isCancel(action)) {
+      return cancelResult(prompts);
+    }
+    if (action === SKIP_WORKSPACE_VALUE) {
+      return {
+        message: "Workspace bootstrap skipped.",
+        status: "skipped"
+      };
+    }
+    return createAndSelectWorkspace(client, prompts);
+  }
+  const initialWorkspaceId = currentWorkspace?.id ?? workspaces.find((workspace) => workspace.isDefault)?.id ?? workspaces[0]?.id;
+  const selected = await prompts.select({
+    message: "Choose the OrgX workspace this machine should use by default.",
+    options: buildWorkspaceSelectOptions(
+      workspaces,
+      currentWorkspace?.id ?? workspaces.find((workspace) => workspace.isDefault)?.id
+    ),
+    ...initialWorkspaceId ? { initialValue: initialWorkspaceId } : {}
+  });
+  if (prompts.isCancel(selected)) {
+    return cancelResult(prompts);
+  }
+  if (typeof selected !== "string") {
+    return cancelResult(prompts);
+  }
+  if (selected === SKIP_WORKSPACE_VALUE) {
+    return {
+      message: "Workspace bootstrap skipped.",
+      status: "skipped",
+      ...currentWorkspace ? { workspace: currentWorkspace } : {}
+    };
+  }
+  if (selected === CREATE_WORKSPACE_VALUE) {
+    return createAndSelectWorkspace(client, prompts);
+  }
+  const chosenWorkspace = workspaces.find((workspace) => workspace.id === selected);
+  if (!chosenWorkspace) {
+    throw new Error(`Selected workspace ${selected} is no longer available.`);
+  }
+  if (chosenWorkspace.isDefault) {
+    return {
+      defaultChanged: false,
+      message: `"${chosenWorkspace.name}" is already the default OrgX workspace.`,
+      status: "unchanged",
+      workspace: chosenWorkspace
+    };
+  }
+  const promoted = await client.setDefaultWorkspace({ id: chosenWorkspace.id });
+  return {
+    defaultChanged: promoted.changed,
+    message: `Set "${promoted.workspace.name}" as the default OrgX workspace.`,
+    status: promoted.changed ? "updated" : "unchanged",
+    workspace: promoted.workspace
+  };
+}
+
+// src/lib/founder-preset.ts
+async function runFounderPreset(prompts, options) {
+  const surfaceResults = await setupDetectedSurfaces();
+  const skillReport = await installOrgxSkills({
+    skillNames: [...DEFAULT_ORGX_SKILL_PACKS]
+  });
+  let workspaceSetup;
+  let workspace = await getCurrentWorkspace().catch(() => null);
+  if (workspace || options.interactive) {
+    workspaceSetup = await runWorkspaceSetup(
+      {
+        createWorkspace,
+        getCurrentWorkspace,
+        listWorkspaces,
+        setDefaultWorkspace
+      },
+      prompts,
+      options
+    );
+    if (workspaceSetup.status === "cancelled") {
+      return workspaceSetup;
+    }
+    workspace = workspaceSetup.workspace ?? workspace ?? await getCurrentWorkspace().catch(() => null);
+  }
+  const continuity = persistContinuityDefaults({
+    statuses: listSurfaceStatuses(),
+    workspace
+  });
+  let demoInitiative;
+  if (workspace) {
+    demoInitiative = await ensureFounderDemoInitiative(workspace);
+  }
+  return {
+    continuity,
+    ...demoInitiative ? { demoInitiative } : {},
+    skillReport,
+    surfaceResults,
+    workspace,
+    ...workspaceSetup ? { workspaceSetup } : {}
+  };
+}
+
+// src/lib/mutation-output.ts
+function summarizeMutationResults(results) {
+  return results.map((result) => ({
+    name: result.name,
+    state: result.changed ? "updated" : "unchanged",
+    message: result.message
+  }));
+}
+
+// src/spinner.ts
+import ora from "ora";
+import pc2 from "picocolors";
+var frames = ["[    ]", "[=   ]", "[==  ]", "[=== ]", "[ ===]", "[  ==]", "[   =]"];
+function createOrgxSpinner(text2) {
+  return ora({
+    text: pc2.cyan(text2),
+    spinner: {
+      interval: 90,
+      frames
+    }
+  });
+}
+
+// src/cli.ts
+function formatAuthSource(source) {
+  switch (source) {
+    case "environment":
+      return "ORGX_API_KEY";
+    case "wizard-store":
+      return "wizard auth store";
+    case "openclaw-config-file":
+      return "OpenClaw config";
+    default:
+      return "not configured";
+  }
+}
+function printSurfaceTable(statuses) {
+  for (const status of statuses) {
+    const state = status.configured ? pc3.green("configured") : status.detected ? pc3.yellow("detected") : pc3.dim("not detected");
+    const mode = status.mode === "automated" ? pc3.cyan("auto") : pc3.magenta("manual");
+    console.log(`${pc3.bold(status.name.padEnd(10))} ${mode.padEnd(14)} ${state}`);
+    console.log(`  ${status.summary}`);
+    if (status.path) {
+      console.log(`  path: ${status.path}`);
+    }
+    for (const detail of status.details) {
+      console.log(`  - ${detail}`);
+    }
+  }
+}
+function printMutationResults(results) {
+  for (const result of summarizeMutationResults(results)) {
+    const marker = result.state === "updated" ? pc3.green("updated") : pc3.yellow("unchanged");
+    console.log(`${pc3.bold(result.name)} ${marker} ${result.message}`);
+  }
+}
+function printSkillInstallReport(report) {
+  for (const write of report.writes) {
+    const marker = write.changed ? pc3.green("updated") : pc3.yellow("unchanged");
+    console.log(`${pc3.bold(write.label)} ${marker} ${write.path}`);
+  }
+  for (const pack of report.packs) {
+    const changedCount = pack.files.filter((file) => file.changed).length;
+    const marker = changedCount > 0 ? pc3.green("updated") : pc3.yellow("unchanged");
+    console.log(
+      `${pc3.bold(pack.name)} ${marker} ${changedCount}/${pack.files.length} files written`
+    );
+    for (const file of pack.files) {
+      const state = file.changed ? "updated" : "unchanged";
+      console.log(`  - ${state} ${file.path}`);
+    }
+  }
+}
+function printWorkspace(workspace) {
+  console.log(
+    `${pc3.bold(workspace.name)}${workspace.isDefault ? ` ${pc3.green("(default)")}` : ""}`
+  );
+  console.log(`  id: ${workspace.id}`);
+  if (workspace.description) {
+    console.log(`  description: ${workspace.description}`);
+  }
+  if (workspace.createdAt) {
+    console.log(`  created: ${workspace.createdAt}`);
+  }
+  if (workspace.updatedAt) {
+    console.log(`  updated: ${workspace.updatedAt}`);
+  }
+}
+function printWorkspaceList(workspaces) {
+  if (workspaces.length === 0) {
+    console.log(pc3.yellow("No workspaces found for this OrgX user."));
+    return;
+  }
+  for (const workspace of workspaces) {
+    printWorkspace(workspace);
+  }
+}
+function printWorkspaceSetupResult(result) {
+  console.log(pc3.bold("workspace bootstrap"));
+  const statusLabel = result.status === "updated" ? pc3.green("updated") : result.status === "unchanged" ? pc3.yellow("unchanged") : pc3.dim(result.status);
+  console.log(`  ${statusLabel} ${result.message}`);
+  if (result.workspace) {
+    console.log(`  workspace: ${result.workspace.name}`);
+    console.log(`  id: ${result.workspace.id}`);
+    if (result.workspace.isDefault) {
+      console.log("  default: yes");
+    }
+  }
+}
+function printFounderPresetResult(result) {
+  printMutationResults(result.surfaceResults);
+  console.log("");
+  printSkillInstallReport(result.skillReport);
+  if (result.workspaceSetup) {
+    console.log("");
+    printWorkspaceSetupResult(result.workspaceSetup);
+  }
+  if (result.demoInitiative) {
+    console.log("");
+    console.log(pc3.bold("demo initiative"));
+    console.log(
+      `  ${result.demoInitiative.created ? pc3.green("created") : pc3.yellow("unchanged")} ${result.demoInitiative.initiative.title}`
+    );
+    console.log(`  live: ${result.demoInitiative.liveUrl}`);
+  }
+}
+function normalizePromptResult(value) {
+  return value;
+}
+async function selectPrompt(input) {
+  const promptInput = input.initialValue ? { ...input, initialValue: input.initialValue } : { message: input.message, options: input.options };
+  return normalizePromptResult(await clack.select(promptInput));
+}
+async function textPrompt(input) {
+  const promptInput = input.initialValue ? { ...input, initialValue: input.initialValue } : {
+    message: input.message,
+    ...input.placeholder ? { placeholder: input.placeholder } : {},
+    ...input.validate ? { validate: input.validate } : {}
+  };
+  return normalizePromptResult(await clack.text(promptInput));
+}
+async function verifyAndPersistAuth(apiKey, options) {
+  const trimmedKey = apiKey.trim();
+  if (!trimmedKey.toLowerCase().startsWith("oxk_")) {
+    throw new Error("Expected a per-user OrgX API key that starts with oxk_.");
+  }
+  const baseUrl = normalizeOrgxBaseUrl(options.baseUrl);
+  const verification = await verifyOrgxAuth({
+    apiKey: trimmedKey,
+    keyPrefix: trimmedKey.slice(0, 12),
+    baseUrl,
+    source: "wizard-store"
+  });
+  if (!verification.ok) {
+    return { verification };
+  }
+  const stored = await writeWizardAuth({
+    apiKey: trimmedKey,
+    baseUrl,
+    verifiedAt: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  const openclawResults = detectSurface("openclaw").detected ? await addSurface("openclaw") : [];
+  return { openclawResults, stored, verification };
+}
+async function syncContinuityAfterAuth(seed = {}) {
+  try {
+    const workspace = await getCurrentWorkspace().catch(() => null);
+    persistContinuityDefaults({
+      ...seed.executionMode !== void 0 ? { executionMode: seed.executionMode } : {},
+      workspace,
+      workspaceName: seed.workspaceName ?? workspace?.name ?? null
+    });
+  } catch {
+  }
+}
+function printOpenClawHealth(check) {
+  console.log(pc3.bold("openclaw runtime"));
+  if (check.skipped) {
+    console.log(`  ${pc3.yellow(check.error ?? "Gateway health check skipped.")}`);
+  } else if (check.ok) {
+    const via = check.method === "cli" ? "CLI" : "HTTP";
+    console.log(`  ${pc3.green(`healthy via ${via}`)}`);
+  } else {
+    const via = check.method === "none" ? "unavailable" : check.method.toUpperCase();
+    console.log(`  ${pc3.red(`unhealthy via ${via}`)} ${check.error ?? "unknown error"}`);
+  }
+  if (check.url) {
+    console.log(`  url: ${check.url}`);
+  }
+  for (const detail of check.details) {
+    console.log(`  - ${detail}`);
+  }
+}
+function printHostedMcpHealth(check) {
+  console.log(pc3.bold("hosted mcp"));
+  if (check.skipped) {
+    console.log(`  ${pc3.yellow(check.error ?? "Hosted MCP health check skipped.")}`);
+  } else if (check.ok) {
+    console.log(`  ${pc3.green("reachable")}`);
+  } else {
+    console.log(`  ${pc3.red("unreachable")} ${check.error ?? "unknown error"}`);
+  }
+  console.log(`  url: ${check.url}`);
+  for (const detail of check.details) {
+    console.log(`  - ${detail}`);
+  }
+}
+function printHostedMcpToolCheck(check) {
+  console.log(pc3.bold("hosted mcp tool call"));
+  if (check.skipped) {
+    console.log(`  ${pc3.yellow(check.error ?? "Hosted MCP tool verification skipped.")}`);
+  } else if (check.ok) {
+    console.log(`  ${pc3.green("authenticated tool call ok")}`);
+  } else {
+    console.log(`  ${pc3.red("authenticated tool call failed")} ${check.error ?? "unknown error"}`);
+  }
+  console.log(`  tool: ${check.toolName}`);
+  console.log(`  url: ${check.url}`);
+  if (check.source !== "none") {
+    console.log(`  auth source: ${formatAuthSource(check.source)}`);
+  }
+  if (check.baseUrl) {
+    console.log(`  base url: ${check.baseUrl}`);
+  }
+  if (check.initializeStatus !== void 0) {
+    console.log(`  initialize status: ${check.initializeStatus}`);
+  }
+  if (check.callStatus !== void 0) {
+    console.log(`  tool call status: ${check.callStatus}`);
+  }
+  for (const detail of check.details) {
+    console.log(`  - ${detail}`);
+  }
+}
+function printNpmRegistryHealth(check) {
+  console.log(pc3.bold("npm registry"));
+  if (!check.reachable) {
+    console.log(`  ${pc3.red("unreachable")} ${check.error ?? "unknown error"}`);
+  } else if (check.published) {
+    console.log(
+      `  ${pc3.green("reachable")} ${check.packageName}${check.version ? `@${check.version}` : ""}`
+    );
+  } else {
+    console.log(`  ${pc3.yellow("reachable")} ${check.error ?? `${check.packageName} is not published yet.`}`);
+  }
+  console.log(`  url: ${check.url}`);
+  for (const detail of check.details) {
+    console.log(`  - ${detail}`);
+  }
+}
+function parseTimeoutSeconds(value) {
+  const parsed = Number(value);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    throw new Error("--timeout must be a positive number of seconds.");
+  }
+  return parsed;
+}
+function describeBrowserPairingFailure(error) {
+  const message = error instanceof Error ? error.message : String(error);
+  return `${message} Use \`wizard auth login --api-key <oxk_...>\` or \`wizard auth set-key <oxk_...>\` to fall back to a manual key.`;
+}
+function printAuthStatus(status) {
+  console.log(pc3.bold("orgx auth"));
+  if (!status.configured) {
+    console.log(`  ${pc3.yellow(status.error ?? "No OrgX API key configured.")}`);
+    return;
+  }
+  const state = status.ok ? pc3.green("verified") : status.skipped ? pc3.yellow("skipped") : pc3.red("invalid");
+  console.log(
+    `  ${state} ${status.keyPrefix ?? "unknown"} via ${formatAuthSource(status.source)}`
+  );
+  if (status.baseUrl) {
+    console.log(`  base url: ${status.baseUrl}`);
+  }
+  if (status.path) {
+    console.log(`  path: ${status.path}`);
+  }
+  if (status.verifiedAt) {
+    console.log(`  verified at: ${status.verifiedAt}`);
+  }
+  if (!status.ok && status.error) {
+    console.log(`  error: ${status.error}`);
+  }
+}
+function printRemoteSetupStatus(status) {
+  if (status.skipped) {
+    console.log(pc3.yellow(status.error ?? "Remote setup check skipped."));
+    console.log(pc3.dim(describeSetupStatusScope()));
+    return;
+  }
+  if (!status.ok) {
+    console.log(pc3.red(`Remote setup check failed: ${status.error ?? "unknown error"}`));
+    if (status.status) {
+      console.log(`status: ${status.status}`);
+    }
+    return;
+  }
+  console.log(pc3.green(`Remote setup check passed via ${status.url}`));
+  if (status.data) {
+    console.log(JSON.stringify(status.data, null, 2));
+  }
+}
+function printWorkspaceConnectivity(check) {
+  console.log(pc3.bold("workspace connectivity"));
+  if (!check.configured) {
+    console.log(`  ${pc3.yellow(check.error ?? "Workspace connectivity check skipped.")}`);
+    return;
+  }
+  if (!check.ok) {
+    console.log(`  ${pc3.red("unreachable")} ${check.error ?? "unknown error"}`);
+  } else if (check.workspace) {
+    console.log(`  ${pc3.green("reachable")} ${check.workspace.name}`);
+    console.log(`  workspace id: ${check.workspace.id}`);
+    if (check.workspace.isDefault) {
+      console.log("  default: yes");
+    }
+  }
+  if (check.baseUrl) {
+    console.log(`  base url: ${check.baseUrl}`);
+  }
+  for (const detail of check.details) {
+    console.log(`  - ${detail}`);
+  }
+}
+function printDoctorAssessment(report) {
+  console.log(pc3.bold("doctor summary"));
+  if (report.issues.length === 0) {
+    console.log(`  ${pc3.green("ready")} No blocking issues detected.`);
+    return;
+  }
+  const headline = report.ok ? pc3.yellow("warnings only") : pc3.red("blocking issues detected");
+  console.log(`  ${headline}`);
+  for (const issue of report.issues) {
+    const label = issue.level === "error" ? pc3.red("error") : pc3.yellow("warning");
+    console.log(`  ${label} ${issue.title}`);
+    console.log(`  fix: ${issue.suggestion}`);
+  }
+}
+async function main() {
+  const program = new Command();
+  program.name("orgx-wizard").description("One-line CLI onboarding for OrgX surfaces.").showHelpAfterError();
+  program.hook("preAction", () => {
+    console.log(renderBanner());
+  });
+  program.command("setup").description("Patch all detected automated OrgX surfaces.").option("--preset <name>", "run a setup bundle (currently: founder)").action(async (options) => {
+    if (options.preset) {
+      if (options.preset !== "founder") {
+        throw new Error(`Unknown setup preset '${options.preset}'. Supported presets: founder.`);
+      }
+      const spinner2 = createOrgxSpinner("Running founder setup preset");
+      spinner2.start();
+      const presetResult = await runFounderPreset(
+        {
+          cancel: clack.cancel,
+          isCancel: clack.isCancel,
+          select: selectPrompt,
+          text: textPrompt
+        },
+        {
+          interactive: Boolean(process.stdin.isTTY && process.stdout.isTTY)
+        }
+      );
+      if ("status" in presetResult) {
+        spinner2.stop();
+        if (presetResult.status === "cancelled") {
+          return;
+        }
+        printWorkspaceSetupResult(presetResult);
+        return;
+      }
+      spinner2.succeed("Founder setup preset complete");
+      printFounderPresetResult(presetResult);
+      console.log("");
+      const doctor2 = await runDoctor();
+      printSurfaceTable(doctor2.surfaces);
+      console.log("");
+      printAuthStatus(doctor2.auth);
+      console.log("");
+      printHostedMcpHealth(doctor2.hostedMcp);
+      console.log("");
+      printHostedMcpToolCheck(doctor2.hostedMcpTool);
+      console.log("");
+      printNpmRegistryHealth(doctor2.npmRegistry);
+      console.log("");
+      printWorkspaceConnectivity(doctor2.workspace);
+      console.log("");
+      printOpenClawHealth(doctor2.openclaw);
+      console.log("");
+      printRemoteSetupStatus(doctor2.remote);
+      console.log("");
+      const assessment2 = assessDoctorReport(doctor2);
+      printDoctorAssessment(assessment2);
+      if (!assessment2.ok) {
+        process.exitCode = 1;
+      }
+      return;
+    }
+    const spinner = createOrgxSpinner("Configuring detected OrgX surfaces");
+    spinner.start();
+    const results = await setupDetectedSurfaces();
+    spinner.succeed("Detected surfaces configured");
+    printMutationResults(results);
+    const resolvedAuth = await resolveOrgxAuth();
+    if (resolvedAuth) {
+      console.log("");
+      const workspaceSetup = await runWorkspaceSetup(
+        {
+          createWorkspace,
+          getCurrentWorkspace,
+          listWorkspaces,
+          setDefaultWorkspace
+        },
+        {
+          cancel: clack.cancel,
+          isCancel: clack.isCancel,
+          select: selectPrompt,
+          text: textPrompt
+        },
+        {
+          interactive: Boolean(process.stdin.isTTY && process.stdout.isTTY)
+        }
+      );
+      if (workspaceSetup.status !== "cancelled") {
+        printWorkspaceSetupResult(workspaceSetup);
+      } else {
+        return;
+      }
+    }
+    console.log("");
+    const doctor = await runDoctor();
+    printSurfaceTable(doctor.surfaces);
+    console.log("");
+    printAuthStatus(doctor.auth);
+    console.log("");
+    printHostedMcpHealth(doctor.hostedMcp);
+    console.log("");
+    printHostedMcpToolCheck(doctor.hostedMcpTool);
+    console.log("");
+    printNpmRegistryHealth(doctor.npmRegistry);
+    console.log("");
+    printWorkspaceConnectivity(doctor.workspace);
+    console.log("");
+    printOpenClawHealth(doctor.openclaw);
+    console.log("");
+    printRemoteSetupStatus(doctor.remote);
+    console.log("");
+    const assessment = assessDoctorReport(doctor);
+    printDoctorAssessment(assessment);
+    if (!assessment.ok) {
+      process.exitCode = 1;
+    }
+  });
+  const auth = program.command("auth").description("Manage OrgX API key auth for the wizard.");
+  auth.command("status").description("Show the resolved OrgX API key source and verify it against OrgX.").action(async () => {
+    const spinner = createOrgxSpinner("Checking OrgX auth");
+    spinner.start();
+    const status = await checkOrgxAuth();
+    spinner.stop();
+    printAuthStatus(status);
+  });
+  auth.command("login").description("Start browser pairing for OrgX auth, with direct API key fallback for CI and blocked browsers.").option("--api-key <key>", "Bypass browser pairing and verify this OrgX API key directly.").option("--base-url <url>", "OrgX base URL").option("--device-name <name>", "Device name shown during browser approval.").option("--no-open", "Do not automatically open the browser connect URL.").option("--timeout <seconds>", "How long to wait for browser pairing before giving up.", parseTimeoutSeconds, 600).action(async (options) => {
+    if (options.apiKey) {
+      const spinner2 = createOrgxSpinner("Verifying OrgX API key");
+      spinner2.start();
+      const result = await verifyAndPersistAuth(options.apiKey, options);
+      if (!("stored" in result)) {
+        spinner2.fail("OrgX API key verification failed");
+        printAuthStatus(result.verification);
+        return;
+      }
+      spinner2.succeed("OrgX API key verified and saved");
+      await syncContinuityAfterAuth();
+      printAuthStatus({
+        ...result.verification,
+        source: "wizard-store",
+        path: ORGX_WIZARD_AUTH_PATH,
+        verifiedAt: result.stored.verifiedAt
+      });
+      if (result.openclawResults.length > 0) {
+        console.log("");
+        printMutationResults(result.openclawResults);
+      }
+      return;
+    }
+    const installationId = getOrCreateWizardInstallationId();
+    const spinner = createOrgxSpinner("Starting OrgX browser pairing");
+    spinner.start();
+    try {
+      const pairing = await startBrowserPairing({
+        installationId,
+        baseUrl: options.baseUrl,
+        deviceName: options.deviceName ?? hostname(),
+        platform: process.platform
+      });
+      spinner.succeed("OrgX browser pairing started");
+      console.log(`Open to continue: ${pairing.connectUrl}`);
+      if (options.open !== false) {
+        const openResult = openBrowser(pairing.connectUrl);
+        if (!openResult.ok && openResult.error) {
+          console.log(pc3.yellow(`Browser open failed: ${openResult.error}`));
+        }
+      }
+      spinner.start();
+      spinner.text = pc3.cyan("Waiting for OrgX browser approval");
+      const ready = await waitForBrowserPairing({
+        baseUrl: options.baseUrl,
+        pairingId: pairing.pairingId,
+        pollIntervalMs: pairing.pollIntervalMs,
+        pollToken: pairing.pollToken,
+        timeoutMs: options.timeout * 1e3
+      });
+      spinner.text = pc3.cyan("Verifying OrgX API key");
+      const result = await verifyAndPersistAuth(ready.key, options);
+      if (!("stored" in result)) {
+        spinner.fail("OrgX browser pairing delivered an invalid API key");
+        printAuthStatus(result.verification);
+        return;
+      }
+      await acknowledgeBrowserPairing({
+        baseUrl: options.baseUrl,
+        pairingId: pairing.pairingId,
+        pollToken: pairing.pollToken
+      }).catch((error) => {
+        console.log(pc3.yellow(`Pairing acknowledge failed: ${error instanceof Error ? error.message : String(error)}`));
+      });
+      spinner.succeed("OrgX browser pairing completed");
+      await syncContinuityAfterAuth({
+        executionMode: ready.executionMode,
+        workspaceName: ready.workspaceName
+      });
+      printAuthStatus({
+        ...result.verification,
+        source: "wizard-store",
+        path: ORGX_WIZARD_AUTH_PATH,
+        verifiedAt: result.stored.verifiedAt
+      });
+      if (ready.workspaceName) {
+        console.log(`workspace: ${ready.workspaceName}`);
+      }
+      if (result.openclawResults.length > 0) {
+        console.log("");
+        printMutationResults(result.openclawResults);
+      }
+    } catch (error) {
+      spinner.fail("OrgX browser pairing failed");
+      console.log(pc3.red(describeBrowserPairingFailure(error)));
+    }
+  });
+  auth.command("set-key").description("Verify and persist a per-user OrgX API key for the wizard.").argument("<apiKey>", "per-user OrgX API key (oxk_...)").option("--base-url <url>", "OrgX base URL").action(async (apiKey, options) => {
+    const spinner = createOrgxSpinner("Verifying OrgX API key");
+    spinner.start();
+    const result = await verifyAndPersistAuth(apiKey, options);
+    if (!("stored" in result)) {
+      spinner.fail("OrgX API key verification failed");
+      printAuthStatus(result.verification);
+      return;
+    }
+    spinner.succeed("OrgX API key verified and saved");
+    await syncContinuityAfterAuth();
+    printAuthStatus({
+      ...result.verification,
+      source: "wizard-store",
+      path: ORGX_WIZARD_AUTH_PATH,
+      verifiedAt: result.stored.verifiedAt
+    });
+    if (result.openclawResults.length > 0) {
+      console.log("");
+      printMutationResults(result.openclawResults);
+    }
+  });
+  auth.command("clear").description("Remove the wizard-local saved OrgX API key.").action(async () => {
+    const removed = await clearWizardAuth();
+    if (removed) {
+      console.log(pc3.green("Removed the wizard-local OrgX API key."));
+    } else {
+      console.log(pc3.yellow("No wizard-local OrgX API key was stored."));
+    }
+    const resolved = await resolveOrgxAuth();
+    if (resolved) {
+      console.log(
+        `Effective OrgX auth still resolves from ${formatAuthSource(resolved.source)} (${resolved.keyPrefix}).`
+      );
+    }
+  });
+  const surface = program.command("surface").description("Manage supported OrgX surfaces.");
+  surface.command("list").description("Show supported surfaces and their current status.").action(() => {
+    printSurfaceTable(listSurfaceStatuses());
+  });
+  surface.command("add").description("Patch one surface or all automated surfaces.").argument("<names...>", "surface names or 'all'").action(async (names) => {
+    const results = await addSurface(names);
+    printMutationResults(results);
+  });
+  surface.command("remove").description("Remove OrgX-managed config from one surface or all automated surfaces.").argument("<names...>", "surface names or 'all'").action((names) => {
+    const results = removeSurface(names);
+    printMutationResults(results);
+  });
+  const mcp = program.command("mcp").description("Manage OrgX MCP entries for Claude, Cursor, Codex, VS Code, Windsurf, and Zed.");
+  mcp.command("add").description("Add OrgX MCP entries to one client or all supported MCP clients.").argument("[surfaces...]", "claude, cursor, codex, vscode, windsurf, zed, or all", ["all"]).action(async (names) => {
+    const results = await addMcpSurface(names);
+    printMutationResults(results);
+  });
+  mcp.command("remove").description("Remove OrgX MCP entries from one client or all supported MCP clients.").argument("[surfaces...]", "claude, cursor, codex, vscode, windsurf, zed, or all", ["all"]).action((names) => {
+    const results = removeMcpSurface(names);
+    printMutationResults(results);
+  });
+  const workspace = program.command("workspace").description("Inspect and create OrgX workspaces.");
+  workspace.command("current").description("Show the current OrgX workspace.").action(async () => {
+    const spinner = createOrgxSpinner("Loading current OrgX workspace");
+    spinner.start();
+    const current = await getCurrentWorkspace();
+    spinner.stop();
+    if (!current) {
+      console.log(pc3.yellow("No OrgX workspaces found for the current user."));
+      return;
+    }
+    printWorkspace(current);
+  });
+  workspace.command("list").description("List OrgX workspaces accessible with the current API key.").action(async () => {
+    const spinner = createOrgxSpinner("Loading OrgX workspaces");
+    spinner.start();
+    const workspaces = await listWorkspaces();
+    spinner.stop();
+    printWorkspaceList(workspaces);
+  });
+  workspace.command("create").description("Create a new OrgX workspace.").argument("<name>", "workspace name").option("--description <text>", "workspace description").action(async (name, options) => {
+    const spinner = createOrgxSpinner("Creating OrgX workspace");
+    spinner.start();
+    const created = await createWorkspace(
+      {
+        name,
+        ...options.description ? { description: options.description } : {}
+      }
+    );
+    spinner.succeed("OrgX workspace created");
+    printWorkspace(created);
+    if (!created.isDefault) {
+      console.log("");
+      console.log(pc3.dim(`Run \`wizard workspace set-default ${created.id}\` to promote it.`));
+    }
+  });
+  workspace.command("set-default").description("Set the default OrgX workspace.").argument("<id>", "workspace id").action(async (id) => {
+    const spinner = createOrgxSpinner("Updating default OrgX workspace");
+    spinner.start();
+    const result = await setDefaultWorkspace({ id });
+    spinner.succeed(
+      result.changed ? "Default OrgX workspace updated" : "OrgX workspace already set as default"
+    );
+    printWorkspace(result.workspace);
+  });
+  program.command("doctor").description("Verify local OrgX surface config and optional remote setup status.").action(async () => {
+    const spinner = createOrgxSpinner("Running OrgX doctor");
+    spinner.start();
+    const report = await runDoctor();
+    spinner.stop();
+    printSurfaceTable(report.surfaces);
+    console.log("");
+    printAuthStatus(report.auth);
+    console.log("");
+    printHostedMcpHealth(report.hostedMcp);
+    console.log("");
+    printHostedMcpToolCheck(report.hostedMcpTool);
+    console.log("");
+    printNpmRegistryHealth(report.npmRegistry);
+    console.log("");
+    printWorkspaceConnectivity(report.workspace);
+    console.log("");
+    printOpenClawHealth(report.openclaw);
+    console.log("");
+    printRemoteSetupStatus(report.remote);
+    console.log("");
+    const assessment = assessDoctorReport(report);
+    printDoctorAssessment(assessment);
+    if (!assessment.ok) {
+      process.exitCode = 1;
+    }
+  });
+  const skills = program.command("skills").description("Install OrgX rules and Claude skill packs.");
+  skills.command("add").description("Write Cursor and Claude OrgX rules and install OrgX Claude skill packs.").argument("[packs...]", "skill pack names or 'all'", ["all"]).action(async (packs) => {
+    const selectedPacks = resolveSkillPackNames(packs);
+    const spinner = createOrgxSpinner("Installing OrgX rules and skills");
+    spinner.start();
+    const report = await installOrgxSkills({ skillNames: selectedPacks });
+    spinner.succeed("OrgX rules and skills installed");
+    printSkillInstallReport(report);
+  });
+  await program.parseAsync(process.argv);
+}
+main().catch((error) => {
+  console.error(pc3.red(error instanceof Error ? error.message : String(error)));
+  process.exitCode = 1;
+});
+//# sourceMappingURL=cli.js.map