@usevalt/cli 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Valt
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,55 @@
+# @usevalt/cli
+
+Command-line tool for [Valt](https://usevalt.com) — the trust layer for AI-assisted development.
+
+## Installation
+
+```bash
+npm install -g @usevalt/cli
+# or use npx
+npx @usevalt/cli init
+```
+
+## Setup
+
+```bash
+valt init          # Interactive setup — creates .valtrc.json
+valt login         # Authenticate via browser
+valt doctor        # Verify configuration and connectivity
+```
+
+## Commands
+
+| Command | Description |
+|---------|-------------|
+| `valt init` | Interactive project setup |
+| `valt login` | Authenticate via browser OAuth |
+| `valt status` | Show recent session activity |
+| `valt sessions [id]` | List or view sessions |
+| `valt analyze` | Run evaluation on current git diff |
+| `valt verify <commit>` | Check Valt Verified status of a commit |
+| `valt cert generate --session <id>` | Generate certificate for a session |
+| `valt cert show <number>` | Display certificate details |
+| `valt costs [--period 7d\|30d\|90d]` | Show cost summary |
+| `valt proxy start\|status\|stop` | Manage MCP proxy |
+| `valt config set\|get\|list` | Manage configuration |
+| `valt whoami` | Show current user and org |
+| `valt doctor` | Check configuration and connectivity |
+
+## Configuration
+
+Create `.valtrc.json` in your project root (or run `valt init`):
+
+```json
+{
+  "apiKey": "valt_sk_live_...",
+  "endpoint": "https://api.usevalt.com",
+  "projectSlug": "my-project"
+}
+```
+
+Configuration priority: environment variables > `.valtrc.json` in current or parent directories.
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+
+export {  }

package/dist/index.js

@@ -0,0 +1,677 @@
+#!/usr/bin/env node
+
+// src/index.ts
+import { Command as Command13 } from "commander";
+
+// src/commands/init.ts
+import { Command } from "commander";
+
+// src/lib/config.ts
+import { readFileSync, writeFileSync, existsSync } from "fs";
+import { resolve } from "path";
+var CONFIG_FILE = ".valtrc.json";
+function findConfigPath(startDir = process.cwd()) {
+  let dir = startDir;
+  while (true) {
+    const candidate = resolve(dir, CONFIG_FILE);
+    if (existsSync(candidate)) return candidate;
+    const parent = resolve(dir, "..");
+    if (parent === dir) return null;
+    dir = parent;
+  }
+}
+function readConfig(dir = process.cwd()) {
+  const path = findConfigPath(dir);
+  if (!path) return {};
+  try {
+    return JSON.parse(readFileSync(path, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function writeConfig(config, dir = process.cwd()) {
+  const path = resolve(dir, CONFIG_FILE);
+  writeFileSync(path, JSON.stringify(config, null, 2) + "\n", "utf-8");
+}
+function getApiKey() {
+  const envKey = process.env.VALT_API_KEY;
+  if (envKey) return envKey;
+  const config = readConfig();
+  return config.apiKey ?? null;
+}
+function getEndpoint() {
+  const config = readConfig();
+  return config.endpoint ?? process.env.VALT_ENDPOINT ?? "https://api.usevalt.com";
+}
+
+// src/lib/output.ts
+import chalk from "chalk";
+function success(msg) {
+  console.log(chalk.green("\u2714") + " " + msg);
+}
+function error(msg) {
+  console.error(chalk.red("\u2716") + " " + msg);
+}
+function warn(msg) {
+  console.warn(chalk.yellow("\u26A0") + " " + msg);
+}
+function info(msg) {
+  console.log(chalk.blue("\u2139") + " " + msg);
+}
+function dim(msg) {
+  return chalk.dim(msg);
+}
+function bold(msg) {
+  return chalk.bold(msg);
+}
+function formatDate(iso) {
+  return new Date(iso).toLocaleString();
+}
+function formatDuration(ms) {
+  if (ms < 1e3) return `${ms}ms`;
+  if (ms < 6e4) return `${Math.round(ms / 1e3)}s`;
+  return `${Math.round(ms / 6e4)}m`;
+}
+function formatCost(usd) {
+  if (usd === 0) return "$0.00";
+  if (usd < 0.01) return "<$0.01";
+  return `$${usd.toFixed(2)}`;
+}
+function table(rows) {
+  if (rows.length === 0) return;
+  const colWidths = rows[0].map(
+    (_, colIdx) => Math.max(...rows.map((row) => (row[colIdx] ?? "").length))
+  );
+  for (const row of rows) {
+    console.log(
+      row.map((cell, i) => cell.padEnd(colWidths[i] + 2)).join("")
+    );
+  }
+}
+
+// src/commands/init.ts
+import { API_KEY_PREFIX } from "@usevalt/shared";
+var initCommand = new Command("init").description("Initialize Valt in the current project").option("-k, --api-key <key>", "API key").option("-e, --endpoint <url>", "API endpoint").action(async (opts) => {
+  try {
+    const existing = readConfig();
+    const config = { ...existing };
+    if (opts.apiKey) {
+      if (!opts.apiKey.startsWith(API_KEY_PREFIX)) {
+        error(`API key must start with '${API_KEY_PREFIX}'`);
+        process.exit(1);
+      }
+      config.apiKey = opts.apiKey;
+    }
+    if (opts.endpoint) {
+      config.endpoint = opts.endpoint;
+    }
+    writeConfig(config);
+    success("Created .valtrc.json");
+    info("Next steps:");
+    if (!config.apiKey) {
+      info("  1. Add your API key: valt init --api-key <key>");
+    }
+    info("  2. Install the SDK: npm install @usevalt/sdk");
+    info('  3. Start tracking: import { Valt } from "@usevalt/sdk"');
+  } catch (err) {
+    error(`Failed to initialize: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(1);
+  }
+});
+
+// src/commands/login.ts
+import { Command as Command2 } from "commander";
+var loginCommand = new Command2("login").description("Authenticate with Valt (opens browser)").action(async () => {
+  try {
+    info("Opening browser for authentication...");
+    info("Login URL: https://usevalt.com/login");
+    info("");
+    info("To authenticate:");
+    info("  1. Go to https://usevalt.com/settings/api-keys");
+    info("  2. Create an API key");
+    info("  3. Run: valt init --api-key <your-key>");
+  } catch (err) {
+    error(`Login failed: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(1);
+  }
+});
+
+// src/commands/status.ts
+import { Command as Command3 } from "commander";
+
+// src/lib/api.ts
+var ApiError = class extends Error {
+  constructor(status, message) {
+    super(message);
+    this.status = status;
+    this.name = "ApiError";
+  }
+};
+async function apiRequest(path, options = {}) {
+  const apiKey = getApiKey();
+  if (!apiKey) {
+    throw new ApiError(0, "No API key configured. Run `valt init` or set VALT_API_KEY.");
+  }
+  const endpoint = getEndpoint();
+  const url = `${endpoint}${path}`;
+  const response = await fetch(url, {
+    ...options,
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${apiKey}`,
+      ...options.headers
+    }
+  });
+  if (!response.ok) {
+    const body = await response.text().catch(() => "");
+    throw new ApiError(response.status, `API error ${response.status}: ${body}`);
+  }
+  return response.json();
+}
+
+// src/commands/status.ts
+import ora from "ora";
+var statusCommand = new Command3("status").description("Show recent session activity").option("-n, --limit <count>", "Number of sessions to show", "10").action(async (opts) => {
+  const spinner = ora("Fetching sessions...").start();
+  try {
+    const limit = parseInt(opts.limit, 10) || 10;
+    const data = await apiRequest(
+      `/v1/sessions?limit=${limit}`
+    );
+    spinner.stop();
+    if (data.sessions.length === 0) {
+      info("No sessions found. Start tracking with the SDK.");
+      return;
+    }
+    console.log(bold(`Recent Sessions (${data.sessions.length})`));
+    console.log("");
+    const rows = [
+      ["TOOL", "STATUS", "SCORE", "COST", "DURATION", "STARTED", "SUMMARY"]
+    ];
+    for (const s of data.sessions) {
+      rows.push([
+        s.tool,
+        s.status,
+        s.trust_score !== null ? String(s.trust_score) : "-",
+        formatCost(s.total_cost_usd),
+        s.duration_ms ? formatDuration(s.duration_ms) : "-",
+        formatDate(s.started_at),
+        s.prompt_summary?.slice(0, 40) ?? "-"
+      ]);
+    }
+    table(rows);
+  } catch (err) {
+    spinner.stop();
+    if (err instanceof ApiError) {
+      error(err.message);
+    } else {
+      error(`Failed: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/verify.ts
+import { Command as Command4 } from "commander";
+import ora2 from "ora";
+var verifyCommand = new Command4("verify").description("Check Valt Verified status for a commit").argument("<commit>", "Git commit SHA to verify").action(async (commit) => {
+  const spinner = ora2("Verifying commit...").start();
+  try {
+    const data = await apiRequest(
+      `/v1/certificates/verify?commit=${encodeURIComponent(commit)}`
+    );
+    spinner.stop();
+    if (data.verified) {
+      success(`Valt Verified ${bold(data.certificate_number ?? "")}`);
+      info(`  Trust Score: ${data.trust_score ?? "-"}`);
+      info(`  Status: ${data.status ?? "-"}`);
+      info(`  Signature Valid: ${data.signature_valid ? "Yes" : "No"}`);
+      if (data.issued_at) info(`  Issued: ${data.issued_at}`);
+    } else {
+      warn("Not Valt Verified");
+      if (data.reason) info(`  Reason: ${data.reason}`);
+      if (data.certificate_number) info(`  Certificate: ${data.certificate_number}`);
+    }
+  } catch (err) {
+    spinner.stop();
+    if (err instanceof ApiError && err.status === 404) {
+      warn("No certificate found for this commit.");
+    } else if (err instanceof ApiError) {
+      error(err.message);
+    } else {
+      error(`Failed: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/doctor.ts
+import { Command as Command5 } from "commander";
+import { API_KEY_PREFIX as API_KEY_PREFIX2 } from "@usevalt/shared";
+var doctorCommand = new Command5("doctor").description("Check Valt configuration and connectivity").action(async () => {
+  let issues = 0;
+  info("Checking Valt configuration...\n");
+  const configPath = findConfigPath();
+  if (configPath) {
+    success(`Config file: ${dim(configPath)}`);
+  } else {
+    warn("No .valtrc.json found. Run `valt init`.");
+    issues++;
+  }
+  const apiKey = getApiKey();
+  if (apiKey) {
+    if (apiKey.startsWith(API_KEY_PREFIX2)) {
+      success(`API key: ${dim(apiKey.slice(0, 12) + "...")}`);
+    } else {
+      error(`API key has invalid prefix (expected ${API_KEY_PREFIX2})`);
+      issues++;
+    }
+  } else {
+    warn("No API key configured. Set VALT_API_KEY or run `valt init --api-key <key>`.");
+    issues++;
+  }
+  const endpoint = getEndpoint();
+  success(`Endpoint: ${dim(endpoint)}`);
+  if (apiKey) {
+    try {
+      const response = await fetch(`${endpoint}/health`, {
+        signal: AbortSignal.timeout(5e3)
+      });
+      if (response.ok) {
+        success("API connectivity: OK");
+      } else {
+        warn(`API returned status ${response.status}`);
+        issues++;
+      }
+    } catch {
+      error("Cannot reach API endpoint");
+      issues++;
+    }
+  }
+  console.log("");
+  if (issues === 0) {
+    success("All checks passed!");
+  } else {
+    warn(`${issues} issue${issues > 1 ? "s" : ""} found.`);
+  }
+});
+
+// src/commands/whoami.ts
+import { Command as Command6 } from "commander";
+var whoamiCommand = new Command6("whoami").description("Show current authentication status").action(async () => {
+  const apiKey = getApiKey();
+  const config = readConfig();
+  if (!apiKey) {
+    info("Not authenticated. Run `valt init --api-key <key>` to configure.");
+    return;
+  }
+  info(bold("Current Configuration"));
+  info(`  API Key: ${dim(apiKey.slice(0, 12) + "...")}`);
+  info(`  Endpoint: ${dim(getEndpoint())}`);
+  if (config.projectSlug) {
+    info(`  Project: ${dim(config.projectSlug)}`);
+  }
+});
+
+// src/commands/config.ts
+import { Command as Command7 } from "commander";
+var configCommand = new Command7("config").description("Manage Valt configuration");
+configCommand.command("set <key> <value>").description("Set a config value").action((key, value) => {
+  try {
+    const config = readConfig();
+    config[key] = value;
+    writeConfig(config);
+    success(`Set ${key} = ${value}`);
+  } catch (err) {
+    error(`Failed to set config: ${err instanceof Error ? err.message : String(err)}`);
+  }
+});
+configCommand.command("get <key>").description("Get a config value").action((key) => {
+  try {
+    const config = readConfig();
+    if (!(key in config)) {
+      error(`Key "${key}" not found`);
+      return;
+    }
+    console.log(config[key]);
+  } catch (err) {
+    error(`Failed to get config: ${err instanceof Error ? err.message : String(err)}`);
+  }
+});
+configCommand.command("list").description("List all config values").action(() => {
+  try {
+    const config = readConfig();
+    const configPath = findConfigPath();
+    const entries = Object.entries(config);
+    if (entries.length === 0) {
+      console.log(dim("No config found. Run `valt init` to create one."));
+      return;
+    }
+    console.log(dim(`Config file: ${configPath ?? "not found"}`));
+    for (const [key, value] of entries) {
+      console.log(`  ${bold(key)}: ${value}`);
+    }
+  } catch (err) {
+    error(`Failed to list config: ${err instanceof Error ? err.message : String(err)}`);
+  }
+});
+
+// src/commands/sessions.ts
+import { Command as Command8 } from "commander";
+import ora3 from "ora";
+var sessionsCommand = new Command8("sessions").description("View session details").argument("<id>", "Session ID").action(async (id) => {
+  const spinner = ora3("Fetching session...").start();
+  try {
+    const session = await apiRequest(
+      `/v1/sessions/${encodeURIComponent(id)}`
+    );
+    spinner.stop();
+    const s = session.data;
+    console.log(bold(`Session: ${id}`));
+    console.log("");
+    table([
+      ["Tool", s.tool ?? "-"],
+      ["Model", s.model ?? "-"],
+      ["Status", s.status ?? "-"],
+      ["Trust Score", s.trust_score !== null ? String(s.trust_score) : "-"],
+      ["Cost", s.total_cost_usd !== null ? formatCost(s.total_cost_usd) : "-"],
+      ["Duration", s.duration_ms !== null ? formatDuration(s.duration_ms) : "-"],
+      ["Branch", s.git_branch ?? "-"],
+      ["Started", s.started_at ? formatDate(s.started_at) : "-"]
+    ]);
+    if (s.tags && s.tags.length > 0) {
+      console.log("");
+      console.log(dim(`Tags: ${s.tags.join(", ")}`));
+    }
+  } catch (err) {
+    spinner.stop();
+    if (err instanceof ApiError) {
+      error(err.message);
+    } else {
+      error(`Failed to fetch session: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/cert.ts
+import { Command as Command9 } from "commander";
+import ora4 from "ora";
+var certCommand = new Command9("cert").description("Manage certificates");
+certCommand.command("generate").description("Generate a certificate for a session").requiredOption("--session <id>", "Session ID").option("--force", "Force regeneration if certificate exists").action(async (opts) => {
+  const spinner = ora4("Generating certificate...").start();
+  try {
+    const result = await apiRequest("/v1/certificates", {
+      method: "POST",
+      body: JSON.stringify({
+        session_id: opts.session,
+        force: opts.force ?? false
+      })
+    });
+    spinner.stop();
+    success(`Certificate generated: ${result.data.certificate_number} (score: ${result.data.trust_score})`);
+  } catch (err) {
+    spinner.stop();
+    if (err instanceof ApiError) {
+      error(err.message);
+    } else {
+      error(`Failed to generate certificate: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    process.exit(1);
+  }
+});
+certCommand.command("show <number>").description("Show certificate details").action(async (certNumber) => {
+  const spinner = ora4("Fetching certificate...").start();
+  try {
+    const result = await apiRequest(
+      `/v1/certificates?certificate_number=${encodeURIComponent(certNumber)}`
+    );
+    spinner.stop();
+    const certs = result.data;
+    if (!certs || certs.length === 0) {
+      error(`No certificate found with number: ${certNumber}`);
+      return;
+    }
+    const cert = certs[0];
+    console.log(bold(`Certificate: ${cert.certificate_number}`));
+    console.log("");
+    table([
+      ["Status", cert.status],
+      ["Trust Score", String(cert.trust_score)],
+      ["Session", cert.session_id],
+      ["Git Commit", cert.git_commit ?? "-"],
+      ["Issued", cert.issued_at]
+    ]);
+  } catch (err) {
+    spinner.stop();
+    if (err instanceof ApiError) {
+      error(err.message);
+    } else {
+      error(`Failed to fetch certificate: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/costs.ts
+import { Command as Command10 } from "commander";
+import ora5 from "ora";
+var costsCommand = new Command10("costs").description("View cost breakdown").option("--period <period>", "Time period (7d, 30d, 90d)", "30d").action(async (opts) => {
+  const spinner = ora5("Fetching costs...").start();
+  try {
+    const days = opts.period.replace("d", "");
+    const result = await apiRequest(
+      `/v1/analytics/costs?days=${encodeURIComponent(days)}`
+    );
+    spinner.stop();
+    const data = result.data;
+    console.log(bold(`Total Cost: ${formatCost(data.total_cost_usd)}`));
+    console.log("");
+    if (data.cost_by_tool && data.cost_by_tool.length > 0) {
+      console.log(dim("By Tool:"));
+      table(data.cost_by_tool.map((t) => [
+        t.tool,
+        formatCost(t.totalCost),
+        `${t.sessionCount} sessions`
+      ]));
+    }
+  } catch (err) {
+    spinner.stop();
+    if (err instanceof ApiError) {
+      error(err.message);
+    } else {
+      error(`Failed to fetch costs: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/analyze.ts
+import { Command as Command11 } from "commander";
+import ora6 from "ora";
+var analyzeCommand = new Command11("analyze").description("Analyze a session or commit").option("--commit <sha>", "Git commit SHA to analyze").option("--session <id>", "Session ID to analyze").action(async (opts) => {
+  const spinner = ora6("Analyzing...").start();
+  try {
+    let sessionId = opts.session;
+    if (opts.commit && !sessionId) {
+      const sessions = await apiRequest(
+        `/v1/sessions?git_commit=${encodeURIComponent(opts.commit)}`
+      );
+      if (!sessions.sessions || sessions.sessions.length === 0) {
+        spinner.stop();
+        error(`No session found for commit: ${opts.commit}`);
+        return;
+      }
+      sessionId = sessions.sessions[0].id;
+    }
+    if (!sessionId) {
+      spinner.stop();
+      error("Provide --session <id> or --commit <sha>");
+      return;
+    }
+    const result = await apiRequest(
+      `/v1/sessions/${encodeURIComponent(sessionId)}`
+    );
+    spinner.stop();
+    const s = result.data;
+    console.log(bold("Trust Score Analysis"));
+    console.log("");
+    if (s.trust_score_breakdown) {
+      table([
+        ["Security", String(s.trust_score_breakdown.security ?? "-")],
+        ["Tests", String(s.trust_score_breakdown.tests ?? "-")],
+        ["Architecture", String(s.trust_score_breakdown.architecture ?? "-")],
+        ["Human Review", String(s.trust_score_breakdown.human_review ?? "-")],
+        ["Governance", String(s.trust_score_breakdown.governance ?? "-")]
+      ]);
+      console.log("");
+      console.log(bold(`Composite Score: ${s.trust_score ?? "-"}`));
+    } else {
+      console.log(dim("Session has not been evaluated yet."));
+    }
+  } catch (err) {
+    spinner.stop();
+    if (err instanceof ApiError) {
+      error(err.message);
+    } else {
+      error(`Failed to analyze: ${err instanceof Error ? err.message : String(err)}`);
+    }
+    process.exit(1);
+  }
+});
+
+// src/commands/proxy.ts
+import { Command as Command12 } from "commander";
+import ora7 from "ora";
+import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, existsSync as existsSync2, mkdirSync, unlinkSync } from "fs";
+import { resolve as resolve2 } from "path";
+import { spawn } from "child_process";
+var PID_FILE = resolve2(process.env.HOME ?? ".", ".valt", "proxy.pid");
+function readPid() {
+  try {
+    if (!existsSync2(PID_FILE)) return null;
+    const pid = parseInt(readFileSync2(PID_FILE, "utf-8").trim(), 10);
+    return isNaN(pid) ? null : pid;
+  } catch {
+    return null;
+  }
+}
+function writePid(pid) {
+  const dir = resolve2(process.env.HOME ?? ".", ".valt");
+  if (!existsSync2(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+  writeFileSync2(PID_FILE, String(pid));
+}
+function isProcessRunning(pid) {
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch {
+    return false;
+  }
+}
+var proxyCommand = new Command12("proxy").description("Manage MCP proxy for transparent tool call logging");
+proxyCommand.command("start").description("Start the MCP proxy").option("-p, --port <port>", "Proxy port", "3100").option("--upstream <server>", "Upstream MCP server command").action(async (opts) => {
+  const existingPid = readPid();
+  if (existingPid && isProcessRunning(existingPid)) {
+    warn(`Proxy is already running (PID ${existingPid}). Use 'valt proxy stop' first.`);
+    return;
+  }
+  const apiKey = getApiKey();
+  if (!apiKey) {
+    error("No API key configured. Run `valt init` first.");
+    process.exit(1);
+  }
+  const config = readConfig();
+  const spinner = ora7("Starting MCP proxy...").start();
+  try {
+    const args = ["@usevalt/mcp-proxy", "--port", opts.port];
+    if (opts.upstream) {
+      args.push("--upstream", opts.upstream);
+    }
+    const child = spawn("npx", args, {
+      detached: true,
+      stdio: "ignore",
+      env: {
+        ...process.env,
+        VALT_API_KEY: apiKey,
+        VALT_PROJECT: config.projectSlug ?? ""
+      }
+    });
+    child.unref();
+    if (child.pid) {
+      writePid(child.pid);
+      spinner.stop();
+      success(`MCP proxy started on port ${opts.port} (PID ${child.pid})`);
+      info("Configure your AI tool to use the proxy. See: https://usevalt.com/docs/proxy");
+    } else {
+      spinner.stop();
+      error("Failed to start proxy process.");
+      process.exit(1);
+    }
+  } catch (err) {
+    spinner.stop();
+    error(`Failed to start proxy: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(1);
+  }
+});
+proxyCommand.command("status").description("Check proxy status").action(() => {
+  const pid = readPid();
+  if (!pid) {
+    info("Proxy is not running.");
+    return;
+  }
+  if (isProcessRunning(pid)) {
+    success(`Proxy is running (PID ${pid})`);
+  } else {
+    info("Proxy is not running (stale PID file).");
+    try {
+      unlinkSync(PID_FILE);
+    } catch {
+    }
+  }
+});
+proxyCommand.command("stop").description("Stop the MCP proxy").action(() => {
+  const pid = readPid();
+  if (!pid) {
+    info("Proxy is not running.");
+    return;
+  }
+  if (!isProcessRunning(pid)) {
+    info("Proxy is not running (stale PID file).");
+    try {
+      unlinkSync(PID_FILE);
+    } catch {
+    }
+    return;
+  }
+  try {
+    process.kill(pid, "SIGTERM");
+    try {
+      unlinkSync(PID_FILE);
+    } catch {
+    }
+    success(`Proxy stopped (PID ${pid})`);
+  } catch (err) {
+    error(`Failed to stop proxy: ${err instanceof Error ? err.message : String(err)}`);
+    process.exit(1);
+  }
+});
+
+// src/index.ts
+var program = new Command13();
+program.name("valt").description("Valt CLI \u2014 trust layer for AI-assisted development").version("0.1.0");
+program.addCommand(initCommand);
+program.addCommand(loginCommand);
+program.addCommand(statusCommand);
+program.addCommand(verifyCommand);
+program.addCommand(doctorCommand);
+program.addCommand(whoamiCommand);
+program.addCommand(configCommand);
+program.addCommand(sessionsCommand);
+program.addCommand(certCommand);
+program.addCommand(costsCommand);
+program.addCommand(analyzeCommand);
+program.addCommand(proxyCommand);
+program.parse();

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@usevalt/cli",
+  "version": "0.1.0",
+  "description": "Valt CLI — trust layer for AI-assisted development",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/valtdev/valt",
+    "directory": "packages/cli"
+  },
+  "keywords": [
+    "valt",
+    "ai",
+    "cli",
+    "coding-agents",
+    "trust",
+    "certificates"
+  ],
+  "homepage": "https://usevalt.com",
+  "type": "module",
+  "bin": {
+    "valt": "./dist/index.js"
+  },
+  "main": "./dist/index.js",
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "commander": "^13.0.0",
+    "chalk": "^5.4.0",
+    "ora": "^8.1.0",
+    "@usevalt/shared": "0.1.0"
+  },
+  "devDependencies": {
+    "tsup": "^8.4.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.2.0",
+    "@types/node": "^22.0.0",
+    "eslint": "^9.0.0",
+    "@usevalt/typescript-config": "0.0.0",
+    "@usevalt/eslint-config": "0.0.0"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "vitest run",
+    "lint": "eslint src/",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist"
+  }
+}