npm - @vendian/cli - Versions diffs - 0.0.2 → 0.0.5 - Mend

@vendian/cli 0.0.2 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/cli-wrapper.cjs ADDED Viewed

@@ -0,0 +1,1143 @@
+#!/usr/bin/env node
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+// src/doctor.js
+var import_node_fs4 = __toESM(require("node:fs"), 1);
+// src/config.js
+var import_node_fs = __toESM(require("node:fs"), 1);
+var import_node_path2 = __toESM(require("node:path"), 1);
+// src/constants.js
+var DEFAULT_GITLAB_HOST = "gitlab.com";
+var DEFAULT_SDK_PUBLIC_PROJECT_ID = "77150592";
+var DEFAULT_SDK_RUNTIME_PROJECT_ID = "79410876";
+var PUBLIC_PACKAGE = "vendian-agents[full]";
+var RUNTIME_PACKAGE = "vendian-agents-runtime";
+var CONFIG_VERSION = 1;
+var BACKEND_TARGETS = {
+  local: "http://localhost:3000",
+  localhost: "http://localhost:3000",
+  dev: "https://api.dev.vendian.ai",
+  staging: "https://api.staging.vendian.ai",
+  prod: "https://api.vendian.ai",
+  production: "https://api.vendian.ai"
+};
+// src/paths.js
+var import_node_os = __toESM(require("node:os"), 1);
+var import_node_path = __toESM(require("node:path"), 1);
+function pathApi(platform) {
+  return platform === "win32" ? import_node_path.default.win32 : import_node_path.default.posix;
+}
+function vendianHome(env = process.env, platform = process.platform) {
+  if (env.VENDIAN_CLI_HOME) {
+    return pathApi(platform).resolve(env.VENDIAN_CLI_HOME);
+  }
+  if (platform === "win32") {
+    const root = env.LOCALAPPDATA || import_node_path.default.join(import_node_os.default.homedir(), "AppData", "Local");
+    return import_node_path.default.win32.join(root, "Vendian", "cli");
+  }
+  return import_node_path.default.posix.join(import_node_os.default.homedir(), ".vendian", "cli");
+}
+function configPath(env = process.env, platform = process.platform) {
+  if (env.VENDIAN_CLI_CONFIG) {
+    return pathApi(platform).resolve(env.VENDIAN_CLI_CONFIG);
+  }
+  return pathApi(platform).join(vendianHome(env, platform), "config.json");
+}
+function managedVenvPath(env = process.env, platform = process.platform) {
+  if (env.VENDIAN_CLI_VENV) {
+    return pathApi(platform).resolve(env.VENDIAN_CLI_VENV);
+  }
+  return pathApi(platform).join(vendianHome(env, platform), ".venv");
+}
+function venvPython(venvPath, platform = process.platform) {
+  return platform === "win32" ? import_node_path.default.win32.join(venvPath, "Scripts", "python.exe") : import_node_path.default.posix.join(venvPath, "bin", "python");
+}
+function venvVendian(venvPath, platform = process.platform) {
+  return platform === "win32" ? import_node_path.default.win32.join(venvPath, "Scripts", "vendian.exe") : import_node_path.default.posix.join(venvPath, "bin", "vendian");
+}
+// src/config.js
+function loadConfig(env = process.env, platform = process.platform) {
+  const file = configPath(env, platform);
+  try {
+    const parsed = JSON.parse(import_node_fs.default.readFileSync(file, "utf8"));
+    return typeof parsed === "object" && parsed !== null ? parsed : {};
+  } catch (error) {
+    if (error && error.code === "ENOENT") {
+      return {};
+    }
+    return {};
+  }
+}
+function saveConfig(config, env = process.env, platform = process.platform) {
+  const file = configPath(env, platform);
+  import_node_fs.default.mkdirSync(import_node_path2.default.dirname(file), { recursive: true });
+  const next = { version: CONFIG_VERSION, ...config };
+  import_node_fs.default.writeFileSync(file, `${JSON.stringify(next, null, 2)}
+`, { encoding: "utf8", mode: 384 });
+  try {
+    import_node_fs.default.chmodSync(file, 384);
+  } catch {
+  }
+  return file;
+}
+// src/install.js
+var import_node_fs3 = __toESM(require("node:fs"), 1);
+var import_node_path3 = __toESM(require("node:path"), 1);
+// src/process.js
+var import_node_child_process = require("node:child_process");
+function commandExists(command) {
+  const result = (0, import_node_child_process.spawnSync)(command, ["--version"], { stdio: "ignore", shell: false });
+  return result.status === 0;
+}
+function runCapture(command, args, options = {}) {
+  const result = (0, import_node_child_process.spawnSync)(command, args, {
+    encoding: "utf8",
+    shell: false,
+    ...options
+  });
+  return {
+    ok: result.status === 0,
+    status: result.status ?? 1,
+    stdout: result.stdout || "",
+    stderr: result.stderr || ""
+  };
+}
+function runInherit(command, args, options = {}) {
+  const result = (0, import_node_child_process.spawnSync)(command, args, {
+    stdio: "inherit",
+    shell: false,
+    ...options
+  });
+  if (result.error) {
+    throw result.error;
+  }
+  return result.status ?? 1;
+}
+function spawnForward(command, args, options = {}) {
+  return new Promise((resolve, reject) => {
+    const child = (0, import_node_child_process.spawn)(command, args, {
+      stdio: "inherit",
+      shell: false,
+      ...options
+    });
+    child.on("error", reject);
+    child.on("exit", (code, signal) => {
+      if (signal) {
+        reject(new Error(`command terminated by ${signal}`));
+        return;
+      }
+      resolve(code ?? 1);
+    });
+  });
+}
+// src/python.js
+var import_node_fs2 = __toESM(require("node:fs"), 1);
+function findPython(platform = process.platform) {
+  const candidates = platform === "win32" ? [
+    { command: "py", args: ["-3.11"] },
+    { command: "python", args: [] },
+    { command: "python3", args: [] }
+  ] : [
+    { command: "python3.12", args: [] },
+    { command: "python3.11", args: [] },
+    { command: "python3", args: [] },
+    { command: "python", args: [] }
+  ];
+  for (const candidate of candidates) {
+    const version = runCapture(candidate.command, [
+      ...candidate.args,
+      "-c",
+      'import sys; print(f"{sys.version_info.major}.{sys.version_info.minor}.{sys.version_info.micro}")'
+    ]);
+    if (!version.ok) {
+      continue;
+    }
+    const match = version.stdout.trim().match(/^(\d+)\.(\d+)\./);
+    if (!match) {
+      continue;
+    }
+    const major = Number(match[1]);
+    const minor = Number(match[2]);
+    if (major > 3 || major === 3 && minor >= 11) {
+      return candidate;
+    }
+  }
+  return null;
+}
+function ensureVenv(venvPath, pythonCandidate, platform = process.platform) {
+  const pythonPath = venvPython(venvPath, platform);
+  if (import_node_fs2.default.existsSync(pythonPath)) {
+    return pythonPath;
+  }
+  import_node_fs2.default.mkdirSync(venvPath, { recursive: true });
+  const status = runInherit(pythonCandidate.command, [
+    ...pythonCandidate.args,
+    "-m",
+    "venv",
+    venvPath
+  ]);
+  if (status !== 0) {
+    throw new Error("Could not create the managed Vendian Python environment.");
+  }
+  return pythonPath;
+}
+function hasUv() {
+  return commandExists("uv");
+}
+function pythonVersion(pythonPath) {
+  const result = runCapture(pythonPath, [
+    "-c",
+    'import sys; print(f"{sys.version_info.major}.{sys.version_info.minor}.{sys.version_info.micro}")'
+  ]);
+  return result.ok ? result.stdout.trim() : null;
+}
+function verifyVendianImports(pythonPath) {
+  const result = runCapture(pythonPath, [
+    "-c",
+    'import vendian_agents, vendian_agents_runtime; print("ok")'
+  ]);
+  return result.ok;
+}
+// src/secret-store.js
+var import_node_child_process2 = require("node:child_process");
+var SERVICE = "Vendian CLI";
+var PACKAGE_TOKEN_ACCOUNT = "gitlab-package-token";
+function run(command, args, options = {}) {
+  return (0, import_node_child_process2.spawnSync)(command, args, {
+    encoding: "utf8",
+    shell: false,
+    ...options
+  });
+}
+function savePackageTokenSecret(token, config = {}, platform = process.platform) {
+  if (!token) {
+    return { ok: false };
+  }
+  if (platform === "darwin") {
+    const result = run("security", [
+      "add-generic-password",
+      "-a",
+      PACKAGE_TOKEN_ACCOUNT,
+      "-s",
+      SERVICE,
+      "-w",
+      token,
+      "-U"
+    ]);
+    return { ok: result.status === 0, provider: "macos-keychain" };
+  }
+  if (platform === "win32") {
+    const encrypted = run(
+      "powershell.exe",
+      [
+        "-NoProfile",
+        "-NonInteractive",
+        "-Command",
+        "$secure = ConvertTo-SecureString -String $env:VENDIAN_SECRET_VALUE -AsPlainText -Force; $secure | ConvertFrom-SecureString"
+      ],
+      { env: { ...process.env, VENDIAN_SECRET_VALUE: token } }
+    );
+    if (encrypted.status !== 0 || !encrypted.stdout.trim()) {
+      return { ok: false, provider: "windows-dpapi" };
+    }
+    const nextConfig = {
+      ...config,
+      secretStore: {
+        ...config.secretStore || {},
+        [PACKAGE_TOKEN_ACCOUNT]: {
+          provider: "windows-dpapi",
+          value: encrypted.stdout.trim()
+        }
+      }
+    };
+    return { ok: true, provider: "windows-dpapi", config: nextConfig };
+  }
+  return { ok: false };
+}
+function loadPackageTokenSecret(config = {}, platform = process.platform) {
+  if (platform === "darwin") {
+    const result = run("security", [
+      "find-generic-password",
+      "-a",
+      PACKAGE_TOKEN_ACCOUNT,
+      "-s",
+      SERVICE,
+      "-w"
+    ]);
+    return result.status === 0 ? result.stdout.trim() : "";
+  }
+  if (platform === "win32") {
+    const entry = config.secretStore?.[PACKAGE_TOKEN_ACCOUNT];
+    if (!entry || entry.provider !== "windows-dpapi" || !entry.value) {
+      return "";
+    }
+    const result = run(
+      "powershell.exe",
+      [
+        "-NoProfile",
+        "-NonInteractive",
+        "-Command",
+        "$secure = ConvertTo-SecureString -String $env:VENDIAN_SECRET_BLOB; $bstr = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($secure); try { [Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr) } finally { [Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr) }"
+      ],
+      { env: { ...process.env, VENDIAN_SECRET_BLOB: entry.value } }
+    );
+    return result.status === 0 ? result.stdout.trim() : "";
+  }
+  return "";
+}
+// src/install.js
+function registryConfig(config = {}, env = process.env, platform = process.platform) {
+  const gitlabHost = env.GITLAB_HOST || config.gitlabHost || DEFAULT_GITLAB_HOST;
+  const username = env.GITLAB_USERNAME || config.gitlabUsername || "__token__";
+  const sdkProjectId = env.SDK_PUBLIC_PROJECT_ID || config.sdkPublicProjectId || DEFAULT_SDK_PUBLIC_PROJECT_ID;
+  const runtimeProjectId = env.SDK_RUNTIME_PROJECT_ID || config.sdkRuntimeProjectId || DEFAULT_SDK_RUNTIME_PROJECT_ID;
+  const secretToken = loadPackageTokenSecret(config, platform);
+  const token = env.GITLAB_TOKEN || config.gitlabToken || secretToken || "";
+  const tokenSource = env.GITLAB_TOKEN ? "env" : config.gitlabToken ? "config" : secretToken ? "secret-store" : "missing";
+  const vendianAgentsVersion = env.VENDIAN_AGENTS_VERSION || config.vendianAgentsVersion || "";
+  const vendianRuntimeVersion = env.VENDIAN_AGENTS_RUNTIME_VERSION || config.vendianAgentsRuntimeVersion || "";
+  return {
+    gitlabHost,
+    username,
+    sdkProjectId,
+    runtimeProjectId,
+    token,
+    tokenSource,
+    vendianAgentsVersion,
+    vendianRuntimeVersion
+  };
+}
+function buildIndexUrls(registry) {
+  if (!registry.token) {
+    return null;
+  }
+  const username = encodeURIComponent(registry.username || "__token__");
+  const token = encodeURIComponent(registry.token);
+  const sdkIndexUrl = `https://${username}:${token}@${registry.gitlabHost}/api/v4/projects/${registry.sdkProjectId}/packages/pypi/simple`;
+  const runtimeIndexUrl = `https://${username}:${token}@${registry.gitlabHost}/api/v4/projects/${registry.runtimeProjectId}/packages/pypi/simple`;
+  return { sdkIndexUrl, runtimeIndexUrl };
+}
+function packageSpecs(registry) {
+  const publicSpec = registry.vendianAgentsVersion ? `${PUBLIC_PACKAGE}==${registry.vendianAgentsVersion}` : PUBLIC_PACKAGE;
+  const runtimeSpec = registry.vendianRuntimeVersion ? `${RUNTIME_PACKAGE}==${registry.vendianRuntimeVersion}` : RUNTIME_PACKAGE;
+  return [publicSpec, runtimeSpec];
+}
+function installVendianPackages({ pythonPath, venvPath, config, env = process.env, platform = process.platform }) {
+  const registry = registryConfig(config, env, platform);
+  const indexes = buildIndexUrls(registry);
+  if (!indexes) {
+    throw new Error("Package access is missing. Run `vendian login`.");
+  }
+  const specs = packageSpecs(registry);
+  const installArgs = [
+    "install",
+    "--upgrade",
+    ...specs,
+    "--index-url",
+    indexes.sdkIndexUrl,
+    "--extra-index-url",
+    indexes.runtimeIndexUrl,
+    "--extra-index-url",
+    "https://pypi.org/simple"
+  ];
+  let status;
+  if (hasUv()) {
+    status = runInherit("uv", ["pip", ...installArgs, "--python", pythonPath]);
+  } else {
+    status = runInherit(pythonPath, ["-m", "pip", ...installArgs]);
+  }
+  if (status !== 0) {
+    throw new Error("Could not install Vendian runtime packages. Check package access and try again.");
+  }
+  writeInstallMarker(venvPath, {
+    gitlabHost: registry.gitlabHost,
+    gitlabUsername: registry.username,
+    sdkProjectId: registry.sdkProjectId,
+    runtimeProjectId: registry.runtimeProjectId,
+    vendianAgentsVersion: registry.vendianAgentsVersion || "latest",
+    vendianAgentsRuntimeVersion: registry.vendianRuntimeVersion || "latest"
+  });
+}
+function writeInstallMarker(venvPath, marker) {
+  import_node_fs3.default.mkdirSync(venvPath, { recursive: true });
+  import_node_fs3.default.writeFileSync(
+    import_node_path3.default.join(venvPath, ".vendian-bootstrap.json"),
+    `${JSON.stringify({ version: 1, ...marker }, null, 2)}
+`,
+    "utf8"
+  );
+}
+// src/doctor.js
+function doctor({ env = process.env, platform = process.platform } = {}) {
+  const config = loadConfig(env, platform);
+  const venvPath = managedVenvPath(env, platform);
+  const pythonPath = venvPython(venvPath, platform);
+  const vendianPath = venvVendian(venvPath, platform);
+  const registry = registryConfig(config, env, platform);
+  console.log("Vendian doctor");
+  console.log(`Home: ${venvPath}`);
+  console.log(`System Python 3.11+: ${findPython(platform) ? "yes" : "no"}`);
+  console.log(`uv: ${hasUv() ? "yes" : "no, will use pip fallback"}`);
+  console.log(`Managed Python: ${import_node_fs4.default.existsSync(pythonPath) ? pythonVersion(pythonPath) || "present" : "missing"}`);
+  console.log(`Vendian executable: ${import_node_fs4.default.existsSync(vendianPath) ? vendianPath : "missing"}`);
+  console.log(`Vendian imports: ${import_node_fs4.default.existsSync(pythonPath) && verifyVendianImports(pythonPath) ? "ok" : "missing"}`);
+  console.log(`Package access: ${registry.token ? `configured (${registry.tokenSource})` : "missing"}`);
+}
+// src/forward.js
+var import_node_fs5 = __toESM(require("node:fs"), 1);
+var AUTO_UPDATE_INTERVAL_MS = 24 * 60 * 60 * 1e3;
+async function forwardToPythonVendian(args, { env = process.env, platform = process.platform } = {}) {
+  const venvPath = managedVenvPath(env, platform);
+  const vendianPath = venvVendian(venvPath, platform);
+  if (!import_node_fs5.default.existsSync(vendianPath)) {
+    throw new Error("Vendian is not set up yet. Run `vendian login` first.");
+  }
+  maybeAutoUpdateManagedEnv({ env, platform, venvPath });
+  const code = await spawnForward(vendianPath, args, { env });
+  process.exitCode = code;
+}
+function maybeAutoUpdateManagedEnv({ env = process.env, platform = process.platform, venvPath = managedVenvPath(env, platform) } = {}) {
+  if (env.VENDIAN_SKIP_AUTO_UPDATE === "1") {
+    return false;
+  }
+  const config = loadConfig(env, platform);
+  const lastUpdate = Date.parse(config.lastManagedUpdateAt || "");
+  if (Number.isFinite(lastUpdate) && Date.now() - lastUpdate < AUTO_UPDATE_INTERVAL_MS) {
+    return false;
+  }
+  const registry = registryConfig(config, env);
+  if (!registry.token) {
+    return false;
+  }
+  const pythonPath = venvPython(venvPath, platform);
+  if (!import_node_fs5.default.existsSync(pythonPath)) {
+    return false;
+  }
+  try {
+    console.error("[vendian] Checking managed CLI/runtime updates...");
+    installVendianPackages({ pythonPath, venvPath, config, env });
+    saveConfig({ ...config, lastManagedUpdateAt: (/* @__PURE__ */ new Date()).toISOString() }, env, platform);
+    return true;
+  } catch (error) {
+    const message = error && typeof error.message === "string" ? error.message : String(error);
+    console.error(`[vendian] Update check failed; continuing with installed CLI. ${message}`);
+    return false;
+  }
+}
+// src/setup.js
+var import_node_fs7 = __toESM(require("node:fs"), 1);
+// src/auth.js
+var import_node_crypto = __toESM(require("node:crypto"), 1);
+var import_node_http = __toESM(require("node:http"), 1);
+var import_node_fs6 = __toESM(require("node:fs"), 1);
+var import_node_path4 = __toESM(require("node:path"), 1);
+var import_node_child_process3 = require("node:child_process");
+var DEFAULT_OAUTH_REDIRECT_PORT = 8765;
+function resolveApiUrl({ backend, apiUrl, env = process.env } = {}) {
+  if (apiUrl) {
+    return apiUrl.replace(/\/$/, "");
+  }
+  if (env.VENDIAN_API_URL) {
+    return env.VENDIAN_API_URL.replace(/\/$/, "");
+  }
+  const target = backend || "prod";
+  const resolved = BACKEND_TARGETS[target];
+  if (!resolved) {
+    throw new Error(`Unknown Vendian backend '${target}'. Use local, dev, staging, prod, or --api-url.`);
+  }
+  return resolved;
+}
+async function loginWithVendianOAuth({ backend, apiUrl, noBrowser = false, env = process.env } = {}) {
+  const resolvedApiUrl = resolveApiUrl({ backend, apiUrl, env });
+  const callback = await createCallbackServer(env);
+  try {
+    const config = await getOAuthConfig(resolvedApiUrl, callback.redirectUri);
+    const codeVerifier = import_node_crypto.default.randomBytes(48).toString("base64url");
+    const codeChallenge = import_node_crypto.default.createHash("sha256").update(codeVerifier).digest("base64url");
+    const state = import_node_crypto.default.randomBytes(18).toString("base64url");
+    const authorizationUrl = authorizationUrlFor(config, { state, codeChallenge });
+    if (noBrowser) {
+      console.error(`Open this URL to authenticate the CLI: ${authorizationUrl}`);
+    } else {
+      openBrowser(authorizationUrl);
+    }
+    const callbackResult = await callback.wait();
+    if (callbackResult.state !== state) {
+      throw new Error("OAuth state mismatch");
+    }
+    const clerkToken = await exchangeCodeForClerkToken(config, callbackResult.code, codeVerifier, callback.redirectUri);
+    const exchange = await postJson(`${resolvedApiUrl}/api/v1/cli/auth/oauth/exchange`, {
+      clerkToken
+    });
+    return { apiUrl: resolvedApiUrl, ...exchange };
+  } finally {
+    await callback.close();
+  }
+}
+function loadCloudConfig(env = process.env, platform = process.platform) {
+  const file = cloudConfigPath(env, platform);
+  try {
+    const parsed = JSON.parse(import_node_fs6.default.readFileSync(file, "utf8"));
+    return parsed && typeof parsed === "object" ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function cloudAuthStatus({ backend, apiUrl, env = process.env, platform = process.platform } = {}) {
+  const targetApiUrl = resolveApiUrl({ backend, apiUrl, env });
+  const config = loadCloudConfig(env, platform);
+  const profiles = config.profiles && typeof config.profiles === "object" ? config.profiles : {};
+  const profile = profiles[targetApiUrl];
+  return {
+    apiUrl: targetApiUrl,
+    activeApiUrl: typeof config.active_api_url === "string" ? config.active_api_url : void 0,
+    profile: profile && typeof profile === "object" ? profile : void 0,
+    authenticated: Boolean(profile?.access_token),
+    email: typeof profile?.email === "string" ? profile.email : void 0,
+    expiresAt: typeof profile?.expires_at === "string" ? profile.expires_at : void 0,
+    profiles
+  };
+}
+async function getOAuthConfig(apiUrl, redirectUri) {
+  const url = new URL(`${apiUrl}/api/v1/cli/auth/oauth/config`);
+  url.searchParams.set("redirectUri", redirectUri);
+  return getJson(url);
+}
+function authorizationUrlFor(config, { state, codeChallenge }) {
+  const url = new URL(String(config.authorizationUrl));
+  url.searchParams.set("response_type", "code");
+  url.searchParams.set("client_id", String(config.clientId));
+  url.searchParams.set("redirect_uri", String(config.redirectUri));
+  url.searchParams.set("scope", String(config.scopes || "email profile"));
+  url.searchParams.set("state", state);
+  url.searchParams.set("code_challenge", codeChallenge);
+  url.searchParams.set("code_challenge_method", "S256");
+  return url.toString();
+}
+async function exchangeCodeForClerkToken(config, code, codeVerifier, redirectUri) {
+  const body = new URLSearchParams({
+    grant_type: "authorization_code",
+    client_id: String(config.clientId),
+    code,
+    redirect_uri: redirectUri,
+    code_verifier: codeVerifier
+  });
+  const payload = await postForm(String(config.tokenUrl), body);
+  const token = payload.access_token || payload.id_token;
+  if (!token) {
+    throw new Error("OAuth token exchange did not return a Clerk token");
+  }
+  return String(token);
+}
+async function getJson(url) {
+  const response = await fetch(url, { headers: { Accept: "application/json" } });
+  return decodeResponse(response);
+}
+async function postJson(url, body) {
+  const response = await fetch(url, {
+    method: "POST",
+    headers: { Accept: "application/json", "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  return decodeResponse(response);
+}
+async function postForm(url, body) {
+  const response = await fetch(url, {
+    method: "POST",
+    headers: { Accept: "application/json", "Content-Type": "application/x-www-form-urlencoded" },
+    body
+  });
+  return decodeResponse(response);
+}
+async function decodeResponse(response) {
+  const text = await response.text();
+  let payload = {};
+  if (text) {
+    try {
+      payload = JSON.parse(text);
+    } catch {
+      payload = { error: text };
+    }
+  }
+  if (!response.ok) {
+    throw new Error(payload.message || payload.error || `HTTP ${response.status}`);
+  }
+  return payload;
+}
+async function createCallbackServer(env) {
+  const port = Number(env.VENDIAN_CLI_OAUTH_REDIRECT_PORT || DEFAULT_OAUTH_REDIRECT_PORT);
+  let server;
+  let settled = false;
+  let timeout;
+  const waitPromise = new Promise((resolve, reject) => {
+    timeout = setTimeout(() => {
+      settled = true;
+      reject(new Error("OAuth login timed out before callback completed"));
+    }, 3e5);
+    server = import_node_http.default.createServer((req, res) => {
+      const url = new URL(req.url || "/", `http://${req.headers.host || "127.0.0.1"}`);
+      const code = url.searchParams.get("code");
+      const state = url.searchParams.get("state");
+      const error = url.searchParams.get("error");
+      const body = code ? "Vendian CLI authentication complete. You can close this window." : "Vendian CLI authentication failed. Return to the terminal.";
+      res.writeHead(code ? 200 : 400, {
+        "Content-Type": "text/plain; charset=utf-8",
+        "Content-Length": Buffer.byteLength(body)
+      });
+      res.end(body);
+      clearTimeout(timeout);
+      if (settled) {
+        return;
+      }
+      settled = true;
+      if (error) {
+        reject(new Error(`OAuth login failed: ${error}`));
+        return;
+      }
+      if (!code) {
+        reject(new Error("OAuth callback did not include an authorization code"));
+        return;
+      }
+      resolve({ code, state });
+    });
+    server.on("error", reject);
+    server.listen(port, "127.0.0.1");
+  });
+  await new Promise((resolve, reject) => {
+    server.once("listening", resolve);
+    server.once("error", reject);
+  });
+  return {
+    redirectUri: `http://127.0.0.1:${server.address().port}/callback`,
+    wait: () => waitPromise,
+    close: () => new Promise((resolve) => server.close(resolve))
+  };
+}
+function openBrowser(url) {
+  const platform = process.platform;
+  if (platform === "win32") {
+    (0, import_node_child_process3.spawnSync)(...buildWindowsOpenCommand(url), { stdio: "ignore", shell: false });
+    return;
+  }
+  if (platform === "darwin") {
+    (0, import_node_child_process3.spawnSync)("open", [url], { stdio: "ignore", shell: false });
+    return;
+  }
+  (0, import_node_child_process3.spawnSync)("xdg-open", [url], { stdio: "ignore", shell: false });
+}
+function buildWindowsOpenCommand(url) {
+  return ["rundll32.exe", ["url.dll,FileProtocolHandler", String(url)]];
+}
+function cloudConfigPath(env = process.env, platform = process.platform) {
+  if (env.VENDIAN_CLOUD_CONFIG) {
+    return import_node_path4.default.resolve(env.VENDIAN_CLOUD_CONFIG);
+  }
+  if (platform === "win32") {
+    const root2 = env.APPDATA || import_node_path4.default.join(process.env.USERPROFILE || "", "AppData", "Roaming");
+    return import_node_path4.default.win32.join(root2, "Vendian", "cloud-auth.json");
+  }
+  const root = env.XDG_CONFIG_HOME || import_node_path4.default.join(process.env.HOME || "", ".config");
+  return import_node_path4.default.posix.join(root, "vendian", "cloud-auth.json");
+}
+function saveCloudToken(token, { env = process.env, platform = process.platform } = {}) {
+  const file = cloudConfigPath(env, platform);
+  let raw = { version: 2, profiles: {}, active_api_url: token.apiUrl };
+  try {
+    const existing = JSON.parse(import_node_fs6.default.readFileSync(file, "utf8"));
+    if (existing && typeof existing === "object" && existing.profiles && typeof existing.profiles === "object") {
+      raw.profiles = existing.profiles;
+    }
+  } catch {
+  }
+  raw.active_api_url = token.apiUrl;
+  raw.profiles[token.apiUrl] = {
+    api_url: token.apiUrl,
+    access_token: token.accessToken,
+    user_id: token.userId,
+    email: token.email,
+    expires_at: token.expiresAt,
+    scopes: token.scopes,
+    tooling_eligible: token.toolingEligible
+  };
+  import_node_fs6.default.mkdirSync(import_node_path4.default.dirname(file), { recursive: true });
+  import_node_fs6.default.writeFileSync(file, `${JSON.stringify(raw, null, 2)}
+`, { encoding: "utf8", mode: 384 });
+  try {
+    import_node_fs6.default.chmodSync(file, 384);
+  } catch {
+  }
+  return file;
+}
+// src/setup.js
+async function setup({
+  nonInteractive = false,
+  backend = void 0,
+  apiUrl = void 0,
+  noBrowser = false,
+  forceAuth = false,
+  env = process.env,
+  platform = process.platform
+} = {}) {
+  const existing = loadConfig(env, platform);
+  const registry = registryConfig(existing, env, platform);
+  const auth = cloudAuthStatus({ backend, apiUrl, env, platform });
+  const next = {
+    ...existing,
+    gitlabHost: registry.gitlabHost || DEFAULT_GITLAB_HOST,
+    gitlabUsername: registry.username || "__token__",
+    sdkPublicProjectId: registry.sdkProjectId || DEFAULT_SDK_PUBLIC_PROJECT_ID,
+    sdkRuntimeProjectId: registry.runtimeProjectId || DEFAULT_SDK_RUNTIME_PROJECT_ID
+  };
+  let cloudAuthApiUrl = auth.authenticated ? auth.apiUrl : void 0;
+  console.log("Vendian login");
+  console.log("This signs in to Vendian and prepares the local runtime.");
+  console.log("Agent requirements.txt files stay reserved for agent-owned dependencies.");
+  console.log("");
+  if ((!auth.authenticated || forceAuth) && !nonInteractive) {
+    console.log(`Opening Vendian sign-in for ${auth.apiUrl}...`);
+    const login = await loginWithVendianOAuth({ backend, apiUrl, noBrowser, env });
+    saveCloudToken(login, { env, platform });
+    cloudAuthApiUrl = login.apiUrl;
+    const packageCredentials = login.packageCredentials;
+    if (!registry.token && !packageCredentials?.token) {
+      throw new Error("Vendian login succeeded, but the backend did not return package credentials. Configure CLI_PACKAGE_REGISTRY_TOKEN on the backend.");
+    }
+    if (packageCredentials) {
+      next.gitlabHost = packageCredentials.gitlabHost || next.gitlabHost;
+      next.gitlabUsername = packageCredentials.username || next.gitlabUsername;
+      next.sdkPublicProjectId = packageCredentials.sdkProjectId || next.sdkPublicProjectId;
+      next.sdkRuntimeProjectId = packageCredentials.runtimeProjectId || next.sdkRuntimeProjectId;
+      next.vendianAgentsVersion = packageCredentials.vendianAgentsVersion || next.vendianAgentsVersion;
+      next.vendianAgentsRuntimeVersion = packageCredentials.vendianAgentsRuntimeVersion || next.vendianAgentsRuntimeVersion;
+      const secret = savePackageTokenSecret(packageCredentials.token, next, platform);
+      if (secret.ok) {
+        Object.assign(next, secret.config || {});
+        delete next.gitlabToken;
+        console.log("Package access saved.");
+      } else {
+        next.gitlabToken = packageCredentials.token;
+        console.log("Package access saved in the local Vendian CLI config file.");
+      }
+    }
+  } else if (auth.authenticated) {
+    console.log(`Cloud authentication already saved for ${auth.apiUrl}${auth.email ? ` (${auth.email})` : ""}.`);
+  } else if (registry.token) {
+    if (registry.tokenSource !== "secret-store") {
+      next.gitlabToken = registry.token;
+    }
+    console.log("Using saved package access.");
+  }
+  const installRegistry = registryConfig(next, env, platform);
+  if (!installRegistry.token) {
+    throw new Error("Package access is missing. Run interactive `vendian login` to sign in.");
+  }
+  const python = findPython(platform);
+  if (!python) {
+    throw new Error("Python 3.11+ was not found. Install Python 3.11 or newer, then rerun `vendian login`.");
+  }
+  const venvPath = managedVenvPath(env, platform);
+  console.log(`Managed environment: ${venvPath}`);
+  const pythonPath = ensureVenv(venvPath, python, platform);
+  console.log(`Python: ${pythonVersion(pythonPath) || pythonPath}`);
+  saveConfig(next, env, platform);
+  installVendianPackages({ pythonPath, venvPath, config: next, env, platform });
+  saveConfig({ ...next, lastManagedUpdateAt: (/* @__PURE__ */ new Date()).toISOString() }, env, platform);
+  if (!verifyVendianImports(pythonPath)) {
+    throw new Error("Vendian packages installed, but import verification failed.");
+  }
+  const vendianPath = venvVendian(venvPath, platform);
+  if (!import_node_fs7.default.existsSync(vendianPath)) {
+    throw new Error("Vendian executable was not found after install.");
+  }
+  console.log("");
+  for (const line of setupCompletionLines({ cloudAuthApiUrl, backend, apiUrl })) {
+    console.log(line);
+  }
+}
+function setupCompletionLines({ cloudAuthApiUrl, backend, apiUrl } = {}) {
+  const lines = ["Vendian login complete."];
+  if (cloudAuthApiUrl) {
+    lines.push(`Connected to ${cloudAuthApiUrl}.`);
+    lines.push("Next: vendian cloud local serve --agents-dir ./agents");
+    return lines;
+  }
+  lines.push(`Next: ${cloudAuthLoginCommand({ backend, apiUrl })}`);
+  lines.push("Then: vendian cloud local serve --agents-dir ./agents");
+  return lines;
+}
+function cloudAuthLoginCommand({ backend, apiUrl } = {}) {
+  if (apiUrl) {
+    return `vendian cloud auth login --api-url ${apiUrl}`;
+  }
+  if (backend) {
+    return `vendian cloud auth login --backend ${backend}`;
+  }
+  return "vendian cloud auth login";
+}
+// src/tui.js
+var import_node_fs8 = __toESM(require("node:fs"), 1);
+var import_node_readline = __toESM(require("node:readline"), 1);
+var import_promises = __toESM(require("node:readline/promises"), 1);
+// src/version.js
+var CLI_VERSION = true ? "0.0.5" : process.env.npm_package_version || "0.0.0-dev";
+// src/tui.js
+var RESET = "\x1B[0m";
+var BOLD = "\x1B[1m";
+var DIM = "\x1B[2m";
+var CYAN = "\x1B[36m";
+var GREEN = "\x1B[32m";
+var YELLOW = "\x1B[33m";
+var RED = "\x1B[31m";
+var INVERT = "\x1B[7m";
+var CLEAR = "\x1B[2J\x1B[H";
+var HIDE_CURSOR = "\x1B[?25l";
+var SHOW_CURSOR = "\x1B[?25h";
+var ENDPOINTS = [
+  { key: "local", label: "Local" },
+  { key: "dev", label: "Dev" },
+  { key: "staging", label: "Staging" },
+  { key: "prod", label: "Production" }
+];
+var ACTIONS = [
+  { id: "connect", label: "Connect / switch endpoint", detail: "Sign in to local, dev, staging, production, or a custom API" },
+  { id: "serve", label: "Start local agent server", detail: "Run agents from ./agents through the managed runtime" },
+  { id: "doctor", label: "Run doctor", detail: "Check Python, runtime, package access, and local paths" },
+  { id: "update", label: "Update managed runtime", detail: "Refresh the Vendian runtime packages" },
+  { id: "help", label: "Show commands", detail: "Print common command-line equivalents" },
+  { id: "exit", label: "Exit", detail: "Close this session" }
+];
+async function runTui({ env = process.env, platform = process.platform, input = process.stdin, output = process.stdout } = {}) {
+  let selected = 0;
+  const isRawCapable = Boolean(input.isTTY && output.isTTY && input.setRawMode);
+  if (!isRawCapable) {
+    output.write(`${renderHome({ env, platform, selected: 0, color: false })}
+`);
+    return;
+  }
+  import_node_readline.default.emitKeypressEvents(input);
+  input.setRawMode(true);
+  output.write(HIDE_CURSOR);
+  try {
+    while (true) {
+      output.write(renderHome({ env, platform, selected }));
+      const key = await readKey(input);
+      if (key.name === "up") {
+        selected = (selected - 1 + ACTIONS.length) % ACTIONS.length;
+      } else if (key.name === "down") {
+        selected = (selected + 1) % ACTIONS.length;
+      } else if (key.name === "return") {
+        output.write(SHOW_CURSOR);
+        input.setRawMode(false);
+        output.write("\n");
+        const shouldExit = await runAction(ACTIONS[selected].id, { env, platform, input, output });
+        if (shouldExit) return;
+        input.setRawMode(true);
+        output.write(HIDE_CURSOR);
+      } else if (key.name === "q" || key.ctrl && key.name === "c") {
+        return;
+      }
+    }
+  } finally {
+    output.write(SHOW_CURSOR);
+    input.setRawMode(false);
+  }
+}
+function renderHome({ env = process.env, platform = process.platform, selected = 0, color = true } = {}) {
+  const c = color ? palette : plainPalette;
+  const rows = endpointRows({ env, platform });
+  const runtime = runtimeSummary({ env, platform });
+  const active = rows.find((row) => row.active);
+  const width = 78;
+  return [
+    CLEAR,
+    c.dim("Vendian Cloud"),
+    `${c.brand("VENDIAN")} ${c.dim(`CLI ${CLI_VERSION}`)}`,
+    c.rule(width),
+    `${c.label("Connected")} ${active ? `${c.good(active.label)} ${c.dim(active.detail)}` : c.warn("No active endpoint")}`,
+    `${c.label("Runtime")}   ${runtime.installed ? c.good("ready") : c.bad("not installed")} ${c.dim(runtime.detail)}`,
+    runtime.updateHint ? `${c.label("Update")}    ${c.warn(runtime.updateHint)}` : `${c.label("Update")}    ${c.good("up to date")}`,
+    "",
+    c.section("Connections:"),
+    ...rows.map((row) => renderEndpointRow(row, c)),
+    "",
+    c.section("Actions:"),
+    ...ACTIONS.map((action, index) => renderAction(action, index === selected, c)),
+    "",
+    c.dim("Use Up/Down to move, Enter to select, q to exit.")
+  ].join("\n");
+}
+function endpointRows({ env = process.env, platform = process.platform } = {}) {
+  return ENDPOINTS.map((endpoint) => {
+    const status = cloudAuthStatus({ backend: endpoint.key, env, platform });
+    const active = status.activeApiUrl === status.apiUrl;
+    return {
+      key: endpoint.key,
+      label: endpoint.label,
+      apiUrl: status.apiUrl,
+      active,
+      status: status.authenticated ? active ? "connected" : "signed in" : "not signed in",
+      detail: status.authenticated ? status.email || status.apiUrl : status.apiUrl
+    };
+  });
+}
+function runtimeSummary({ env = process.env, platform = process.platform, now = Date.now() } = {}) {
+  const config = loadConfig(env, platform);
+  const venvPath = managedVenvPath(env, platform);
+  const vendianPath = venvVendian(venvPath, platform);
+  const installed = import_node_fs8.default.existsSync(vendianPath);
+  const lastUpdate = Date.parse(config.lastManagedUpdateAt || "");
+  const stale = !Number.isFinite(lastUpdate) || now - lastUpdate > 24 * 60 * 60 * 1e3;
+  return {
+    installed,
+    detail: installed ? venvPath : "Run vendian login to prepare it",
+    updateHint: installed && stale ? "Run vendian update to refresh packages" : ""
+  };
+}
+async function runAction(action, { env, platform, input, output }) {
+  if (action === "connect") {
+    await connectEndpoint({ env, platform, input, output });
+    return false;
+  }
+  if (action === "serve") {
+    const agentsDir = await prompt(input, output, "Agents directory", "./agents");
+    await forwardToPythonVendian(["cloud", "local", "serve", "--agents-dir", agentsDir || "./agents"], { env, platform });
+    return true;
+  }
+  if (action === "doctor") {
+    doctor({ env, platform });
+    await prompt(input, output, "Press Enter to return");
+    return false;
+  }
+  if (action === "update") {
+    await setup({ nonInteractive: true, env, platform });
+    await prompt(input, output, "Press Enter to return");
+    return false;
+  }
+  if (action === "help") {
+    output.write(`${helpText()}
+`);
+    await prompt(input, output, "Press Enter to return");
+    return false;
+  }
+  return true;
+}
+async function connectEndpoint({ env, platform, input, output }) {
+  output.write("\nConnect endpoint:\n");
+  ENDPOINTS.forEach((endpoint2, index) => {
+    output.write(`  ${index + 1}. ${endpoint2.label.padEnd(10)} ${BACKEND_TARGETS[endpoint2.key]}
+`);
+  });
+  output.write("  5. Custom API URL\n");
+  const choice = await prompt(input, output, "Endpoint");
+  if (choice === "5") {
+    const apiUrl = await prompt(input, output, "API URL");
+    if (!apiUrl) {
+      output.write("API URL is required.\n");
+      return;
+    }
+    await setup({ apiUrl, forceAuth: true, env, platform });
+    return;
+  }
+  const endpoint = ENDPOINTS[Number(choice) - 1];
+  if (!endpoint) {
+    output.write("Unknown endpoint.\n");
+    return;
+  }
+  await setup({ backend: endpoint.key, forceAuth: true, env, platform });
+}
+function renderEndpointRow(row, c) {
+  const status = row.status === "connected" ? c.badge("CONNECTED", "good") : row.status === "signed in" ? c.badge("SIGNED IN", "warn") : c.badge("OFFLINE", "bad");
+  const active = row.active ? c.good("*") : " ";
+  return `  ${active} ${row.label.padEnd(10)} ${status} ${c.dim(row.detail)}`;
+}
+function renderAction(action, selected, c) {
+  const marker = selected ? c.selected(" > ") : "   ";
+  const label = selected ? c.selected(` ${action.label} `) : action.label;
+  return `${marker}${label}
+     ${c.dim(action.detail)}`;
+}
+function helpText() {
+  return [
+    "",
+    "Common commands:",
+    "  vendian",
+    "  vendian login",
+    "  vendian login --backend staging",
+    "  vendian login --api-url http://localhost:3000",
+    "  vendian cloud local serve --agents-dir ./agents",
+    "  vendian doctor",
+    "  vendian update"
+  ].join("\n");
+}
+function readKey(input) {
+  return new Promise((resolve) => {
+    const handler = (_chunk, key) => {
+      input.off("keypress", handler);
+      resolve(key || {});
+    };
+    input.on("keypress", handler);
+  });
+}
+async function prompt(input, output, question, defaultValue = "") {
+  const rl = import_promises.default.createInterface({ input, output });
+  try {
+    const suffix = defaultValue ? ` (${defaultValue})` : "";
+    const answer = await rl.question(`${question}${suffix}: `);
+    return answer.trim() || defaultValue;
+  } finally {
+    rl.close();
+  }
+}
+var palette = {
+  brand: (value) => `${BOLD}${CYAN}${value}${RESET}`,
+  dim: (value) => `${DIM}${value}${RESET}`,
+  good: (value) => `${GREEN}${value}${RESET}`,
+  warn: (value) => `${YELLOW}${value}${RESET}`,
+  bad: (value) => `${RED}${value}${RESET}`,
+  label: (value) => `${DIM}${value.padEnd(10)}${RESET}`,
+  section: (value) => `${BOLD}${value}${RESET}`,
+  selected: (value) => `${INVERT}${value}${RESET}`,
+  rule: (width) => `${DIM}${"-".repeat(width)}${RESET}`,
+  badge: (value, tone) => {
+    const color = tone === "good" ? GREEN : tone === "warn" ? YELLOW : RED;
+    return `${color}${value.padEnd(9)}${RESET}`;
+  }
+};
+var plainPalette = {
+  brand: String,
+  dim: String,
+  good: String,
+  warn: String,
+  bad: String,
+  label: (value) => value.padEnd(10),
+  section: String,
+  selected: String,
+  rule: (width) => "-".repeat(width),
+  badge: (value) => value.padEnd(9)
+};
+// src/main.js
+function printHelp() {
+  console.log(`Vendian CLI
+Usage:
+  vendian                       Open the interactive menu
+  vendian login                 Sign in and prepare the local runtime
+  vendian setup                 Alias for vendian login
+  vendian doctor                Check local bootstrap health
+  vendian update                Update the managed Vendian CLI/runtime
+  vendian <command>             Run a Vendian cloud command
+Examples:
+  vendian login
+  vendian login --backend staging
+  vendian cloud local serve --agents-dir ./agents
+Environment:
+  VENDIAN_CLI_HOME              Override managed CLI home
+  VENDIAN_API_URL               Override Vendian backend API URL
+`);
+}
+async function main(argv) {
+  const [command, ...rest] = argv;
+  if (!command) {
+    if (process.stdin.isTTY && process.stdout.isTTY) {
+      await runTui();
+    } else {
+      printHelp();
+    }
+    return;
+  }
+  if (command === "--help" || command === "-h") {
+    printHelp();
+    return;
+  }
+  if (command === "--version" || command === "version") {
+    console.log(CLI_VERSION);
+    return;
+  }
+  if (isBootstrapCommand(command)) {
+    await setup(parseSetupOptions(rest));
+    return;
+  }
+  if (command === "doctor") {
+    doctor();
+    return;
+  }
+  if (command === "update") {
+    await setup({ nonInteractive: true });
+    return;
+  }
+  await forwardToPythonVendian(argv);
+}
+function isBootstrapCommand(command) {
+  return command === "login" || command === "setup";
+}
+function parseSetupOptions(args) {
+  const options = {
+    nonInteractive: args.includes("--yes") || args.includes("--non-interactive"),
+    noBrowser: args.includes("--no-browser"),
+    forceAuth: args.includes("--force") || args.includes("--reauth")
+  };
+  for (let index = 0; index < args.length; index += 1) {
+    const arg = args[index];
+    if (arg === "--backend" || arg === "-b") {
+      options.backend = args[index + 1];
+      index += 1;
+    } else if (arg.startsWith("--backend=")) {
+      options.backend = arg.slice("--backend=".length);
+    } else if (arg === "--api-url") {
+      options.apiUrl = args[index + 1];
+      index += 1;
+    } else if (arg.startsWith("--api-url=")) {
+      options.apiUrl = arg.slice("--api-url=".length);
+    }
+  }
+  return options;
+}
+// src/entry.js
+main(process.argv.slice(2)).catch((error) => {
+  const message = error && typeof error.message === "string" ? error.message : String(error);
+  console.error(`[vendian] ${message}`);
+  process.exitCode = 1;
+});