@vibecodr/cli 0.1.9 → 0.2.1

package/CHANGELOG.md

@@ -1,17 +1,25 @@
-# Changelog
-
-## Unreleased
-
-- rename the npm package to `@vibecodr/cli` while keeping `vibecodr` as the primary executable and `vibecodr-mcp` as a compatibility alias
-
-## 0.1.8
-
-- report the actual package version in MCP client metadata instead of a stale hardcoded value
-- publish the CLI after redeploying the hosted Vibecodr MCP gateway
-
-## 0.1.7
-
-- add the `pulse-setup` command for live Pulse setup guidance
+# Changelog
+
+## 0.2.1
+
+- preserve encrypted offline sessions when refresh fails because the authorization server is temporarily unavailable
+- continue clearing stored auth on OAuth `invalid_grant` so revoked or expired refresh tokens fail closed
+
+## 0.2.0
+
+- rename the npm package to `@vibecodr/cli` while keeping `vibecodr` as the primary executable and `vibecodr-mcp` as a compatibility alias
+- add the hardened `pulse` lifecycle command group for list/get/status/run/archive/restore plus create/deploy aliases
+- redact source, descriptor, token, secret, and inline file-content fields from CLI-displayed MCP arguments and results
+- require explicit confirmation for known mutating MCP tools when invoked through the generic `call` command
+
+## 0.1.8
+
+- report the actual package version in MCP client metadata instead of a stale hardcoded value
+- publish the CLI after redeploying the hosted Vibecodr MCP gateway
+
+## 0.1.7
+
+- add the `pulse-setup` command for live Pulse setup guidance
 - align CLI Pulse setup docs with the gateway runtime contract for policy-bound secrets, Stripe-first webhook helper guidance, generic HMAC presets, and provider-scoped connections
 - refresh release-lock coverage for current in-range MCP SDK, keyring, and Node type packages before publishing
 

package/README.md

@@ -3,9 +3,9 @@
 
 
 
-# Vibecodr CLI
+# Vibecodr CLI
 
-Direct terminal client for the hosted Vibecodr MCP server.
+Direct terminal client for the hosted Vibecodr MCP server.
 
 This repository is intentionally separate from the PolyForm-licensed server implementation. The CLI is a client and installer surface, not a second server. It talks to the same hosted Vibecodr MCP gateway used by Codex, Cursor, VS Code, Windsurf, ChatGPT, and other MCP-capable clients.
 
@@ -25,26 +25,28 @@ Currently implemented command surface:
 - `tools`
 - `call`
 - `pulse-setup`
+- `pulse-publish`
+- `pulse`
 - `doctor`
 - `config`
 - `install`
 - `uninstall`
 
-Primary executable:
-
-- `vibecodr`
-
-Compatibility alias:
-
-- `vibecodr-mcp`
-
-Published package:
-
-- `@vibecodr/cli`
-
-Legacy package compatibility:
-
-- `@vibecodr/mcp`
+Primary executable:
+
+- `vibecodr`
+
+Compatibility alias:
+
+- `vibecodr-mcp`
+
+Published package:
+
+- `@vibecodr/cli`
+
+Legacy package compatibility:
+
+- `@vibecodr/mcp`
 
 The runtime path talks directly to `https://openai.vibecodr.space/mcp`. Editor installers are not part of the runtime path.
 
@@ -54,6 +56,8 @@ The official production auth path is now committed in package code through the s
 
 - `https://openai.vibecodr.space/.well-known/oauth-client/vibecodr-mcp.json`
 
+Pulse lifecycle commands use the hosted MCP gateway as the authority boundary. The CLI redacts source, descriptor, token, secret, and inline file-content fields from local output, but the server still enforces OAuth, owner scoping, confirmation, no-delete policy, and model-safe response shaping for direct MCP callers.
+
 Documentation:
 
 - [docs/auth.md](docs/auth.md)

package/dist/auth/token-manager.js

@@ -23,6 +23,12 @@ function computeExpiresAt(expiresIn) {
         return undefined;
     return new Date(Date.now() + expiresIn * 1000).toISOString();
 }
+function oauthErrorCode(error) {
+    if (!error || typeof error !== "object")
+        return undefined;
+    const code = error.errorCode;
+    return typeof code === "string" ? code : undefined;
+}
 function normalizeServerUrlForSessionMatch(value) {
     if (!value)
         return undefined;
@@ -285,10 +291,17 @@ export class TokenManager {
             resource,
             ...(discovery.authorizationServerMetadata ? { metadata: discovery.authorizationServerMetadata } : {})
         }).catch(async (error) => {
-            await this.secretStore.delete(profileName).catch(() => undefined);
-            throw new CliError("auth.refresh_failed", "Failed to refresh the stored session.", EXIT_CODES.authFailed, {
+            const invalidGrant = oauthErrorCode(error) === "invalid_grant";
+            if (invalidGrant) {
+                await this.secretStore.delete(profileName).catch(() => undefined);
+            }
+            throw new CliError("auth.refresh_failed", invalidGrant
+                ? "The stored refresh token is invalid or expired."
+                : "Failed to refresh the stored session.", EXIT_CODES.authFailed, {
                 cause: error,
-                nextStep: "Run vibecodr login to re-authenticate."
+                nextStep: invalidGrant
+                    ? "Run vibecodr login to re-authenticate."
+                    : "Retry after the authorization server recovers. The stored offline session was preserved."
             });
         });
         const updated = {

package/dist/bin/vibecodr-mcp.js

@@ -2,9 +2,9 @@
 import { ConfigStore } from "../storage/config-store.js";
 import { SecretStore } from "../storage/secret-store.js";
 import { TokenManager } from "../auth/token-manager.js";
-import { McpRuntimeClient } from "../core/mcp-client.js";
+import { CLIENT_INFO, McpRuntimeClient } from "../core/mcp-client.js";
 import { Output } from "../cli/output.js";
-import { parseGlobalOptions } from "../cli/parse.js";
+import { isHelpToken, isVersionToken, parseGlobalOptions } from "../cli/parse.js";
 import { CliError, EXIT_CODES } from "../cli/errors.js";
 import { runLoginCommand } from "../commands/login.js";
 import { runLogoutCommand } from "../commands/logout.js";
@@ -17,6 +17,7 @@ import { runInstallCommand } from "../commands/install.js";
 import { runUninstallCommand } from "../commands/uninstall.js";
 import { runPulseSetupCommand } from "../commands/pulse-setup.js";
 import { runPulsePublishCommand } from "../commands/pulse-publish.js";
+import { runPulseCommand } from "../commands/pulse.js";
 function helpText() {
     return [
         "vibecodr <command> [options]",
@@ -34,6 +35,7 @@ function helpText() {
         "  config",
         "  pulse-setup [--descriptor-setup-json <json> | --descriptor-setup-file <path>]",
         "  pulse-publish --name <name> (--code <source> | --code-file <path>) --confirm",
+        "  pulse <list|get|status|run|archive|restore|create|deploy>",
         "    Publishes a standalone Pulse with private source/metadata visibility by default.",
         "    The runtime URL is still public HTTP unless the Pulse code rejects callers.",
         "",
@@ -44,12 +46,19 @@ function helpText() {
         "  --non-interactive"
     ].join("\n");
 }
+function versionText() {
+    return String(CLIENT_INFO.version);
+}
 async function main() {
     const { command, commandArgs, globalOptions } = parseGlobalOptions(process.argv.slice(2));
-    if (!command || command === "--help" || command === "help") {
+    if (!command || isHelpToken(command)) {
         process.stdout.write(helpText() + "\n");
         return;
     }
+    if (isVersionToken(command)) {
+        process.stdout.write(versionText() + "\n");
+        return;
+    }
     const configStore = new ConfigStore();
     const secretStore = new SecretStore();
     const tokenManager = new TokenManager(configStore, secretStore);
@@ -97,6 +106,9 @@ async function main() {
         case "pulse-publish":
             await runPulsePublishCommand(commandArgs, context);
             return;
+        case "pulse":
+            await runPulseCommand(commandArgs, context);
+            return;
         default:
             throw new CliError("usage.command", `Unknown command: ${command}`, EXIT_CODES.usage);
     }

package/dist/cli/parse.js

@@ -1,6 +1,12 @@
 import { CliError, EXIT_CODES } from "./errors.js";
 function normalizeFlagName(flag) {
-    return flag.replace(/^--/, "");
+    return flag.replace(/^-+/, "");
+}
+export function isHelpToken(token) {
+    return token === "help" || token === "--help" || token === "-h" || token === "-help";
+}
+export function isVersionToken(token) {
+    return token === "--version" || token === "-v" || token === "-version";
 }
 export function parseFlags(args, options) {
     const valueFlags = new Set(options.valueFlags || []);
@@ -46,6 +52,10 @@ export function parseGlobalOptions(argv) {
         const token = argv[index];
         if (token === undefined)
             continue;
+        if (!command && (isHelpToken(token) || isVersionToken(token))) {
+            command = token;
+            continue;
+        }
         if (token === "--profile") {
             const value = argv[index + 1];
             if (!value)

package/dist/commands/call.js

@@ -3,7 +3,19 @@ import { promptText } from "../platform/prompt.js";
 import { parseFlags } from "../cli/parse.js";
 import { CliError, EXIT_CODES } from "../cli/errors.js";
 import { renderToolResult } from "../core/renderers.js";
+import { redactForOutput } from "../core/redaction.js";
 import { promptObjectBySchema } from "../core/interactive-input.js";
+import { showHelpIfRequested } from "./help.js";
+const CONFIRMED_TOOL_NAMES = new Set([
+    "quick_publish_creation",
+    "publish_standalone_pulse",
+    "publish_draft_capsule",
+    "cancel_import_operation",
+    "update_live_vibe_metadata",
+    "run_pulse",
+    "archive_pulse",
+    "restore_pulse"
+]);
 function challengedScope(error) {
     if (!error.debugDetails || typeof error.debugDetails !== "object")
         return undefined;
@@ -87,9 +99,11 @@ async function listToolsWithRetry(context, allowLogin) {
     }
 }
 export async function runCallCommand(args, context) {
+    if (showHelpIfRequested(args, context, "Usage: vibecodr call <tool-name> [--input-json <json>] [--input-file <path>] [--stdin] [--interactive] [--no-login] [--confirm]"))
+        return;
     const { flags, positionals } = parseFlags(args, {
         valueFlags: ["input-json", "input-file"],
-        booleanFlags: ["stdin", "interactive", "no-login"]
+        booleanFlags: ["stdin", "interactive", "no-login", "confirm"]
     });
     const toolName = positionals[0];
     if (!toolName) {
@@ -113,11 +127,17 @@ export async function runCallCommand(args, context) {
         }
         input = await promptObjectBySchema(promptText, toolName, tool.inputSchema);
     }
+    if (CONFIRMED_TOOL_NAMES.has(toolName) && flags["confirm"] !== true) {
+        throw new CliError("usage.confirmation_required", `Calling ${toolName} requires explicit confirmation. Re-run with --confirm after the user confirms.`, EXIT_CODES.usage);
+    }
+    if (CONFIRMED_TOOL_NAMES.has(toolName)) {
+        input = { ...input, confirmed: true };
+    }
     const { result } = await callToolWithRetry(context, toolName, input, !flags["no-login"]);
     context.output.success({
         schemaVersion: 1,
         tool: toolName,
-        arguments: input,
-        result
-    }, [renderToolResult(result)]);
+        arguments: redactForOutput(input),
+        result: redactForOutput(result)
+    }, [renderToolResult(redactForOutput(result))]);
 }

package/dist/commands/config.js

@@ -1,6 +1,7 @@
 import { parseFlags } from "../cli/parse.js";
 import { CliError, EXIT_CODES } from "../cli/errors.js";
 import { defaultProfileConfig } from "../types/config.js";
+import { showHelpIfRequested } from "./help.js";
 function updateProfileKey(profile, key, value) {
     switch (key) {
         case "server-url":
@@ -37,6 +38,8 @@ async function saveConfig(context, config) {
     await context.configStore.save(config);
 }
 export async function runConfigCommand(args, context) {
+    if (showHelpIfRequested(args, context, "Usage: vibecodr config path|show|set|unset|profile ..."))
+        return;
     const action = args[0];
     const config = await context.configStore.load();
     const currentProfileName = context.globalOptions.profile || config.currentProfile;

package/dist/commands/doctor.js

@@ -1,7 +1,10 @@
 import { parseFlags } from "../cli/parse.js";
 import { runDoctor } from "../doctor/run.js";
 import { EXIT_CODES } from "../cli/errors.js";
+import { showHelpIfRequested } from "./help.js";
 export async function runDoctorCommand(args, context) {
+    if (showHelpIfRequested(args, context, "Usage: vibecodr doctor [--client <codex|cursor|vscode|windsurf>]"))
+        return;
     const { flags } = parseFlags(args, {
         valueFlags: ["client"]
     });

package/dist/commands/help.js

@@ -0,0 +1,7 @@
+import { isHelpToken } from "../cli/parse.js";
+export function showHelpIfRequested(args, _context, text) {
+    if (!args.some((arg) => isHelpToken(arg)))
+        return false;
+    process.stdout.write(`${text}\n`);
+    return true;
+}

package/dist/commands/install.js

@@ -5,10 +5,13 @@ import { installCodex } from "../clients/codex.js";
 import { installCursor } from "../clients/cursor.js";
 import { installVsCode } from "../clients/vscode.js";
 import { installWindsurf } from "../clients/windsurf.js";
+import { showHelpIfRequested } from "./help.js";
 function defaultName(serverUrl) {
     return serverUrl.includes("staging") ? "vibecodr-staging" : "vibecodr";
 }
 export async function runInstallCommand(args, context) {
+    if (showHelpIfRequested(args, context, "Usage: vibecodr install <codex|cursor|vscode|windsurf> [--scope user|project] [--path <dir>] [--name <server-name>] [--open-client] [--overwrite] [--dry-run]"))
+        return;
     const client = args[0];
     if (!client || !["codex", "cursor", "vscode", "windsurf"].includes(client)) {
         throw new CliError("usage.install_client", "Usage: install <codex|cursor|vscode|windsurf> [options]", EXIT_CODES.usage);

package/dist/commands/login.js

@@ -1,5 +1,8 @@
 import { parseFlags } from "../cli/parse.js";
+import { showHelpIfRequested } from "./help.js";
 export async function runLoginCommand(args, context) {
+    if (showHelpIfRequested(args, context, "Usage: vibecodr login [--scope <oauth-scope>] [--registration auto|preregistered|cimd|dcr|manual] [--browser open|print] [--timeout-sec <n>]"))
+        return;
     const { flags } = parseFlags(args, {
         valueFlags: ["scope", "registration", "browser", "timeout-sec"]
     });

package/dist/commands/logout.js

@@ -1,5 +1,8 @@
 import { parseFlags } from "../cli/parse.js";
+import { showHelpIfRequested } from "./help.js";
 export async function runLogoutCommand(args, context) {
+    if (showHelpIfRequested(args, context, "Usage: vibecodr logout [--all] [--no-revoke]"))
+        return;
     const { flags } = parseFlags(args, {
         booleanFlags: ["all", "no-revoke"]
     });

package/dist/commands/pulse-publish.js

@@ -3,6 +3,7 @@ import { CliError, EXIT_CODES } from "../cli/errors.js";
 import { parseFlags } from "../cli/parse.js";
 import { renderToolResult } from "../core/renderers.js";
 import { callToolWithRetry } from "./call.js";
+import { showHelpIfRequested } from "./help.js";
 const PUBLISH_STANDALONE_PULSE_TOOL_NAME = "publish_standalone_pulse";
 const PULSE_VISIBILITIES = new Set(["public", "unlisted", "private"]);
 const DEFAULT_PULSE_VISIBILITY = "private";
@@ -79,6 +80,8 @@ function redactPulsePublishArguments(input) {
     };
 }
 export async function runPulsePublishCommand(args, context) {
+    if (showHelpIfRequested(args, context, "Usage: vibecodr pulse-publish --name <name> (--code <source> | --code-file <path>) [--descriptor-json <json> | --descriptor-file <path>] [--slug <slug>] [--visibility public|unlisted|private] --confirm"))
+        return;
     const input = await parsePulsePublishInput(args);
     const { result } = await callToolWithRetry(context, PUBLISH_STANDALONE_PULSE_TOOL_NAME, input, true);
     context.output.success({

package/dist/commands/pulse-setup.js

@@ -3,6 +3,7 @@ import { CliError, EXIT_CODES } from "../cli/errors.js";
 import { parseFlags } from "../cli/parse.js";
 import { renderToolResult } from "../core/renderers.js";
 import { callToolWithRetry } from "./call.js";
+import { showHelpIfRequested } from "./help.js";
 const PULSE_SETUP_TOOL_NAME = "get_pulse_setup_guidance";
 const PULSE_DESCRIPTOR_SOURCE_OF_TRUTH = "PulseDescriptor";
 function readStructuredContent(result) {
@@ -70,6 +71,8 @@ async function parsePulseSetupInput(args) {
     return {};
 }
 export async function runPulseSetupCommand(args, context) {
+    if (showHelpIfRequested(args, context, "Usage: vibecodr pulse-setup [--descriptor-setup-json <json> | --descriptor-setup-file <path>]"))
+        return;
     const input = await parsePulseSetupInput(args);
     const { result } = await callToolWithRetry(context, PULSE_SETUP_TOOL_NAME, input, true);
     assertDescriptorSetupGuidance(result, { expectsDescriptorSetup: Boolean(input["descriptorSetup"]) });

package/dist/commands/pulse.js

@@ -0,0 +1,145 @@
+import { readFile } from "node:fs/promises";
+import { CliError, EXIT_CODES } from "../cli/errors.js";
+import { isHelpToken, parseFlags } from "../cli/parse.js";
+import { renderToolResult } from "../core/renderers.js";
+import { redactForOutput } from "../core/redaction.js";
+import { callToolWithRetry } from "./call.js";
+import { runPulsePublishCommand } from "./pulse-publish.js";
+const MAX_LIST_LIMIT = 25;
+const PULSE_ACTIONS = {
+    get: { toolName: "get_pulse", requiresConfirm: false },
+    status: { toolName: "get_pulse_status", requiresConfirm: false },
+    run: { toolName: "run_pulse", requiresConfirm: true },
+    archive: { toolName: "archive_pulse", requiresConfirm: true },
+    restore: { toolName: "restore_pulse", requiresConfirm: true }
+};
+function pulseHelpText() {
+    return [
+        "Usage: vibecodr pulse <command> [options]",
+        "",
+        "Commands:",
+        "  list [--limit <n>] [--offset <n>]",
+        "  get <pulse-id>",
+        "  status <pulse-id>",
+        "  run <pulse-id> [--input-json <json> | --input-file <path>] --confirm",
+        "  archive <pulse-id> --confirm",
+        "  restore <pulse-id> --confirm",
+        "  create --name <name> (--code <source> | --code-file <path>) --confirm",
+        "  deploy --name <name> (--code <source> | --code-file <path>) --confirm",
+        "",
+        "Delete is intentionally not exposed by the CLI; archive a Pulse instead."
+    ].join("\n");
+}
+function parseBoundedInteger(raw, name, defaultValue, maxValue) {
+    if (raw === undefined)
+        return defaultValue;
+    const value = Number(raw);
+    if (!Number.isInteger(value) || value < 0) {
+        throw new CliError("usage.invalid_number", `${name} must be a non-negative integer.`, EXIT_CODES.usage);
+    }
+    return Math.min(value, maxValue);
+}
+function parsePulseId(raw) {
+    const pulseId = typeof raw === "string" ? raw.trim() : "";
+    if (!pulseId) {
+        throw new CliError("usage.pulse_id_required", "A Pulse id is required.", EXIT_CODES.usage);
+    }
+    if (pulseId.length > 128 || !/^[A-Za-z0-9._:-]+$/.test(pulseId)) {
+        throw new CliError("usage.invalid_pulse_id", "Pulse id contains unsupported characters.", EXIT_CODES.usage);
+    }
+    return pulseId;
+}
+function parseJsonObject(raw, source) {
+    let parsed;
+    try {
+        parsed = JSON.parse(raw);
+    }
+    catch (error) {
+        throw new CliError("usage.invalid_json", `${source} must be valid JSON: ${error instanceof Error ? error.message : String(error)}`, EXIT_CODES.usage);
+    }
+    if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+        throw new CliError("usage.invalid_json", `${source} must be a JSON object.`, EXIT_CODES.usage);
+    }
+    return parsed;
+}
+async function parseRunInput(flags) {
+    const hasInputJson = typeof flags["input-json"] === "string";
+    const hasInputFile = typeof flags["input-file"] === "string";
+    if (hasInputJson && hasInputFile) {
+        throw new CliError("usage.duplicate_input", "Use either --input-json or --input-file, not both.", EXIT_CODES.usage);
+    }
+    if (hasInputJson)
+        return parseJsonObject(String(flags["input-json"]), "--input-json");
+    if (hasInputFile)
+        return parseJsonObject(await readFile(String(flags["input-file"]), "utf8"), "--input-file");
+    return undefined;
+}
+async function invokePulseTool(context, toolName, input) {
+    const { result } = await callToolWithRetry(context, toolName, input, true);
+    context.output.success({
+        schemaVersion: 1,
+        tool: toolName,
+        arguments: redactForOutput(input),
+        result
+    }, [renderToolResult(result)]);
+}
+export async function runPulseCommand(args, context) {
+    const subcommand = args[0];
+    const commandArgs = args.slice(1);
+    if (!subcommand || isHelpToken(subcommand) || commandArgs.some((arg) => isHelpToken(arg))) {
+        context.output.info(pulseHelpText());
+        return;
+    }
+    if (subcommand === "create" || subcommand === "deploy") {
+        await runPulsePublishCommand(commandArgs, context);
+        return;
+    }
+    if (subcommand === "delete") {
+        throw new CliError("usage.pulse_delete_unavailable", "The CLI does not expose Pulse deletion. Archive the Pulse instead.", EXIT_CODES.usage);
+    }
+    if (subcommand === "logs") {
+        throw new CliError("usage.pulse_logs_unavailable", "Pulse logs are not exposed through the hardened CLI lifecycle surface yet.", EXIT_CODES.usage, { nextStep: "Use `vibecodr pulse status <pulse-id>` for deploy state, or inspect platform telemetry through the owner dashboard." });
+    }
+    if (subcommand === "list") {
+        const { flags, positionals } = parseFlags(commandArgs, {
+            valueFlags: ["limit", "offset"],
+            booleanFlags: []
+        });
+        if (positionals.length > 0) {
+            throw new CliError("usage.unexpected_argument", `Unexpected argument: ${positionals[0]}`, EXIT_CODES.usage);
+        }
+        await invokePulseTool(context, "list_pulses", {
+            limit: parseBoundedInteger(flags["limit"], "--limit", 10, MAX_LIST_LIMIT),
+            offset: parseBoundedInteger(flags["offset"], "--offset", 0, 10_000)
+        });
+        return;
+    }
+    const action = PULSE_ACTIONS[subcommand];
+    if (!action) {
+        throw new CliError("usage.command", `Unknown pulse command: ${subcommand}`, EXIT_CODES.usage);
+    }
+    const { flags, positionals } = parseFlags(commandArgs, {
+        valueFlags: ["input-json", "input-file"],
+        booleanFlags: ["confirm"]
+    });
+    const pulseId = parsePulseId(positionals[0]);
+    if (positionals.length > 1) {
+        throw new CliError("usage.unexpected_argument", `Unexpected argument: ${positionals[1]}`, EXIT_CODES.usage);
+    }
+    if (action.requiresConfirm && flags["confirm"] !== true) {
+        throw new CliError("usage.confirmation_required", `Pulse ${subcommand} requires explicit confirmation. Re-run with --confirm after the user confirms.`, EXIT_CODES.usage);
+    }
+    const input = {
+        pulseId,
+        ...(action.requiresConfirm ? { confirmed: true } : {})
+    };
+    if (subcommand === "run") {
+        const runInput = await parseRunInput(flags);
+        if (runInput !== undefined)
+            input["input"] = runInput;
+    }
+    else if (flags["input-json"] !== undefined || flags["input-file"] !== undefined) {
+        throw new CliError("usage.unknown_flag", "--input-json and --input-file are only valid for pulse run.", EXIT_CODES.usage);
+    }
+    await invokePulseTool(context, action.toolName, input);
+}

package/dist/commands/status.js

@@ -1,5 +1,6 @@
 import { access } from "node:fs/promises";
 import { parseFlags } from "../cli/parse.js";
+import { showHelpIfRequested } from "./help.js";
 import { InstallManifestStore } from "../storage/install-manifest.js";
 async function inspectInstall(entry) {
     if (entry.method !== "file") {
@@ -23,6 +24,8 @@ async function inspectInstall(entry) {
     }
 }
 export async function runStatusCommand(args, context) {
+    if (showHelpIfRequested(args, context, "Usage: vibecodr status [--probe] [--show-installs]"))
+        return;
     const { flags } = parseFlags(args, {
         booleanFlags: ["probe", "show-installs"]
     });

package/dist/commands/tools.js

@@ -1,6 +1,7 @@
 import { formatJson, summarizeToolSchema } from "../core/renderers.js";
 import { parseFlags } from "../cli/parse.js";
 import { CliError, EXIT_CODES } from "../cli/errors.js";
+import { showHelpIfRequested } from "./help.js";
 function challengedScope(error) {
     if (!error.debugDetails || typeof error.debugDetails !== "object")
         return undefined;
@@ -40,6 +41,8 @@ async function loadToolsWithRetry(context, allowLogin) {
     }
 }
 export async function runToolsCommand(args, context) {
+    if (showHelpIfRequested(args, context, "Usage: vibecodr tools [<tool-name>] [--search <text>] [--schema] [--no-login]"))
+        return;
     const { flags, positionals } = parseFlags(args, {
         valueFlags: ["search"],
         booleanFlags: ["schema", "no-login"]

package/dist/commands/uninstall.js

@@ -5,7 +5,10 @@ import { uninstallCodex } from "../clients/codex.js";
 import { uninstallCursor } from "../clients/cursor.js";
 import { uninstallVsCode } from "../clients/vscode.js";
 import { uninstallWindsurf } from "../clients/windsurf.js";
+import { showHelpIfRequested } from "./help.js";
 export async function runUninstallCommand(args, context) {
+    if (showHelpIfRequested(args, context, "Usage: vibecodr uninstall <codex|cursor|vscode|windsurf> [--scope user|project] [--path <dir>] [--name <server-name>] [--dry-run]"))
+        return;
     const client = args[0];
     if (!client || !["codex", "cursor", "vscode", "windsurf"].includes(client)) {
         throw new CliError("usage.uninstall_client", "Usage: uninstall <codex|cursor|vscode|windsurf> [options]", EXIT_CODES.usage);

package/dist/core/redaction.js

@@ -0,0 +1,44 @@
+const REDACTED = "[redacted]";
+const SENSITIVE_KEY_PATTERNS = [
+    /^authorization$/i,
+    /^cookie$/i,
+    /^set-cookie$/i,
+    /(^|[-_])token$/i,
+    /(^|[-_])secret($|[-_])/i,
+    /password/i,
+    /credential/i,
+    /^api[-_]?key$/i,
+    /(^|[-_])api[-_]?key$/i,
+    /^private[-_]?key$/i,
+    /^refresh[-_]?token$/i,
+    /^access[-_]?token$/i,
+    /^fileBase64$/i,
+    /^code$/i,
+    /^content$/i,
+    /^descriptor$/i
+];
+const SENSITIVE_STRING_PATTERNS = [
+    /\bBearer\s+[A-Za-z0-9._~+/=-]+/i,
+    /\btok_[A-Za-z0-9._-]+/i,
+    /\bsk-[A-Za-z0-9._-]+/i,
+    /\b(token|secret|api[-_ ]?key)\s*[:=]\s*\S+/i
+];
+function isSensitiveKey(key) {
+    return SENSITIVE_KEY_PATTERNS.some((pattern) => pattern.test(key));
+}
+export function redactForOutput(value, keyHint) {
+    if (keyHint && isSensitiveKey(keyHint))
+        return REDACTED;
+    if (Array.isArray(value))
+        return value.map((item) => redactForOutput(item));
+    if (typeof value === "string" && SENSITIVE_STRING_PATTERNS.some((pattern) => pattern.test(value))) {
+        return REDACTED;
+    }
+    if (!value || typeof value !== "object")
+        return value;
+    const output = {};
+    for (const [key, nested] of Object.entries(value)) {
+        output[key] = redactForOutput(nested, key);
+    }
+    return output;
+}

package/docs/commands.md

@@ -4,16 +4,16 @@ This page documents the command surface implemented in the current repo.
 
 ## Global flags
 
-All commands accept:
-
-- `--profile <name>`
-- `--json`
-- `--verbose`
-- `--non-interactive`
-
-Alternate MCP servers are profile-scoped, not runtime overrides. Use
-`vibecodr config profile create <name> --server-url <url>` and then login to
-that profile; stored tokens are bound to the server that issued them.
+All commands accept:
+
+- `--profile <name>`
+- `--json`
+- `--verbose`
+- `--non-interactive`
+
+Alternate MCP servers are profile-scoped, not runtime overrides. Use
+`vibecodr config profile create <name> --server-url <url>` and then login to
+that profile; stored tokens are bound to the server that issued them.
 
 ## Commands
 
@@ -58,12 +58,14 @@ This always reads the live tool catalog from the MCP server.
 
 Syntax:
 
-`vibecodr call <tool-name> [--input-json <json>] [--input-file <path>] [--stdin] [--interactive] [--no-login]`
+`vibecodr call <tool-name> [--input-json <json>] [--input-file <path>] [--stdin] [--interactive] [--no-login] [--confirm]`
 
 `--interactive` currently supports top-level scalar object fields.
 
 For `quick_publish_creation` with `payload.importMode: "direct_files"`, pass file paths as normal slash-separated project paths such as `src/main.tsx` or `src/server/binding-proof.js`. Do not pre-encode slashes as `%2F`; the hosted MCP gateway encodes each URL segment when it writes files to Vibecodr.
 
+Known mutating tools require explicit confirmation through `--confirm`. The CLI redacts secret, token, source, descriptor, and inline file-content fields from displayed arguments and results; the MCP gateway remains the authority boundary for OAuth, owner checks, confirmation, and output shaping.
+
 ### `pulse-setup`
 
 Syntax:
@@ -76,6 +78,31 @@ The CLI does not maintain separate Pulse setup copy; it reads MCP output derived
 
 The returned guidance should stay capability-shaped: `env.fetch` is Vibecodr policy-mediated fetch, `env.secrets.bearer/header/query/verifyHmac` are policy-bound secret helpers, `env.webhooks.verify("stripe")` is the first certified provider helper rather than the whole webhook model, non-Stripe signed webhooks use generic HMAC format presets such as `github-sha256`, `shopify-hmac-sha256`, and `slack-v0` until fixture-backed helpers exist, `env.connections.use(provider).fetch` is provider-scoped connected-account access, `env.log` is structured logging, `env.request` is sanitized request access, `env.runtime` is safe correlation metadata, and `env.waitUntil` is best-effort after-response work. The CLI must not introduce separate cleanup, platform-binding, dispatch, raw-token, raw-authorization, or physical-storage guidance.
 
+### `pulse-publish`
+
+Syntax:
+
+`vibecodr pulse-publish --name <name> (--code <source> | --code-file <path>) [--descriptor-json <json> | --descriptor-file <path>] [--slug <slug>] [--visibility public|unlisted|private] --confirm`
+
+Calls `publish_standalone_pulse`. Standalone Pulse source/metadata visibility defaults to private. Private visibility does not add runtime authentication to the public Pulse URL. The CLI does not echo source code or descriptors in successful output.
+
+### `pulse`
+
+Syntax:
+
+- `vibecodr pulse list [--limit <n>] [--offset <n>]`
+- `vibecodr pulse get <pulse-id>`
+- `vibecodr pulse status <pulse-id>`
+- `vibecodr pulse run <pulse-id> [--input-json <json> | --input-file <path>] --confirm`
+- `vibecodr pulse archive <pulse-id> --confirm`
+- `vibecodr pulse restore <pulse-id> --confirm`
+- `vibecodr pulse create --name <name> (--code <source> | --code-file <path>) --confirm`
+- `vibecodr pulse deploy --name <name> (--code <source> | --code-file <path>) --confirm`
+
+`create` and `deploy` are aliases for the standalone publish flow. `run`, `archive`, and `restore` require explicit confirmation. `delete` is intentionally unavailable; archive a Pulse instead. `logs` are not exposed through the hardened lifecycle surface yet.
+
+The CLI forwards lifecycle calls to MCP tools owned by the hosted gateway: `list_pulses`, `get_pulse`, `get_pulse_status`, `run_pulse`, `archive_pulse`, and `restore_pulse`. These server tools are hidden from default discovery but callable by exact name for owner recovery and CLI use.
+
 ### `doctor`
 
 Syntax:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibecodr/cli",
-  "version": "0.1.9",
+  "version": "0.2.1",
   "description": "Vibecodr CLI for login, live MCP tool discovery, and live tool invocation.",
   "license": "Apache-2.0",
   "type": "module",