@vtriv/cli 0.1.0

package/README.md

@@ -0,0 +1,68 @@
+# vtriv CLI
+
+Command-line interface for vtriv backend services.
+
+## Installation
+
+```bash
+# Install dependencies
+bun install
+
+# Run directly
+bun run index.ts --help
+
+# Or link globally
+bun link
+vtriv --help
+```
+
+## Setup
+
+```bash
+# Initialize configuration
+vtriv init
+```
+
+This creates `~/.vtrivrc` with your API gateway URL and bootstrap key.
+
+## Quick Start
+
+```bash
+# List projects
+vtriv auth project:list
+
+# Create a project
+vtriv auth project:create my-app
+
+# Create a user
+vtriv auth user:create my-app admin@example.com secretpass
+
+# List documents
+vtriv db ls my-app posts
+
+# Create a document
+echo '{"title":"Hello"}' | vtriv db put my-app posts
+
+# Search
+vtriv search query my-app posts "hello world"
+```
+
+## Commands
+
+- `vtriv init` - Setup configuration
+- `vtriv auth` - Auth service (projects, users, tokens, API keys)
+- `vtriv db` - Database service (ls, get, put, rm, schema)
+- `vtriv blob` - Blob storage (put, get, rm)
+- `vtriv cron` - Cron jobs (ls, runs, trigger, script:cat)
+- `vtriv ai` - AI service (stats, chat)
+- `vtriv search` - Search service (config, query)
+
+## Options
+
+- `--json` - Output raw JSON for scripts/agents
+- `--profile <name>` - Use a specific profile
+- `--debug` - Show HTTP curl equivalents
+
+## Documentation
+
+See [~/grit/skills/vtriv/cli.md](../../grit/skills/vtriv/cli.md) for full documentation.

package/index.ts

@@ -0,0 +1,937 @@
+#!/usr/bin/env bun
+/**
+ * vtriv-cli - Command-line interface for vtriv services
+ *
+ * Gateway-first: single baseUrl with service routing by path prefix
+ * Auto-mints JWTs for non-auth services using root key
+ */
+
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { Command } from "commander";
+import chalk from "chalk";
+
+// =============================================================================
+// Types
+// =============================================================================
+
+interface Profile {
+	baseUrl: string;
+	rootKey: string;
+}
+
+interface Config {
+	default: string;
+	profiles: Record<string, Profile>;
+	apiKeys?: Record<string, string>;
+}
+
+interface GlobalOptions {
+	json?: boolean;
+	profile?: string;
+	debug?: boolean;
+}
+
+// =============================================================================
+// Configuration
+// =============================================================================
+
+const CONFIG_PATH = join(homedir(), ".vtrivrc");
+
+function loadConfig(): Config | null {
+	if (!existsSync(CONFIG_PATH)) return null;
+	try {
+		return JSON.parse(readFileSync(CONFIG_PATH, "utf-8"));
+	} catch {
+		return null;
+	}
+}
+
+function saveConfig(config: Config): void {
+	writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2));
+}
+
+function getProfile(profileName?: string): Profile {
+	const config = loadConfig();
+	if (!config) {
+		console.error(chalk.red("No config found. Run 'vtriv init' first."));
+		process.exit(1);
+	}
+	const name = profileName || config.default;
+	const profile = config.profiles[name];
+	if (!profile) {
+		console.error(chalk.red(`Profile '${name}' not found.`));
+		process.exit(1);
+	}
+	return profile;
+}
+
+// =============================================================================
+// Output Helpers
+// =============================================================================
+
+function output(data: unknown, opts: GlobalOptions): void {
+	if (opts.json) {
+		console.log(JSON.stringify(data, null, 2));
+	} else if (Array.isArray(data)) {
+		printTable(data);
+	} else if (typeof data === "object" && data !== null) {
+		for (const [key, value] of Object.entries(data)) {
+			console.log(`${chalk.cyan(key)}: ${JSON.stringify(value)}`);
+		}
+	} else {
+		console.log(data);
+	}
+}
+
+function printTable(rows: Record<string, unknown>[]): void {
+	if (rows.length === 0) {
+		console.log(chalk.dim("(no results)"));
+		return;
+	}
+	const keys = Object.keys(rows[0] ?? {});
+	const widths = keys.map((k) =>
+		Math.max(k.length, ...rows.map((r) => String(r[k] ?? "").length))
+	);
+
+	// Header
+	const header = keys.map((k, i) => k.padEnd(widths[i] ?? 0)).join("  ");
+	console.log(chalk.bold(header));
+	console.log(chalk.dim("-".repeat(header.length)));
+
+	// Rows
+	for (const row of rows) {
+		const line = keys.map((k, i) => String(row[k] ?? "").padEnd(widths[i] ?? 0)).join("  ");
+		console.log(line);
+	}
+}
+
+function error(msg: string, opts: GlobalOptions): void {
+	if (opts.json) {
+		console.error(JSON.stringify({ error: msg }));
+	} else {
+		console.error(chalk.red(`Error: ${msg}`));
+	}
+	process.exit(1);
+}
+
+// =============================================================================
+// HTTP Request Helper
+// =============================================================================
+
+// Cache for minted tokens per project
+const tokenCache = new Map<string, { token: string; expires: number }>();
+
+async function request(
+	service: string,
+	path: string,
+	options: {
+		method?: string;
+		body?: unknown;
+		project?: string;
+	},
+	opts: GlobalOptions
+): Promise<unknown> {
+	const profile = getProfile(opts.profile);
+	const url = `${profile.baseUrl}/${service}${path}`;
+	const method = options.method || "GET";
+
+	const headers: Record<string, string> = {
+		"Content-Type": "application/json",
+	};
+
+	// Auth service uses root key via Bearer header
+	if (service === "auth") {
+		headers["Authorization"] = `Bearer ${profile.rootKey}`;
+	} else if (options.project) {
+		// Other services need a JWT minted via auth
+		const token = await getProjectToken(options.project, opts);
+		headers["Authorization"] = `Bearer ${token}`;
+	}
+
+	if (opts.debug) {
+		const bodyArg = options.body ? `-d '${JSON.stringify(options.body)}'` : "";
+		const authArg = headers["Authorization"]
+			? `-H "Authorization: ${headers["Authorization"]}"`
+			: "";
+		console.error(chalk.dim(`curl -X ${method} "${url}" ${authArg} ${bodyArg}`));
+	}
+
+	const res = await fetch(url, {
+		method,
+		headers,
+		body: options.body ? JSON.stringify(options.body) : undefined,
+	});
+
+	const text = await res.text();
+	let data: unknown;
+	try {
+		data = JSON.parse(text);
+	} catch {
+		data = text;
+	}
+
+	if (!res.ok) {
+		const errMsg = typeof data === "object" && data !== null && "error" in data
+			? (data as { error: string }).error
+			: text;
+		error(errMsg, opts);
+	}
+
+	return data;
+}
+
+async function getProjectToken(project: string, opts: GlobalOptions): Promise<string> {
+	const cached = tokenCache.get(project);
+	if (cached && cached.expires > Date.now()) {
+		return cached.token;
+	}
+
+	const profile = getProfile(opts.profile);
+	
+	// Get or create a CLI API key
+	let cliApiKey = getCachedApiKey(project);
+	
+	if (!cliApiKey) {
+		// Create a new API key for CLI use
+		const createKeyRes = await fetch(`${profile.baseUrl}/auth/${project}/api-keys`, {
+			method: "POST",
+			headers: {
+				"Authorization": `Bearer ${profile.rootKey}`,
+				"Content-Type": "application/json",
+			},
+			body: JSON.stringify({ name: "vtriv-cli" }),
+		});
+		
+		if (!createKeyRes.ok) {
+			const err = await createKeyRes.text();
+			error(`Failed to create CLI API key: ${err}`, opts);
+		}
+		
+		const keyData = (await createKeyRes.json()) as { api_key: string };
+		cliApiKey = keyData.api_key;
+		cacheApiKey(project, cliApiKey);
+	}
+	
+	// Now mint a token using the API key
+	const mintRes = await fetch(`${profile.baseUrl}/auth/${project}/token`, {
+		method: "POST",
+		headers: {
+			"Authorization": `Bearer ${cliApiKey}`,
+			"Content-Type": "application/json",
+		},
+		body: JSON.stringify({ expires_in: 3600 }),
+	});
+	
+	if (!mintRes.ok) {
+		// API key might be invalid/deleted, clear cache and retry
+		clearCachedApiKey(project);
+		error(`Failed to mint token. Try again.`, opts);
+	}
+	
+	const tokenData = (await mintRes.json()) as { token: string };
+	const token = tokenData.token;
+	
+	// Cache for 55 minutes (token valid for 60)
+	tokenCache.set(project, { token, expires: Date.now() + 55 * 60 * 1000 });
+	
+	return token;
+}
+
+// API key cache (stored in config)
+function getCachedApiKey(project: string): string | null {
+	const config = loadConfig();
+	return config?.apiKeys?.[project] || null;
+}
+
+function cacheApiKey(project: string, apiKey: string): void {
+	const config = loadConfig();
+	if (!config) return;
+	config.apiKeys = config.apiKeys || {};
+	config.apiKeys[project] = apiKey;
+	saveConfig(config);
+}
+
+function clearCachedApiKey(project: string): void {
+	const config = loadConfig();
+	if (!config) return;
+	if (config.apiKeys) {
+		delete config.apiKeys[project];
+		saveConfig(config);
+	}
+}
+
+// =============================================================================
+// Program
+// =============================================================================
+
+const program = new Command();
+
+program
+	.name("vtriv")
+	.description("CLI for vtriv backend services")
+	.version("0.1.0")
+	.option("--json", "Output raw JSON")
+	.option("--profile <name>", "Use specific profile")
+	.option("--debug", "Show HTTP requests");
+
+// =============================================================================
+// Init Command
+// =============================================================================
+
+program
+	.command("init")
+	.description("Initialize CLI configuration")
+	.action(async () => {
+		const existing = loadConfig();
+		
+		console.log(chalk.bold("vtriv CLI Setup\n"));
+		
+		const readline = await import("node:readline");
+		const rl = readline.createInterface({
+			input: process.stdin,
+			output: process.stdout,
+		});
+		
+		const question = (q: string): Promise<string> =>
+			new Promise((resolve) => rl.question(q, resolve));
+		
+		const baseUrl = await question(
+			`Base URL [${existing?.profiles?.prod?.baseUrl || "https://api.vtriv.com"}]: `
+		) || existing?.profiles?.prod?.baseUrl || "https://api.vtriv.com";
+		
+		const rootKey = await question("Root Key (vtriv_rk_...): ");
+		
+		if (!rootKey) {
+			console.error(chalk.red("Root key is required."));
+			rl.close();
+			process.exit(1);
+		}
+		
+		if (!rootKey.startsWith("vtriv_rk_")) {
+			console.error(chalk.red("Root key must start with 'vtriv_rk_'."));
+			rl.close();
+			process.exit(1);
+		}
+		
+		const config: Config = {
+			default: "prod",
+			profiles: {
+				prod: { baseUrl, rootKey },
+			},
+		};
+		
+		saveConfig(config);
+		console.log(chalk.green(`\nConfig saved to ${CONFIG_PATH}`));
+		rl.close();
+	});
+
+// =============================================================================
+// Auth Commands
+// =============================================================================
+
+const auth = program.command("auth").description("Auth service commands");
+
+// Account commands (root key only)
+auth
+	.command("account:list")
+	.description("List all accounts")
+	.action(async () => {
+		const opts = program.opts<GlobalOptions>();
+		const data = (await request("auth", "/accounts", {}, opts)) as { accounts: unknown[] };
+		output(data.accounts, opts);
+	});
+
+auth
+	.command("account:create")
+	.description("Create a new account")
+	.option("--name <name>", "Account name")
+	.action(async (cmdOpts: { name?: string }) => {
+		const opts = program.opts<GlobalOptions>();
+		const body: Record<string, unknown> = {};
+		if (cmdOpts.name) body.name = cmdOpts.name;
+		const data = await request("auth", "/accounts", { method: "POST", body }, opts);
+		output(data, opts);
+		if (!opts.json) {
+			console.log(chalk.yellow("\nIMPORTANT: Save the account_key above - it cannot be retrieved later!"));
+		}
+	});
+
+auth
+	.command("account:get")
+	.description("Get account details")
+	.argument("<id>", "Account ID")
+	.action(async (id: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = await request("auth", `/accounts/${id}`, {}, opts);
+		output(data, opts);
+	});
+
+auth
+	.command("account:delete")
+	.description("Delete an account")
+	.argument("<id>", "Account ID")
+	.action(async (id: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = await request("auth", `/accounts/${id}`, { method: "DELETE" }, opts);
+		output(data, opts);
+	});
+
+// Project commands
+auth
+	.command("project:list")
+	.description("List all projects")
+	.action(async () => {
+		const opts = program.opts<GlobalOptions>();
+		const data = (await request("auth", "/projects", {}, opts)) as { projects: unknown[] };
+		output(data.projects, opts);
+	});
+
+auth
+	.command("project:create")
+	.description("Create a new project")
+	.argument("<name>", "Project name")
+	.action(async (name: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = await request("auth", "/projects", { method: "POST", body: { name } }, opts);
+		output(data, opts);
+	});
+
+auth
+	.command("project:get")
+	.description("Get project details")
+	.argument("<name>", "Project name")
+	.action(async (name: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = await request("auth", `/projects/${name}`, {}, opts);
+		output(data, opts);
+	});
+
+auth
+	.command("project:delete")
+	.description("Delete a project")
+	.argument("<name>", "Project name")
+	.action(async (name: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = await request("auth", `/projects/${name}`, { method: "DELETE" }, opts);
+		output(data, opts);
+	});
+
+auth
+	.command("user:list")
+	.description("List users in a project")
+	.argument("<project>", "Project name")
+	.action(async (project: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = (await request("auth", `/${project}/users`, {}, opts)) as { users: unknown[] };
+		output(data.users, opts);
+	});
+
+auth
+	.command("user:create")
+	.description("Create a user")
+	.argument("<project>", "Project name")
+	.argument("<email>", "User email")
+	.argument("[password]", "User password")
+	.action(async (project: string, email: string, password?: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const body: Record<string, unknown> = { email };
+		if (password) body.password = password;
+		const data = await request("auth", `/${project}/users`, { method: "POST", body }, opts);
+		output(data, opts);
+	});
+
+auth
+	.command("user:delete")
+	.description("Delete a user")
+	.argument("<project>", "Project name")
+	.argument("<id>", "User ID")
+	.action(async (project: string, id: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = await request("auth", `/${project}/users/${id}`, { method: "DELETE" }, opts);
+		output(data, opts);
+	});
+
+auth
+	.command("token:mint")
+	.description("Mint a JWT token for a project")
+	.argument("<project>", "Project name")
+	.action(async (project: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const token = await getProjectToken(project, opts);
+		if (opts.json) {
+			console.log(JSON.stringify({ token }));
+		} else {
+			console.log(token);
+		}
+	});
+
+auth
+	.command("apikey:list")
+	.description("List API keys for a project")
+	.argument("<project>", "Project name")
+	.action(async (project: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = (await request("auth", `/${project}/api-keys`, {}, opts)) as { api_keys: unknown[] };
+		output(data.api_keys, opts);
+	});
+
+auth
+	.command("apikey:create")
+	.description("Create an API key")
+	.argument("<project>", "Project name")
+	.option("--name <name>", "Key name")
+	.action(async (project: string, cmdOpts: { name?: string }) => {
+		const opts = program.opts<GlobalOptions>();
+		const body: Record<string, unknown> = {};
+		if (cmdOpts.name) body.name = cmdOpts.name;
+		const data = await request("auth", `/${project}/api-keys`, { method: "POST", body }, opts);
+		output(data, opts);
+	});
+
+auth
+	.command("apikey:delete")
+	.description("Delete an API key")
+	.argument("<project>", "Project name")
+	.argument("<id>", "API key ID")
+	.action(async (project: string, id: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = await request("auth", `/${project}/api-keys/${id}`, { method: "DELETE" }, opts);
+		output(data, opts);
+	});
+
+// =============================================================================
+// DB Commands
+// =============================================================================
+
+const db = program.command("db").description("Database service commands");
+
+db
+	.command("ls")
+	.description("List documents")
+	.argument("<project>", "Project name")
+	.argument("<collection>", "Collection name")
+	.option("-f, --filter <json>", "Filter criteria (JSON)")
+	.option("-l, --limit <n>", "Limit results")
+	.option("-s, --sort <field>", "Sort field (prefix with - for desc)")
+	.action(async (project: string, collection: string, cmdOpts: { filter?: string; limit?: string; sort?: string }) => {
+		const opts = program.opts<GlobalOptions>();
+		const params = new URLSearchParams();
+		if (cmdOpts.filter) {
+			const filter = JSON.parse(cmdOpts.filter);
+			for (const [k, v] of Object.entries(filter)) {
+				params.set(k, String(v));
+			}
+		}
+		if (cmdOpts.limit) params.set("_limit", cmdOpts.limit);
+		if (cmdOpts.sort) params.set("_sort", cmdOpts.sort);
+		const query = params.toString() ? `?${params.toString()}` : "";
+		const data = (await request("db", `/${project}/${collection}${query}`, { project }, opts)) as { data: unknown[] };
+		output(data.data, opts);
+	});
+
+db
+	.command("get")
+	.description("Get a document")
+	.argument("<project>", "Project name")
+	.argument("<collection>", "Collection name")
+	.argument("<id>", "Document ID")
+	.action(async (project: string, collection: string, id: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = await request("db", `/${project}/${collection}/${id}`, { project }, opts);
+		output(data, opts);
+	});
+
+db
+	.command("put")
+	.description("Create or update a document (reads JSON from stdin)")
+	.argument("<project>", "Project name")
+	.argument("<collection>", "Collection name")
+	.argument("[id]", "Document ID (for update)")
+	.action(async (project: string, collection: string, id?: string) => {
+		const opts = program.opts<GlobalOptions>();
+		
+		// Read from stdin
+		const chunks: Buffer[] = [];
+		for await (const chunk of Bun.stdin.stream()) {
+			chunks.push(Buffer.from(chunk));
+		}
+		const input = Buffer.concat(chunks).toString("utf-8").trim();
+		
+		if (!input) {
+			error("No JSON provided on stdin", opts);
+		}
+		
+		let body: unknown;
+		try {
+			body = JSON.parse(input);
+		} catch {
+			error("Invalid JSON on stdin", opts);
+		}
+		
+		if (id) {
+			// Update (PUT)
+			const data = await request("db", `/${project}/${collection}/${id}`, { method: "PUT", body, project }, opts);
+			output(data, opts);
+		} else {
+			// Create (POST)
+			const data = await request("db", `/${project}/${collection}`, { method: "POST", body, project }, opts);
+			output(data, opts);
+		}
+	});
+
+db
+	.command("rm")
+	.description("Delete a document")
+	.argument("<project>", "Project name")
+	.argument("<collection>", "Collection name")
+	.argument("<id>", "Document ID")
+	.action(async (project: string, collection: string, id: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = await request("db", `/${project}/${collection}/${id}`, { method: "DELETE", project }, opts);
+		output(data, opts);
+	});
+
+db
+	.command("schema")
+	.description("Get or set collection schema")
+	.argument("<project>", "Project name")
+	.argument("<collection>", "Collection name")
+	.option("--set", "Set schema (reads JSON from stdin)")
+	.action(async (project: string, collection: string, cmdOpts: { set?: boolean }) => {
+		const opts = program.opts<GlobalOptions>();
+		
+		if (cmdOpts.set) {
+			const chunks: Buffer[] = [];
+			for await (const chunk of Bun.stdin.stream()) {
+				chunks.push(Buffer.from(chunk));
+			}
+			const input = Buffer.concat(chunks).toString("utf-8").trim();
+			const body = JSON.parse(input);
+			const data = await request("db", `/${project}/${collection}/_schema`, { method: "PUT", body, project }, opts);
+			output(data, opts);
+		} else {
+			const data = await request("db", `/${project}/${collection}/_schema`, { project }, opts);
+			output(data, opts);
+		}
+	});
+
+// =============================================================================
+// Blob Commands
+// =============================================================================
+
+const blob = program.command("blob").description("Blob storage commands");
+
+blob
+	.command("put")
+	.description("Upload a file")
+	.argument("<project>", "Project name")
+	.argument("<path>", "Remote path")
+	.argument("<file>", "Local file path")
+	.action(async (project: string, remotePath: string, localFile: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const profile = getProfile(opts.profile);
+		const token = await getProjectToken(project, opts);
+		
+		const file = Bun.file(localFile);
+		if (!(await file.exists())) {
+			error(`File not found: ${localFile}`, opts);
+		}
+		
+		const url = `${profile.baseUrl}/blob/${project}/${remotePath}`;
+		
+		if (opts.debug) {
+			console.error(chalk.dim(`curl -X PUT "${url}" -T "${localFile}"`));
+		}
+		
+		const res = await fetch(url, {
+			method: "PUT",
+			headers: {
+				"Authorization": `Bearer ${token}`,
+				"Content-Type": file.type || "application/octet-stream",
+			},
+			body: file,
+		});
+		
+		const data = await res.json();
+		if (!res.ok) {
+			error((data as { error?: string }).error || "Upload failed", opts);
+		}
+		output(data, opts);
+	});
+
+blob
+	.command("get")
+	.description("Download a file (outputs to stdout)")
+	.argument("<project>", "Project name")
+	.argument("<path>", "Remote path")
+	.action(async (project: string, remotePath: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const profile = getProfile(opts.profile);
+		const token = await getProjectToken(project, opts);
+		
+		const url = `${profile.baseUrl}/blob/${project}/${remotePath}`;
+		
+		if (opts.debug) {
+			console.error(chalk.dim(`curl "${url}"`));
+		}
+		
+		const res = await fetch(url, {
+			headers: { "Authorization": `Bearer ${token}` },
+		});
+		
+		if (!res.ok) {
+			const data = await res.json();
+			error((data as { error?: string }).error || "Download failed", opts);
+		}
+		
+		// Stream to stdout
+		const writer = Bun.stdout.writer();
+		const reader = res.body?.getReader();
+		if (reader) {
+			while (true) {
+				const { done, value } = await reader.read();
+				if (done) break;
+				writer.write(value);
+			}
+			await writer.flush();
+		}
+	});
+
+blob
+	.command("rm")
+	.description("Delete a file")
+	.argument("<project>", "Project name")
+	.argument("<path>", "Remote path")
+	.action(async (project: string, remotePath: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const profile = getProfile(opts.profile);
+		const token = await getProjectToken(project, opts);
+		
+		const url = `${profile.baseUrl}/blob/${project}/${remotePath}`;
+		
+		const res = await fetch(url, {
+			method: "DELETE",
+			headers: { "Authorization": `Bearer ${token}` },
+		});
+		
+		const data = await res.json();
+		if (!res.ok) {
+			error((data as { error?: string }).error || "Delete failed", opts);
+		}
+		output(data, opts);
+	});
+
+// =============================================================================
+// Cron Commands
+// =============================================================================
+
+const cron = program.command("cron").description("Cron service commands");
+
+cron
+	.command("ls")
+	.description("List jobs")
+	.argument("<project>", "Project name")
+	.action(async (project: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = (await request("cron", `/${project}/jobs`, { project }, opts)) as { jobs: unknown[] };
+		output(data.jobs, opts);
+	});
+
+cron
+	.command("runs")
+	.description("List run history")
+	.argument("<project>", "Project name")
+	.option("-l, --limit <n>", "Limit results", "100")
+	.option("--job <id>", "Filter by job ID")
+	.action(async (project: string, cmdOpts: { limit: string; job?: string }) => {
+		const opts = program.opts<GlobalOptions>();
+		const params = new URLSearchParams({ limit: cmdOpts.limit });
+		if (cmdOpts.job) params.set("job_id", cmdOpts.job);
+		const data = (await request("cron", `/${project}/runs?${params}`, { project }, opts)) as { runs: unknown[] };
+		output(data.runs, opts);
+	});
+
+cron
+	.command("trigger")
+	.description("Manually trigger a job")
+	.argument("<project>", "Project name")
+	.argument("<job_id>", "Job ID")
+	.action(async (project: string, jobId: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = await request("cron", `/${project}/jobs/${jobId}/trigger`, { method: "POST", project }, opts);
+		output(data, opts);
+	});
+
+cron
+	.command("script:cat")
+	.description("Output script content")
+	.argument("<project>", "Project name")
+	.argument("<script>", "Script name")
+	.action(async (project: string, script: string) => {
+		const opts = program.opts<GlobalOptions>();
+		const profile = getProfile(opts.profile);
+		const token = await getProjectToken(project, opts);
+		
+		const url = `${profile.baseUrl}/cron/${project}/scripts/${script}`;
+		const res = await fetch(url, {
+			headers: { "Authorization": `Bearer ${token}` },
+		});
+		
+		if (!res.ok) {
+			const data = await res.json();
+			error((data as { error?: string }).error || "Failed to get script", opts);
+		}
+		
+		console.log(await res.text());
+	});
+
+// =============================================================================
+// AI Commands
+// =============================================================================
+
+const ai = program.command("ai").description("AI service commands");
+
+ai
+	.command("stats")
+	.description("View usage statistics")
+	.argument("<project>", "Project name")
+	.option("-p, --period <days>", "Period in days", "30")
+	.action(async (project: string, cmdOpts: { period: string }) => {
+		const opts = program.opts<GlobalOptions>();
+		const data = await request("ai", `/usage/stats?period=${cmdOpts.period}d`, { project }, opts);
+		output(data, opts);
+	});
+
+ai
+	.command("chat")
+	.description("Send a chat completion request")
+	.argument("<project>", "Project name")
+	.argument("<prompt>", "Chat prompt")
+	.option("-m, --model <model>", "Model to use (defaults to project config)")
+	.action(async (project: string, prompt: string, cmdOpts: { model?: string }) => {
+		const opts = program.opts<GlobalOptions>();
+		const profile = getProfile(opts.profile);
+		const token = await getProjectToken(project, opts);
+		
+		// Get default model from project config if not specified
+		let model = cmdOpts.model;
+		if (!model) {
+			const configRes = await fetch(`${profile.baseUrl}/ai/config`, {
+				headers: { "Authorization": `Bearer ${token}` },
+			});
+			if (configRes.ok) {
+				const config = await configRes.json() as { default_model?: string };
+				model = config.default_model || "openai/gpt-4o-mini";
+			} else {
+				model = "openai/gpt-4o-mini";
+			}
+		}
+		
+		const url = `${profile.baseUrl}/ai/v1/chat/completions`;
+		
+		if (opts.debug) {
+			console.error(chalk.dim(`curl -X POST "${url}" ...`));
+		}
+		
+		const res = await fetch(url, {
+			method: "POST",
+			headers: {
+				"Authorization": `Bearer ${token}`,
+				"Content-Type": "application/json",
+			},
+			body: JSON.stringify({
+				model,
+				messages: [{ role: "user", content: prompt }],
+			}),
+		});
+		
+		const data = await res.json();
+		if (!res.ok) {
+			error((data as { error?: string }).error || "Chat failed", opts);
+		}
+		
+		if (opts.json) {
+			console.log(JSON.stringify(data, null, 2));
+		} else {
+			const content = (data as { choices: Array<{ message: { content: string } }> }).choices?.[0]?.message?.content;
+			console.log(content || "(no response)");
+		}
+	});
+
+ai
+	.command("config")
+	.description("Get or set AI config for a project")
+	.argument("<project>", "Project name")
+	.option("--model <model>", "Set default model")
+	.option("--rate-limit <usd>", "Set rate limit in USD")
+	.option("--key <key>", "Set custom OpenRouter API key")
+	.action(async (project: string, cmdOpts: { model?: string; rateLimit?: string; key?: string }) => {
+		const opts = program.opts<GlobalOptions>();
+		
+		// If any options provided, update config
+		if (cmdOpts.model || cmdOpts.rateLimit || cmdOpts.key) {
+			const body: Record<string, unknown> = {};
+			if (cmdOpts.model) body.default_model = cmdOpts.model;
+			if (cmdOpts.rateLimit) body.rate_limit_usd = Number.parseFloat(cmdOpts.rateLimit);
+			if (cmdOpts.key) body.key = cmdOpts.key;
+			
+			await request("ai", "/config", { method: "PUT", body, project }, opts);
+			console.log("Config updated");
+		}
+		
+		// Always show current config
+		const data = await request("ai", "/config", { project }, opts);
+		output(data, opts);
+	});
+
+// =============================================================================
+// Search Commands
+// =============================================================================
+
+const search = program.command("search").description("Search service commands");
+
+search
+	.command("config")
+	.description("Get or set index configuration")
+	.argument("<project>", "Project name")
+	.argument("<index>", "Index name")
+	.option("--set", "Set config (reads JSON from stdin)")
+	.action(async (project: string, index: string, cmdOpts: { set?: boolean }) => {
+		const opts = program.opts<GlobalOptions>();
+		
+		if (cmdOpts.set) {
+			const chunks: Buffer[] = [];
+			for await (const chunk of Bun.stdin.stream()) {
+				chunks.push(Buffer.from(chunk));
+			}
+			const input = Buffer.concat(chunks).toString("utf-8").trim();
+			const body = JSON.parse(input);
+			const data = await request("search", `/${project}/${index}/_config`, { method: "PUT", body, project }, opts);
+			output(data, opts);
+		} else {
+			const data = await request("search", `/${project}/${index}/_config`, { project }, opts);
+			output(data, opts);
+		}
+	});
+
+search
+	.command("query")
+	.description("Search an index")
+	.argument("<project>", "Project name")
+	.argument("<index>", "Index name")
+	.argument("<q>", "Search query")
+	.option("-l, --limit <n>", "Limit results", "10")
+	.action(async (project: string, index: string, q: string, cmdOpts: { limit: string }) => {
+		const opts = program.opts<GlobalOptions>();
+		const params = new URLSearchParams({ q, limit: cmdOpts.limit });
+		const data = (await request("search", `/${project}/${index}/search?${params}`, { project }, opts)) as { results: unknown[] };
+		output(data.results, opts);
+	});
+
+// =============================================================================
+// Parse & Run
+// =============================================================================
+
+program.parse();

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "@vtriv/cli",
+  "version": "0.1.0",
+  "module": "index.ts",
+  "type": "module",
+  "description": "CLI for vtriv backend services - auth, db, blob, search, ai, cron",
+  "bin": {
+    "vtriv": "./index.ts"
+  },
+  "files": [
+    "index.ts"
+  ],
+  "scripts": {
+    "cli": "bun run index.ts"
+  },
+  "engines": {
+    "bun": ">=1.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/vtriv/vtriv"
+  },
+  "keywords": [
+    "vtriv",
+    "cli",
+    "bun",
+    "auth",
+    "database",
+    "blob",
+    "search",
+    "ai"
+  ],
+  "author": "vtriv",
+  "license": "MIT",
+  "devDependencies": {
+    "@types/bun": "latest"
+  },
+  "dependencies": {
+    "chalk": "^5.6.2",
+    "commander": "^14.0.2"
+  }
+}