@xano/cli 0.0.64 → 0.0.66

package/README.md

@@ -36,6 +36,7 @@ npm install -g @xano/cli
 # Interactive browser-based authentication
 xano auth
 xano auth --origin https://custom.xano.com
+xano auth --insecure                         # Skip TLS verification (self-signed certs)
 ```
 
 ### Profiles
@@ -48,6 +49,7 @@ xano profile wizard
 
 # Create a profile manually
 xano profile create myprofile -i https://instance.xano.com -t <access_token>
+xano profile create myprofile -i https://self-signed.example.com -t <token> --insecure
 
 # List profiles
 xano profile list
@@ -59,6 +61,8 @@ xano profile set myprofile
 
 # Edit a profile
 xano profile edit myprofile -w 123
+xano profile edit myprofile --insecure       # Enable insecure mode (self-signed certs)
+xano profile edit myprofile --remove-insecure # Disable insecure mode
 xano profile edit myprofile --remove-branch  # Remove branch from profile
 
 # Get current user info
@@ -467,9 +471,30 @@ profiles:
     access_token: <token>
     workspace: <workspace_id>
     branch: <branch_id>
+  self-hosted:
+    instance_origin: https://self-signed.example.com
+    access_token: <token>
+    insecure: true
 default: default
 ```
 
+### Self-Signed Certificates
+
+For environments using self-signed TLS certificates, use the `--insecure` (`-k`) flag to skip certificate verification:
+
+```bash
+# During authentication
+xano auth --insecure
+
+# When creating a profile
+xano profile create myprofile -i https://self-signed.example.com -t <token> -k
+
+# Add to an existing profile
+xano profile edit myprofile --insecure
+```
+
+When a profile has `insecure: true`, all commands using that profile will automatically skip TLS certificate verification. A warning is displayed when insecure mode is active.
+
 ### Update
 
 ```bash

package/dist/base-command.d.ts

@@ -1,4 +1,19 @@
 import { Command } from '@oclif/core';
+export interface ProfileConfig {
+    access_token: string;
+    account_origin?: string;
+    branch?: string;
+    insecure?: boolean;
+    instance_origin: string;
+    workspace?: string;
+}
+export interface CredentialsFile {
+    default?: string;
+    profiles: {
+        [key: string]: ProfileConfig;
+    };
+}
+export declare function buildUserAgent(version: string): string;
 export default abstract class BaseCommand extends Command {
     static baseFlags: {
         profile: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
@@ -8,8 +23,18 @@ export default abstract class BaseCommand extends Command {
         profile: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         verbose: import("@oclif/core/interfaces").BooleanFlag<boolean>;
     };
+    init(): Promise<void>;
+    /**
+     * Apply insecure TLS mode if the active profile has insecure: true.
+     * Sets NODE_TLS_REJECT_UNAUTHORIZED=0 so all fetch() calls skip cert verification.
+     */
+    protected applyInsecureFromProfile(): void;
     protected getDefaultProfile(): string;
     protected getProfile(): string | undefined;
+    /**
+     * Load and parse the credentials file. Returns null if the file doesn't exist.
+     */
+    protected loadCredentialsFile(): CredentialsFile | null;
     /**
      * Make an HTTP request with optional verbose logging.
      * Use this for all Metadata API calls to support the --verbose flag.

package/dist/base-command.js

@@ -3,6 +3,9 @@ import * as yaml from 'js-yaml';
 import * as fs from 'node:fs';
 import * as os from 'node:os';
 import * as path from 'node:path';
+export function buildUserAgent(version) {
+    return `xano-cli/${version} (${process.platform}; ${process.arch}) node/${process.version}`;
+}
 export default class BaseCommand extends Command {
     static baseFlags = {
         profile: Flags.string({
@@ -21,18 +24,36 @@ export default class BaseCommand extends Command {
     };
     // Override the flags property to include baseFlags
     static flags = BaseCommand.baseFlags;
+    async init() {
+        await super.init();
+        this.applyInsecureFromProfile();
+    }
+    /**
+     * Apply insecure TLS mode if the active profile has insecure: true.
+     * Sets NODE_TLS_REJECT_UNAUTHORIZED=0 so all fetch() calls skip cert verification.
+     */
+    applyInsecureFromProfile() {
+        try {
+            const profileName = this.flags?.profile || this.getDefaultProfile();
+            const credentials = this.loadCredentialsFile();
+            if (!credentials)
+                return;
+            const profile = credentials.profiles[profileName];
+            if (profile?.insecure) {
+                process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+                this.warn('TLS certificate verification is disabled for this profile (insecure mode)');
+            }
+        }
+        catch {
+            // Don't fail the command if we can't read the profile for insecure check
+        }
+    }
     // Helper method to get the default profile from credentials file
     getDefaultProfile() {
         try {
-            const configDir = path.join(os.homedir(), '.xano');
-            const credentialsPath = path.join(configDir, 'credentials.yaml');
-            if (!fs.existsSync(credentialsPath)) {
-                return 'default';
-            }
-            const fileContent = fs.readFileSync(credentialsPath, 'utf8');
-            const parsed = yaml.load(fileContent);
-            if (parsed && typeof parsed === 'object' && 'default' in parsed && parsed.default) {
-                return parsed.default;
+            const credentials = this.loadCredentialsFile();
+            if (credentials?.default) {
+                return credentials.default;
             }
             return 'default';
         }
@@ -44,13 +65,34 @@ export default class BaseCommand extends Command {
     getProfile() {
         return this.flags?.profile;
     }
+    /**
+     * Load and parse the credentials file. Returns null if the file doesn't exist.
+     */
+    loadCredentialsFile() {
+        const configDir = path.join(os.homedir(), '.xano');
+        const credentialsPath = path.join(configDir, 'credentials.yaml');
+        if (!fs.existsSync(credentialsPath)) {
+            return null;
+        }
+        const fileContent = fs.readFileSync(credentialsPath, 'utf8');
+        const parsed = yaml.load(fileContent);
+        if (parsed && typeof parsed === 'object' && 'profiles' in parsed) {
+            return parsed;
+        }
+        return null;
+    }
     /**
      * Make an HTTP request with optional verbose logging.
      * Use this for all Metadata API calls to support the --verbose flag.
      */
     async verboseFetch(url, options, verbose, authToken) {
         const method = options.method || 'GET';
-        const contentType = options.headers?.['Content-Type'] || 'application/json';
+        const headers = {
+            'User-Agent': buildUserAgent(this.config.version),
+            ...options.headers,
+        };
+        const fetchOptions = { ...options, headers };
+        const contentType = headers['Content-Type'] || 'application/json';
         if (verbose) {
             this.log('');
             this.log('─'.repeat(60));
@@ -66,7 +108,7 @@ export default class BaseCommand extends Command {
             }
         }
         const startTime = Date.now();
-        const response = await fetch(url, options);
+        const response = await fetch(url, fetchOptions);
         const elapsed = Date.now() - startTime;
         if (verbose) {
             this.log(`← ${response.status} ${response.statusText} (${elapsed}ms)`);

package/dist/commands/auth/index.d.ts

@@ -3,9 +3,11 @@ export default class Auth extends Command {
     static description: string;
     static examples: string[];
     static flags: {
+        insecure: import("@oclif/core/interfaces").BooleanFlag<boolean>;
         origin: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
     };
     run(): Promise<void>;
+    private getHeaders;
     private fetchBranches;
     private fetchInstances;
     private fetchWorkspaces;

package/dist/commands/auth/index.js

@@ -7,6 +7,7 @@ import * as http from 'node:http';
 import * as os from 'node:os';
 import { join } from 'node:path';
 import open from 'open';
+import { buildUserAgent } from '../../base-command.js';
 const AUTH_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
 export default class Auth extends Command {
     static description = 'Authenticate with Xano via browser login';
@@ -22,6 +23,11 @@ Profile 'default' created successfully!`,
 Opening browser for Xano login at https://custom.xano.com...`,
     ];
     static flags = {
+        insecure: Flags.boolean({
+            char: 'k',
+            default: false,
+            description: 'Skip TLS certificate verification (for self-signed certificates)',
+        }),
         origin: Flags.string({
             char: 'o',
             default: 'https://app.xano.com',
@@ -30,6 +36,10 @@ Opening browser for Xano login at https://custom.xano.com...`,
     };
     async run() {
         const { flags } = await this.parse(Auth);
+        if (flags.insecure) {
+            process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+            this.warn('TLS certificate verification is disabled (insecure mode)');
+        }
         try {
             // Step 1: Get token via browser auth
             this.log('Starting authentication flow...');
@@ -73,6 +83,7 @@ Opening browser for Xano login at https://custom.xano.com...`,
                 access_token: token,
                 account_origin: flags.origin,
                 branch,
+                ...(flags.insecure && { insecure: true }),
                 instance_origin: instance.origin,
                 name: profileName,
                 workspace: workspace?.id,
@@ -90,13 +101,17 @@ Opening browser for Xano login at https://custom.xano.com...`,
             throw error;
         }
     }
+    getHeaders(accessToken) {
+        return {
+            'User-Agent': buildUserAgent(this.config.version),
+            accept: 'application/json',
+            ...(accessToken && { Authorization: `Bearer ${accessToken}` }),
+        };
+    }
     async fetchBranches(accessToken, origin, workspaceId) {
         try {
             const response = await fetch(`${origin}/api:meta/workspace/${workspaceId}/branch`, {
-                headers: {
-                    accept: 'application/json',
-                    Authorization: `Bearer ${accessToken}`,
-                },
+                headers: this.getHeaders(accessToken),
                 method: 'GET',
             });
             if (!response.ok) {
@@ -117,10 +132,7 @@ Opening browser for Xano login at https://custom.xano.com...`,
     }
     async fetchInstances(accessToken, origin) {
         const response = await fetch(`${origin}/api:meta/instance`, {
-            headers: {
-                accept: 'application/json',
-                Authorization: `Bearer ${accessToken}`,
-            },
+            headers: this.getHeaders(accessToken),
             method: 'GET',
         });
         if (!response.ok) {
@@ -143,10 +155,7 @@ Opening browser for Xano login at https://custom.xano.com...`,
     async fetchWorkspaces(accessToken, origin) {
         try {
             const response = await fetch(`${origin}/api:meta/workspace`, {
-                headers: {
-                    accept: 'application/json',
-                    Authorization: `Bearer ${accessToken}`,
-                },
+                headers: this.getHeaders(accessToken),
                 method: 'GET',
             });
             if (!response.ok) {
@@ -211,6 +220,7 @@ Opening browser for Xano login at https://custom.xano.com...`,
             instance_origin: profile.instance_origin,
             ...(profile.workspace && { workspace: profile.workspace }),
             ...(profile.branch && { branch: profile.branch }),
+            ...(profile.insecure && { insecure: true }),
         };
         // Set as default profile
         credentials.default = profile.name;
@@ -464,10 +474,7 @@ Opening browser for Xano login at https://custom.xano.com...`,
     }
     async validateToken(token, origin) {
         const response = await fetch(`${origin}/api:meta/auth/me`, {
-            headers: {
-                accept: 'application/json',
-                Authorization: `Bearer ${token}`,
-            },
+            headers: this.getHeaders(token),
             method: 'GET',
         });
         if (!response.ok) {

package/dist/commands/function/edit/index.js

@@ -5,7 +5,7 @@ import { execSync } from 'node:child_process';
 import * as fs from 'node:fs';
 import * as os from 'node:os';
 import * as path from 'node:path';
-import BaseCommand from '../../../base-command.js';
+import BaseCommand, { buildUserAgent } from '../../../base-command.js';
 export default class FunctionEdit extends BaseCommand {
     static args = {
         function_id: Args.string({
@@ -138,7 +138,7 @@ Name: my_function
         }
         // If function_id is not provided, prompt user to select from list
         let functionId;
-        functionId = args.function_id ? args.function_id : (await this.promptForFunctionId(profile, workspaceId));
+        functionId = args.function_id ? args.function_id : await this.promptForFunctionId(profile, workspaceId);
         // Read XanoScript content
         let xanoscript;
         if (flags.file) {
@@ -199,8 +199,8 @@ Name: my_function
             const response = await this.verboseFetch(apiUrl, {
                 body: xanoscript,
                 headers: {
-                    'accept': 'application/json',
-                    'Authorization': `Bearer ${profile.access_token}`,
+                    accept: 'application/json',
+                    Authorization: `Bearer ${profile.access_token}`,
                     'Content-Type': 'text/x-xanoscript',
                 },
                 method: 'PUT',
@@ -209,7 +209,7 @@ Name: my_function
                 const errorText = await response.text();
                 this.error(`API request failed with status ${response.status}: ${response.statusText}\n${errorText}`);
             }
-            const result = await response.json();
+            const result = (await response.json());
             // Validate response
             if (!result || typeof result !== 'object') {
                 this.error('Unexpected API response format');
@@ -238,16 +238,14 @@ Name: my_function
         // Get the EDITOR environment variable
         const editor = process.env.EDITOR || process.env.VISUAL;
         if (!editor) {
-            this.error('No editor configured. Please set the EDITOR or VISUAL environment variable.\n' +
-                'Example: export EDITOR=vim');
+            this.error('No editor configured. Please set the EDITOR or VISUAL environment variable.\n' + 'Example: export EDITOR=vim');
         }
         // Validate editor executable exists
         try {
             execSync(`which ${editor.split(' ')[0]}`, { stdio: 'ignore' });
         }
         catch {
-            this.error(`Editor '${editor}' not found. Please set EDITOR to a valid editor.\n` +
-                'Example: export EDITOR=vim');
+            this.error(`Editor '${editor}' not found. Please set EDITOR to a valid editor.\n` + 'Example: export EDITOR=vim');
         }
         // Read the original file
         let originalContent;
@@ -343,8 +341,9 @@ Name: my_function
         try {
             const response = await fetch(apiUrl, {
                 headers: {
-                    'accept': 'application/json',
-                    'Authorization': `Bearer ${profile.access_token}`,
+                    'User-Agent': buildUserAgent(this.config.version),
+                    accept: 'application/json',
+                    Authorization: `Bearer ${profile.access_token}`,
                 },
                 method: 'GET',
             });
@@ -352,7 +351,7 @@ Name: my_function
                 const errorText = await response.text();
                 throw new Error(`API request failed with status ${response.status}: ${response.statusText}\n${errorText}`);
             }
-            const result = await response.json();
+            const result = (await response.json());
             // Handle xanoscript as an object with status and value
             if (result.xanoscript) {
                 if (result.xanoscript.status === 'ok' && result.xanoscript.value !== undefined) {
@@ -374,8 +373,7 @@ Name: my_function
         const credentialsPath = path.join(configDir, 'credentials.yaml');
         // Check if credentials file exists
         if (!fs.existsSync(credentialsPath)) {
-            this.error(`Credentials file not found at ${credentialsPath}\n` +
-                `Create a profile using 'xano profile:create'`);
+            this.error(`Credentials file not found at ${credentialsPath}\n` + `Create a profile using 'xano profile:create'`);
         }
         // Read credentials file
         try {
@@ -404,8 +402,9 @@ Name: my_function
             const listUrl = `${profile.instance_origin}/api:meta/workspace/${workspaceId}/function?${queryParams.toString()}`;
             const response = await fetch(listUrl, {
                 headers: {
-                    'accept': 'application/json',
-                    'Authorization': `Bearer ${profile.access_token}`,
+                    'User-Agent': buildUserAgent(this.config.version),
+                    accept: 'application/json',
+                    Authorization: `Bearer ${profile.access_token}`,
                 },
                 method: 'GET',
             });
@@ -413,7 +412,7 @@ Name: my_function
                 const errorText = await response.text();
                 this.error(`Failed to fetch function list: ${response.status} ${response.statusText}\n${errorText}`);
             }
-            const data = await response.json();
+            const data = (await response.json());
             // Handle different response formats
             let functions;
             if (Array.isArray(data)) {
@@ -432,7 +431,7 @@ Name: my_function
                 this.error('No functions found in workspace');
             }
             // Create choices for inquirer
-            const choices = functions.map(func => ({
+            const choices = functions.map((func) => ({
                 name: `${func.name} (ID: ${func.id})${func.description ? ` - ${func.description}` : ''}`,
                 value: func.id.toString(),
             }));

package/dist/commands/function/get/index.js

@@ -4,7 +4,7 @@ import * as yaml from 'js-yaml';
 import * as fs from 'node:fs';
 import * as os from 'node:os';
 import * as path from 'node:path';
-import BaseCommand from '../../../base-command.js';
+import BaseCommand, { buildUserAgent } from '../../../base-command.js';
 export default class FunctionGet extends BaseCommand {
     static args = {
         function_id: Args.string({
@@ -110,7 +110,7 @@ function yo {
         }
         // If function_id is not provided, prompt user to select from list
         let functionId;
-        functionId = args.function_id ? args.function_id : (await this.promptForFunctionId(profile, workspaceId));
+        functionId = args.function_id ? args.function_id : await this.promptForFunctionId(profile, workspaceId);
         // Build query parameters
         // Automatically set include_xanoscript to true if output format is xs
         const includeXanoscript = flags.output === 'xs' ? true : flags.include_xanoscript;
@@ -124,8 +124,8 @@ function yo {
         try {
             const response = await this.verboseFetch(apiUrl, {
                 headers: {
-                    'accept': 'application/json',
-                    'Authorization': `Bearer ${profile.access_token}`,
+                    accept: 'application/json',
+                    Authorization: `Bearer ${profile.access_token}`,
                 },
                 method: 'GET',
             }, flags.verbose, profile.access_token);
@@ -133,7 +133,7 @@ function yo {
                 const errorText = await response.text();
                 this.error(`API request failed with status ${response.status}: ${response.statusText}\n${errorText}`);
             }
-            const func = await response.json();
+            const func = (await response.json());
             // Validate response is an object
             if (!func || typeof func !== 'object') {
                 this.error('Unexpected API response format: expected a function object');
@@ -189,8 +189,7 @@ function yo {
         const credentialsPath = path.join(configDir, 'credentials.yaml');
         // Check if credentials file exists
         if (!fs.existsSync(credentialsPath)) {
-            this.error(`Credentials file not found at ${credentialsPath}\n` +
-                `Create a profile using 'xano profile:create'`);
+            this.error(`Credentials file not found at ${credentialsPath}\n` + `Create a profile using 'xano profile:create'`);
         }
         // Read credentials file
         try {
@@ -219,8 +218,9 @@ function yo {
             const listUrl = `${profile.instance_origin}/api:meta/workspace/${workspaceId}/function?${queryParams.toString()}`;
             const response = await fetch(listUrl, {
                 headers: {
-                    'accept': 'application/json',
-                    'Authorization': `Bearer ${profile.access_token}`,
+                    'User-Agent': buildUserAgent(this.config.version),
+                    accept: 'application/json',
+                    Authorization: `Bearer ${profile.access_token}`,
                 },
                 method: 'GET',
             });
@@ -228,7 +228,7 @@ function yo {
                 const errorText = await response.text();
                 this.error(`Failed to fetch function list: ${response.status} ${response.statusText}\n${errorText}`);
             }
-            const data = await response.json();
+            const data = (await response.json());
             // Handle different response formats
             let functions;
             if (Array.isArray(data)) {
@@ -247,7 +247,7 @@ function yo {
                 this.error('No functions found in workspace');
             }
             // Create choices for inquirer
-            const choices = functions.map(func => ({
+            const choices = functions.map((func) => ({
                 name: `${func.name} (ID: ${func.id})${func.description ? ` - ${func.description}` : ''}`,
                 value: func.id.toString(),
             }));

package/dist/commands/profile/create/index.d.ts

@@ -10,6 +10,7 @@ export default class ProfileCreate extends Command {
         account_origin: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         branch: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         default: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        insecure: import("@oclif/core/interfaces").BooleanFlag<boolean>;
         instance_origin: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
         workspace: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
     };

package/dist/commands/profile/create/index.js

@@ -24,6 +24,9 @@ Profile 'dev' created successfully at ~/.xano/credentials.yaml
         `$ xano profile:create production --account_origin https://account.xano.com --instance_origin https://instance.xano.com --access_token token123 --default
 Profile 'production' created successfully at ~/.xano/credentials.yaml
 Default profile set to 'production'
+`,
+        `$ xano profile:create selfhosted -i https://self-signed.example.com -t token123 --insecure
+Profile 'selfhosted' created successfully at ~/.xano/credentials.yaml
 `,
     ];
     static flags = {
@@ -47,6 +50,12 @@ Default profile set to 'production'
             description: 'Set this profile as the default',
             required: false,
         }),
+        insecure: Flags.boolean({
+            char: 'k',
+            default: false,
+            description: 'Skip TLS certificate verification (for self-signed certificates)',
+            required: false,
+        }),
         instance_origin: Flags.string({
             char: 'i',
             description: 'Instance origin URL',
@@ -93,6 +102,7 @@ Default profile set to 'production'
             instance_origin: flags.instance_origin,
             ...(flags.workspace && { workspace: flags.workspace }),
             ...(flags.branch && { branch: flags.branch }),
+            ...(flags.insecure && { insecure: true }),
         };
         // Set default if flag is provided
         if (flags.default) {

package/dist/commands/profile/edit/index.d.ts

@@ -9,8 +9,10 @@ export default class ProfileEdit extends BaseCommand {
         access_token: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         account_origin: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         branch: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        insecure: import("@oclif/core/interfaces").BooleanFlag<boolean>;
         instance_origin: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         'remove-branch': import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        'remove-insecure': import("@oclif/core/interfaces").BooleanFlag<boolean>;
         'remove-workspace': import("@oclif/core/interfaces").BooleanFlag<boolean>;
         workspace: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         profile: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;

package/dist/commands/profile/edit/index.js

@@ -27,6 +27,12 @@ Profile 'default' updated successfully at ~/.xano/credentials.yaml
 `,
         `$ xano profile:edit --remove-branch
 Profile 'default' updated successfully at ~/.xano/credentials.yaml
+`,
+        `$ xano profile:edit --insecure
+Profile 'default' updated successfully at ~/.xano/credentials.yaml
+`,
+        `$ xano profile:edit --remove-insecure
+Profile 'default' updated successfully at ~/.xano/credentials.yaml
 `,
     ];
     static flags = {
@@ -46,6 +52,11 @@ Profile 'default' updated successfully at ~/.xano/credentials.yaml
             description: 'Update branch name',
             required: false,
         }),
+        insecure: Flags.boolean({
+            default: false,
+            description: 'Enable insecure mode (skip TLS certificate verification)',
+            required: false,
+        }),
         instance_origin: Flags.string({
             char: 'i',
             description: 'Update instance origin URL',
@@ -56,6 +67,11 @@ Profile 'default' updated successfully at ~/.xano/credentials.yaml
             description: 'Remove branch from profile',
             required: false,
         }),
+        'remove-insecure': Flags.boolean({
+            default: false,
+            description: 'Remove insecure mode from profile',
+            required: false,
+        }),
         'remove-workspace': Flags.boolean({
             default: false,
             description: 'Remove workspace from profile',
@@ -102,8 +118,10 @@ Profile 'default' updated successfully at ~/.xano/credentials.yaml
             flags.access_token ||
             flags.workspace ||
             flags.branch ||
+            flags.insecure ||
             flags['remove-workspace'] ||
-            flags['remove-branch'];
+            flags['remove-branch'] ||
+            flags['remove-insecure'];
         if (!hasFlags) {
             this.error('No fields specified to update. Use at least one flag to edit the profile.');
         }
@@ -115,6 +133,7 @@ Profile 'default' updated successfully at ~/.xano/credentials.yaml
             ...(flags.access_token !== undefined && { access_token: flags.access_token }),
             ...(flags.workspace !== undefined && { workspace: flags.workspace }),
             ...(flags.branch !== undefined && { branch: flags.branch }),
+            ...(flags.insecure && { insecure: true }),
         };
         // Handle removal flags
         if (flags['remove-workspace']) {
@@ -123,6 +142,9 @@ Profile 'default' updated successfully at ~/.xano/credentials.yaml
         if (flags['remove-branch']) {
             delete updatedProfile.branch;
         }
+        if (flags['remove-insecure']) {
+            delete updatedProfile.insecure;
+        }
         credentials.profiles[profileName] = updatedProfile;
         // Write the updated credentials back to the file
         try {

package/dist/commands/profile/list/index.js

@@ -98,6 +98,9 @@ Profile: default
                 if (profile.project) {
                     this.log(`  Project: ${profile.project}`);
                 }
+                if (profile.insecure) {
+                    this.log(`  Insecure: true`);
+                }
                 this.log(''); // Empty line between profiles
             }
         }

package/dist/commands/profile/wizard/index.d.ts

@@ -3,10 +3,12 @@ export default class ProfileWizard extends Command {
     static description: string;
     static examples: string[];
     static flags: {
+        insecure: import("@oclif/core/interfaces").BooleanFlag<boolean>;
         name: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
         origin: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
     };
     run(): Promise<void>;
+    private getHeaders;
     private fetchBranches;
     private fetchInstances;
     private fetchWorkspaces;