@zeyos/cli 0.4.0 → 0.6.0

package/README.md

@@ -47,6 +47,9 @@ zeyos whoami --json
 ```
 
 `whoami` does not print access tokens by default. Use `zeyos whoami --show-token --json` only when you intentionally need to pass a token to another local tool.
+If a stored refresh token has expired, interactive `whoami` offers to re-authenticate
+and then retries the user lookup. In `--json`/`--yaml` or non-interactive runs, it
+prints a diagnostic plus the matching `zeyos login --force` command instead.
 
 Inspect the CLI-supported resource registry:
 
@@ -77,15 +80,25 @@ Inspect dynamic schema definitions:
 ```bash
 zeyos count customfields --json
 zeyos list customfields --fields ID,name,identifier,context,type --json
+zeyos count dunning --json
 ```
 
 Inspect actionsteps/time-entry evidence and ticket mail:
 
 ```bash
 zeyos list actionsteps --fields ID,name,status,date,duedate,effort,ticket,account --json
+zeyos sum actionsteps effort --filter '{"status":[1,3]}' --json
 zeyos list messages --fields ID,date,mailbox,subject,sender_email,to_email,ticket,reference --filter '{"ticket":42}' --json
 ```
 
+Filters accept common agent-generated shapes and normalize them to the native ZeyOS
+request form. Use `--query --json` to inspect the request without sending it:
+
+```bash
+zeyos list tickets --filter '{"status":{"$nin":[8,9,10]},"priority":[3,4]}' --query --json
+zeyos list accounts --filter '{"name__like":"Acme%","ID__in":[1,2,3]}' --query --json
+```
+
 Create, update, and delete:
 
 ```bash

package/bin/zeyos.mjs

@@ -6,10 +6,11 @@
  *
  * Commands:
  *   login                Authenticate with ZeyOS
- *   logout               Revoke session and clear tokens
+ *   logout               Revoke session and clear stored credentials
  *   whoami               Show current user info
  *   list <resource>      List records
  *   count <resource>     Count records
+ *   sum <resource>       Sum a numeric field across matching records
  *   get <resource> <id>  Fetch a single record
  *   show <resource> <id> Alias for get
  *   create <resource>    Create a new record
@@ -38,10 +39,11 @@ Usage: ${_z} <command> [options] [args…]
 
 ${_c.bold('Commands:')}
   ${_c.cyan('login')}                Authenticate with a ZeyOS instance
-  ${_c.cyan('logout')}               Revoke session and clear stored tokens
+  ${_c.cyan('logout')}               Revoke session and clear stored credentials
   ${_c.cyan('whoami')}               Show currently authenticated user
   ${_c.cyan('list')}   <resource>    List / query records
   ${_c.cyan('count')}  <resource>    Count records (with optional filter)
+  ${_c.cyan('sum')}    <resource> <field>  Sum a numeric field
   ${_c.cyan('get')}    <resource> <id>  Fetch a single record by ID
   ${_c.cyan('show')}   <resource> <id>  Alias for get
   ${_c.cyan('create')} <resource>    Create a new record
@@ -68,6 +70,7 @@ ${_c.bold('Examples:')}
   ${_z} list tickets --filter '{"status":1}' --sort -lastmodified
   ${_z} list tickets --filter-file ./filters/open-tickets.json
   ${_z} count tickets --filter '{"status":1}'
+  ${_z} sum actionsteps effort --filter '{"status":[1,3]}'
   ${_z} get ticket 42
   ${_z} get ticket 42 --all
   ${_z} create ticket --name "Fix login bug" --priority 3
@@ -105,6 +108,7 @@ const OPTIONS = {
   'sort':       { type: 'string' },
   'limit':      { type: 'string' },
   'offset':     { type: 'string' },
+  'page-size':  { type: 'string' },
   'expand':     { type: 'string' },
   'extdata':    { type: 'boolean' },
   'tags':       { type: 'boolean' },
@@ -127,6 +131,12 @@ const OPTIONS = {
   'from-current': { type: 'boolean' },
 };
 
+const COMMON_COMMAND_HELP = `\
+Global options:
+  --profile <name>     Use a named credential profile for this command
+  --no-color           Disable ANSI colors
+`;
+
 // ── Command registry ──────────────────────────────────────────────────────────
 // Maps every command and alias to the module that implements it.
 
@@ -136,6 +146,7 @@ const COMMANDS = {
   whoami:    '../commands/whoami.mjs',
   list:      '../commands/list.mjs',
   count:     '../commands/count.mjs',
+  sum:       '../commands/sum.mjs',
   get:       '../commands/get.mjs',
   show:      '../commands/get.mjs',
   create:    '../commands/create.mjs',
@@ -161,6 +172,7 @@ const COMMANDS = {
 // exception: they accept arbitrary `--<field>` flags, marked with `null` below.
 
 const ALWAYS_FLAGS = ['help', 'json', 'yaml', 'no-color', 'profile'];
+const LEADING_FLAGS = [...ALWAYS_FLAGS, 'version', 'query'];
 const SKILLS_FLAGS = ['target', 'dir', 'global', 'local', 'force', 'yes', 'no-logo'];
 const OKF_FLAGS    = ['dir', 'out', 'force', 'no-logo'];
 const PROFILE_FLAGS = ['base-url', 'client-id', 'secret', 'local', 'from-current'];
@@ -173,6 +185,7 @@ const COMMAND_FLAGS = {
   whoami:    ['show-token'],
   list:      ['fields', 'filter', 'filter-file', 'sort', 'limit', 'offset', 'extdata', 'expand', 'query'],
   count:     ['filter', 'filter-file', 'query'],
+  sum:       ['filter', 'filter-file', 'limit', 'offset', 'page-size', 'query'],
   get:       GET_FLAGS,
   show:      GET_FLAGS,
   create:    null,
@@ -192,6 +205,8 @@ const COMMAND_FLAGS = {
   profiles:  PROFILE_FLAGS,
 };
 
+const CREDENTIAL_MUTATION_COMMANDS = new Set(['login', 'logout', 'profile', 'profiles']);
+
 // ── Main ──────────────────────────────────────────────────────────────────────
 
 async function main() {
@@ -208,20 +223,37 @@ async function main() {
     process.exit(0);
   }
 
-  const command = argv[0];
+  const lead = _splitLeadingFlags(argv);
+  if (lead.values.help && lead.argv.length === 0) {
+    process.stdout.write(HELP);
+    process.exit(0);
+  }
+  if (lead.values.version && lead.argv.length === 0) {
+    process.stdout.write(_VERSION + '\n');
+    process.exit(0);
+  }
+  if (lead.argv.length === 0) {
+    process.stdout.write(HELP);
+    process.exit(0);
+  }
 
-  // A leading flag (e.g. `zeyos --invalid`) is not a command — surface it as a
-  // bad option rather than letting it masquerade as one.
+  const command = lead.argv[0];
   if (command.startsWith('-')) {
-    process.stderr.write(`Unknown option: "${command}".  Run 'zeyos --help' for usage.\n`);
-    process.exit(1);
+    _failLeadingOption(command);
   }
 
-  const rest    = argv.slice(1);
+  const rest    = lead.argv.slice(1);
+
+  if (process.env.ZEYOS_CREDENTIALS_READONLY && CREDENTIAL_MUTATION_COMMANDS.has(command)) {
+    process.stderr.write(`Credential command "${command}" is disabled because ZEYOS_CREDENTIALS_READONLY is set.\n`);
+    process.exit(1);
+  }
 
   // Parse remaining args permissively: known options are parsed normally and
   // unknown --key value flags are captured too (so create/update accept fields).
-  const { values, positional } = _parsePermissive(rest, OPTIONS);
+  const parsed = _parsePermissive(rest, OPTIONS);
+  const values = { ...lead.values, ...parsed.values };
+  const positional = parsed.positional;
 
   const modulePath = COMMANDS[command];
   if (!modulePath) {
@@ -232,7 +264,7 @@ async function main() {
   const mod = await import(modulePath);
 
   if (values.help) {
-    process.stdout.write(mod.USAGE ?? HELP);
+    process.stdout.write(_formatCommandHelp(mod.USAGE ?? HELP));
     process.exit(0);
   }
 
@@ -254,11 +286,121 @@ async function main() {
     }
   }
 
+  _validateKnownStringValues(values);
+
   await mod.run(values, positional);
 }
 
 // ── Helpers ───────────────────────────────────────────────────────────────────
 
+/**
+ * Parse documented global flags that appear before the command name, e.g.
+ * `zeyos --profile dev whoami`. Command-specific flags remain after the
+ * command so the per-command allow-list can validate them.
+ */
+function _splitLeadingFlags(argv) {
+  const values = {};
+  let i = 0;
+
+  while (i < argv.length) {
+    const arg = argv[i];
+
+    if (arg === '--') {
+      return { values, argv: argv.slice(i + 1) };
+    }
+
+    if (arg.startsWith('--')) {
+      const eqIdx    = arg.indexOf('=');
+      const key      = eqIdx === -1 ? arg.slice(2) : arg.slice(2, eqIdx);
+      const inlineVal = eqIdx === -1 ? undefined : arg.slice(eqIdx + 1);
+      const opt      = OPTIONS[key];
+
+      if (!LEADING_FLAGS.includes(key)) {
+        _failLeadingOption(arg);
+      }
+
+      if (opt?.type === 'boolean') {
+        values[key] = true;
+        i++;
+        continue;
+      }
+
+      if (opt?.type === 'string') {
+        if (inlineVal !== undefined) {
+          values[key] = inlineVal;
+          i++;
+        } else {
+          const next = argv[i + 1];
+          if (next !== undefined && next.startsWith('--')) {
+            values[key] = '';
+            i++;
+          } else {
+            values[key] = next ?? '';
+            i += 2;
+          }
+        }
+        continue;
+      }
+    }
+
+    if (arg.startsWith('-') && arg.length === 2) {
+      const short = arg[1];
+      const match = Object.entries(OPTIONS).find(([, o]) => o.short === short);
+      if (!match || !LEADING_FLAGS.includes(match[0])) {
+        _failLeadingOption(arg);
+      }
+
+      const [key, opt] = match;
+      if (opt.type === 'boolean') {
+        values[key] = true;
+        i++;
+      } else {
+        const next = argv[i + 1];
+        if (next !== undefined && next.startsWith('--')) {
+          values[key] = '';
+          i++;
+        } else {
+          values[key] = next ?? '';
+          i += 2;
+        }
+      }
+      continue;
+    }
+
+    break;
+  }
+
+  return { values, argv: argv.slice(i) };
+}
+
+function _failLeadingOption(flag) {
+  process.stderr.write(`Unknown option: "${flag}".  Run 'zeyos --help' for usage.\n`);
+  process.exit(1);
+}
+
+function _formatCommandHelp(usage) {
+  if (usage === HELP || /--profile\s+<name>/.test(usage)) {
+    return usage;
+  }
+  if (/Global options:\n/.test(usage)) {
+    return usage.replace(
+      /Global options:\n/,
+      `Global options:\n  --profile <name>           Use a named credential profile for this command\n  --no-color                 Disable ANSI colors\n`
+    );
+  }
+  const trimmed = usage.endsWith('\n') ? usage : `${usage}\n`;
+  return `${trimmed}\n${COMMON_COMMAND_HELP}`;
+}
+
+function _validateKnownStringValues(values) {
+  for (const [key, value] of Object.entries(values)) {
+    if (OPTIONS[key]?.type === 'string' && value === '') {
+      process.stderr.write(`Option --${key} requires a value.\n`);
+      process.exit(1);
+    }
+  }
+}
+
 /**
  * Parse argv with known options; capture unknown --key value pairs too.
  * This lets create/update accept arbitrary --fieldName value flags.

package/commands/count.mjs

@@ -11,7 +11,7 @@
  */
 
 import { normalizeCountResult }    from '@zeyos/client';
-import { buildCliClient, callApi, maybeDryRun, parseJsonOptionOrFile, requireResource } from '../lib/command.mjs';
+import { buildCliClient, callApi, maybeDryRun, normalizeFilterOperators, parseJsonOptionOrFile, requireResource } from '../lib/command.mjs';
 import { outputMode, printJson, printYaml } from '../lib/output.mjs';
 
 export const USAGE = `\
@@ -24,6 +24,8 @@ Arguments:
 
 Options:
   --filter <json>     JSON filter object  e.g. '{"status":1}'
+                      Arrays normalize to IN; $lt/$lte/$gt/$gte/$ne/$in/$nin and suffix
+                      keys like field__startswith/field__gt normalize to native operators
   --filter-file <path>
                       Read JSON filter object from a file
   --json              Output as JSON ({ "count": N })
@@ -47,7 +49,7 @@ export async function run(values, positional) {
 
   const filters = parseJsonOptionOrFile(values, 'filter', 'filter-file');
   if (filters !== undefined) {
-    body.filters = filters;
+    body.filters = normalizeFilterOperators(filters, { fieldAliases: res.filterAliases });
   }
 
   // ── Call API ───────────────────────────────────────────────────────────────

package/commands/doctor.mjs

@@ -21,6 +21,8 @@ const ENV_KEYS = {
   ZEYOS_CLIENT_SECRET: 'clientSecret',
   ZEYOS_TOKEN:         'accessToken',
   ZEYOS_REFRESH_TOKEN: 'refreshToken',
+  ZEYOS_NO_REFRESH:    'tokenOnly',
+  ZEYOS_CREDENTIALS_READONLY: 'credentialsReadonly',
 };
 
 export const USAGE = `\
@@ -82,8 +84,9 @@ function buildAgentReport() {
     clientSecret: Boolean(config.clientSecret),
     accessToken:  Boolean(config.accessToken),
     refreshToken: Boolean(config.refreshToken),
+    tokenOnly:    Boolean(process.env.ZEYOS_TOKEN) || isTruthyEnv(process.env.ZEYOS_NO_REFRESH),
   };
-  const ready = Boolean(effective.baseUrl && effective.clientId && effective.clientSecret && effective.accessToken);
+  const ready = Boolean(effective.baseUrl && effective.accessToken && (effective.tokenOnly || (effective.clientId && effective.clientSecret)));
   const resources = inspectResources();
 
   return {
@@ -117,6 +120,10 @@ function buildAgentReport() {
   };
 }
 
+function isTruthyEnv(value) {
+  return /^(1|true|yes|on)$/i.test(String(value || '').trim());
+}
+
 function inspectResources() {
   const names = listResources();
   const missing = [];

package/commands/list.mjs

@@ -26,6 +26,7 @@ import {
   callApi,
   fail,
   maybeDryRun,
+  normalizeFilterOperators,
   parseJsonOptionOrFile,
   requireApiMethod,
   requireResource
@@ -42,6 +43,8 @@ Arguments:
 Options:
   --fields <list>     Field selection (see formats below)
   --filter <json>     JSON filter object  e.g. '{"status":1}'
+                      Arrays normalize to IN; $lt/$lte/$gt/$gte/$ne/$in/$nin and suffix
+                      keys like field__startswith/field__gt normalize to native operators
   --filter-file <path>
                       Read JSON filter object from a file
   --sort <fields>     Sort expression  e.g. '-lastmodified'
@@ -86,7 +89,7 @@ export async function run(values, positional) {
 
   const filters = parseJsonOptionOrFile(values, 'filter', 'filter-file');
   if (filters !== undefined) {
-    body.filters = filters;
+    body.filters = normalizeFilterOperators(filters, { fieldAliases: res.filterAliases });
   }
 
   if (values.sort) body.sort = values.sort.split(',').map(s => s.trim()).filter(Boolean);

package/commands/login.mjs

@@ -49,6 +49,10 @@ export async function run(values) {
   const profileName = values.profile || null;
   const scope = values.global ? 'global' : 'local';
   const port  = values.port ? Number(values.port) : DEFAULT_CALLBACK_PORT;
+  if (!Number.isInteger(port) || port < 1 || port > 65535) {
+    error('--port must be an integer between 1 and 65535.');
+    process.exit(1);
+  }
   const redirectUri = callbackUri(port);
 
   // Persist either into a named profile or the legacy local/global credential file.

package/commands/logout.mjs

@@ -1,22 +1,28 @@
 /**
  * zeyos logout
  *
- * Revokes the current access token (best-effort) and removes stored tokens
- * from the credential file.  Connection params (baseUrl, clientId, clientSecret)
- * are kept so a subsequent `zeyos login` works without re-entering them.
+ * Revokes the current access token (best-effort) and clears the selected
+ * stored session. Local legacy credentials are cleared completely so a
+ * subsequent `zeyos login` starts from fresh connection parameters.
  *
  * Options:
  *   --global    Clear the global credentials file
  */
 
 import { createZeyosClient, MemoryTokenStore } from '@zeyos/client';
-import { loadConfigWithSource, clearTokens, clearTokensForSource } from '../lib/config.mjs';
-import { success, warn, info }                 from '../lib/output.mjs';
+import {
+  loadConfigWithSource,
+  loadGlobalConfig,
+  clearTokensForSource,
+  clearLocalCredentialsForSource,
+  listProfiles
+} from '../lib/config.mjs';
+import { success, warn, info, error }          from '../lib/output.mjs';
 
 export const USAGE = `\
 Usage: zeyos logout [options]
 
-Revoke the current session and clear stored tokens.
+Revoke the current session and clear stored credentials.
 
 Options:
   --profile <name>  Log out of a specific profile
@@ -25,9 +31,29 @@ Options:
 `;
 
 export async function run(values) {
-  const { config, source } = loadConfigWithSource({ profile: values.profile });
+  let config;
+  let source;
+
+  if (values.global) {
+    config = loadGlobalConfig();
+    source = { kind: 'global' };
+  } else {
+    const loaded = loadConfigWithSource({ profile: values.profile });
+    if (loaded.profile?.missing) {
+      const names = Object.keys(listProfiles().profiles);
+      const known = names.length ? `Known profiles: ${names.join(', ')}.` : 'No profiles defined yet.';
+      error(`Profile "${loaded.profile.name}" not found (selected via ${loaded.profile.origin}). ${known}`);
+      process.exit(1);
+    }
+    config = loaded.config;
+    source = loaded.source;
+  }
 
   if (!config.accessToken) {
+    if (source?.kind === 'local' && clearLocalCredentialsForSource(source)) {
+      success('Logged out (local credentials).');
+      return;
+    }
     warn('Not currently logged in.');
     return;
   }
@@ -58,8 +84,8 @@ export async function run(values) {
     }
   }
 
-  if (values.global) {
-    clearTokens('global');
+  if (source?.kind === 'local') {
+    clearLocalCredentialsForSource(source);
   } else {
     clearTokensForSource(source);
   }

package/commands/profile.mjs

@@ -14,6 +14,7 @@
  * the credentials currently in effect (including tokens) into the new profile.
  */
 
+import { createInterface } from 'node:readline';
 import {
   listProfiles, getProfile, upsertProfile, removeProfile,
   setActiveProfile, writeLocalPin, readLocalPin,
@@ -31,7 +32,7 @@ Commands:
   current                    Show which profile is in effect, and why
   use <name>                 Make <name> the active profile (global)
   use <name> --local         Pin <name> to the current project (.zeyos/profile)
-  add <name> [options]       Create or update a profile
+  add [<name>] [options]     Create or update a profile; prompts when run without connection options
   remove <name>              Delete a profile
 
 Add options:
@@ -45,6 +46,7 @@ Global options:
   -h, --help                 Show this help
 
 Examples:
+  zeyos profile add                         # prompt for name and connection params
   zeyos profile add dev  --base-url https://zeyos.cms-it.de/dev
   zeyos profile add prod --from-current
   zeyos profile use prod
@@ -147,30 +149,42 @@ function cmdUse(values, name) {
 
 // ── add ────────────────────────────────────────────────────────────────────────
 
-function cmdAdd(values, name) {
-  if (!name) fail('Usage: zeyos profile add <name> [--base-url <url>] [--client-id <id>] [--secret <secret>] | --from-current');
+async function cmdAdd(values, name) {
+  let promptSession = null;
+  const ask = (question, opts) => {
+    promptSession ??= createPromptSession();
+    return promptSession.ask(question, opts);
+  };
 
-  let updates = {};
-  if (values['from-current']) {
-    const cfg = loadConfigWithSource().config; // whatever is in effect right now
-    for (const k of ['baseUrl', 'instance', 'clientId', 'clientSecret', 'accessToken', 'refreshToken', 'expiresAt', 'refreshTokenExpiresAt']) {
-      if (cfg[k] != null) updates[k] = cfg[k];
-    }
-    if (!updates.baseUrl) fail('Nothing to snapshot: no credentials are currently in effect.');
-  } else {
-    if (values['base-url'])  updates.baseUrl      = values['base-url'];
-    if (values['client-id']) updates.clientId     = values['client-id'];
-    if (values.secret)       updates.clientSecret = values.secret;
-    if (Object.keys(updates).length === 0) {
-      fail('Provide at least --base-url (and ideally --client-id/--secret), or use --from-current.');
+  try {
+    const profileName = name || await ask('Profile name');
+    if (!profileName) fail('Profile name is required.');
+
+    let updates = {};
+    if (values['from-current']) {
+      const cfg = loadConfigWithSource().config; // whatever is in effect right now
+      for (const k of ['baseUrl', 'instance', 'clientId', 'clientSecret', 'accessToken', 'refreshToken', 'expiresAt', 'refreshTokenExpiresAt']) {
+        if (cfg[k] != null) updates[k] = cfg[k];
+      }
+      if (!updates.baseUrl) fail('Nothing to snapshot: no credentials are currently in effect.');
+    } else {
+      if (values['base-url'])  updates.baseUrl      = values['base-url'];
+      if (values['client-id']) updates.clientId     = values['client-id'];
+      if (values.secret)       updates.clientSecret = values.secret;
+
+      if (Object.keys(updates).length === 0) {
+        updates = await promptProfileCredentials(profileName, ask);
+      }
     }
-  }
 
-  const existed = Boolean(getProfile(name));
-  upsertProfile(name, updates);
-  success(`${existed ? 'Updated' : 'Created'} profile "${name}".`);
-  if (!updates.accessToken) {
-    info(`Finish authenticating with:  zeyos login --profile ${name}`);
+    const existed = Boolean(getProfile(profileName));
+    upsertProfile(profileName, updates);
+    success(`${existed ? 'Updated' : 'Created'} profile "${profileName}".`);
+    if (!updates.accessToken) {
+      info(`Finish authenticating with:  zeyos login --profile ${profileName}`);
+    }
+  } finally {
+    promptSession?.close();
   }
 }
 
@@ -209,3 +223,84 @@ function fail(message) {
   error(message);
   process.exit(1);
 }
+
+async function promptProfileCredentials(name, ask) {
+  const existing = getProfile(name) || {};
+
+  info(`Creating profile "${name}".`);
+  info('This stores the platform and OAuth app credentials; tokens are added by login.');
+  console.error('');
+
+  const baseUrl = await ask('ZeyOS platform URL', { currentValue: existing.baseUrl });
+  const clientId = await ask('Application ID', { currentValue: existing.clientId });
+  const clientSecret = await ask('Application secret', { currentValue: existing.clientSecret, secret: true });
+
+  if (!baseUrl || !clientId || !clientSecret) {
+    fail('ZeyOS URL, application ID and secret are all required.');
+  }
+
+  return { baseUrl, clientId, clientSecret };
+}
+
+function createPromptSession() {
+  const rl = createInterface({ input: process.stdin, output: process.stderr, terminal: process.stdin.isTTY && process.stderr.isTTY });
+  const originalWrite = rl._writeToOutput.bind(rl);
+  let hiddenPrompt = null;
+  let closed = false;
+  const queuedLines = [];
+  const waitingResolvers = [];
+
+  rl.on('line', (line) => {
+    const resolve = waitingResolvers.shift();
+    if (resolve) {
+      resolve(line);
+    } else {
+      queuedLines.push(line);
+    }
+  });
+
+  rl.on('close', () => {
+    closed = true;
+    let resolve;
+    while ((resolve = waitingResolvers.shift())) {
+      resolve('');
+    }
+  });
+
+  rl._writeToOutput = (value) => {
+    if (!hiddenPrompt || String(value).includes(hiddenPrompt) || value === '\n' || value === '\r\n') {
+      originalWrite(value);
+    }
+  };
+
+  const readLine = () => {
+    if (queuedLines.length) {
+      return Promise.resolve(queuedLines.shift());
+    }
+    if (closed) {
+      return Promise.resolve('');
+    }
+    return new Promise(resolve => {
+      waitingResolvers.push(resolve);
+    });
+  };
+
+  return {
+    ask(question, opts = {}) {
+      const currentValue = opts.currentValue || '';
+      const defaultLabel = opts.secret && currentValue ? 'stored, press Enter to keep' : currentValue;
+      const prompt = defaultLabel ? `${question} [${defaultLabel}]` : question;
+      hiddenPrompt = opts.secret && process.stdin.isTTY && process.stderr.isTTY ? prompt : null;
+      process.stderr.write(`${prompt}: `);
+
+      return readLine()
+        .then(answer => {
+          hiddenPrompt = null;
+          return answer.trim() || currentValue || '';
+        });
+    },
+    close() {
+      rl.close();
+    }
+  };
+}