@zibby/cli 0.7.2 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/bin/zibby.js +3 -3
  2. package/dist/commands/app-auth.js +6 -6
  3. package/dist/commands/app.js +1 -1
  4. package/dist/commands/credits.js +19 -0
  5. package/dist/commands/mcp.js +1 -1
  6. package/dist/package.json +2 -2
  7. package/package.json +2 -2
package/dist/bin/zibby.js CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env node
2
- process.stdout.on("error",e=>{e.code}),process.stderr.on("error",e=>{e.code}),process.env.DOTENV_CONFIG_QUIET="true";import"@zibby/skills";import{Command as P}from"commander";import{initCommand as A}from"../commands/init.js";import{runCommand as _}from"../commands/run.js";import{videoCommand as S}from"../commands/video.js";import{uploadCommand as B}from"../commands/upload.js";import{ciSetupCommand as E}from"../commands/ci-setup.js";import{setupPlaywrightMcpCommand as Y,setupCiCommand as x,testWithVideoCommand as O}from"../commands/setup-scripts.js";import{readFileSync as R}from"fs";import{fileURLToPath as j}from"url";import{dirname as Z,join as T}from"path";import{bootstrapAgentEnv as D}from"../utils/agent-credentials.js";import{WARM_POOL_QUANTITY_OPTIONS as g,WARM_POOL_MAX_QUANTITY as k}from"../config/warmPool.js";const z=j(import.meta.url),U=Z(z),b=JSON.parse(R(T(U,"../package.json"),"utf-8"));function p(e,o){return o.push(e),o}function v(e){if(e===void 0||e===!0||e==="")return 1;const o=parseInt(e,10);if(!Number.isFinite(o)||!g.includes(o))throw new Error(`--warm must be one of [${g.join(", ")}] (got "${e}"). Omit the flag to disable warm pool.`);return o}const I=`zibby v${b.version}`,a=process.argv.slice(2),L=a.includes("-h")||a.includes("--help"),M=a.includes("-v")||a.includes("-V")||a.includes("--version");M&&(console.log(I),process.exit(0));const h=a[0],K=a[1],N=["logs","uninstall"],F=(h==="workflow"||h==="agent")&&K==="list";!N.includes(h)&&!F&&console.log(`${I}
3
- `),D(process.cwd());const W=a[0]==="chat",H=["--verbose","--agent","--stream","-s"],J=a.length>0&&a.every(e=>H.includes(e)||a[a.indexOf(e)-1]==="--agent"),q=a.length===0||W||J;if(q&&!L){const e={},o=a.indexOf("--agent");o!==-1&&a[o+1]&&(e.agent=a[o+1]),a.includes("--verbose")&&(e.verbose=!0),(a.includes("--stream")||a.includes("-s"))&&(e.stream=!0);const{chatCommand:t}=await import("../commands/chat.js");await t(e),process.exit(0)}const n=new P;n.name("zibby").description("Zibby \u2014 the cloud pipeline for Claude Code, Cursor, Codex, and Gemini. Compose them into structured workflows with schema-enforced handoff.").version(b.version,"-V, --version"),n.configureHelp({visibleCommands:()=>[]}),n.addHelpText("after",`
2
+ process.stdout.on("error",e=>{e.code}),process.stderr.on("error",e=>{e.code}),process.env.DOTENV_CONFIG_QUIET="true";import"@zibby/skills";import{Command as A}from"commander";import{initCommand as _}from"../commands/init.js";import{runCommand as B}from"../commands/run.js";import{videoCommand as S}from"../commands/video.js";import{uploadCommand as E}from"../commands/upload.js";import{ciSetupCommand as Y}from"../commands/ci-setup.js";import{setupPlaywrightMcpCommand as x,setupCiCommand as O,testWithVideoCommand as R}from"../commands/setup-scripts.js";import{readFileSync as j}from"fs";import{fileURLToPath as Z}from"url";import{dirname as T,join as z}from"path";import{bootstrapAgentEnv as D}from"../utils/agent-credentials.js";import{WARM_POOL_QUANTITY_OPTIONS as k,WARM_POOL_MAX_QUANTITY as b}from"../config/warmPool.js";const U=Z(import.meta.url),L=T(U),v=JSON.parse(j(z(L,"../package.json"),"utf-8"));function p(e,o){return o.push(e),o}function I(e){if(e===void 0||e===!0||e==="")return 1;const o=parseInt(e,10);if(!Number.isFinite(o)||!k.includes(o))throw new Error(`--warm must be one of [${k.join(", ")}] (got "${e}"). Omit the flag to disable warm pool.`);return o}const C=`zibby v${v.version}`,a=process.argv.slice(2),K=a.includes("-h")||a.includes("--help"),M=a.includes("-v")||a.includes("-V")||a.includes("--version");M&&(console.log(C),process.exit(0));const w=a[0],N=a[1],F=["logs","uninstall"],J=(w==="workflow"||w==="agent")&&N==="list";!F.includes(w)&&!J&&console.log(`${C}
3
+ `),D(process.cwd());const W=a[0]==="chat",H=["--verbose","--agent","--stream","-s"],q=a.length>0&&a.every(e=>H.includes(e)||a[a.indexOf(e)-1]==="--agent"),G=a.length===0||W||q;if(G&&!K){const e={},o=a.indexOf("--agent");o!==-1&&a[o+1]&&(e.agent=a[o+1]),a.includes("--verbose")&&(e.verbose=!0),(a.includes("--stream")||a.includes("-s"))&&(e.stream=!0);const{chatCommand:t}=await import("../commands/chat.js");await t(e),process.exit(0)}const n=new A;n.name("zibby").description("Zibby \u2014 the cloud pipeline for Claude Code, Cursor, Codex, and Gemini. Compose them into structured workflows with schema-enforced handoff.").version(v.version,"-V, --version"),n.configureHelp({visibleCommands:()=>[]}),n.addHelpText("after",`
4
4
  Agent (the platform) (alias: workflow):
5
5
  agent new <name> Scaffold a new agent at .zibby/workflows/<name>/
6
6
  agent run <name> Run an agent locally (one-shot, mirrors trigger flags)
@@ -46,4 +46,4 @@ Examples:
46
46
 
47
47
  Docs: https://docs.zibby.app
48
48
  GitHub: https://github.com/ZibbyDev/zibby-agent
49
- `),n.command("init").description("Initialize a Zibby project (config + credentials only \u2014 pass -t <name> to also scaffold a workflow template)").argument("[project-name]","Project name (optional, uses current directory if not provided)").option("--agent <type>","Agent to use (claude, cursor, codex, gemini)").option("--memory-backend <backend>","Memory backend to configure (mem0, dolt). Default: mem0 (semantic vector memory; falls back to dolt if the embedding proxy is unavailable). Use dolt for self-contained structured memory.","mem0").option("--infer","Smart memory: let the LLM distill/dedupe facts on store (mem0 only; costs tokens). Default off = embed-only, free.").option("-t, --template <name>","Workflow template to scaffold into .zibby/ (see `zibby template list`). Default: none \u2014 init only sets up config and credentials.").option("--skip-install","Skip npm install").option("--skip-memory","Skip test memory setup during initialization").option("-f, --force","Force reinitialize (overwrite existing config)").option("--headed","Run MCP browser in headed mode (visible browser)").option("--headless","Run MCP browser in headless mode (hidden browser)").option("--api-key <key>","Zibby API key for cloud sync").option("--cloud-sync","Enable cloud sync and install Zibby MCP").option("--agent-key <key>","Agent API key (non-interactive). For Claude this is the per-token API key").option("--agent-oauth-token <token>","Claude OAuth subscription token (non-interactive). Saves to ~/.zibby/config.json").action(A),n.command("test").description("Run a test specification").argument("[spec-path]","Path to test spec file or inline test description in quotes").option("--sources <ids>","Comma-separated test case IDs to fetch from cloud").option("--execution <id>","Execution ID containing the test cases (required with --sources)").option("--agent <type>","Agent to use (claude, cursor, codex, gemini) - overrides config").option("--workflow <name>","Workflow to use (e.g., QuickSmokeWorkflow, quick-smoke)").option("--headless","Run browser in headless mode").option("--node <name>","Run only a specific node (e.g., execute_live, generate_script)").option("--session <id>",'Use existing session (e.g., 1768974629717 or "last") - requires --node').option("--session-path <dir>","Use this session folder (absolute or relative to cwd); Studio pins artifacts here").option("--project <id>","Project ID (optional, auto-detected from ZIBBY_API_KEY)").option("--collection <id-or-name>","Collection ID or name (creates new if name doesn't exist)").option("--folder <path>","Folder path within collection (optional, requires --collection)").option("--sync","Force upload to cloud (overrides cloudSync: false)").option("--no-sync","Skip upload to cloud (overrides cloudSync: true)").option("--config <path>","Path to config file",".zibby.config.mjs").option("--auto-approve","Auto-approve MCP tools (for CI/CD)").option("-o, --open","Open test results in browser after completion").option("--verbose","Show info level logs").option("--debug","Show debug level logs (most verbose)").option("-m, --mem","Enable test memory (Dolt-backed knowledge from previous runs)").action((e,o)=>(o.debug?process.env.ZIBBY_DEBUG="true":o.verbose&&(process.env.ZIBBY_VERBOSE="true"),_(e,o))),n.command("implement").description("Implement a Jira ticket using AI agent (runs in ECS container)").action(async(...e)=>{const{implementCommand:o}=await import("../commands/implement.js");return o(...e)}),n.command("analyze").description("Analyze a Jira ticket against the codebase (runs in ECS container)").option("--workflow <path>","Path to a local workflow JSON file (e.g., .zibby/workflow-analysis.json)").action(async(...e)=>{const{analyzeCommand:o}=await import("../commands/analyze-graph.js");return o(...e)}),n.command("video").description("Organize test videos next to test files").action(S),n.command("upload <spec-path>").description("Upload existing test artifacts to Zibby Cloud").option("--project <id>","Project ID (REQUIRED - use flag or ZIBBY_PROJECT_ID env)").option("--collection <id-or-name>","Collection ID or name (creates new if name doesn't exist)").option("--folder <path>","Folder path within collection (optional)").option("--agent <type>","Agent used (for metadata)").action(B),n.command("login").description("Log in to Zibby (opens browser for authentication)").action(async()=>{const{loginCli:e}=await import("../auth/cli-login.js");await e(),process.exit(0)}),n.command("logout").description("Log out from Zibby (clears saved session)").action(async()=>{const{logoutCli:e}=await import("../auth/cli-login.js");e(),process.exit(0)}),n.command("status").description("Show current authentication status and token details").option("--json","Output in JSON format (for scripts)").action(async e=>{const{showLoginStatus:o}=await import("../auth/cli-login.js");await o(e),process.exit(0)}),n.command("list").description("List your projects and API tokens").action(async()=>{const{listProjectsCommand:e}=await import("../commands/list-projects.js");await e()}),n.command("ci-setup").description("Setup Cursor Agent for CI/CD (patch and configure)").option("--get-keys","Get MCP approval keys").option("--save","Save approval keys to project").action(E),n.command("setup-playwright").description("Setup official Playwright MCP (from cursor-agent-package)").option("--headed","Configure MCP in headed mode (visible browser)").option("--viewport-width <width>","Viewport width (default: 1280)","1280").option("--viewport-height <height>","Viewport height (default: 720)","720").action(e=>{const o={width:parseInt(e.viewportWidth,10)||1280,height:parseInt(e.viewportHeight,10)||720};return Y({...e,viewport:o})}),n.command("setup-ci-full").description("Complete CI/CD setup from scratch").action(x),n.command("test-video").description("Run Playwright tests with video recording").argument("[test-file]","Test file to run (default: tests/)").option("--headed","Run in headed mode (visible browser)").action(O),n.command("generate").description("Generate test specs from a ticket + codebase (local analysis using real AI agent)").option("-t, --ticket <key>","Jira ticket key (fetches automatically)").option("-i, --input <file>","Input file with ticket description/requirements").option("-d, --description <text>","Inline ticket description").option("--repo <path>","Path to the codebase (default: current directory)").option("--agent <type>","Agent to use (codex, claude, cursor, gemini)").option("--model <model>","Model override").option("-o, --output <dir>","Output directory for spec files (default: test-specs)").action(async e=>{const{generateCommand:o}=await import("../commands/generate.js");return o(e)}),n.command("studio").description("Launch Zibby Studio desktop (installs from CDN if needed). Uses this folder as the Zibby project.").option("-p, --port <port>","Port for the Studio API bridge (default: 3847)").option("--no-open","Start the API only; do not launch desktop app").option("--update","Force re-download of the latest Studio binary").action(async e=>{const{studioCommand:o}=await import("../commands/studio.js");return o(e)});const m=n.command("creds").description("Manage credentials Zibby has stored for your workspace (KMS-encrypted)");m.command("list").description("List credentials stored for your workspace (masked)").action(async()=>{const{listCmd:e}=await import("../commands/creds.js");await e(),process.exit(0)}),m.command("sync").description("Re-read ~/.zibby/credentials.env and upload any new tokens").action(async()=>{const{syncCmd:e}=await import("../commands/creds.js");await e(),process.exit(0)}),m.command("set <provider> <token>").description("Paste-token shortcut. e.g. zibby creds set claude sk-ant-oat01-... (auto-detects oauth vs api)").option("--type <kind>","Force credential kind: oauth | api (skips auto-detect)").action(async(e,o,t)=>{const{setCmd:s}=await import("../commands/creds.js");await s(e,o,t),process.exit(0)}),m.command("remove <type> <index>").description("Remove a stored credential. e.g. zibby creds remove oauth 0").action(async(e,o)=>{const{removeCmd:t}=await import("../commands/creds.js");await t(e,o),process.exit(0)});const G=n.command("g").description("Generate scaffolds");G.command("workflow [name]").description("Scaffold a new custom workflow in .zibby/workflows/<name>/ (auto-generates name if omitted)").option("-t, --template <name>","Scaffold from a template (see `zibby template list`). Future: also accepts npm package / git URL identifiers.").option("--skip-install","Skip running `npm install` in the new workflow folder").option("--skip-init-check","Skip the first-run init prompt that fires when ~/.zibby/config.json is missing (CI/scripted setups)").option("--agent-helpers [list]",'Install agent helpers (Claude Code / Cursor slash commands). List = comma-separated, e.g. "claude" or "claude,cursor". Bare flag defaults to claude.').option("--no-agent-helpers","Skip agent helpers even if .zibby.config.mjs says install").option("--agent <agent>","(legacy) Set up agent helpers: claude | cursor | codex | all | none. Prefer --agent-helpers.").option("--force-agents","Overwrite user-edited agent helper files (use with --agent-helpers)").action(async(e,o)=>{const{generateWorkflowCommand:t}=await import("../commands/workflows/generate.js");return t(e,o)}),n.command("start <workflow-name>").description("Start a local dev server for a custom workflow").option("-p, --port <port>","Port for the workflow server (default: 3848)").action(async(e,o)=>{const{startWorkflowCommand:t}=await import("../commands/workflows/start.js");return t(e,o)}),n.command("run <workflow-name>").description("Run a workflow locally \u2014 one-shot (alias of `zibby workflow run`)").option("-p, --param <key=value>","Input param (repeatable)",p,[]).option("--input <json>","Input as JSON string").option("--input-file <path>","Input as JSON file").action(async(e,o)=>{const{runLocalWorkflowCommand:t}=await import("../commands/workflows/run-local.js");return t(e,o)}),n.command("deploy [workflow-name]").description("Deploy a custom workflow to Zibby Cloud (interactive selection if workflow-name not provided)").option("--project <id>","Project ID (interactive prompt if not provided, or ZIBBY_PROJECT_ID env)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").option("--dedicated-ip <action>","Manage dedicated egress IP addon: enable | status | disable | use | unuse").option("--env <path>","Path to a .env file to sync into per-workflow env vars after deploy (repeatable)",p,[]).option("--verbose","Show raw CodeBuild logs during the bundle build").option("--no-creds-check","Skip the project secrets sanity check (CI/CD when the secret is provisioned out-of-band)").option("--force","Deploy even if the source checksum matches the last deployed version (bypasses the unchanged check)").option("--warm [count]",`Enable warm-pool execution for this workflow (default 1, max ${k}). Skips ~60s Fargate cold-start by routing triggers to a per-account pool of always-on tasks. Pricing applies (paid feature).`,v).option("--ai-agent <agent>","Per-workflow AI agent override (claude | cursor | codex | gemini). Falls back to the project default when omitted.").action(async(e,o)=>{if(o.dedicatedIp){const{dedicatedEgressCommand:s}=await import("../commands/workflows/dedicated-egress.js");return s(o.dedicatedIp,o.project)}o.aiAgent&&!["claude","cursor","codex","gemini"].includes(o.aiAgent)&&(console.error(chalk.red(`Invalid --ai-agent: ${o.aiAgent}. Must be one of: claude, cursor, codex, gemini.`)),process.exit(1));const{deployWorkflowCommand:t}=await import("../commands/workflows/deploy.js");return t(e,o)}),n.command("trigger [uuid]").description("Trigger a deployed workflow by UUID (interactive selection if not provided). Get UUIDs from `zibby workflow list`.").option("--project <id>","Project ID (interactive prompt if not provided, or ZIBBY_PROJECT_ID env)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").option("-p, --param <key=value>","Input param (repeatable, e.g. -p url=https://x.com -p count=5)",p,[]).option("--input <json>",`Input as JSON string \u2014 overridden by --param (e.g. '{"key":"value"}')`).option("--input-file <path>","Input as JSON/YAML file \u2014 lowest precedence").option("--idempotency-key <key>","Idempotency key to prevent duplicate executions").option("-t, --follow","Stream logs in real-time after triggering (no need to run `logs -t` separately)").action(async(e,o)=>{const{triggerWorkflowCommand:t}=await import("../commands/workflows/trigger.js");return t(e,o)}),n.command("run-workflow").description("Run a deployed workflow from S3 sources (used by ECS containers)").action(async()=>{const{runWorkflowCommand:e}=await import("../commands/workflows/run.js");return e()});const C=n.command("template").description("Manage workflow templates in this project");C.command("list").description("List available workflow templates").action(async()=>{const{templateListCommand:e}=await import("../commands/template.js");return e()}),C.command("add",{hidden:!0}).argument("<name>","Template name (see `zibby template list`)").description("(deprecated \u2014 `zibby test` auto-installs the template) Copy a template into .zibby/, overwriting existing files").option("--skip-memory","Strip SKILLS.MEMORY from copied execute-live.mjs (browser-test only)").action(async(e,o)=>{const{templateAddCommand:t}=await import("../commands/template.js");return t(e,{enableMemory:!o.skipMemory})});const c=n.command("memory").description("Test memory database \u2014 version-controlled knowledge from runs");c.command("stats").description("Show memory database statistics").action(async()=>{const{memoryStatsCommand:e}=await import("../commands/memory.js");return e()}),c.command("init").description("Initialize the memory database (Dolt)").action(async()=>{const{memoryInitCommand:e}=await import("../commands/memory.js");return e()}),c.command("compact").description("Prune old data and run Dolt GC to reclaim storage").option("--max-runs <n>","Keep last N runs per spec (default: 50)",parseInt).option("--max-age <days>","Remove data older than N days (default: 90)",parseInt).action(async e=>{const{memoryCompactCommand:o}=await import("../commands/memory.js");return o(e)}),c.command("reset").description("Wipe the memory database").option("-f, --force","Confirm reset").action(async e=>{const{memoryResetCommand:o}=await import("../commands/memory.js");return o(e)}),c.command("cost").description("Show real LLM token usage from past runs (input/output/cache)").action(async()=>{const{memoryCostCommand:e}=await import("../commands/memory.js");return e()});const u=c.command("remote").description("Configure a remote so the team shares cross-spec memory");u.command("add").argument("<url>","Remote URL: aws://, gs://, https://, file:///").option("--name <name>","Remote name (default: origin)","origin").description("Point the local memory DB at a shared remote (S3/GCS/DoltHub/filesystem)").action(async(e,o)=>{const{memoryRemoteAddCommand:t}=await import("../commands/memory.js");return t(e,o)}),u.command("use").description("Switch to a managed remote backend. Currently: --hosted (Zibby-managed S3, signed-in users only).").option("--hosted","Use Zibby-managed S3 (allocates a tenant-scoped prefix per-project)").option("--project-id <id>","Override the projectId from .zibby.config.mjs").action(async e=>{e.hosted||(console.log("Pass --hosted. (Other backends will be added later.)"),process.exit(1));const{memoryRemoteUseHostedCommand:o}=await import("../commands/memory.js");return o(e)}),u.command("info").description("Show the configured memory remote (if any)").action(async()=>{const{memoryRemoteInfoCommand:e}=await import("../commands/memory.js");return e()}),u.command("remove").argument("[name]","Remote name (default: origin)").description("Remove a configured memory remote (memory becomes local-only)").action(async e=>{const{memoryRemoteRemoveCommand:o}=await import("../commands/memory.js");return o(e)}),c.command("pull").description("Pull latest team memory from the configured remote").action(async()=>{const{memoryPullCommand:e}=await import("../commands/memory.js");return e()}),c.command("push").description("Push local memory to the configured remote (auto-runs after passing tests)").action(async()=>{const{memoryPushCommand:e}=await import("../commands/memory.js");return e()});const V=n.command("agents").description("Manage Claude/Cursor/Codex helper files for working with Zibby workflows");V.command("add [agent]").description("Add agent helpers (claude | cursor | codex | all). Prompts if no agent given.").option("--force","Overwrite user-edited helper files").action(async(e,o)=>{const{runAgentHelpers:t,addAgent:s}=await import("../commands/workflows/agent-helpers.js");if(e){const d=["claude","cursor","codex","all","none"];d.includes(e)||(console.error(`Unknown agent "${e}". Valid: ${d.join(", ")}`),process.exit(1)),e==="none"?await t({forcedAgents:["none"],force:o.force===!0}):e==="all"?await t({forcedAgents:["claude","cursor","codex"],force:o.force===!0}):await s(e,{force:o.force===!0})}else await t({forcedAgents:void 0,force:o.force===!0,forcePrompt:!0})});const r=n.command("workflow").alias("agent").description("Manage agents \u2014 new, start, deploy, trigger, logs, list, download, delete (alias: workflow)");r.command("new [name]").description("Scaffold a new custom workflow (alias of `zibby g workflow`)").option("-t, --template <name>","Scaffold from a template (see `zibby template list`). Future: also accepts npm package / git URL identifiers.").option("--skip-install","Skip running `npm install` in the new workflow folder").option("--skip-init-check","Skip the first-run init prompt that fires when ~/.zibby/config.json is missing (CI/scripted setups)").option("--agent-helpers [list]",'Install agent helpers (Claude Code / Cursor slash commands). List = comma-separated, e.g. "claude" or "claude,cursor". Bare flag defaults to claude.').option("--no-agent-helpers","Skip agent helpers even if .zibby.config.mjs says install").option("--agent <agent>","(legacy) Set up agent helpers: claude | cursor | codex | all | none. Prefer --agent-helpers.").option("--force-agents","Overwrite user-edited agent helper files (use with --agent-helpers)").action(async(e,o)=>{const{generateWorkflowCommand:t}=await import("../commands/workflows/generate.js");return t(e,o)}),r.command("run <workflow-name>").description("Run a workflow locally \u2014 one-shot, same input flags as `workflow trigger`").option("-p, --param <key=value>","Input param (repeatable, e.g. -p url=https://x.com -p count=5)",p,[]).option("--input <json>",`Input as JSON string \u2014 overridden by --param (e.g. '{"key":"value"}')`).option("--input-file <path>","Input as JSON file \u2014 lowest precedence").action(async(e,o)=>{const{runLocalWorkflowCommand:t}=await import("../commands/workflows/run-local.js");return t(e,o)}),r.command("start <workflow-name>").description("Start a long-lived local dev server (Studio integration). Prefer `workflow run` for one-shots.").option("-p, --port <port>","Port for the workflow server (default: 3848)").action(async(e,o)=>{const{startWorkflowCommand:t}=await import("../commands/workflows/start.js");return t(e,o)}),r.command("deploy [workflow-name]").description("Deploy a workflow to Zibby Cloud (alias of `zibby deploy`)").option("--project <id>","Project ID (interactive prompt if not provided, or ZIBBY_PROJECT_ID env)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").option("--env <path>","Path to a .env file to sync into per-workflow env vars after deploy (repeatable)",p,[]).option("--verbose","Show raw CodeBuild logs during the bundle build").option("--no-creds-check","Skip the project secrets sanity check (CI/CD when the secret is provisioned out-of-band)").option("--force","Deploy even if the source checksum matches the last deployed version (bypasses the unchanged check)").option("--warm [count]",`Enable warm-pool execution for this workflow (default 1, max ${k}). Skips ~60s Fargate cold-start by routing triggers to a per-account pool of always-on tasks. Pricing applies (paid feature).`,v).action(async(e,o)=>{const{deployWorkflowCommand:t}=await import("../commands/workflows/deploy.js");return t(e,o)}),r.command("trigger [uuid]").description("Trigger a deployed workflow by UUID (alias of `zibby trigger`)").option("--project <id>","Project ID (interactive prompt if not provided, or ZIBBY_PROJECT_ID env)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").option("-p, --param <key=value>","Input param (repeatable, e.g. -p url=https://x.com -p count=5)",p,[]).option("--input <json>",`Input as JSON string \u2014 overridden by --param (e.g. '{"key":"value"}')`).option("--input-file <path>","Input as JSON/YAML file \u2014 lowest precedence").option("--idempotency-key <key>","Idempotency key to prevent duplicate executions").option("-t, --follow","Stream logs in real-time after triggering (no need to run `logs -t` separately)").action(async(e,o)=>{const{triggerWorkflowCommand:t}=await import("../commands/workflows/trigger.js");return t(e,o)}),r.command("logs [jobId]").description("Tail logs from a workflow execution (alias of `zibby logs`)").option("--project <id>","Project ID (or ZIBBY_PROJECT_ID env)").option("--workflow <name>","Workflow name (fetches the latest run)").option("--all","Show interleaved logs from all runs (requires --workflow)").option("-t, --follow","Stream logs in real-time (like Heroku logs -t)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").option("--lines <n>","Max log lines per fetch (default: 500)").action(async(e,o)=>{const{logsCommand:t}=await import("../commands/workflows/logs.js");return t(e,o)}),r.command("download <uuid>").description("Download a deployed workflow back to local (edit it, then re-deploy with `zibby workflow deploy`)").option("--dest <path>","Destination directory (default: ./workflows/<name> when run inside a .zibby project)").option("--force","Overwrite without prompting; bypass uuid-mismatch guard").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{downloadWorkflowCommand:t}=await import("../commands/workflows/download.js");return t(e,o)}),r.command("list").description("List all workflows (local + remote if credentials available)").option("--local-only","Show only local workflows").option("--remote-only","Show only remote workflows (requires --project)").option("--project <id>","Project ID (optional, uses ZIBBY_PROJECT_ID env)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{if(e.remoteOnly){const{workflowListCommand:t}=await import("../commands/workflow.js");return t(e)}if(e.localOnly){const{listLocalWorkflowsCommand:t}=await import("../commands/workflows/list.js");return t(e)}const{listAllWorkflowsCommand:o}=await import("../commands/workflows/list.js");return o(e)}),r.command("validate <name>").description("Static-check a local workflow (.zibby/workflows/<name>/). Catches schema/topology/skill errors in ~30ms before you run anything.").option("--verbose","Print stack traces on graph.mjs import errors").action(async(e,o)=>{const{validateCommand:t}=await import("../commands/workflows/validate.js");return t(e,o)}),r.command("schedule <uuid> [action] [cron]").description(`Manage a workflow's cron schedule. Actions: get (default) | set <cron> | clear. Cron is Unix 5-field, e.g. "0 9 * * 1-5".`).option("--tz <iana>","IANA timezone for the schedule (default: UTC)").option("-p, --param <key=value>","Fixed input param for every scheduled run (repeatable)",p,[]).option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o,t,s)=>{const{scheduleCommand:d}=await import("../commands/workflows/schedule.js");return d(e,o,t,s)});const y=r.command("webhook").description("Configure a workflow's inbound webhook + auth (enable/disable, basic/ip/token, show)");y.command("enable <uuid>").description("Enable the workflow's inbound webhook (HTTP trigger)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("enable",e,void 0,o)}),y.command("disable <uuid>").description("Disable the workflow's inbound webhook (HTTP trigger)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("disable",e,void 0,o)}),y.command("show <uuid>").description("Show current webhook config (which auth methods are on, masked token, IP list, URL)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("show",e,void 0,o)});const w=y.command("auth").description("Configure webhook auth methods: basic | ip | token");w.command("basic <uuid>").description("Enable HTTP Basic auth (or --disable to turn it off). Password optional on update.").option("--username <u>","Basic auth username").option("--password <p>","Basic auth password (plaintext; backend hashes it; omit to keep existing)").option("--disable","Turn Basic auth off").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("auth","basic",e,o)}),w.command("ip <uuid>").description("Set the IP allowlist (or --disable to turn it off)").option("--allow <cidr,...>","Comma-separated IPs/CIDRs, e.g. 1.2.3.4,10.0.0.0/8").option("--disable","Turn the IP allowlist off").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("auth","ip",e,o)}),w.command("token <uuid>").description("Generate a bearer token (--generate) \u2014 printed ONCE \u2014 or --disable to turn it off").option("--generate","Mint a new token; printed once in plaintext").option("--disable","Turn token auth off").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("auth","token",e,o)}),r.command("delete <uuid>").description("Delete a deployed workflow by UUID").action(async e=>{const{deleteWorkflowCommand:o}=await import("../commands/workflows/delete.js");return o(e,{})});const f=r.command("env").description("Manage per-workflow encrypted env vars (set ANTHROPIC_API_KEY, DATABASE_URL, etc. per workflow)");f.command("list <uuid>").description("List env var key names for a workflow (values never returned)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{listEnvCommand:t}=await import("../commands/workflows/env.js");return t(e,o)}),f.command("set <uuid> <kv>").description("Set or update one env var: zibby workflow env set <uuid> KEY=value").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o,t)=>{const{setEnvCommand:s}=await import("../commands/workflows/env.js");return s(e,o,t)}),f.command("unset <uuid> <key>").description("Remove one env var from a workflow").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o,t)=>{const{unsetEnvCommand:s}=await import("../commands/workflows/env.js");return s(e,o,t)}),f.command("push <uuid>").description("Bulk-replace env from one or more .env files (later files override). Removes any keys not in the new map.").option("--file <path>","Path to a .env file (repeatable, e.g. --file .env --file .env.prod)",p,[]).option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{pushEnvCommand:t}=await import("../commands/workflows/env.js");return t(e,o)});const $=n.command("project").description("Manage Zibby projects");$.command("list").description("List all projects").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{const{projectListCommand:o}=await import("../commands/project.js");return o(e)});const Q=n.command("run-queue").description("Parallel capacity \u2014 on-disk wait queue (see parallel.waitWhenAtCapacity in .zibby.config.mjs)");Q.command("list").description("List CLI processes waiting for a run slot").option("--config <path>","Path to config file",".zibby.config.mjs").action(async e=>{const{runCapacityQueueListCommand:o}=await import("../commands/run-capacity-queue-cli.js");await o(e),process.exit(0)});const X=n.command("mcp").description("Manage the Zibby Remote MCP integration in your AI agent");X.command("install").description("Auto-configure Zibby MCP into your AI agent (Claude Code/Desktop, Cursor, Codex, Gemini)").option("--agent <name>","claude-code | claude-desktop | cursor | codex | gemini").option("--all","Install for every supported agent on this machine").option("--token <pat>","Use this PAT (zby_pat_\u2026) instead of minting one via session. Also reads ZIBBY_PAT env var.").option("--force","Overwrite the existing zibby block even if unchanged").action(async e=>{const{mcpInstallCommand:o}=await import("../commands/mcp.js");await o(e),process.exit(0)});const i=n.command("app").description("Manage Zibby Managed Apps \u2014 templates, deploy, list, status, destroy");i.command("templates").description("List the app catalog (n8n, grafana, gas-town, \u2026)").action(async e=>{const{appTemplatesCommand:o}=await import("../commands/app.js");return o(e)}),i.command("list").description("List deployed app instances (use --project to scope to one project)").option("--project <id>","Project ID \u2014 defaults to all instances under your account").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{const{appListCommand:o}=await import("../commands/app.js");return o(e)}),i.command("deploy [appType]").description('Deploy an app \u2014 either from the catalog (e.g. `zibby app deploy grafana --project <id>`) or a free-form install described by --goal (e.g. `zibby app deploy --goal "Install n8n at /n8n on port 5678, persist data in /data" --project <id>`). Pass exactly one of <appType> OR --goal. Catalog deploys are curated by Zibby; goal-based deploys are user-directed installs where you (not Zibby) choose what gets installed and accept the license terms of whatever you install.').option("--mode <name>",'Deploy mode \u2014 "cloud" (default, shared Fargate) or "solo" (dedicated t4g.* EC2 per app, cheaper + isolated). Solo deploys take --repo / --tier / --secret instead of <appType>; see `zibby app deploy --mode solo --help` for the solo flags.').option("--slug <name>","[solo] App slug \u2014 used to form the public hostname <slug>.solo.zibby.app. lowercase [a-z0-9-], 1-40 chars.").option("--repo <ownerRepo>",'[solo] GitHub source repo in "owner/name" form. Mutually exclusive with --tarball.').option("--ref <ref>","[solo] Git ref (branch, tag, sha) to clone. Defaults to the repo's default branch.").option("--tarball <s3Url>","[solo] s3:// URL of a tarball source. Mutually exclusive with --repo.").option("--framework <name>",'[solo] Framework hint \u2014 auto (default), rails, node, python, static, other. "auto" lets agent-ops detect from the source tree.').option("--tier <id>","[solo] Instance tier id: micro | small | medium | large. Run `zibby app deploy --mode solo` without --tier to see the live pricing table.").option("--region <id>","[solo] AWS region for the VM: ap-southeast-2 (Sydney, default) | us-east-1 | us-west-2 | eu-west-1 | ap-northeast-1 | auto (latency-probe + pick nearest). The Zibby control plane stays in Sydney; only your app's EC2 + storage move. Pricing is the same in every region. Omit the flag in interactive mode to pick from a list sorted by measured latency.").option("--secret <kv...>","[solo] Repeatable. Each is KEY=VALUEREF where VALUEREF points at your workspace-credentials (uploaded via `zibby creds set`). Plaintext is NOT accepted here. Example: --secret STRIPE_KEY=workspace:stripe-prod.").option("--db-persistence <kind>","[solo] Database persistence: sqlite-litestream | postgres-walg | none (default).").option("--files-persistence <kind>","[solo] Files persistence: activestorage-s3 | rclone-bisync | none (default).").option("--no-tail","[solo] Skip the post-fire status tail. Default tails until phase=running/failed (max 15 min). --yes implies --no-tail.").option("-y, --yes","Non-interactive mode \u2014 exit 1 on any missing inputs instead of prompting. Implies --no-tail.").option("--project <id>","Project ID (interactive prompt if not provided)").option("--goal <text>",'Free-form natural-language description of what to install (mutually exclusive with <appType>). The agent-ops bootstrap follows the description \u2014 e.g. "install n8n on port 5678 with sqlite persistence". You are responsible for the license terms of any software you install via this path.').option("--name <name>","Instance display name (defaults to appType, or first line of --goal)").option("--provider <name>",'Agent provider \u2014 "claude" (default) or "codex"').option("--arch <name>",`CPU architecture \u2014 "x86_64" or "arm64" (default = catalog's first listed arch; arm64 is ~20% greener at the same price)`).option("--model <name>","Claude model identifier to use for the agent-ops bootstrap (e.g. claude-sonnet-4-6, claude-opus-4-5, claude-haiku-4-5-20251001). Overrides the daemon's baked default. Use a stronger model (Opus) for complex installs; a cheaper one (Haiku) for trivial ones.").option("--anthropic-token <token>","SENSITIVE: Per-deploy Claude credential override. Replaces the workspace-stored token for THIS deploy only \u2014 never persisted. Must start with sk-ant-oat01- (OAuth subscription) or sk-ant-api03- (Anthropic API key). Env equivalent: ZIBBY_ANTHROPIC_TOKEN.").option("--max-turns <n>","Cap on Claude subprocess --max-turns (cfg.Agent.MaxToolCallsPerTask). Default 25; bump for heavy goal-mode installs (n8n, OpenHands) that exhaust the default before finishing. Range 1..200. Example: --max-turns 60.").option("--timeout-min <n>","Bootstrap-task wall-clock cap in minutes. Default 30; bump when npm install / docker pull / native compile dominates wall time (n8n ~500MB install often takes 25-40min). Range 1..120. Example: --timeout-min 45.").option("--auth-type <kind>",'Optional auth sidecar \u2014 "basic" (username + password), "token" (bearer header), or "none" (default, no auth). Adds a tiny Caddy container in front of the public URL that gates requests. Use this on apps with weak / no built-in auth (Grafana ships admin/admin; n8n ships with nothing).').option("--auth-user <name>","Username for --auth-type basic. Required for basic auth. Printable ASCII, no spaces (1-64 chars).").option("--auth-password <pass>","SENSITIVE: Password for --auth-type basic. 8-256 chars; bcrypt-hashed server-side, plaintext never persisted. Env equivalent: ZIBBY_APP_AUTH_PASSWORD.").option("--auth-token <tok>","Optional explicit bearer token for --auth-type token. 16-128 chars, base64url alphabet only ([A-Za-z0-9_-]). Omit to let the backend auto-generate a 32-byte token (returned ONCE in the deploy response \u2014 save it). Env equivalent: ZIBBY_APP_AUTH_TOKEN.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appDeployCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("status <instanceId>").description("Show one instance: status, resources, public URL").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appStatusCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("destroy <instanceId>").description("Stop + remove an app instance (interactive confirm unless --yes)").option("-y, --yes","Skip the confirmation prompt").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appDestroyCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("upgrade <instanceId>").description("Roll the agent-ops container image without destroying the instance (EFS data preserved)").option("--version <tag>","Pin to a specific agent-ops version (e.g. 0.1.16). Defaults to whatever AppsFleet base task def says.").option("-y, --yes","Skip the confirmation prompt").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appUpgradeCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("update-credential <instanceId>").description("Rotate the per-instance Claude credential to whatever's currently in your workspace-credentials. EFS preserved; task restarts ~30s.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appUpdateCredentialCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("set-auth <instanceId>").description("Enable, rotate, or disable the optional Caddy auth sidecar on a running instance. Use --auth-type basic / token / none, or --off to disable. PATCH semantics: omitted flags preserve current state, so e.g. `zibby app set-auth <id> --auth-password new` rotates JUST the password on a basic-auth instance.").option("--auth-type <kind>",'"basic" | "token" | "none". Omit to keep current type (e.g. just rotate the password).').option("--auth-user <name>","Username for basic auth. Required when switching TO basic; preserved on subsequent rotations.").option("--auth-password <pass>","SENSITIVE: Password for basic auth. 8-256 chars; bcrypt-hashed server-side. Env equivalent: ZIBBY_APP_AUTH_PASSWORD.").option("--auth-token <tok>","Optional bearer token for token auth. Omit to let the backend regenerate a fresh 32-byte token (returned ONCE \u2014 save it). Env equivalent: ZIBBY_APP_AUTH_TOKEN.").option("--off","Disable the auth sidecar entirely (alias for --auth-type none). Caddy container removed; public URL exposes the app port directly again.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appSetAuthCommand:t}=await import("../commands/app.js");return t(e,o)});const l=i.command("auth").description("Manage access control on a running app instance: credential auth (basic / token / none) and/or an IP allowlist. `auth show|basic|token|clear|ip <instanceId>`.");l.command("show <instanceId>").description("Show the current access-control gate (credential auth type + IP allowlist).").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appAuthShowCommand:t}=await import("../commands/app-auth.js");return t(e,o)}),l.command("basic <instanceId>").description("Enable / rotate HTTP basic auth (username + password). Adds a Caddy sidecar that gates the public URL. Task restarts ~1 min.").requiredOption("--user <name>","Username (1-64 printable ASCII, no spaces)").option("--password <pass>","SENSITIVE: password (8-256 chars). Env equivalent: ZIBBY_APP_AUTH_PASSWORD.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appAuthBasicCommand:t}=await import("../commands/app-auth.js");return t(e,o)}),l.command("token <instanceId>").description("Enable / rotate bearer-token auth. Omit --token to let the backend auto-generate one (printed ONCE \u2014 save it). Task restarts ~1 min.").option("--token <tok>","Optional explicit token (16-128 chars, base64url [A-Za-z0-9_-]). Omit to auto-generate. Env equivalent: ZIBBY_APP_AUTH_TOKEN.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appAuthTokenCommand:t}=await import("../commands/app-auth.js");return t(e,o)}),l.command("clear <instanceId>").description("Disable credential auth (authType none). The Caddy credential check is removed; any IP allowlist is left intact (clear it with `auth ip --clear-ip`).").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appAuthClearCommand:t}=await import("../commands/app-auth.js");return t(e,o)}),l.command("ip <instanceId>").description("Manage the IP allowlist (independent of credential auth). Only the listed source IPs/CIDRs may reach the app; all others get 403. SECURITY: enforced behind the ALB via X-Forwarded-For \u2014 verify it works on your instance before relying on it.").option("--allow <cidr...>","One or more IPs/CIDRs to allow (e.g. --allow 203.0.113.5/32 198.51.100.0/24). Replaces the current allowlist.").option("--clear-ip","Remove the IP allowlist entirely (all source IPs allowed again). Credential auth is left untouched.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appAuthIpCommand:t}=await import("../commands/app-auth.js");return t(e,o)}),i.command("logs <instanceId>").description("Show recent logs from an app instance (use -t to tail; polls every 3s)").option("-t, --follow","Tail mode \u2014 poll every 3s and print new lines as they arrive (Ctrl+C to stop)").option("--lines <n>","Max lines per fetch (default 200, max 5000)").option("--service <name>","For multi-container apps: limit logs to one service (e.g. `db`, `web`, `agent-ops`). Defaults to interleaved across all containers.").option("--json","Print raw JSON lines (one per line) instead of parsed summary").option("--verbose","Print the full line including JSON body (default: parsed `<time> <msg>` summary)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appLogsCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("run [cmd...]").description("Run a one-off command on a linked solo app (e.g. `zibby app run rails db:migrate`). Attaches your TTY via SSM \u2014 no AWS creds needed.").option("--app <slug>","App slug (defaults to the nearest .zibby/app.json)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appRunCommand:t}=await import("../commands/app-run.js");return t(e,o)}),i.command("console").description("Open the framework REPL on a linked solo app (rails console, python manage.py shell, node, iex -S mix)").option("--app <slug>","App slug (defaults to the nearest .zibby/app.json)").option("--framework <name>","Override the framework from the link file (rails | django | python | node | elixir)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{const{appConsoleCommand:o}=await import("../commands/app-run.js");return o(e)}),i.command("migrate").description("Run database migrations on a linked solo app (rails db:migrate / python manage.py migrate)").option("--app <slug>","App slug (defaults to the nearest .zibby/app.json)").option("--framework <name>","Override the framework from the link file").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{const{appMigrateCommand:o}=await import("../commands/app-run.js");return o(e)}),i.command("rollback [steps]").description("Roll back the last database migration(s) on a linked solo app (rails db:rollback STEP=<n>, default 1)").option("--app <slug>","App slug (defaults to the nearest .zibby/app.json)").option("--framework <name>","Override the framework from the link file").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appRollbackCommand:t}=await import("../commands/app-run.js");return t(e,o)}),i.command("link <slug>").description("Link the current directory to a solo app \u2014 writes .zibby/app.json (commit it so your team can `zibby app run` without --app)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appLinkCommand:t}=await import("../commands/app-run.js");return t(e,o)}),n.command("uninstall").description("Remove all Zibby data: global CLI, ~/.zibby, Cursor MCP config, Studio, and current project").option("--dry-run","Show what would be deleted without deleting").option("--deep","Also remove npx cache dirs containing zibby").action(async e=>{const{uninstallCommand:o}=await import("../commands/uninstall.js");await o(e),process.exit(0)}),n.parse();
49
+ `),n.command("init").description("Initialize a Zibby project (config + credentials only \u2014 pass -t <name> to also scaffold a workflow template)").argument("[project-name]","Project name (optional, uses current directory if not provided)").option("--agent <type>","Agent to use (claude, cursor, codex, gemini)").option("--memory-backend <backend>","Memory backend to configure (mem0, dolt). Default: mem0 (semantic vector memory; falls back to dolt if the embedding proxy is unavailable). Use dolt for self-contained structured memory.","mem0").option("--infer","Smart memory: let the LLM distill/dedupe facts on store (mem0 only; costs tokens). Default off = embed-only, free.").option("-t, --template <name>","Workflow template to scaffold into .zibby/ (see `zibby template list`). Default: none \u2014 init only sets up config and credentials.").option("--skip-install","Skip npm install").option("--skip-memory","Skip test memory setup during initialization").option("-f, --force","Force reinitialize (overwrite existing config)").option("--headed","Run MCP browser in headed mode (visible browser)").option("--headless","Run MCP browser in headless mode (hidden browser)").option("--api-key <key>","Zibby API key for cloud sync").option("--cloud-sync","Enable cloud sync and install Zibby MCP").option("--agent-key <key>","Agent API key (non-interactive). For Claude this is the per-token API key").option("--agent-oauth-token <token>","Claude OAuth subscription token (non-interactive). Saves to ~/.zibby/config.json").action(_),n.command("test").description("Run a test specification").argument("[spec-path]","Path to test spec file or inline test description in quotes").option("--sources <ids>","Comma-separated test case IDs to fetch from cloud").option("--execution <id>","Execution ID containing the test cases (required with --sources)").option("--agent <type>","Agent to use (claude, cursor, codex, gemini) - overrides config").option("--workflow <name>","Workflow to use (e.g., QuickSmokeWorkflow, quick-smoke)").option("--headless","Run browser in headless mode").option("--node <name>","Run only a specific node (e.g., execute_live, generate_script)").option("--session <id>",'Use existing session (e.g., 1768974629717 or "last") - requires --node').option("--session-path <dir>","Use this session folder (absolute or relative to cwd); Studio pins artifacts here").option("--project <id>","Project ID (optional, auto-detected from ZIBBY_API_KEY)").option("--collection <id-or-name>","Collection ID or name (creates new if name doesn't exist)").option("--folder <path>","Folder path within collection (optional, requires --collection)").option("--sync","Force upload to cloud (overrides cloudSync: false)").option("--no-sync","Skip upload to cloud (overrides cloudSync: true)").option("--config <path>","Path to config file",".zibby.config.mjs").option("--auto-approve","Auto-approve MCP tools (for CI/CD)").option("-o, --open","Open test results in browser after completion").option("--verbose","Show info level logs").option("--debug","Show debug level logs (most verbose)").option("-m, --mem","Enable test memory (Dolt-backed knowledge from previous runs)").action((e,o)=>(o.debug?process.env.ZIBBY_DEBUG="true":o.verbose&&(process.env.ZIBBY_VERBOSE="true"),B(e,o))),n.command("implement").description("Implement a Jira ticket using AI agent (runs in ECS container)").action(async(...e)=>{const{implementCommand:o}=await import("../commands/implement.js");return o(...e)}),n.command("analyze").description("Analyze a Jira ticket against the codebase (runs in ECS container)").option("--workflow <path>","Path to a local workflow JSON file (e.g., .zibby/workflow-analysis.json)").action(async(...e)=>{const{analyzeCommand:o}=await import("../commands/analyze-graph.js");return o(...e)}),n.command("video").description("Organize test videos next to test files").action(S),n.command("upload <spec-path>").description("Upload existing test artifacts to Zibby Cloud").option("--project <id>","Project ID (REQUIRED - use flag or ZIBBY_PROJECT_ID env)").option("--collection <id-or-name>","Collection ID or name (creates new if name doesn't exist)").option("--folder <path>","Folder path within collection (optional)").option("--agent <type>","Agent used (for metadata)").action(E),n.command("login").description("Log in to Zibby (opens browser for authentication)").action(async()=>{const{loginCli:e}=await import("../auth/cli-login.js");await e(),process.exit(0)}),n.command("logout").description("Log out from Zibby (clears saved session)").action(async()=>{const{logoutCli:e}=await import("../auth/cli-login.js");e(),process.exit(0)}),n.command("status").description("Show current authentication status and token details").option("--json","Output in JSON format (for scripts)").action(async e=>{const{showLoginStatus:o}=await import("../auth/cli-login.js");await o(e),process.exit(0)}),n.command("list").description("List your projects and API tokens").action(async()=>{const{listProjectsCommand:e}=await import("../commands/list-projects.js");await e()}),n.command("ci-setup").description("Setup Cursor Agent for CI/CD (patch and configure)").option("--get-keys","Get MCP approval keys").option("--save","Save approval keys to project").action(Y),n.command("setup-playwright").description("Setup official Playwright MCP (from cursor-agent-package)").option("--headed","Configure MCP in headed mode (visible browser)").option("--viewport-width <width>","Viewport width (default: 1280)","1280").option("--viewport-height <height>","Viewport height (default: 720)","720").action(e=>{const o={width:parseInt(e.viewportWidth,10)||1280,height:parseInt(e.viewportHeight,10)||720};return x({...e,viewport:o})}),n.command("setup-ci-full").description("Complete CI/CD setup from scratch").action(O),n.command("test-video").description("Run Playwright tests with video recording").argument("[test-file]","Test file to run (default: tests/)").option("--headed","Run in headed mode (visible browser)").action(R),n.command("generate").description("Generate test specs from a ticket + codebase (local analysis using real AI agent)").option("-t, --ticket <key>","Jira ticket key (fetches automatically)").option("-i, --input <file>","Input file with ticket description/requirements").option("-d, --description <text>","Inline ticket description").option("--repo <path>","Path to the codebase (default: current directory)").option("--agent <type>","Agent to use (codex, claude, cursor, gemini)").option("--model <model>","Model override").option("-o, --output <dir>","Output directory for spec files (default: test-specs)").action(async e=>{const{generateCommand:o}=await import("../commands/generate.js");return o(e)}),n.command("studio").description("Launch Zibby Studio desktop (installs from CDN if needed). Uses this folder as the Zibby project.").option("-p, --port <port>","Port for the Studio API bridge (default: 3847)").option("--no-open","Start the API only; do not launch desktop app").option("--update","Force re-download of the latest Studio binary").action(async e=>{const{studioCommand:o}=await import("../commands/studio.js");return o(e)});const u=n.command("creds").description("Manage credentials Zibby has stored for your workspace (KMS-encrypted)");u.command("list").description("List credentials stored for your workspace (masked)").action(async()=>{const{listCmd:e}=await import("../commands/creds.js");await e(),process.exit(0)}),u.command("sync").description("Re-read ~/.zibby/credentials.env and upload any new tokens").action(async()=>{const{syncCmd:e}=await import("../commands/creds.js");await e(),process.exit(0)}),u.command("set <provider> <token>").description("Paste-token shortcut. e.g. zibby creds set claude sk-ant-oat01-... (auto-detects oauth vs api)").option("--type <kind>","Force credential kind: oauth | api (skips auto-detect)").action(async(e,o,t)=>{const{setCmd:s}=await import("../commands/creds.js");await s(e,o,t),process.exit(0)}),u.command("remove <type> <index>").description("Remove a stored credential. e.g. zibby creds remove oauth 0").action(async(e,o)=>{const{removeCmd:t}=await import("../commands/creds.js");await t(e,o),process.exit(0)});const V=n.command("g").description("Generate scaffolds");V.command("workflow [name]").description("Scaffold a new custom workflow in .zibby/workflows/<name>/ (auto-generates name if omitted)").option("-t, --template <name>","Scaffold from a template (see `zibby template list`). Future: also accepts npm package / git URL identifiers.").option("--skip-install","Skip running `npm install` in the new workflow folder").option("--skip-init-check","Skip the first-run init prompt that fires when ~/.zibby/config.json is missing (CI/scripted setups)").option("--agent-helpers [list]",'Install agent helpers (Claude Code / Cursor slash commands). List = comma-separated, e.g. "claude" or "claude,cursor". Bare flag defaults to claude.').option("--no-agent-helpers","Skip agent helpers even if .zibby.config.mjs says install").option("--agent <agent>","(legacy) Set up agent helpers: claude | cursor | codex | all | none. Prefer --agent-helpers.").option("--force-agents","Overwrite user-edited agent helper files (use with --agent-helpers)").action(async(e,o)=>{const{generateWorkflowCommand:t}=await import("../commands/workflows/generate.js");return t(e,o)}),n.command("start <workflow-name>").description("Start a local dev server for a custom workflow").option("-p, --port <port>","Port for the workflow server (default: 3848)").action(async(e,o)=>{const{startWorkflowCommand:t}=await import("../commands/workflows/start.js");return t(e,o)}),n.command("run <workflow-name>").description("Run a workflow locally \u2014 one-shot (alias of `zibby workflow run`)").option("-p, --param <key=value>","Input param (repeatable)",p,[]).option("--input <json>","Input as JSON string").option("--input-file <path>","Input as JSON file").action(async(e,o)=>{const{runLocalWorkflowCommand:t}=await import("../commands/workflows/run-local.js");return t(e,o)}),n.command("deploy [workflow-name]").description("Deploy a custom workflow to Zibby Cloud (interactive selection if workflow-name not provided)").option("--project <id>","Project ID (interactive prompt if not provided, or ZIBBY_PROJECT_ID env)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").option("--dedicated-ip <action>","Manage dedicated egress IP addon: enable | status | disable | use | unuse").option("--env <path>","Path to a .env file to sync into per-workflow env vars after deploy (repeatable)",p,[]).option("--verbose","Show raw CodeBuild logs during the bundle build").option("--no-creds-check","Skip the project secrets sanity check (CI/CD when the secret is provisioned out-of-band)").option("--force","Deploy even if the source checksum matches the last deployed version (bypasses the unchanged check)").option("--warm [count]",`Enable warm-pool execution for this workflow (default 1, max ${b}). Skips ~60s Fargate cold-start by routing triggers to a per-account pool of always-on tasks. Pricing applies (paid feature).`,I).option("--ai-agent <agent>","Per-workflow AI agent override (claude | cursor | codex | gemini). Falls back to the project default when omitted.").action(async(e,o)=>{if(o.dedicatedIp){const{dedicatedEgressCommand:s}=await import("../commands/workflows/dedicated-egress.js");return s(o.dedicatedIp,o.project)}o.aiAgent&&!["claude","cursor","codex","gemini"].includes(o.aiAgent)&&(console.error(`Invalid --ai-agent: ${o.aiAgent}. Must be one of: claude, cursor, codex, gemini.`),process.exit(1));const{deployWorkflowCommand:t}=await import("../commands/workflows/deploy.js");return t(e,o)}),n.command("trigger [uuid]").description("Trigger a deployed workflow by UUID (interactive selection if not provided). Get UUIDs from `zibby workflow list`.").option("--project <id>","Project ID (interactive prompt if not provided, or ZIBBY_PROJECT_ID env)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").option("-p, --param <key=value>","Input param (repeatable, e.g. -p url=https://x.com -p count=5)",p,[]).option("--input <json>",`Input as JSON string \u2014 overridden by --param (e.g. '{"key":"value"}')`).option("--input-file <path>","Input as JSON/YAML file \u2014 lowest precedence").option("--idempotency-key <key>","Idempotency key to prevent duplicate executions").option("-t, --follow","Stream logs in real-time after triggering (no need to run `logs -t` separately)").action(async(e,o)=>{const{triggerWorkflowCommand:t}=await import("../commands/workflows/trigger.js");return t(e,o)}),n.command("run-workflow").description("Run a deployed workflow from S3 sources (used by ECS containers)").action(async()=>{const{runWorkflowCommand:e}=await import("../commands/workflows/run.js");return e()});const P=n.command("template").description("Manage workflow templates in this project");P.command("list").description("List available workflow templates").action(async()=>{const{templateListCommand:e}=await import("../commands/template.js");return e()}),P.command("add",{hidden:!0}).argument("<name>","Template name (see `zibby template list`)").description("(deprecated \u2014 `zibby test` auto-installs the template) Copy a template into .zibby/, overwriting existing files").option("--skip-memory","Strip SKILLS.MEMORY from copied execute-live.mjs (browser-test only)").action(async(e,o)=>{const{templateAddCommand:t}=await import("../commands/template.js");return t(e,{enableMemory:!o.skipMemory})});const c=n.command("memory").description("Test memory database \u2014 version-controlled knowledge from runs");c.command("stats").description("Show memory database statistics").action(async()=>{const{memoryStatsCommand:e}=await import("../commands/memory.js");return e()}),c.command("init").description("Initialize the memory database (Dolt)").action(async()=>{const{memoryInitCommand:e}=await import("../commands/memory.js");return e()}),c.command("compact").description("Prune old data and run Dolt GC to reclaim storage").option("--max-runs <n>","Keep last N runs per spec (default: 50)",parseInt).option("--max-age <days>","Remove data older than N days (default: 90)",parseInt).action(async e=>{const{memoryCompactCommand:o}=await import("../commands/memory.js");return o(e)}),c.command("reset").description("Wipe the memory database").option("-f, --force","Confirm reset").action(async e=>{const{memoryResetCommand:o}=await import("../commands/memory.js");return o(e)}),c.command("cost").description("Show real LLM token usage from past runs (input/output/cache)").action(async()=>{const{memoryCostCommand:e}=await import("../commands/memory.js");return e()});const y=c.command("remote").description("Configure a remote so the team shares cross-spec memory");y.command("add").argument("<url>","Remote URL: aws://, gs://, https://, file:///").option("--name <name>","Remote name (default: origin)","origin").description("Point the local memory DB at a shared remote (S3/GCS/DoltHub/filesystem)").action(async(e,o)=>{const{memoryRemoteAddCommand:t}=await import("../commands/memory.js");return t(e,o)}),y.command("use").description("Switch to a managed remote backend. Currently: --hosted (Zibby-managed S3, signed-in users only).").option("--hosted","Use Zibby-managed S3 (allocates a tenant-scoped prefix per-project)").option("--project-id <id>","Override the projectId from .zibby.config.mjs").action(async e=>{e.hosted||(console.log("Pass --hosted. (Other backends will be added later.)"),process.exit(1));const{memoryRemoteUseHostedCommand:o}=await import("../commands/memory.js");return o(e)}),y.command("info").description("Show the configured memory remote (if any)").action(async()=>{const{memoryRemoteInfoCommand:e}=await import("../commands/memory.js");return e()}),y.command("remove").argument("[name]","Remote name (default: origin)").description("Remove a configured memory remote (memory becomes local-only)").action(async e=>{const{memoryRemoteRemoveCommand:o}=await import("../commands/memory.js");return o(e)}),c.command("pull").description("Pull latest team memory from the configured remote").action(async()=>{const{memoryPullCommand:e}=await import("../commands/memory.js");return e()}),c.command("push").description("Push local memory to the configured remote (auto-runs after passing tests)").action(async()=>{const{memoryPushCommand:e}=await import("../commands/memory.js");return e()});const $=n.command("agents").description("Manage Claude/Cursor/Codex helper files for working with Zibby workflows");$.command("add [agent]").description("Add agent helpers (claude | cursor | codex | all). Prompts if no agent given.").option("--force","Overwrite user-edited helper files").action(async(e,o)=>{const{runAgentHelpers:t,addAgent:s}=await import("../commands/workflows/agent-helpers.js");if(e){const m=["claude","cursor","codex","all","none"];m.includes(e)||(console.error(`Unknown agent "${e}". Valid: ${m.join(", ")}`),process.exit(1)),e==="none"?await t({forcedAgents:["none"],force:o.force===!0}):e==="all"?await t({forcedAgents:["claude","cursor","codex"],force:o.force===!0}):await s(e,{force:o.force===!0})}else await t({forcedAgents:void 0,force:o.force===!0,forcePrompt:!0})});const r=n.command("workflow").alias("agent").description("Manage agents \u2014 new, start, deploy, trigger, logs, list, download, delete (alias: workflow)");r.command("new [name]").description("Scaffold a new custom workflow (alias of `zibby g workflow`)").option("-t, --template <name>","Scaffold from a template (see `zibby template list`). Future: also accepts npm package / git URL identifiers.").option("--skip-install","Skip running `npm install` in the new workflow folder").option("--skip-init-check","Skip the first-run init prompt that fires when ~/.zibby/config.json is missing (CI/scripted setups)").option("--agent-helpers [list]",'Install agent helpers (Claude Code / Cursor slash commands). List = comma-separated, e.g. "claude" or "claude,cursor". Bare flag defaults to claude.').option("--no-agent-helpers","Skip agent helpers even if .zibby.config.mjs says install").option("--agent <agent>","(legacy) Set up agent helpers: claude | cursor | codex | all | none. Prefer --agent-helpers.").option("--force-agents","Overwrite user-edited agent helper files (use with --agent-helpers)").action(async(e,o)=>{const{generateWorkflowCommand:t}=await import("../commands/workflows/generate.js");return t(e,o)}),r.command("run <workflow-name>").description("Run a workflow locally \u2014 one-shot, same input flags as `workflow trigger`").option("-p, --param <key=value>","Input param (repeatable, e.g. -p url=https://x.com -p count=5)",p,[]).option("--input <json>",`Input as JSON string \u2014 overridden by --param (e.g. '{"key":"value"}')`).option("--input-file <path>","Input as JSON file \u2014 lowest precedence").action(async(e,o)=>{const{runLocalWorkflowCommand:t}=await import("../commands/workflows/run-local.js");return t(e,o)}),r.command("start <workflow-name>").description("Start a long-lived local dev server (Studio integration). Prefer `workflow run` for one-shots.").option("-p, --port <port>","Port for the workflow server (default: 3848)").action(async(e,o)=>{const{startWorkflowCommand:t}=await import("../commands/workflows/start.js");return t(e,o)}),r.command("deploy [workflow-name]").description("Deploy a workflow to Zibby Cloud (alias of `zibby deploy`)").option("--project <id>","Project ID (interactive prompt if not provided, or ZIBBY_PROJECT_ID env)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").option("--env <path>","Path to a .env file to sync into per-workflow env vars after deploy (repeatable)",p,[]).option("--verbose","Show raw CodeBuild logs during the bundle build").option("--no-creds-check","Skip the project secrets sanity check (CI/CD when the secret is provisioned out-of-band)").option("--force","Deploy even if the source checksum matches the last deployed version (bypasses the unchanged check)").option("--warm [count]",`Enable warm-pool execution for this workflow (default 1, max ${b}). Skips ~60s Fargate cold-start by routing triggers to a per-account pool of always-on tasks. Pricing applies (paid feature).`,I).action(async(e,o)=>{const{deployWorkflowCommand:t}=await import("../commands/workflows/deploy.js");return t(e,o)}),r.command("trigger [uuid]").description("Trigger a deployed workflow by UUID (alias of `zibby trigger`)").option("--project <id>","Project ID (interactive prompt if not provided, or ZIBBY_PROJECT_ID env)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").option("-p, --param <key=value>","Input param (repeatable, e.g. -p url=https://x.com -p count=5)",p,[]).option("--input <json>",`Input as JSON string \u2014 overridden by --param (e.g. '{"key":"value"}')`).option("--input-file <path>","Input as JSON/YAML file \u2014 lowest precedence").option("--idempotency-key <key>","Idempotency key to prevent duplicate executions").option("-t, --follow","Stream logs in real-time after triggering (no need to run `logs -t` separately)").action(async(e,o)=>{const{triggerWorkflowCommand:t}=await import("../commands/workflows/trigger.js");return t(e,o)}),r.command("logs [jobId]").description("Tail logs from a workflow execution (alias of `zibby logs`)").option("--project <id>","Project ID (or ZIBBY_PROJECT_ID env)").option("--workflow <name>","Workflow name (fetches the latest run)").option("--all","Show interleaved logs from all runs (requires --workflow)").option("-t, --follow","Stream logs in real-time (like Heroku logs -t)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").option("--lines <n>","Max log lines per fetch (default: 500)").action(async(e,o)=>{const{logsCommand:t}=await import("../commands/workflows/logs.js");return t(e,o)}),r.command("download <uuid>").description("Download a deployed workflow back to local (edit it, then re-deploy with `zibby workflow deploy`)").option("--dest <path>","Destination directory (default: ./workflows/<name> when run inside a .zibby project)").option("--force","Overwrite without prompting; bypass uuid-mismatch guard").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{downloadWorkflowCommand:t}=await import("../commands/workflows/download.js");return t(e,o)}),r.command("list").description("List all workflows (local + remote if credentials available)").option("--local-only","Show only local workflows").option("--remote-only","Show only remote workflows (requires --project)").option("--project <id>","Project ID (optional, uses ZIBBY_PROJECT_ID env)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{if(e.remoteOnly){const{workflowListCommand:t}=await import("../commands/workflow.js");return t(e)}if(e.localOnly){const{listLocalWorkflowsCommand:t}=await import("../commands/workflows/list.js");return t(e)}const{listAllWorkflowsCommand:o}=await import("../commands/workflows/list.js");return o(e)}),r.command("validate <name>").description("Static-check a local workflow (.zibby/workflows/<name>/). Catches schema/topology/skill errors in ~30ms before you run anything.").option("--verbose","Print stack traces on graph.mjs import errors").action(async(e,o)=>{const{validateCommand:t}=await import("../commands/workflows/validate.js");return t(e,o)}),r.command("schedule <uuid> [action] [cron]").description(`Manage a workflow's cron schedule. Actions: get (default) | set <cron> | clear. Cron is Unix 5-field, e.g. "0 9 * * 1-5".`).option("--tz <iana>","IANA timezone for the schedule (default: UTC)").option("-p, --param <key=value>","Fixed input param for every scheduled run (repeatable)",p,[]).option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o,t,s)=>{const{scheduleCommand:m}=await import("../commands/workflows/schedule.js");return m(e,o,t,s)});const f=r.command("webhook").description("Configure a workflow's inbound webhook + auth (enable/disable, basic/ip/token, show)");f.command("enable <uuid>").description("Enable the workflow's inbound webhook (HTTP trigger)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("enable",e,void 0,o)}),f.command("disable <uuid>").description("Disable the workflow's inbound webhook (HTTP trigger)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("disable",e,void 0,o)}),f.command("show <uuid>").description("Show current webhook config (which auth methods are on, masked token, IP list, URL)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("show",e,void 0,o)});const g=f.command("auth").description("Configure webhook auth methods: basic | ip | token");g.command("basic <uuid>").description("Enable HTTP Basic auth (or --disable to turn it off). Password optional on update.").option("--username <u>","Basic auth username").option("--password <p>","Basic auth password (plaintext; backend hashes it; omit to keep existing)").option("--disable","Turn Basic auth off").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("auth","basic",e,o)}),g.command("ip <uuid>").description("Set the IP allowlist (or --disable to turn it off)").option("--allow <cidr,...>","Comma-separated IPs/CIDRs, e.g. 1.2.3.4,10.0.0.0/8").option("--disable","Turn the IP allowlist off").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("auth","ip",e,o)}),g.command("token <uuid>").description("Generate a bearer token (--generate) \u2014 printed ONCE \u2014 or --disable to turn it off").option("--generate","Mint a new token; printed once in plaintext").option("--disable","Turn token auth off").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{webhookCommand:t}=await import("../commands/workflows/webhook.js");return t("auth","token",e,o)}),r.command("delete <uuid>").description("Delete a deployed workflow by UUID").action(async e=>{const{deleteWorkflowCommand:o}=await import("../commands/workflows/delete.js");return o(e,{})});const h=r.command("env").description("Manage per-workflow encrypted env vars (set ANTHROPIC_API_KEY, DATABASE_URL, etc. per workflow)");h.command("list <uuid>").description("List env var key names for a workflow (values never returned)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{listEnvCommand:t}=await import("../commands/workflows/env.js");return t(e,o)}),h.command("set <uuid> <kv>").description("Set or update one env var: zibby workflow env set <uuid> KEY=value").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o,t)=>{const{setEnvCommand:s}=await import("../commands/workflows/env.js");return s(e,o,t)}),h.command("unset <uuid> <key>").description("Remove one env var from a workflow").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o,t)=>{const{unsetEnvCommand:s}=await import("../commands/workflows/env.js");return s(e,o,t)}),h.command("push <uuid>").description("Bulk-replace env from one or more .env files (later files override). Removes any keys not in the new map.").option("--file <path>","Path to a .env file (repeatable, e.g. --file .env --file .env.prod)",p,[]).option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{pushEnvCommand:t}=await import("../commands/workflows/env.js");return t(e,o)});const Q=n.command("project").description("Manage Zibby projects");Q.command("list").description("List all projects").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{const{projectListCommand:o}=await import("../commands/project.js");return o(e)});const l=n.command("credits").alias("billing").description("Check credit balance, usage history, and top up your account");l.command("balance").description("Show current credit balance + recent activity").option("--bucket <granularity>","Recent-activity rollup: minute (default) or hour").option("--json","Output raw JSON").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{const{creditsBalanceCommand:o}=await import("../commands/credits.js");await o(e),process.exit(0)}),l.command("history").alias("ledger").description("Show credit-ledger history (top-ups + usage deducts), newest first").option("--limit <n>","Page size (default 25, max 100)").option("--cursor <token>","Pagination cursor from a prior page's output").option("--bucket <granularity>","Rollup: minute (default) or hour").option("--before <when>","Jump to a date bound (ISO timestamp or epoch ms)").option("--json","Output raw JSON").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{const{creditsLedgerCommand:o}=await import("../commands/credits.js");await o(e),process.exit(0)}),l.command("limits").description("Show the allowed top-up amounts (min/max + quick picks)").option("--json","Output raw JSON").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{const{creditsLimitsCommand:o}=await import("../commands/credits.js");await o(e),process.exit(0)}),l.command("topup <amountUsd>").alias("checkout").description("Create a Stripe Checkout link to top up by <amountUsd> dollars").option("--json","Output raw JSON").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{creditsCheckoutCommand:t}=await import("../commands/credits.js");await t(e,o),process.exit(0)}),l.command("redeem <code>").description("Redeem a credit coupon / promo code").option("--json","Output raw JSON").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{creditsRedeemCommand:t}=await import("../commands/credits.js");await t(e,o),process.exit(0)});const X=n.command("run-queue").description("Parallel capacity \u2014 on-disk wait queue (see parallel.waitWhenAtCapacity in .zibby.config.mjs)");X.command("list").description("List CLI processes waiting for a run slot").option("--config <path>","Path to config file",".zibby.config.mjs").action(async e=>{const{runCapacityQueueListCommand:o}=await import("../commands/run-capacity-queue-cli.js");await o(e),process.exit(0)});const ee=n.command("mcp").description("Manage the Zibby Remote MCP integration in your AI agent");ee.command("install").description("Auto-configure Zibby MCP into your AI agent (Claude Code/Desktop, Cursor, Codex, Gemini)").option("--agent <name>","claude-code | claude-desktop | cursor | codex | gemini").option("--all","Install for every supported agent on this machine").option("--token <pat>","Use this PAT (zby_pat_\u2026) instead of minting one via session. Also reads ZIBBY_PAT env var.").option("--force","Overwrite the existing zibby block even if unchanged").action(async e=>{const{mcpInstallCommand:o}=await import("../commands/mcp.js");await o(e),process.exit(0)});const i=n.command("app").description("Manage Zibby Managed Apps \u2014 templates, deploy, list, status, destroy");i.command("templates").description("List the app catalog (n8n, grafana, gas-town, \u2026)").action(async e=>{const{appTemplatesCommand:o}=await import("../commands/app.js");return o(e)}),i.command("list").description("List deployed app instances (use --project to scope to one project)").option("--project <id>","Project ID \u2014 defaults to all instances under your account").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{const{appListCommand:o}=await import("../commands/app.js");return o(e)}),i.command("deploy [appType]").description('Deploy an app \u2014 either from the catalog (e.g. `zibby app deploy grafana --project <id>`) or a free-form install described by --goal (e.g. `zibby app deploy --goal "Install n8n at /n8n on port 5678, persist data in /data" --project <id>`). Pass exactly one of <appType> OR --goal. Catalog deploys are curated by Zibby; goal-based deploys are user-directed installs where you (not Zibby) choose what gets installed and accept the license terms of whatever you install.').option("--mode <name>",'Deploy mode \u2014 "cloud" (default, shared Fargate) or "solo" (dedicated t4g.* EC2 per app, cheaper + isolated). Solo deploys take --repo / --tier / --secret instead of <appType>; see `zibby app deploy --mode solo --help` for the solo flags.').option("--slug <name>","[solo] App slug \u2014 used to form the public hostname <slug>.solo.zibby.app. lowercase [a-z0-9-], 1-40 chars.").option("--repo <ownerRepo>",'[solo] GitHub source repo in "owner/name" form. Mutually exclusive with --tarball.').option("--ref <ref>","[solo] Git ref (branch, tag, sha) to clone. Defaults to the repo's default branch.").option("--tarball <s3Url>","[solo] s3:// URL of a tarball source. Mutually exclusive with --repo.").option("--framework <name>",'[solo] Framework hint \u2014 auto (default), rails, node, python, static, other. "auto" lets agent-ops detect from the source tree.').option("--tier <id>","[solo] Instance tier id: micro | small | medium | large. Run `zibby app deploy --mode solo` without --tier to see the live pricing table.").option("--region <id>","[solo] AWS region for the VM: ap-southeast-2 (Sydney, default) | us-east-1 | us-west-2 | eu-west-1 | ap-northeast-1 | auto (latency-probe + pick nearest). The Zibby control plane stays in Sydney; only your app's EC2 + storage move. Pricing is the same in every region. Omit the flag in interactive mode to pick from a list sorted by measured latency.").option("--secret <kv...>","[solo] Repeatable. Each is KEY=VALUEREF where VALUEREF points at your workspace-credentials (uploaded via `zibby creds set`). Plaintext is NOT accepted here. Example: --secret STRIPE_KEY=workspace:stripe-prod.").option("--db-persistence <kind>","[solo] Database persistence: sqlite-litestream | postgres-walg | none (default).").option("--files-persistence <kind>","[solo] Files persistence: activestorage-s3 | rclone-bisync | none (default).").option("--no-tail","[solo] Skip the post-fire status tail. Default tails until phase=running/failed (max 15 min). --yes implies --no-tail.").option("-y, --yes","Non-interactive mode \u2014 exit 1 on any missing inputs instead of prompting. Implies --no-tail.").option("--project <id>","Project ID (interactive prompt if not provided)").option("--goal <text>",'Free-form natural-language description of what to install (mutually exclusive with <appType>). The agent-ops bootstrap follows the description \u2014 e.g. "install n8n on port 5678 with sqlite persistence". You are responsible for the license terms of any software you install via this path.').option("--name <name>","Instance display name (defaults to appType, or first line of --goal)").option("--provider <name>",'Agent provider \u2014 "claude" (default) or "codex"').option("--arch <name>",`CPU architecture \u2014 "x86_64" or "arm64" (default = catalog's first listed arch; arm64 is ~20% greener at the same price)`).option("--model <name>","Claude model identifier to use for the agent-ops bootstrap (e.g. claude-sonnet-4-6, claude-opus-4-5, claude-haiku-4-5-20251001). Overrides the daemon's baked default. Use a stronger model (Opus) for complex installs; a cheaper one (Haiku) for trivial ones.").option("--anthropic-token <token>","SENSITIVE: Per-deploy Claude credential override. Replaces the workspace-stored token for THIS deploy only \u2014 never persisted. Must start with sk-ant-oat01- (OAuth subscription) or sk-ant-api03- (Anthropic API key). Env equivalent: ZIBBY_ANTHROPIC_TOKEN.").option("--max-turns <n>","Cap on Claude subprocess --max-turns (cfg.Agent.MaxToolCallsPerTask). Default 25; bump for heavy goal-mode installs (n8n, OpenHands) that exhaust the default before finishing. Range 1..200. Example: --max-turns 60.").option("--timeout-min <n>","Bootstrap-task wall-clock cap in minutes. Default 30; bump when npm install / docker pull / native compile dominates wall time (n8n ~500MB install often takes 25-40min). Range 1..120. Example: --timeout-min 45.").option("--auth-type <kind>",'Optional auth sidecar \u2014 "basic" (username + password), "token" (bearer header), or "none" (default, no auth). Adds a tiny Caddy container in front of the public URL that gates requests. Use this on apps with weak / no built-in auth (Grafana ships admin/admin; n8n ships with nothing).').option("--auth-user <name>","Username for --auth-type basic. Required for basic auth. Printable ASCII, no spaces (1-64 chars).").option("--auth-password <pass>","SENSITIVE: Password for --auth-type basic. 8-256 chars; bcrypt-hashed server-side, plaintext never persisted. Env equivalent: ZIBBY_APP_AUTH_PASSWORD.").option("--auth-token <tok>","Optional explicit bearer token for --auth-type token. 16-128 chars, base64url alphabet only ([A-Za-z0-9_-]). Omit to let the backend auto-generate a 32-byte token (returned ONCE in the deploy response \u2014 save it). Env equivalent: ZIBBY_APP_AUTH_TOKEN.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appDeployCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("status <instanceId>").description("Show one instance: status, resources, public URL").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appStatusCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("destroy <instanceId>").description("Stop + remove an app instance (interactive confirm unless --yes)").option("-y, --yes","Skip the confirmation prompt").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appDestroyCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("upgrade <instanceId>").description("Roll the agent-ops container image without destroying the instance (EFS data preserved)").option("--version <tag>","Pin to a specific agent-ops version (e.g. 0.1.16). Defaults to whatever AppsFleet base task def says.").option("-y, --yes","Skip the confirmation prompt").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appUpgradeCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("update-credential <instanceId>").description("Rotate the per-instance Claude credential to whatever's currently in your workspace-credentials. EFS preserved; task restarts ~30s.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appUpdateCredentialCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("set-auth <instanceId>").description("Enable, rotate, or disable the optional Caddy auth sidecar on a running instance. Use --auth-type basic / token / none, or --off to disable. PATCH semantics: omitted flags preserve current state, so e.g. `zibby app set-auth <id> --auth-password new` rotates JUST the password on a basic-auth instance.").option("--auth-type <kind>",'"basic" | "token" | "none". Omit to keep current type (e.g. just rotate the password).').option("--auth-user <name>","Username for basic auth. Required when switching TO basic; preserved on subsequent rotations.").option("--auth-password <pass>","SENSITIVE: Password for basic auth. 8-256 chars; bcrypt-hashed server-side. Env equivalent: ZIBBY_APP_AUTH_PASSWORD.").option("--auth-token <tok>","Optional bearer token for token auth. Omit to let the backend regenerate a fresh 32-byte token (returned ONCE \u2014 save it). Env equivalent: ZIBBY_APP_AUTH_TOKEN.").option("--off","Disable the auth sidecar entirely (alias for --auth-type none). Caddy container removed; public URL exposes the app port directly again.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appSetAuthCommand:t}=await import("../commands/app.js");return t(e,o)});const d=i.command("auth").description("Manage access control on a running app instance: credential auth (basic / token / none) and/or an IP allowlist. `auth show|basic|token|clear|ip <instanceId>`.");d.command("show <instanceId>").description("Show the current access-control gate (credential auth type + IP allowlist).").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appAuthShowCommand:t}=await import("../commands/app-auth.js");return t(e,o)}),d.command("basic <instanceId>").description("Enable / rotate HTTP basic auth (username + password). Adds a Caddy sidecar that gates the public URL. Task restarts ~1 min.").requiredOption("--user <name>","Username (1-64 printable ASCII, no spaces)").option("--password <pass>","SENSITIVE: password (8-256 chars). Env equivalent: ZIBBY_APP_AUTH_PASSWORD.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appAuthBasicCommand:t}=await import("../commands/app-auth.js");return t(e,o)}),d.command("token <instanceId>").description("Enable / rotate bearer-token auth. Omit --token to let the backend auto-generate one (printed ONCE \u2014 save it). Task restarts ~1 min.").option("--token <tok>","Optional explicit token (16-128 chars, base64url [A-Za-z0-9_-]). Omit to auto-generate. Env equivalent: ZIBBY_APP_AUTH_TOKEN.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appAuthTokenCommand:t}=await import("../commands/app-auth.js");return t(e,o)}),d.command("clear <instanceId>").description("Disable credential auth (authType none). The Caddy credential check is removed; any IP allowlist is left intact (clear it with `auth ip --clear-ip`).").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appAuthClearCommand:t}=await import("../commands/app-auth.js");return t(e,o)}),d.command("ip <instanceId>").description("Manage the IP allowlist (independent of credential auth). Only the listed source IPs/CIDRs may reach the app; all others get 403. SECURITY: enforced behind the ALB via X-Forwarded-For \u2014 verify it works on your instance before relying on it.").option("--allow <cidr...>","One or more IPs/CIDRs to allow (e.g. --allow 203.0.113.5/32 198.51.100.0/24). Replaces the current allowlist.").option("--clear-ip","Remove the IP allowlist entirely (all source IPs allowed again). Credential auth is left untouched.").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appAuthIpCommand:t}=await import("../commands/app-auth.js");return t(e,o)}),i.command("logs <instanceId>").description("Show recent logs from an app instance (use -t to tail; polls every 3s)").option("-t, --follow","Tail mode \u2014 poll every 3s and print new lines as they arrive (Ctrl+C to stop)").option("--lines <n>","Max lines per fetch (default 200, max 5000)").option("--service <name>","For multi-container apps: limit logs to one service (e.g. `db`, `web`, `agent-ops`). Defaults to interleaved across all containers.").option("--json","Print raw JSON lines (one per line) instead of parsed summary").option("--verbose","Print the full line including JSON body (default: parsed `<time> <msg>` summary)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appLogsCommand:t}=await import("../commands/app.js");return t(e,o)}),i.command("run [cmd...]").description("Run a one-off command on a linked solo app (e.g. `zibby app run rails db:migrate`). Attaches your TTY via SSM \u2014 no AWS creds needed.").option("--app <slug>","App slug (defaults to the nearest .zibby/app.json)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appRunCommand:t}=await import("../commands/app-run.js");return t(e,o)}),i.command("console").description("Open the framework REPL on a linked solo app (rails console, python manage.py shell, node, iex -S mix)").option("--app <slug>","App slug (defaults to the nearest .zibby/app.json)").option("--framework <name>","Override the framework from the link file (rails | django | python | node | elixir)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{const{appConsoleCommand:o}=await import("../commands/app-run.js");return o(e)}),i.command("migrate").description("Run database migrations on a linked solo app (rails db:migrate / python manage.py migrate)").option("--app <slug>","App slug (defaults to the nearest .zibby/app.json)").option("--framework <name>","Override the framework from the link file").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async e=>{const{appMigrateCommand:o}=await import("../commands/app-run.js");return o(e)}),i.command("rollback [steps]").description("Roll back the last database migration(s) on a linked solo app (rails db:rollback STEP=<n>, default 1)").option("--app <slug>","App slug (defaults to the nearest .zibby/app.json)").option("--framework <name>","Override the framework from the link file").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appRollbackCommand:t}=await import("../commands/app-run.js");return t(e,o)}),i.command("link <slug>").description("Link the current directory to a solo app \u2014 writes .zibby/app.json (commit it so your team can `zibby app run` without --app)").option("--api-key <key>","API key (or ZIBBY_API_KEY env)").action(async(e,o)=>{const{appLinkCommand:t}=await import("../commands/app-run.js");return t(e,o)}),n.command("uninstall").description("Remove all Zibby data: global CLI, ~/.zibby, Cursor MCP config, Studio, and current project").option("--dry-run","Show what would be deleted without deleting").option("--deep","Also remove npx cache dirs containing zibby").action(async e=>{const{uninstallCommand:o}=await import("../commands/uninstall.js");await o(e),process.exit(0)}),n.parse();
package/dist/commands/app-auth.js CHANGED
@@ -1,17 +1,17 @@
1
- var y=(e,o)=>()=>(e&&(o=e(e=0)),o);function w(){let e;if(process.env.ZIBBY_API_URL)e=process.env.ZIBBY_API_URL;else{let o=process.env.ZIBBY_ENV||"prod";m[o]?e=m[o].apiUrl:e=m.prod.apiUrl}try{let o=new URL(e);return o.protocol!=="http:"&&o.protocol!=="https:"?(console.error(`\u26A0\uFE0F Invalid API URL protocol: ${o.protocol} (only http/https allowed)`),m.prod.apiUrl):e}catch{return console.error(`\u26A0\uFE0F Invalid API URL: ${e}`),m.prod.apiUrl}}var m,k=y(()=>{m={local:{name:"Local Development",apiUrl:"http://localhost:3001",accountApiUrl:"http://localhost:3001",frontendUrl:"http://localhost:3000",description:"Local backend running on port 3001"},prod:{name:"Production",apiUrl:process.env.ZIBBY_PROD_API_URL||"https://api-prod.zibby.app",accountApiUrl:process.env.ZIBBY_PROD_ACCOUNT_API_URL||"https://api-prod.zibby.app",frontendUrl:process.env.ZIBBY_PROD_FRONTEND_URL||"https://studio.zibby.dev",description:"Production environment"}}});import{existsSync as N,mkdirSync as te,readFileSync as re,writeFileSync as ne}from"fs";import{homedir as R}from"os";import{join as x}from"path";function O(){return process.env.ZIBBY_CONFIG_DIR||x(R(),".zibby")}function B(){return x(O(),"config.json")}function ae(){let e=O();N(e)||te(e,{recursive:!0})}function f(){try{let e=B();if(N(e)){let o=re(e,"utf-8");return JSON.parse(o)}}catch{}return{}}function b(e){ae(),ne(B(),JSON.stringify(e,null,2))}function L(){return f().sessionToken||null}function z(e){let o=f();o.sessionToken=e,b(o)}function D(){return f().user||null}function M(e){let o=f();o.user=e,b(o)}function Y(e){let o=f();o.proxyUrl=e,b(o)}function Z(e){let o=f();o.mem0ProxyUrl=e,b(o)}function F(e){let o=f();o.projects=e,b(o)}var se,Ue,H=y(()=>{se=x(R(),".zibby"),Ue=x(se,"config.json")});import{existsSync as Ce,mkdirSync as Ee,readFileSync as _e,writeFileSync as je,unlinkSync as Ne}from"fs";import{resolve as Oe}from"path";import{homedir as Le}from"os";var K=y(()=>{});import a from"chalk";import T from"ora";import{spawn as le}from"child_process";function ie(e){let o=process.platform;try{let t,r;return o==="darwin"?(t="open",r=[e]):o==="win32"?(t="cmd",r=["/c","start","",e]):(t="xdg-open",r=[e]),le(t,r,{detached:!0,stdio:"ignore"}).unref(),!0}catch{return!1}}function ce(){let e=L(),o=D();return e&&o?{loggedIn:!0,user:o,token:e}:{loggedIn:!1}}async function J(){try{console.log(a.cyan(`
1
+ var y=(e,o)=>()=>(e&&(o=e(e=0)),o);function w(){let e;if(process.env.ZIBBY_API_URL)e=process.env.ZIBBY_API_URL;else{let o=process.env.ZIBBY_ENV||"prod";m[o]?e=m[o].apiUrl:e=m.prod.apiUrl}try{let o=new URL(e);return o.protocol!=="http:"&&o.protocol!=="https:"?(console.error(`\u26A0\uFE0F Invalid API URL protocol: ${o.protocol} (only http/https allowed)`),m.prod.apiUrl):e}catch{return console.error(`\u26A0\uFE0F Invalid API URL: ${e}`),m.prod.apiUrl}}var m,k=y(()=>{m={local:{name:"Local Development",apiUrl:"http://localhost:3001",accountApiUrl:"http://localhost:3001",frontendUrl:"http://localhost:3000",description:"Local backend running on port 3001"},prod:{name:"Production",apiUrl:process.env.ZIBBY_PROD_API_URL||"https://api-prod.zibby.app",accountApiUrl:process.env.ZIBBY_PROD_ACCOUNT_API_URL||"https://api-prod.zibby.app",frontendUrl:process.env.ZIBBY_PROD_FRONTEND_URL||"https://studio.zibby.dev",description:"Production environment"}}});import{existsSync as N,mkdirSync as te,readFileSync as re,writeFileSync as ne}from"fs";import{homedir as R}from"os";import{join as x}from"path";function O(){return process.env.ZIBBY_CONFIG_DIR||x(R(),".zibby")}function B(){return x(O(),"config.json")}function ae(){let e=O();N(e)||te(e,{recursive:!0})}function f(){try{let e=B();if(N(e)){let o=re(e,"utf-8");return JSON.parse(o)}}catch{}return{}}function b(e){ae(),ne(B(),JSON.stringify(e,null,2))}function L(){return f().sessionToken||null}function z(e){let o=f();o.sessionToken=e,b(o)}function D(){return f().user||null}function M(e){let o=f();o.user=e,b(o)}function Y(e){let o=f();o.proxyUrl=e,b(o)}function Z(e){let o=f();o.mem0ProxyUrl=e,b(o)}function F(e){let o=f();o.projects=e,b(o)}var se,Ue,H=y(()=>{se=x(R(),".zibby"),Ue=x(se,"config.json")});import{existsSync as Ce,mkdirSync as Ee,readFileSync as _e,writeFileSync as je,unlinkSync as Ne}from"fs";import{resolve as Oe}from"path";import{homedir as Le}from"os";var K=y(()=>{});import a from"chalk";import T from"ora";import{spawn as ie}from"child_process";function le(e){let o=process.platform;try{let t,r;return o==="darwin"?(t="open",r=[e]):o==="win32"?(t="cmd",r=["/c","start","",e]):(t="xdg-open",r=[e]),ie(t,r,{detached:!0,stdio:"ignore"}).unref(),!0}catch{return!1}}function ce(){let e=L(),o=D();return e&&o?{loggedIn:!0,user:o,token:e}:{loggedIn:!1}}async function J(){try{console.log(a.cyan(`
2
2
  \u{1F510} Initiating login...
3
3
  `));let e=ce();if(e.loggedIn){console.log(a.green("\u2705 Already logged in!")),console.log(a.gray(`User: ${e.user.email}`)),console.log(a.gray(`Name: ${e.user.name}
4
- `));let{createInterface:o}=await import("readline"),t=o({input:process.stdin,output:process.stdout});return new Promise((r,l)=>{let n=()=>{t.close(),process.stdin.isTTY&&process.stdin.setRawMode(!1)},s=()=>{console.log(a.yellow(`
4
+ `));let{createInterface:o}=await import("readline"),t=o({input:process.stdin,output:process.stdout});return new Promise((r,i)=>{let n=()=>{t.close(),process.stdin.isTTY&&process.stdin.setRawMode(!1)},s=()=>{console.log(a.yellow(`
5
5
 
6
6
  \u26A0\uFE0F Login cancelled
7
- `)),n(),process.exit(0)};process.on("SIGINT",s),t.question(a.yellow("Continue with this session? (Y/n): "),async i=>{process.removeListener("SIGINT",s),n();try{if(i.toLowerCase()==="n"||i.toLowerCase()==="no"){console.log(a.gray(`Starting new login...
7
+ `)),n(),process.exit(0)};process.on("SIGINT",s),t.question(a.yellow("Continue with this session? (Y/n): "),async l=>{process.removeListener("SIGINT",s),n();try{if(l.toLowerCase()==="n"||l.toLowerCase()==="no"){console.log(a.gray(`Starting new login...
8
8
  `));let g=await V();r(g)}else console.log(a.green(`Using existing session.
9
- `)),r({success:!0,...e})}catch(g){l(g)}})})}return await V()}catch(e){return console.error(a.red(`
10
- \u274C Login failed:`,e.message)),{success:!1,error:e.message}}}async function pe(e){let o=w();try{let t=await fetch(`${o}/projects`,{headers:{Authorization:`Bearer ${e}`}});if(t.ok){let l=((await t.json()).projects||[]).map(n=>({name:n.name,projectId:n.projectId,apiToken:n.apiToken}));return F(l),l}}catch(t){console.log(a.gray(`\u26A0\uFE0F Could not fetch projects: ${t.message}`))}return[]}async function V(){let e=w(),o=T("Requesting login code...").start(),t=await fetch(`${e}/cli/login/initiate`,{method:"POST",headers:{"Content-Type":"application/json"}});if(!t.ok){o.fail("Failed to request login code");let h=await t.json();throw new Error(h.error||"Failed to initiate login")}let{deviceCode:r,userCode:l,verificationUrl:n,expiresIn:s,interval:i}=await t.json();o.succeed("Login code generated"),console.log(""),console.log(a.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557")),console.log(a.cyan("\u2551")+a.white.bold(" Complete login in your browser ")+a.cyan("\u2551")),console.log(a.cyan("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D")),console.log(""),console.log(a.white("Opening browser to login page...")),console.log(a.gray(`Code expires in ${Math.floor(s/60)} minutes`)),console.log(""),await ie(n)||(console.log(a.yellow("\u26A0\uFE0F Could not open browser automatically.")),console.log(a.white("Please open this URL manually: ")+a.blue(n)),console.log(""));let d=T("Waiting for authorization...").start(),ee=(i||3)*1e3,oe=Math.floor(s/(i||3)),C=0,E=!1,_=()=>{E=!0,d.stop(),console.log(a.yellow(`
9
+ `)),r({success:!0,...e})}catch(g){i(g)}})})}return await V()}catch(e){return console.error(a.red(`
10
+ \u274C Login failed:`,e.message)),{success:!1,error:e.message}}}async function pe(e){let o=w();try{let t=await fetch(`${o}/projects`,{headers:{Authorization:`Bearer ${e}`}});if(t.ok){let i=((await t.json()).projects||[]).map(n=>({name:n.name,projectId:n.projectId,apiToken:n.apiToken}));return F(i),i}}catch(t){console.log(a.gray(`\u26A0\uFE0F Could not fetch projects: ${t.message}`))}return[]}async function V(){let e=w(),o=T("Requesting login code...").start(),t=await fetch(`${e}/cli/login/initiate`,{method:"POST",headers:{"Content-Type":"application/json"}});if(!t.ok){o.fail("Failed to request login code");let h=await t.json();throw new Error(h.error||"Failed to initiate login")}let{deviceCode:r,userCode:i,verificationUrl:n,expiresIn:s,interval:l}=await t.json();o.succeed("Login code generated"),console.log(""),console.log(a.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557")),console.log(a.cyan("\u2551")+a.white.bold(" Complete login in your browser ")+a.cyan("\u2551")),console.log(a.cyan("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D")),console.log(""),console.log(a.white("Opening browser to login page...")),console.log(a.gray(`Code expires in ${Math.floor(s/60)} minutes`)),console.log(""),await le(n)||(console.log(a.yellow("\u26A0\uFE0F Could not open browser automatically.")),console.log(a.white("Please open this URL manually: ")+a.blue(n)),console.log(""));let d=T("Waiting for authorization...").start(),ee=(l||3)*1e3,oe=Math.floor(s/(l||3)),C=0,E=!1,_=()=>{E=!0,d.stop(),console.log(a.yellow(`
11
11
 
12
12
  \u26A0\uFE0F Login cancelled
13
13
  `)),process.exit(0)};process.on("SIGINT",_);try{for(;C<oe&&!E;){await ue(ee),C++;let h=await fetch(`${e}/cli/login/poll`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({deviceCode:r})});if(h.status===202)continue;if(!h.ok){d.fail("Authorization failed");let v=await h.json();throw new Error(v.error||"Authorization failed")}let u=await h.json();if(u.status==="authorized"){d.succeed(a.white("Authorization successful!")),z(u.token),M(u.user),u.proxyUrl&&Y(u.proxyUrl),u.mem0ProxyUrl&&Z(u.mem0ProxyUrl),console.log(""),console.log(a.gray(`User: ${u.user.email}`));let v=T("Fetching projects...").start(),j=await pe(u.token);return v.succeed(`Fetched ${j.length} project${j.length!==1?"s":""}`),console.log(a.gray(`Session saved to: ~/.zibby/config.json
14
14
  `)),{success:!0,loggedIn:!0,user:u.user,token:u.token}}if(u.status==="denied")throw d.fail("Authorization denied"),new Error("User denied authorization")}throw d.fail("Login timeout"),new Error("Login timed out - please try again")}finally{process.removeListener("SIGINT",_)}}function ue(e){return new Promise(o=>setTimeout(o,e))}var W=y(()=>{k();H();K()});import{existsSync as de,readFileSync as ge}from"fs";import{join as fe}from"path";import U from"chalk";import{confirm as he}from"@inquirer/prompts";function q(){try{let e=process.env.HOME||process.env.USERPROFILE;if(!e)return null;let o=fe(e,".zibby","config.json");return de(o)&&JSON.parse(ge(o,"utf-8")).sessionToken||null}catch{return null}}function I(){console.log(`
15
15
  Not authenticated.`),console.log(` Run ${U.cyan("zibby login")} or set ${U.cyan("ZIBBY_API_KEY")} in your environment.
16
16
  `)}async function G(e={}){let o=e.apiKey||process.env.ZIBBY_API_KEY||null,t=q();if(t||o)return{sessionToken:t,apiKey:o};if(!process.stdin.isTTY){if(e.optional)return{sessionToken:null,apiKey:null};I(),process.exit(1)}console.log(U.yellow(`
17
- Not logged in.`));let r;try{r=await he({message:"Open browser to log in now?",default:!0})}catch{r=!1}if(!r){if(e.optional)return{sessionToken:null,apiKey:null};I(),process.exit(1)}if(await J(),t=q(),!t){if(e.optional)return{sessionToken:null,apiKey:null};I(),process.exit(1)}return{sessionToken:t,apiKey:null}}var Q=y(()=>{W()});import c from"chalk";import X from"ora";Q();k();import p from"chalk";import ro from"ora";import so from"inquirer";import ye from"dotenv";ye.config();async function S(e){let{sessionToken:o,apiKey:t}=await G({apiKey:e?.apiKey}),r=o||t;return r||(console.error(p.red("Not authenticated. Run `zibby login` or set ZIBBY_API_KEY.")),process.exit(1)),{"Content-Type":"application/json",Authorization:`Bearer ${r}`}}async function P(e,o,{quiet:t=!1}={}){let l=`${w()}${e}`,n=await fetch(l,o),s=await n.text(),i=null;try{i=s?JSON.parse(s):null}catch{i={raw:s}}if(!n.ok){let g=i?.error||i?.message||`HTTP ${n.status}`;t||(i?.code==="CLAUDE_CREDENTIAL_REQUIRED"?(console.error(p.red("\xD7 Connect your Claude Code subscription first.")),console.error(""),console.error(p.white(" Run:")),console.error(p.cyan(" claude setup-token # mints a long-lived OAuth token")),console.error(p.cyan(" zibby creds set claude <token>")),console.error(""),console.error(p.gray(" Or paste an Anthropic API key:")),console.error(p.cyan(" zibby creds set claude sk-ant-api03-...")),console.error("")):i?.code==="OPENAI_CREDENTIAL_REQUIRED"?(console.error(p.red("\xD7 Connect your OpenAI API key to deploy with Codex.")),console.error(""),console.error(p.white(" Run:")),console.error(p.cyan(" zibby creds set openai sk-...")),console.error(""),console.error(p.gray(" Mint one at: https://platform.openai.com/api-keys")),console.error(p.gray(" Or paste at: https://zibby.dev/integrations")),console.error("")):(console.error(p.red(`\xD7 ${g}`)),i?.detail&&console.error(p.gray(` ${i.detail}`))));let d=new Error(g);throw d.status=n.status,d.body=i,d.code=i?.code||null,d}return i}function A(e){e||(console.error(c.red("Missing <instanceId>.")),process.exit(1))}function me(e){(!e||typeof e!="string"||!/^[\x21-\x7e]{1,64}$/.test(e))&&(console.error(c.red("--user must be 1-64 printable ASCII chars (no spaces).")),process.exit(1))}function we(e){(!e||e.length<8||e.length>256)&&(console.error(c.red("--password must be 8-256 chars. Env equivalent: ZIBBY_APP_AUTH_PASSWORD.")),process.exit(1))}function be(e){(e.length<16||e.length>128||!/^[A-Za-z0-9_-]+$/.test(e))&&(console.error(c.red("--token must be 16-128 chars, base64url alphabet only ([A-Za-z0-9_-]).")),process.exit(1))}function $e(e){let[o,t]=e.split("/"),r=/^\d{1,3}(\.\d{1,3}){3}$/.test(o),l=/^[0-9a-fA-F:]+$/.test(o)&&o.includes(":");return!(!r&&!l||t!==void 0&&!/^\d{1,3}$/.test(t))}function Ae(e,o){console.log(` auth: token (auto-generated, ends \u2026${o||(e||"").slice(-4)})`),console.log(),console.log(c.yellow(" \u250C\u2500\u2500\u2500 SAVE THIS TOKEN \u2014 shown ONCE, never again \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510")),console.log(c.yellow(` \u2502 ${e}`)),console.log(c.yellow(" \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518")),console.log(),console.log(c.gray(` Use it: curl -H 'Authorization: Bearer ${e}' <app-url>`))}async function $(e,o,t,{verb:r="Updating auth"}={}){let l=await S(t),n=X(`${r} on ${e}\u2026`).start();try{let s=await P(`/apps/${encodeURIComponent(e)}/auth`,{method:"PATCH",headers:l,body:JSON.stringify(o)});return n.succeed(`Auth update rolling out for ${e}`),console.log(),s?.auth&&(s.auth.type==="none"?console.log(" auth: none (credential auth disabled)"):s.auth.type==="basic"?console.log(` auth: basic (user: ${s.auth.user})`):s.auth.type==="token"&&(s.auth.token?Ae(s.auth.token,s.auth.tokenLast4):console.log(` auth: token (ends \u2026${s.auth.tokenLast4||"????"})`))),Array.isArray(s?.ipAllowList)&&s.ipAllowList.length?console.log(` ip: allowlist (${s.ipAllowList.length}): ${s.ipAllowList.join(", ")}`):s&&"ipAllowList"in s&&console.log(" ip: no allowlist (all source IPs allowed)"),console.log(),console.log(c.gray(" Task restarting (~1 min); the Caddy gate comes up alongside the app once healthy.")),console.log(c.gray(` Watch: zibby app status ${e}`)),console.log(),s}catch(s){n.fail(`Auth update failed: ${s.message}`),process.exit(1)}}async function fo(e,o={}){A(e);let t=await S(o),r=X(`Fetching auth status for ${e}\u2026`).start();try{let l=await P(`/apps/${encodeURIComponent(e)}`,{method:"GET",headers:t});r.stop();let n=l?.authStatus||{type:"none"};if(o.quiet)return n;if(console.log(),console.log(` Access control for ${l?.name||l?.appType||e}`),console.log(),n.type==="basic"?console.log(` credential auth basic (user: ${n.user||"\u2014"})`):n.type==="token"?console.log(` credential auth token (ends \u2026${n.tokenLast4||"????"}, set: ${n.tokenSet?"yes":"no"})`):console.log(" credential auth none"),Array.isArray(n.ipAllowList)&&n.ipAllowList.length){console.log(` ip allowlist ${n.ipAllowList.length} entr${n.ipAllowList.length===1?"y":"ies"}`);for(let s of n.ipAllowList)console.log(` ${s}`)}else console.log(" ip allowlist none (all source IPs allowed)");return console.log(),n}catch(l){r.fail(`Could not fetch auth status for ${e}`),l.status===404&&console.error(c.gray(" Instance not found \u2014 it may have been destroyed.")),process.exit(1)}}async function ho(e,o={}){A(e),me(o.user);let t=o.password||process.env.ZIBBY_APP_AUTH_PASSWORD||"";return we(t),$(e,{authType:"basic",authUser:o.user,authPassword:t},o,{verb:"Enabling basic auth"})}async function yo(e,o={}){A(e);let t={authType:"token"},r=o.token||process.env.ZIBBY_APP_AUTH_TOKEN||null;return r&&(be(r),t.authToken=r),$(e,t,o,{verb:"Enabling token auth"})}async function mo(e,o={}){return A(e),$(e,{authType:"none"},o,{verb:"Disabling credential auth"})}async function wo(e,o={}){if(A(e),o.clearIp)return o.allow&&o.allow.length&&(console.error(c.red("Pass either --allow <cidr...> OR --clear-ip, not both.")),process.exit(1)),$(e,{ipAllowList:null},o,{verb:"Clearing IP allowlist"});let t=o.allow||[];t.length||(console.error(c.red("Pass --allow <cidr...> (one or more IPs/CIDRs) or --clear-ip.")),console.error(c.gray(" Example: zibby app auth ip ab12cd34 --allow 203.0.113.5/32 198.51.100.0/24")),process.exit(1));for(let r of t)$e(r)||(console.error(c.red(`Invalid IP/CIDR: ${r}`)),console.error(c.gray(" Use an IPv4/IPv6 address or CIDR, e.g. 203.0.113.5/32 or 198.51.100.0/24.")),process.exit(1));return $(e,{ipAllowList:t},o,{verb:"Setting IP allowlist"})}export{ho as appAuthBasicCommand,mo as appAuthClearCommand,wo as appAuthIpCommand,fo as appAuthShowCommand,yo as appAuthTokenCommand};
17
+ Not logged in.`));let r;try{r=await he({message:"Open browser to log in now?",default:!0})}catch{r=!1}if(!r){if(e.optional)return{sessionToken:null,apiKey:null};I(),process.exit(1)}if(await J(),t=q(),!t){if(e.optional)return{sessionToken:null,apiKey:null};I(),process.exit(1)}return{sessionToken:t,apiKey:null}}var Q=y(()=>{W()});import c from"chalk";import X from"ora";Q();k();import p from"chalk";import ro from"ora";import so from"inquirer";import ye from"dotenv";ye.config();async function S(e){let{sessionToken:o,apiKey:t}=await G({apiKey:e?.apiKey}),r=o||t;return r||(console.error(p.red("Not authenticated. Run `zibby login` or set ZIBBY_API_KEY.")),process.exit(1)),{"Content-Type":"application/json",Authorization:`Bearer ${r}`}}async function P(e,o,{quiet:t=!1}={}){let i=`${w()}${e}`,n=await fetch(i,o),s=await n.text(),l;try{l=s?JSON.parse(s):null}catch{l={raw:s}}if(!n.ok){let g=l?.error||l?.message||`HTTP ${n.status}`;t||(l?.code==="CLAUDE_CREDENTIAL_REQUIRED"?(console.error(p.red("\xD7 Connect your Claude Code subscription first.")),console.error(""),console.error(p.white(" Run:")),console.error(p.cyan(" claude setup-token # mints a long-lived OAuth token")),console.error(p.cyan(" zibby creds set claude <token>")),console.error(""),console.error(p.gray(" Or paste an Anthropic API key:")),console.error(p.cyan(" zibby creds set claude sk-ant-api03-...")),console.error("")):l?.code==="OPENAI_CREDENTIAL_REQUIRED"?(console.error(p.red("\xD7 Connect your OpenAI API key to deploy with Codex.")),console.error(""),console.error(p.white(" Run:")),console.error(p.cyan(" zibby creds set openai sk-...")),console.error(""),console.error(p.gray(" Mint one at: https://platform.openai.com/api-keys")),console.error(p.gray(" Or paste at: https://zibby.dev/integrations")),console.error("")):(console.error(p.red(`\xD7 ${g}`)),l?.detail&&console.error(p.gray(` ${l.detail}`))));let d=new Error(g);throw d.status=n.status,d.body=l,d.code=l?.code||null,d}return l}function A(e){e||(console.error(c.red("Missing <instanceId>.")),process.exit(1))}function me(e){(!e||typeof e!="string"||!/^[\x21-\x7e]{1,64}$/.test(e))&&(console.error(c.red("--user must be 1-64 printable ASCII chars (no spaces).")),process.exit(1))}function we(e){(!e||e.length<8||e.length>256)&&(console.error(c.red("--password must be 8-256 chars. Env equivalent: ZIBBY_APP_AUTH_PASSWORD.")),process.exit(1))}function be(e){(e.length<16||e.length>128||!/^[A-Za-z0-9_-]+$/.test(e))&&(console.error(c.red("--token must be 16-128 chars, base64url alphabet only ([A-Za-z0-9_-]).")),process.exit(1))}function $e(e){let[o,t]=e.split("/"),r=/^\d{1,3}(\.\d{1,3}){3}$/.test(o),i=/^[0-9a-fA-F:]+$/.test(o)&&o.includes(":");return!(!r&&!i||t!==void 0&&!/^\d{1,3}$/.test(t))}function Ae(e,o){console.log(` auth: token (auto-generated, ends \u2026${o||(e||"").slice(-4)})`),console.log(),console.log(c.yellow(" \u250C\u2500\u2500\u2500 SAVE THIS TOKEN \u2014 shown ONCE, never again \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510")),console.log(c.yellow(` \u2502 ${e}`)),console.log(c.yellow(" \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518")),console.log(),console.log(c.gray(` Use it: curl -H 'Authorization: Bearer ${e}' <app-url>`))}async function $(e,o,t,{verb:r="Updating auth"}={}){let i=await S(t),n=X(`${r} on ${e}\u2026`).start();try{let s=await P(`/apps/${encodeURIComponent(e)}/auth`,{method:"PATCH",headers:i,body:JSON.stringify(o)});return n.succeed(`Auth update rolling out for ${e}`),console.log(),s?.auth&&(s.auth.type==="none"?console.log(" auth: none (credential auth disabled)"):s.auth.type==="basic"?console.log(` auth: basic (user: ${s.auth.user})`):s.auth.type==="token"&&(s.auth.token?Ae(s.auth.token,s.auth.tokenLast4):console.log(` auth: token (ends \u2026${s.auth.tokenLast4||"????"})`))),Array.isArray(s?.ipAllowList)&&s.ipAllowList.length?console.log(` ip: allowlist (${s.ipAllowList.length}): ${s.ipAllowList.join(", ")}`):s&&"ipAllowList"in s&&console.log(" ip: no allowlist (all source IPs allowed)"),console.log(),console.log(c.gray(" Task restarting (~1 min); the Caddy gate comes up alongside the app once healthy.")),console.log(c.gray(` Watch: zibby app status ${e}`)),console.log(),s}catch(s){n.fail(`Auth update failed: ${s.message}`),process.exit(1)}}async function fo(e,o={}){A(e);let t=await S(o),r=X(`Fetching auth status for ${e}\u2026`).start();try{let i=await P(`/apps/${encodeURIComponent(e)}`,{method:"GET",headers:t});r.stop();let n=i?.authStatus||{type:"none"};if(o.quiet)return n;if(console.log(),console.log(` Access control for ${i?.name||i?.appType||e}`),console.log(),n.type==="basic"?console.log(` credential auth basic (user: ${n.user||"\u2014"})`):n.type==="token"?console.log(` credential auth token (ends \u2026${n.tokenLast4||"????"}, set: ${n.tokenSet?"yes":"no"})`):console.log(" credential auth none"),Array.isArray(n.ipAllowList)&&n.ipAllowList.length){console.log(` ip allowlist ${n.ipAllowList.length} entr${n.ipAllowList.length===1?"y":"ies"}`);for(let s of n.ipAllowList)console.log(` ${s}`)}else console.log(" ip allowlist none (all source IPs allowed)");return console.log(),n}catch(i){r.fail(`Could not fetch auth status for ${e}`),i.status===404&&console.error(c.gray(" Instance not found \u2014 it may have been destroyed.")),process.exit(1)}}async function ho(e,o={}){A(e),me(o.user);let t=o.password||process.env.ZIBBY_APP_AUTH_PASSWORD||"";return we(t),$(e,{authType:"basic",authUser:o.user,authPassword:t},o,{verb:"Enabling basic auth"})}async function yo(e,o={}){A(e);let t={authType:"token"},r=o.token||process.env.ZIBBY_APP_AUTH_TOKEN||null;return r&&(be(r),t.authToken=r),$(e,t,o,{verb:"Enabling token auth"})}async function mo(e,o={}){return A(e),$(e,{authType:"none"},o,{verb:"Disabling credential auth"})}async function wo(e,o={}){if(A(e),o.clearIp)return o.allow&&o.allow.length&&(console.error(c.red("Pass either --allow <cidr...> OR --clear-ip, not both.")),process.exit(1)),$(e,{ipAllowList:null},o,{verb:"Clearing IP allowlist"});let t=o.allow||[];t.length||(console.error(c.red("Pass --allow <cidr...> (one or more IPs/CIDRs) or --clear-ip.")),console.error(c.gray(" Example: zibby app auth ip ab12cd34 --allow 203.0.113.5/32 198.51.100.0/24")),process.exit(1));for(let r of t)$e(r)||(console.error(c.red(`Invalid IP/CIDR: ${r}`)),console.error(c.gray(" Use an IPv4/IPv6 address or CIDR, e.g. 203.0.113.5/32 or 198.51.100.0/24.")),process.exit(1));return $(e,{ipAllowList:t},o,{verb:"Setting IP allowlist"})}export{ho as appAuthBasicCommand,mo as appAuthClearCommand,wo as appAuthIpCommand,fo as appAuthShowCommand,yo as appAuthTokenCommand};
package/dist/commands/app.js CHANGED
@@ -16,7 +16,7 @@ var Ee=Object.defineProperty;var S=(e,o)=>()=>(e&&(o=e(e=0)),o);var Oe=(e,o)=>{f
16
16
  `)}async function _(e={}){let o=e.apiKey||process.env.ZIBBY_API_KEY||null,t=ue();if(t||o)return{sessionToken:t,apiKey:o};if(!process.stdin.isTTY){if(e.optional)return{sessionToken:null,apiKey:null};D(),process.exit(1)}console.log(M.yellow(`
17
17
  Not logged in.`));let r;try{r=await Ge({message:"Open browser to log in now?",default:!0})}catch{r=!1}if(!r){if(e.optional)return{sessionToken:null,apiKey:null};D(),process.exit(1)}if(await le(),t=ue(),!t){if(e.optional)return{sessionToken:null,apiKey:null};D(),process.exit(1)}return{sessionToken:t,apiKey:null}}var F=S(()=>{pe()});var He,Y,I,Z,J,de=S(()=>{He=[{id:"micro",instanceType:"t4g.nano",vCpu:2,ramGB:.5,priceUSD:6},{id:"small",instanceType:"t4g.micro",vCpu:2,ramGB:1,priceUSD:10},{id:"medium",instanceType:"t4g.small",vCpu:2,ramGB:2,priceUSD:18},{id:"large",instanceType:"t4g.medium",vCpu:2,ramGB:4,priceUSD:32}],Y=He.map(e=>e.id),I=[{id:"ap-southeast-2",name:"Sydney",default:!0},{id:"us-east-1",name:"N. Virginia"},{id:"us-west-2",name:"Oregon"},{id:"eu-west-1",name:"Ireland"},{id:"ap-northeast-1",name:"Tokyo"}],Z=I.map(e=>e.id),J=(I.find(e=>e.default)||I[0]).id});import Ke from"chalk";function ge(e){if(!e)return null;try{return JSON.parse(e)}catch{return{raw:e}}}async function G(e){let{sessionToken:o,apiKey:t}=await _({apiKey:e?.apiKey}),r=o||t;return r||(console.error(Ke.red("Not authenticated. Run `zibby login` or set ZIBBY_API_KEY.")),process.exit(1)),{"Content-Type":"application/json",Authorization:`Bearer ${r}`}}async function R(e,o,t){let r=v(),n=await fetch(`${r}${e}`,{method:"POST",headers:t,body:JSON.stringify(o)}),i=await n.text();return{status:n.status,body:ge(i)}}async function H(e,o){let t=v(),r=await fetch(`${t}${e}`,{method:"GET",headers:o}),n=await r.text();return{status:r.status,body:ge(n)}}var fe=S(()=>{F();O()});import me from"node:fs";import N from"node:path";function ye(e,o={}){let t=N.join(N.resolve(e),".zibby");me.mkdirSync(t,{recursive:!0});let r=N.join(t,"app.json"),n={appSlug:o.appSlug,deployMode:"solo",region:o.region||"",instanceId:o.instanceId||"",domain:o.domain||"",framework:o.framework||""};return me.writeFileSync(r,`${JSON.stringify(n,null,2)}
18
18
  `,"utf8"),{path:r,config:n}}var Zo,he=S(()=>{Zo=N.join(".zibby","app.json")});var Ae={};Oe(Ae,{appDeploySoloCommand:()=>Xe,authHeaders:()=>G,buildPartialSpec:()=>we,detectNearestRegion:()=>Se,formatMissingForNonInteractive:()=>ke,getJson:()=>H,mergeAnswer:()=>xe,planAndPromptLoop:()=>ve,postJson:()=>R,probeRegionRtt:()=>$e});import Ve from"node:net";import We from"node:path";import h from"chalk";import L from"ora";import U from"inquirer";function we(e={},o={}){let t={};return e.slug?t.appSlug=String(e.slug):o.appSlug&&(t.appSlug=o.appSlug),e.repo?(t.source={type:"github",repo:String(e.repo)},e.ref&&(t.source.ref=String(e.ref))):e.tarball&&(t.source={type:"tarball",s3Url:String(e.tarball)}),e.framework&&(t.framework=String(e.framework)),e.tier&&(t.tier=String(e.tier)),e.region&&(t.region=String(e.region)),e.dbPersistence&&(t.persistence={...t.persistence||{},db:String(e.dbPersistence)}),e.filesPersistence&&(t.persistence={...t.persistence||{},files:String(e.filesPersistence)}),Array.isArray(e.secret)&&e.secret.length&&(t.secrets=e.secret.map(r=>{let n=r.indexOf("=");if(n<0)return{key:r};let i=r.slice(0,n),s=r.slice(n+1);return{key:i,valueRef:s}})),t}async function $e(e,{rounds:o=4,timeoutMs:t=800}={}){let r=`ec2.${e}.amazonaws.com`,n=null;for(let i=0;i<o;i+=1){let s=await qe(r,443,t);s!=null&&(n==null||s<n)&&(n=s)}return n}function qe(e,o,t){return new Promise(r=>{let n=process.hrtime.bigint(),i=Ve.connect({host:e,port:o}),s=!1,l=a=>{s||(s=!0,i.destroy(),r(a))};i.setTimeout(t),i.once("connect",()=>{let a=Number(process.hrtime.bigint()-n);l(a/1e6)}),i.once("timeout",()=>l(null)),i.once("error",()=>l(null))})}async function Se(e,{probe:o=$e,defaultRegion:t}={}){let r=t||(e.find(l=>l.default)||e[0])?.id,n=await Promise.all(e.map(async l=>({id:l.id,rtt:await o(l.id)}))),i=new Map(n.map(l=>[l.id,l.rtt])),s=n.filter(l=>l.rtt!=null).sort((l,a)=>l.rtt-a.rtt);return{best:s.length?s[0].id:r,rtts:i}}function be(e){return e==null?"\u2014":`${Math.round(e)}ms`}function xe(e,o,t){let r=JSON.parse(JSON.stringify(e||{}));return o==="source"||o==="source.type"?(r.source={type:t},r):o==="source.repo"?(r.source={...r.source||{},type:"github",repo:t},r):o==="source.s3Url"?(r.source={...r.source||{},type:"tarball",s3Url:t},r):(r[o]=t,r)}function ke(e=[],o=[]){let t=["Cannot proceed in --yes mode \u2014 the spec is incomplete:"];for(let r of e)t.push(` - ${r.field}: ${r.prompt}`);for(let r of o){let n=Array.isArray(r.options)?r.options.join(", "):"(see plan response)";t.push(` - ${r.field} (ambiguous): ${r.prompt} options=${n}`)}return t.push(""),t.push("Pass the missing flags (e.g. --repo, --tier) and re-run, or drop --yes to be prompted."),t.join(`
19
- `)}async function ve(e,o,t){let{postPlan:r,prompt:n,yes:i}=t,s=e;for(let l=0;l<12;l+=1){let a=await r(s);if(a.status===402)return{complete:!1,exitCode:1,msg:a.body?.error||"Insufficient credits."};if(a.status>=400)return{complete:!1,exitCode:1,msg:a.body?.error||`Plan failed: HTTP ${a.status}`};let u=a.body||{};if(u.ok)return{complete:!0,spec:u.spec,costEstimate:u.costEstimate,summary:u.summary};if(u.spec&&(s=u.spec),u.insufficientCredits)return{complete:!1,exitCode:1,msg:`Insufficient credits \u2014 need ${u.insufficientCredits.neededMilliCents} mc, have ${u.insufficientCredits.balanceMilliCents} mc. ${u.insufficientCredits.hint||""}`};if(i)return{complete:!1,exitCode:1,msg:ke(u.missingInputs,u.ambiguities)};let d=u.missingInputs&&u.missingInputs[0]||u.ambiguities&&u.ambiguities[0];if(!d)return{complete:!1,exitCode:1,msg:"Server reported ok:false but no missingInputs/ambiguities \u2014 likely a backend bug."};let p=await n(d);if(p==null||p==="")return{complete:!1,exitCode:1,msg:`Aborted at ${d.field}.`};s=xe(s,d.field,p)}return{complete:!1,exitCode:1,msg:"Plan loop exceeded 12 iterations \u2014 bailing to avoid infinite prompt."}}async function Qe(e){let o=Array.isArray(e.options)&&e.options.length>0;if(e.field==="tier"&&o){let{value:r}=await U.prompt([{type:"list",name:"value",message:e.prompt,default:e.suggested||void 0,choices:e.options.map(n=>({name:n.label||n.id,value:n.id}))}]);return r}if(e.field==="source"||e.field==="source.type"){let{value:r}=await U.prompt([{type:"list",name:"value",message:e.prompt,choices:[{name:"GitHub repository (owner/name)",value:"github"},{name:"S3 tarball",value:"tarball"}]}]);return r}if(o){let{value:r}=await U.prompt([{type:"list",name:"value",message:e.prompt,choices:e.options.map(n=>typeof n=="string"?{name:n,value:n}:{name:n.label||n.id,value:n.id||n.value})}]);return r}let{value:t}=await U.prompt([{type:"input",name:"value",message:e.prompt}]);return String(t).trim()}async function Xe(e={}){let o=we(e,{});o.tier&&!Y.includes(o.tier)&&(console.error(h.red(`Unknown --tier: ${o.tier}. Pick one of: ${Y.join(", ")}`)),process.exit(1));let t=o.region==="auto";if(t&&(o.region=void 0),o.region&&!Z.includes(o.region)&&(console.error(h.red(`Unknown --region: ${o.region}. Pick one of: ${Z.join(", ")} (or "auto")`)),process.exit(1)),!o.region)if(e.yes&&!t)o.region=J;else{let m=L("Finding the nearest AWS region\u2026").start(),{best:k,rtts:w}=await Se(I,{defaultRegion:J});if(m.stop(),t)o.region=k,console.log(h.dim(`Auto-selected nearest region: ${k} (${be(w.get(k))})`));else{let{value:y}=await U.prompt([{type:"list",name:"value",message:"Which AWS region should the VM run in? (control plane stays in Sydney; pricing is the same everywhere)",default:k,choices:I.map($=>{let E=be(w.get($.id)),Ce=$.id===k?h.green(" \u2190 nearest"):"";return{name:`${$.name} (${$.id}) \xB7 ${E}${Ce}`,value:$.id}})}]);o.region=y}}let r=await G(e),n=m=>R("/apps/solo/plan",m,r),i=L("Planning solo deploy\u2026").start(),s=await ve(o,e,{postPlan:n,prompt:Qe,yes:!!e.yes});if(i.stop(),!s.complete){console.error(h.red(s.msg)),process.exit(s.exitCode);return}if(console.log(""),console.log(s.summary||"(no summary)"),console.log(""),s.costEstimate?.monthlyUSD!=null&&console.log(h.gray(` Monthly cost (instance only): $${s.costEstimate.monthlyUSD} USD \u2014 ${s.costEstimate.detail}`)),console.log(""),!e.yes){let{proceed:m}=await U.prompt([{type:"confirm",name:"proceed",message:"Fire this deploy?",default:!0}]);if(!m){console.log(h.gray("Aborted."));return}}let l=L("Provisioning EC2 instance\u2026").start(),a=await R("/apps/solo/fire",s.spec,r);if(a.status===402){l.fail("Insufficient credits"),console.error(h.red(a.body?.error||"Insufficient credits.")),process.exit(1);return}if(a.status>=400){l.fail("Fire failed"),console.error(h.red(a.body?.error||`HTTP ${a.status}`)),Array.isArray(a.body?.missingInputs)&&console.error(" Server reports the spec is no longer complete \u2014 re-run without --yes to prompt."),process.exit(1);return}l.succeed("Instance launched");let{instanceId:u,deploymentId:d,domain:p}=a.body||{};console.log(""),u&&console.log(` instanceId: ${u}`),d&&console.log(` deploymentId: ${d}`),p&&console.log(` URL (once up): https://${p}`),console.log("");let f=s.spec||{};try{let{path:m}=ye(process.cwd(),{appSlug:f.appSlug,deployMode:"solo",region:f.region,instanceId:u||"",domain:p||f.domain||"",framework:f.framework||"auto"});console.log(h.green(` Wrote ${We.relative(process.cwd(),m)||m} \u2014 commit it so your team can \`zibby app run\` without --app.`)),console.log("")}catch(m){console.log(h.yellow(` Could not write .zibby/app.json (${m.message}). Run \`zibby app link ${f.appSlug}\` later.`)),console.log("")}console.log(h.gray(` Watch: zibby app status ${s.spec.appSlug}`)),console.log(""),!e.yes&&!e.noTail&&await eo(s.spec.appSlug,r)}async function eo(e,o){let t=new Set(["running","failed","unknown"]),r=L("Waiting for bootstrap\u2026").start(),n=Date.now()+900*1e3;for(;Date.now()<n;){let i=await H(`/apps/solo/${encodeURIComponent(e)}/status`,o),s=i.body?.phase||"unknown";if(r.text=`Phase: ${s}${i.body?.detail?` \u2014 ${i.body.detail}`:""}`,t.has(s)){s==="running"?r.succeed("Running."):s==="failed"?r.fail(`Failed: ${i.body?.detail||"unknown error"}`):r.stop();return}await new Promise(l=>setTimeout(l,5e3))}r.fail("Timed out waiting for bootstrap \u2014 run `zibby app status` to check.")}var Te=S(()=>{de();fe();he()});F();O();import c from"chalk";import x from"ora";import K from"inquirer";import oo from"dotenv";oo.config();async function A(e){let{sessionToken:o,apiKey:t}=await _({apiKey:e?.apiKey}),r=o||t;return r||(console.error(c.red("Not authenticated. Run `zibby login` or set ZIBBY_API_KEY.")),process.exit(1)),{"Content-Type":"application/json",Authorization:`Bearer ${r}`}}async function b(e,o,{quiet:t=!1}={}){let n=`${v()}${e}`,i=await fetch(n,o),s=await i.text(),l=null;try{l=s?JSON.parse(s):null}catch{l={raw:s}}if(!i.ok){let a=l?.error||l?.message||`HTTP ${i.status}`;t||(l?.code==="CLAUDE_CREDENTIAL_REQUIRED"?(console.error(c.red("\xD7 Connect your Claude Code subscription first.")),console.error(""),console.error(c.white(" Run:")),console.error(c.cyan(" claude setup-token # mints a long-lived OAuth token")),console.error(c.cyan(" zibby creds set claude <token>")),console.error(""),console.error(c.gray(" Or paste an Anthropic API key:")),console.error(c.cyan(" zibby creds set claude sk-ant-api03-...")),console.error("")):l?.code==="OPENAI_CREDENTIAL_REQUIRED"?(console.error(c.red("\xD7 Connect your OpenAI API key to deploy with Codex.")),console.error(""),console.error(c.white(" Run:")),console.error(c.cyan(" zibby creds set openai sk-...")),console.error(""),console.error(c.gray(" Mint one at: https://platform.openai.com/api-keys")),console.error(c.gray(" Or paste at: https://zibby.dev/integrations")),console.error("")):(console.error(c.red(`\xD7 ${a}`)),l?.detail&&console.error(c.gray(` ${l.detail}`))));let u=new Error(a);throw u.status=i.status,u.body=l,u.code=l?.code||null,u}return l}function Pe(e){return" "+e.map(o=>"\u2500".repeat(o)).join(" ")}function B(e,o){return" "+e.map((t,r)=>String(t??"").padEnd(o[r])).join(" ")}async function at(e={}){let o=x("Loading app catalog\u2026").start();try{let t=await b("/apps/catalog",{method:"GET"});o.stop();let r=Array.isArray(t?.items)?t.items:[];if(r.length===0)return console.log(`
19
+ `)}async function ve(e,o,t){let{postPlan:r,prompt:n,yes:i}=t,s=e;for(let l=0;l<12;l+=1){let a=await r(s);if(a.status===402)return{complete:!1,exitCode:1,msg:a.body?.error||"Insufficient credits."};if(a.status>=400)return{complete:!1,exitCode:1,msg:a.body?.error||`Plan failed: HTTP ${a.status}`};let u=a.body||{};if(u.ok)return{complete:!0,spec:u.spec,costEstimate:u.costEstimate,summary:u.summary};if(u.spec&&(s=u.spec),u.insufficientCredits)return{complete:!1,exitCode:1,msg:`Insufficient credits \u2014 need ${u.insufficientCredits.neededMilliCents} mc, have ${u.insufficientCredits.balanceMilliCents} mc. ${u.insufficientCredits.hint||""}`};if(i)return{complete:!1,exitCode:1,msg:ke(u.missingInputs,u.ambiguities)};let d=u.missingInputs&&u.missingInputs[0]||u.ambiguities&&u.ambiguities[0];if(!d)return{complete:!1,exitCode:1,msg:"Server reported ok:false but no missingInputs/ambiguities \u2014 likely a backend bug."};let p=await n(d);if(p==null||p==="")return{complete:!1,exitCode:1,msg:`Aborted at ${d.field}.`};s=xe(s,d.field,p)}return{complete:!1,exitCode:1,msg:"Plan loop exceeded 12 iterations \u2014 bailing to avoid infinite prompt."}}async function Qe(e){let o=Array.isArray(e.options)&&e.options.length>0;if(e.field==="tier"&&o){let{value:r}=await U.prompt([{type:"list",name:"value",message:e.prompt,default:e.suggested||void 0,choices:e.options.map(n=>({name:n.label||n.id,value:n.id}))}]);return r}if(e.field==="source"||e.field==="source.type"){let{value:r}=await U.prompt([{type:"list",name:"value",message:e.prompt,choices:[{name:"GitHub repository (owner/name)",value:"github"},{name:"S3 tarball",value:"tarball"}]}]);return r}if(o){let{value:r}=await U.prompt([{type:"list",name:"value",message:e.prompt,choices:e.options.map(n=>typeof n=="string"?{name:n,value:n}:{name:n.label||n.id,value:n.id||n.value})}]);return r}let{value:t}=await U.prompt([{type:"input",name:"value",message:e.prompt}]);return String(t).trim()}async function Xe(e={}){let o=we(e,{});o.tier&&!Y.includes(o.tier)&&(console.error(h.red(`Unknown --tier: ${o.tier}. Pick one of: ${Y.join(", ")}`)),process.exit(1));let t=o.region==="auto";if(t&&(o.region=void 0),o.region&&!Z.includes(o.region)&&(console.error(h.red(`Unknown --region: ${o.region}. Pick one of: ${Z.join(", ")} (or "auto")`)),process.exit(1)),!o.region)if(e.yes&&!t)o.region=J;else{let m=L("Finding the nearest AWS region\u2026").start(),{best:k,rtts:w}=await Se(I,{defaultRegion:J});if(m.stop(),t)o.region=k,console.log(h.dim(`Auto-selected nearest region: ${k} (${be(w.get(k))})`));else{let{value:y}=await U.prompt([{type:"list",name:"value",message:"Which AWS region should the VM run in? (control plane stays in Sydney; pricing is the same everywhere)",default:k,choices:I.map($=>{let E=be(w.get($.id)),Ce=$.id===k?h.green(" \u2190 nearest"):"";return{name:`${$.name} (${$.id}) \xB7 ${E}${Ce}`,value:$.id}})}]);o.region=y}}let r=await G(e),n=m=>R("/apps/solo/plan",m,r),i=L("Planning solo deploy\u2026").start(),s=await ve(o,e,{postPlan:n,prompt:Qe,yes:!!e.yes});if(i.stop(),!s.complete){console.error(h.red(s.msg)),process.exit(s.exitCode);return}if(console.log(""),console.log(s.summary||"(no summary)"),console.log(""),s.costEstimate?.monthlyUSD!=null&&console.log(h.gray(` Monthly cost (instance only): $${s.costEstimate.monthlyUSD} USD \u2014 ${s.costEstimate.detail}`)),console.log(""),!e.yes){let{proceed:m}=await U.prompt([{type:"confirm",name:"proceed",message:"Fire this deploy?",default:!0}]);if(!m){console.log(h.gray("Aborted."));return}}let l=L("Provisioning EC2 instance\u2026").start(),a=await R("/apps/solo/fire",s.spec,r);if(a.status===402){l.fail("Insufficient credits"),console.error(h.red(a.body?.error||"Insufficient credits.")),process.exit(1);return}if(a.status>=400){l.fail("Fire failed"),console.error(h.red(a.body?.error||`HTTP ${a.status}`)),Array.isArray(a.body?.missingInputs)&&console.error(" Server reports the spec is no longer complete \u2014 re-run without --yes to prompt."),process.exit(1);return}l.succeed("Instance launched");let{instanceId:u,deploymentId:d,domain:p}=a.body||{};console.log(""),u&&console.log(` instanceId: ${u}`),d&&console.log(` deploymentId: ${d}`),p&&console.log(` URL (once up): https://${p}`),console.log("");let f=s.spec||{};try{let{path:m}=ye(process.cwd(),{appSlug:f.appSlug,deployMode:"solo",region:f.region,instanceId:u||"",domain:p||f.domain||"",framework:f.framework||"auto"});console.log(h.green(` Wrote ${We.relative(process.cwd(),m)||m} \u2014 commit it so your team can \`zibby app run\` without --app.`)),console.log("")}catch(m){console.log(h.yellow(` Could not write .zibby/app.json (${m.message}). Run \`zibby app link ${f.appSlug}\` later.`)),console.log("")}console.log(h.gray(` Watch: zibby app status ${s.spec.appSlug}`)),console.log(""),!e.yes&&!e.noTail&&await eo(s.spec.appSlug,r)}async function eo(e,o){let t=new Set(["running","failed","unknown"]),r=L("Waiting for bootstrap\u2026").start(),n=Date.now()+900*1e3;for(;Date.now()<n;){let i=await H(`/apps/solo/${encodeURIComponent(e)}/status`,o),s=i.body?.phase||"unknown";if(r.text=`Phase: ${s}${i.body?.detail?` \u2014 ${i.body.detail}`:""}`,t.has(s)){s==="running"?r.succeed("Running."):s==="failed"?r.fail(`Failed: ${i.body?.detail||"unknown error"}`):r.stop();return}await new Promise(l=>setTimeout(l,5e3))}r.fail("Timed out waiting for bootstrap \u2014 run `zibby app status` to check.")}var Te=S(()=>{de();fe();he()});F();O();import c from"chalk";import x from"ora";import K from"inquirer";import oo from"dotenv";oo.config();async function A(e){let{sessionToken:o,apiKey:t}=await _({apiKey:e?.apiKey}),r=o||t;return r||(console.error(c.red("Not authenticated. Run `zibby login` or set ZIBBY_API_KEY.")),process.exit(1)),{"Content-Type":"application/json",Authorization:`Bearer ${r}`}}async function b(e,o,{quiet:t=!1}={}){let n=`${v()}${e}`,i=await fetch(n,o),s=await i.text(),l;try{l=s?JSON.parse(s):null}catch{l={raw:s}}if(!i.ok){let a=l?.error||l?.message||`HTTP ${i.status}`;t||(l?.code==="CLAUDE_CREDENTIAL_REQUIRED"?(console.error(c.red("\xD7 Connect your Claude Code subscription first.")),console.error(""),console.error(c.white(" Run:")),console.error(c.cyan(" claude setup-token # mints a long-lived OAuth token")),console.error(c.cyan(" zibby creds set claude <token>")),console.error(""),console.error(c.gray(" Or paste an Anthropic API key:")),console.error(c.cyan(" zibby creds set claude sk-ant-api03-...")),console.error("")):l?.code==="OPENAI_CREDENTIAL_REQUIRED"?(console.error(c.red("\xD7 Connect your OpenAI API key to deploy with Codex.")),console.error(""),console.error(c.white(" Run:")),console.error(c.cyan(" zibby creds set openai sk-...")),console.error(""),console.error(c.gray(" Mint one at: https://platform.openai.com/api-keys")),console.error(c.gray(" Or paste at: https://zibby.dev/integrations")),console.error("")):(console.error(c.red(`\xD7 ${a}`)),l?.detail&&console.error(c.gray(` ${l.detail}`))));let u=new Error(a);throw u.status=i.status,u.body=l,u.code=l?.code||null,u}return l}function Pe(e){return" "+e.map(o=>"\u2500".repeat(o)).join(" ")}function B(e,o){return" "+e.map((t,r)=>String(t??"").padEnd(o[r])).join(" ")}async function at(e={}){let o=x("Loading app catalog\u2026").start();try{let t=await b("/apps/catalog",{method:"GET"});o.stop();let r=Array.isArray(t?.items)?t.items:[];if(r.length===0)return console.log(`
20
20
  No apps available in the catalog.
21
21
  `),[];if(e.quiet)return r;let n=r.map(s=>({appType:String(s.appType||""),version:`v${s.appVersion||s.app?.version||"?"}`,tier:String(s.pricing?.tier||"standard"),arch:Array.isArray(s.architectures)&&s.architectures.length?s.architectures.join(","):"x86_64",tagline:(s.tagline||"").slice(0,40)})),i=[Math.max(7,...n.map(s=>s.appType.length)),Math.max(7,...n.map(s=>s.version.length)),Math.max(4,...n.map(s=>s.tier.length)),Math.max(13,...n.map(s=>s.arch.length)),Math.max(7,...n.map(s=>s.tagline.length))];console.log(`
22
22
  App Catalog (${r.length})
package/dist/commands/credits.js ADDED
@@ -0,0 +1,19 @@
1
+ import a from"chalk";import v from"ora";import{existsSync as ro,readFileSync as so}from"fs";import{join as io}from"path";import T from"chalk";import{confirm as co}from"@inquirer/prompts";import i from"chalk";import I from"ora";import{spawn as X}from"child_process";var m={local:{name:"Local Development",apiUrl:"http://localhost:3001",accountApiUrl:"http://localhost:3001",frontendUrl:"http://localhost:3000",description:"Local backend running on port 3001"},prod:{name:"Production",apiUrl:process.env.ZIBBY_PROD_API_URL||"https://api-prod.zibby.app",accountApiUrl:process.env.ZIBBY_PROD_ACCOUNT_API_URL||"https://api-prod.zibby.app",frontendUrl:process.env.ZIBBY_PROD_FRONTEND_URL||"https://studio.zibby.dev",description:"Production environment"}};function h(){let o;if(process.env.ZIBBY_API_URL)o=process.env.ZIBBY_API_URL;else{let e=process.env.ZIBBY_ENV||"prod";m[e]?o=m[e].apiUrl:o=m.prod.apiUrl}try{let e=new URL(o);return e.protocol!=="http:"&&e.protocol!=="https:"?(console.error(`\u26A0\uFE0F Invalid API URL protocol: ${e.protocol} (only http/https allowed)`),m.prod.apiUrl):o}catch{return console.error(`\u26A0\uFE0F Invalid API URL: ${o}`),m.prod.apiUrl}}import{existsSync as C,mkdirSync as G,readFileSync as H,writeFileSync as q}from"fs";import{homedir as B}from"os";import{join as x}from"path";function _(){return process.env.ZIBBY_CONFIG_DIR||x(B(),".zibby")}function O(){return x(_(),"config.json")}var W=x(B(),".zibby"),go=x(W,"config.json");function Q(){let o=_();C(o)||G(o,{recursive:!0})}function d(){try{let o=O();if(C(o)){let e=H(o,"utf-8");return JSON.parse(e)}}catch{}return{}}function w(o){Q(),q(O(),JSON.stringify(o,null,2))}function L(){return d().sessionToken||null}function E(o){let e=d();e.sessionToken=o,w(e)}function R(){return d().user||null}function z(o){let e=d();e.user=o,w(e)}function F(o){let e=d();e.proxyUrl=o,w(e)}function Y(o){let e=d();e.mem0ProxyUrl=o,w(e)}function D(o){let e=d();e.projects=o,w(e)}import{existsSync as mo,mkdirSync as ho,readFileSync as wo,writeFileSync as bo,unlinkSync as vo}from"fs";import{resolve as Uo}from"path";import{homedir as So}from"os";function oo(o){let e=process.platform;try{let n,t;return e==="darwin"?(n="open",t=[o]):e==="win32"?(n="cmd",t=["/c","start","",o]):(n="xdg-open",t=[o]),X(n,t,{detached:!0,stdio:"ignore"}).unref(),!0}catch{return!1}}function eo(){let o=L(),e=R();return o&&e?{loggedIn:!0,user:e,token:o}:{loggedIn:!1}}async function Z(){try{console.log(i.cyan(`
2
+ \u{1F510} Initiating login...
3
+ `));let o=eo();if(o.loggedIn){console.log(i.green("\u2705 Already logged in!")),console.log(i.gray(`User: ${o.user.email}`)),console.log(i.gray(`Name: ${o.user.name}
4
+ `));let{createInterface:e}=await import("readline"),n=e({input:process.stdin,output:process.stdout});return new Promise((t,r)=>{let s=()=>{n.close(),process.stdin.isTTY&&process.stdin.setRawMode(!1)},l=()=>{console.log(i.yellow(`
5
+
6
+ \u26A0\uFE0F Login cancelled
7
+ `)),s(),process.exit(0)};process.on("SIGINT",l),n.question(i.yellow("Continue with this session? (Y/n): "),async c=>{process.removeListener("SIGINT",l),s();try{if(c.toLowerCase()==="n"||c.toLowerCase()==="no"){console.log(i.gray(`Starting new login...
8
+ `));let u=await M();t(u)}else console.log(i.green(`Using existing session.
9
+ `)),t({success:!0,...o})}catch(u){r(u)}})})}return await M()}catch(o){return console.error(i.red(`
10
+ \u274C Login failed:`,o.message)),{success:!1,error:o.message}}}async function no(o){let e=h();try{let n=await fetch(`${e}/projects`,{headers:{Authorization:`Bearer ${o}`}});if(n.ok){let r=((await n.json()).projects||[]).map(s=>({name:s.name,projectId:s.projectId,apiToken:s.apiToken}));return D(r),r}}catch(n){console.log(i.gray(`\u26A0\uFE0F Could not fetch projects: ${n.message}`))}return[]}async function M(){let o=h(),e=I("Requesting login code...").start(),n=await fetch(`${o}/cli/login/initiate`,{method:"POST",headers:{"Content-Type":"application/json"}});if(!n.ok){e.fail("Failed to request login code");let f=await n.json();throw new Error(f.error||"Failed to initiate login")}let{deviceCode:t,userCode:r,verificationUrl:s,expiresIn:l,interval:c}=await n.json();e.succeed("Login code generated"),console.log(""),console.log(i.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557")),console.log(i.cyan("\u2551")+i.white.bold(" Complete login in your browser ")+i.cyan("\u2551")),console.log(i.cyan("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D")),console.log(""),console.log(i.white("Opening browser to login page...")),console.log(i.gray(`Code expires in ${Math.floor(l/60)} minutes`)),console.log(""),await oo(s)||(console.log(i.yellow("\u26A0\uFE0F Could not open browser automatically.")),console.log(i.white("Please open this URL manually: ")+i.blue(s)),console.log(""));let g=I("Waiting for authorization...").start(),y=(c||3)*1e3,V=Math.floor(l/(c||3)),A=0,N=!1,P=()=>{N=!0,g.stop(),console.log(i.yellow(`
11
+
12
+ \u26A0\uFE0F Login cancelled
13
+ `)),process.exit(0)};process.on("SIGINT",P);try{for(;A<V&&!N;){await to(y),A++;let f=await fetch(`${o}/cli/login/poll`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({deviceCode:t})});if(f.status===202)continue;if(!f.ok){g.fail("Authorization failed");let S=await f.json();throw new Error(S.error||"Authorization failed")}let p=await f.json();if(p.status==="authorized"){g.succeed(i.white("Authorization successful!")),E(p.token),z(p.user),p.proxyUrl&&F(p.proxyUrl),p.mem0ProxyUrl&&Y(p.mem0ProxyUrl),console.log(""),console.log(i.gray(`User: ${p.user.email}`));let S=I("Fetching projects...").start(),j=await no(p.token);return S.succeed(`Fetched ${j.length} project${j.length!==1?"s":""}`),console.log(i.gray(`Session saved to: ~/.zibby/config.json
14
+ `)),{success:!0,loggedIn:!0,user:p.user,token:p.token}}if(p.status==="denied")throw g.fail("Authorization denied"),new Error("User denied authorization")}throw g.fail("Login timeout"),new Error("Login timed out - please try again")}finally{process.removeListener("SIGINT",P)}}function to(o){return new Promise(e=>setTimeout(e,o))}function J(){try{let o=process.env.HOME||process.env.USERPROFILE;if(!o)return null;let e=io(o,".zibby","config.json");return ro(e)&&JSON.parse(so(e,"utf-8")).sessionToken||null}catch{return null}}function $(){console.log(`
15
+ Not authenticated.`),console.log(` Run ${T.cyan("zibby login")} or set ${T.cyan("ZIBBY_API_KEY")} in your environment.
16
+ `)}async function K(o={}){let e=o.apiKey||process.env.ZIBBY_API_KEY||null,n=J();if(n||e)return{sessionToken:n,apiKey:e};if(!process.stdin.isTTY){if(o.optional)return{sessionToken:null,apiKey:null};$(),process.exit(1)}console.log(T.yellow(`
17
+ Not logged in.`));let t;try{t=await co({message:"Open browser to log in now?",default:!0})}catch{t=!1}if(!t){if(o.optional)return{sessionToken:null,apiKey:null};$(),process.exit(1)}if(await Z(),n=J(),!n){if(o.optional)return{sessionToken:null,apiKey:null};$(),process.exit(1)}return{sessionToken:n,apiKey:null}}async function k(o){let{sessionToken:e,apiKey:n}=await K({apiKey:o?.apiKey}),t=e||n;return t||(console.error(a.red("Not authenticated. Run `zibby login` or set ZIBBY_API_KEY.")),process.exit(1)),{"Content-Type":"application/json",Authorization:`Bearer ${t}`}}async function U(o,e,n){let t=`${h()}${o}`,r=await fetch(t,{...e,headers:n}),s=await r.text(),l;try{l=s?JSON.parse(s):null}catch{l={raw:s}}if(!r.ok){let c=l?.error||l?.message||`HTTP ${r.status}`,u=new Error(c);throw u.status=r.status,u.body=l,u}return l}function b(o){return o==null||Number.isNaN(Number(o))?"-":`$${(Number(o)/1e5).toFixed(2)}`}async function Jo(o={}){let e=await k(o),n=o.json?null:v("Loading balance\u2026").start();try{let t=o.bucket==="hour"?"?bucket=hour":"",r=await U(`/credits/balance${t}`,{method:"GET"},e);if(n&&n.stop(),o.json)return console.log(JSON.stringify(r,null,2)),r;let s=r?.balanceUsd!=null?`$${r.balanceUsd}`:b(r?.balanceMilliCents);console.log(""),console.log(` Credit balance: ${a.green(s)} ${a.gray(`(${r?.balanceMilliCents??0} milli-cents)`)}`);let l=Array.isArray(r?.recent)?r.recent:[];if(l.length){console.log(""),console.log(" Recent activity"),console.log(" "+"\u2500".repeat(56));for(let c of l.slice(0,10)){let u=c.createdAt||c.timestamp||c.ts||"",g=b(c.amountMilliCents),y=c.source||c.type||"";console.log(` ${String(u).padEnd(26)}${g.padEnd(12)}${y}`)}}return console.log(""),r}catch(t){n&&n.fail("Failed to load balance"),console.error(a.red(`\xD7 ${t.message}`)),process.exit(1)}}async function Ko(o={}){let e=await k(o),n=o.json?null:v("Loading ledger\u2026").start();try{let t=new URLSearchParams;o.limit&&t.set("limit",String(o.limit)),o.cursor&&t.set("cursor",o.cursor),o.bucket==="hour"&&t.set("bucket","hour"),o.before&&t.set("before",o.before);let r=t.toString()?`?${t.toString()}`:"",s=await U(`/credits/ledger${r}`,{method:"GET"},e);if(n&&n.stop(),o.json)return console.log(JSON.stringify(s,null,2)),s;let l=Array.isArray(s?.rows)?s.rows:[];if(!l.length)return console.log(`
18
+ No ledger entries.
19
+ `),s;console.log(""),console.log(" Credit ledger"),console.log(" "+"\u2500".repeat(60));for(let c of l){let u=c.createdAt||c.timestamp||c.ts||"",g=b(c.amountMilliCents),y=c.source||c.type||"";console.log(` ${String(u).padEnd(26)}${g.padEnd(12)}${y}`)}return s?.nextCursor&&(console.log(""),console.log(a.gray(` More: zibby credits history --cursor ${s.nextCursor}`))),console.log(""),s}catch(t){n&&n.fail("Failed to load ledger"),console.error(a.red(`\xD7 ${t.message}`)),process.exit(1)}}async function Vo(o={}){let e=await k(o),n=o.json?null:v("Loading top-up limits\u2026").start();try{let t=await U("/credits/limits",{method:"GET"},e);if(n&&n.stop(),o.json)return console.log(JSON.stringify(t,null,2)),t;console.log(""),console.log(` Min top-up: $${t?.minTopupUsd??"?"}`),console.log(` Max top-up: $${t?.maxTopupUsd??"?"}`);let r=t?.quickPicks||t?.quickPickUsd;return Array.isArray(r)&&r.length&&console.log(` Quick picks: ${r.map(s=>`$${s}`).join(", ")}`),console.log(""),t}catch(t){n&&n.fail("Failed to load limits"),console.error(a.red(`\xD7 ${t.message}`)),process.exit(1)}}async function Go(o,e={}){let n=Number(o);(!Number.isFinite(n)||n<=0)&&(console.error(a.red("\xD7 Provide a positive dollar amount, e.g. `zibby credits topup 50`.")),process.exit(1));let t=await k(e),r=v("Creating checkout session\u2026").start();try{let s=await U("/credits/checkout",{method:"POST",body:JSON.stringify({amountUsd:n})},t);return r.stop(),e.json?(console.log(JSON.stringify(s,null,2)),s):(console.log(""),console.log(` Open this link to pay $${n} and top up your credits:`),console.log(""),console.log(` ${a.cyan(s?.url)}`),console.log(""),console.log(a.gray(" Credits are added automatically once payment completes.")),console.log(a.gray(" Check with: zibby credits balance")),console.log(""),s)}catch(s){r.fail("Failed to create checkout session"),console.error(a.red(`\xD7 ${s.message}`)),process.exit(1)}}async function Ho(o,e={}){(!o||!String(o).trim())&&(console.error(a.red("\xD7 Provide a coupon code, e.g. `zibby credits redeem WELCOME50`.")),process.exit(1));let n=await k(e),t=v("Redeeming coupon\u2026").start();try{let r=await U("/credits/redeem-coupon",{method:"POST",body:JSON.stringify({code:String(o).trim()})},n);return t.stop(),e.json?(console.log(JSON.stringify(r,null,2)),r):(console.log(""),console.log(a.green(" Coupon redeemed.")),r?.creditedMilliCents!=null&&console.log(` Credited: ${b(r.creditedMilliCents)}`),r?.newBalanceMilliCents!=null&&console.log(` New balance: ${b(r.newBalanceMilliCents)}`),console.log(""),r)}catch(r){t.fail("Failed to redeem coupon"),console.error(a.red(`\xD7 ${r.message}`)),process.exit(1)}}export{Jo as creditsBalanceCommand,Go as creditsCheckoutCommand,Ko as creditsLedgerCommand,Vo as creditsLimitsCommand,Ho as creditsRedeemCommand};
package/dist/commands/mcp.js CHANGED
@@ -1,4 +1,4 @@
1
- import p from"node:fs";import l from"node:path";import $ from"node:os";import n from"chalk";import{existsSync as x,mkdirSync as j,readFileSync as A,writeFileSync as O}from"fs";import{homedir as h}from"os";import{join as f}from"path";function P(){return process.env.ZIBBY_CONFIG_DIR||f(h(),".zibby")}function B(){return f(P(),"config.json")}var k=f(h(),".zibby"),F=f(k,"config.json");function N(){try{let o=B();if(x(o)){let e=A(o,"utf-8");return JSON.parse(e)}}catch{}return{}}function _(){return N().sessionToken||null}var u={local:{name:"Local Development",apiUrl:"http://localhost:3001",accountApiUrl:"http://localhost:3001",frontendUrl:"http://localhost:3000",description:"Local backend running on port 3001"},prod:{name:"Production",apiUrl:process.env.ZIBBY_PROD_API_URL||"https://api-prod.zibby.app",accountApiUrl:process.env.ZIBBY_PROD_ACCOUNT_API_URL||"https://api-prod.zibby.app",frontendUrl:process.env.ZIBBY_PROD_FRONTEND_URL||"https://studio.zibby.dev",description:"Production environment"}};function v(){let o;if(process.env.ZIBBY_API_URL)o=process.env.ZIBBY_API_URL;else{let e=process.env.ZIBBY_ENV||"prod";u[e]?o=u[e].apiUrl:o=u.prod.apiUrl}try{let e=new URL(o);return e.protocol!=="http:"&&e.protocol!=="https:"?(console.error(`\u26A0\uFE0F Invalid API URL protocol: ${e.protocol} (only http/https allowed)`),u.prod.apiUrl):o}catch{return console.error(`\u26A0\uFE0F Invalid API URL: ${o}`),u.prod.apiUrl}}var I=v,m=["claude-code","claude-desktop","cursor","codex","gemini"],C={claude:"claude-code","claude-desktop-app":"claude-desktop"},g={"claude-code":"Claude Code","claude-desktop":"Claude Desktop",cursor:"Cursor",codex:"Codex CLI",gemini:"Gemini CLI"};function w(o){let e=$.homedir();switch(o){case"claude-code":return l.join(e,".claude","settings.json");case"cursor":return l.join(e,".cursor","mcp.json");case"codex":return l.join(e,".codex","config.toml");case"gemini":return l.join(e,".gemini","settings.json");case"claude-desktop":return process.platform==="darwin"?l.join(e,"Library","Application Support","Claude","claude_desktop_config.json"):process.platform==="win32"?l.join(process.env.APPDATA||e,"Claude","claude_desktop_config.json"):l.join(e,".config","Claude","claude_desktop_config.json");default:return null}}async function T(o,e){let s=I(),r=await fetch(`${s}/api/user/tokens`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${o}`},body:JSON.stringify({name:e})});if(!r.ok){let t=await r.text().catch(()=>"");throw new Error(`Could not mint PAT (HTTP ${r.status}): ${t.slice(0,200)}`)}let c=await r.json();if(!c?.token)throw new Error("PAT response missing token field");return c.token}function z(o){try{let e=p.readFileSync(o,"utf8");return e.trim()?JSON.parse(e):{}}catch(e){if(e.code==="ENOENT")return{};throw new Error(`Could not parse existing config ${o}: ${e.message}`)}}function U(o,e){p.mkdirSync(l.dirname(o),{recursive:!0});let s=`${o}.zibby-mcp-${Date.now()}.tmp`;p.writeFileSync(s,e,{mode:384}),p.renameSync(s,o)}function S({existing:o,apiUrl:e,pat:s,agent:r}){let c={...o};c.mcpServers={...o.mcpServers||{}};let t=r==="gemini"?"httpUrl":"url";return c.mcpServers.zibby={[t]:`${e}/mcp`,headers:{Authorization:`Bearer ${s}`}},c}function E({existing:o,apiUrl:e,patEnvName:s}){let r=["","[mcp_servers.zibby]",`url = "${e}/mcp"`,`bearer_token_env_var = "${s}"`,""].join(`
1
+ import p from"node:fs";import l from"node:path";import $ from"node:os";import n from"chalk";import{existsSync as x,mkdirSync as j,readFileSync as A,writeFileSync as O}from"fs";import{homedir as h}from"os";import{join as f}from"path";function P(){return process.env.ZIBBY_CONFIG_DIR||f(h(),".zibby")}function B(){return f(P(),"config.json")}var k=f(h(),".zibby"),F=f(k,"config.json");function N(){try{let o=B();if(x(o)){let e=A(o,"utf-8");return JSON.parse(e)}}catch{}return{}}function _(){return N().sessionToken||null}var u={local:{name:"Local Development",apiUrl:"http://localhost:3001",accountApiUrl:"http://localhost:3001",frontendUrl:"http://localhost:3000",description:"Local backend running on port 3001"},prod:{name:"Production",apiUrl:process.env.ZIBBY_PROD_API_URL||"https://api-prod.zibby.app",accountApiUrl:process.env.ZIBBY_PROD_ACCOUNT_API_URL||"https://api-prod.zibby.app",frontendUrl:process.env.ZIBBY_PROD_FRONTEND_URL||"https://studio.zibby.dev",description:"Production environment"}};function v(){let o;if(process.env.ZIBBY_API_URL)o=process.env.ZIBBY_API_URL;else{let e=process.env.ZIBBY_ENV||"prod";u[e]?o=u[e].apiUrl:o=u.prod.apiUrl}try{let e=new URL(o);return e.protocol!=="http:"&&e.protocol!=="https:"?(console.error(`\u26A0\uFE0F Invalid API URL protocol: ${e.protocol} (only http/https allowed)`),u.prod.apiUrl):o}catch{return console.error(`\u26A0\uFE0F Invalid API URL: ${o}`),u.prod.apiUrl}}var I=v,m=["claude-code","claude-desktop","cursor","codex","gemini"],C={claude:"claude-code","claude-desktop-app":"claude-desktop"},g={"claude-code":"Claude Code","claude-desktop":"Claude Desktop",cursor:"Cursor",codex:"Codex CLI",gemini:"Gemini CLI"};function w(o){let e=$.homedir();switch(o){case"claude-code":return l.join(e,".claude","settings.json");case"cursor":return l.join(e,".cursor","mcp.json");case"codex":return l.join(e,".codex","config.toml");case"gemini":return l.join(e,".gemini","settings.json");case"claude-desktop":return process.platform==="darwin"?l.join(e,"Library","Application Support","Claude","claude_desktop_config.json"):process.platform==="win32"?l.join(process.env.APPDATA||e,"Claude","claude_desktop_config.json"):l.join(e,".config","Claude","claude_desktop_config.json");default:return null}}async function T(o,e){let s=I(),r=await fetch(`${s}/api/user/tokens`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${o}`},body:JSON.stringify({name:e})});if(!r.ok){let t=await r.text().catch(()=>"");throw new Error(`Could not mint PAT (HTTP ${r.status}): ${t.slice(0,200)}`)}let c=await r.json();if(!c?.token)throw new Error("PAT response missing token field");return c.token}function z(o){try{let e=p.readFileSync(o,"utf8");return e.trim()?JSON.parse(e):{}}catch(e){if(e.code==="ENOENT")return{};throw new Error(`Could not parse existing config ${o}: ${e.message}`,{cause:e})}}function U(o,e){p.mkdirSync(l.dirname(o),{recursive:!0});let s=`${o}.zibby-mcp-${Date.now()}.tmp`;p.writeFileSync(s,e,{mode:384}),p.renameSync(s,o)}function S({existing:o,apiUrl:e,pat:s,agent:r}){let c={...o};c.mcpServers={...o.mcpServers||{}};let t=r==="gemini"?"httpUrl":"url";return c.mcpServers.zibby={[t]:`${e}/mcp`,headers:{Authorization:`Bearer ${s}`}},c}function E({existing:o,apiUrl:e,patEnvName:s}){let r=["","[mcp_servers.zibby]",`url = "${e}/mcp"`,`bearer_token_env_var = "${s}"`,""].join(`
2
2
  `);if(!o.trim())return r.trimStart();let c=/(^|\n)\[mcp_servers\.zibby\][\s\S]*?(?=\n\[[^\]]+\]|\n*$)/;return c.test(o)?o.replace(c,`
3
3
  ${r.trim()}
4
4
  `):o.replace(/\s*$/,"")+`
package/dist/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@zibby/cli",
3
- "version": "0.7.2",
3
+ "version": "0.7.3",
4
4
  "description": "Zibby CLI - Test automation generator and runner",
5
5
  "type": "module",
6
6
  "bin": {
@@ -9,7 +9,7 @@
9
9
  },
10
10
  "scripts": {
11
11
  "build": "node ../scripts/build.mjs --extra-dirs bin",
12
- "test": "vitest run test/auth*.test.js test/two-layer-auth.test.js test/trigger-params.test.js test/trigger-helpers.test.js test/deploy-helpers.test.js test/deploy-bundles-user-config.test.js test/deploy-skip-unchanged.test.js test/deploy-warm-flag.test.js test/deploy-402-formatter.test.js test/run-loads-user-config.test.js test/env-helpers.test.js test/env-cli.test.js test/chat-agents.test.js test/chat-agents-api.test.js test/chat-agents-picker.test.js test/chat-sandbox-attach.test.js test/credentials-file.test.js test/credentials-api.test.js test/credentials-loader.test.js test/cli-namespace-consistency.test.js test/cli-workflow-subcommands.test.js test/template-resolver.test.js test/workflow-new-template.test.js test/runner-input-state-shape.test.js test/run-bundle-core-import.test.js test/start-respects-config.test.js test/sse-backoff.test.js test/sse-reconnect-loop.test.js test/run-helpers.test.js test/run-banner.test.js test/run-banner-e2e.test.js test/sse-parser.test.js test/cloud-creds-check.test.js test/managed-block.test.js test/app-deploy-solo.test.js test/app-run-solo.test.js",
12
+ "test": "vitest run test/auth*.test.js test/two-layer-auth.test.js test/trigger-params.test.js test/trigger-helpers.test.js test/deploy-helpers.test.js test/deploy-bundles-user-config.test.js test/deploy-skip-unchanged.test.js test/deploy-warm-flag.test.js test/deploy-402-formatter.test.js test/run-loads-user-config.test.js test/env-helpers.test.js test/env-cli.test.js test/chat-agents.test.js test/chat-agents-api.test.js test/chat-agents-picker.test.js test/chat-sandbox-attach.test.js test/credentials-file.test.js test/credentials-api.test.js test/credentials-loader.test.js test/cli-namespace-consistency.test.js test/cli-workflow-subcommands.test.js test/template-resolver.test.js test/workflow-new-template.test.js test/runner-input-state-shape.test.js test/run-bundle-core-import.test.js test/start-respects-config.test.js test/sse-backoff.test.js test/sse-reconnect-loop.test.js test/run-helpers.test.js test/run-banner.test.js test/run-banner-e2e.test.js test/sse-parser.test.js test/cloud-creds-check.test.js test/managed-block.test.js test/app-deploy-solo.test.js test/app-run-solo.test.js src/utils/__tests__/progress-reporter.test.js src/utils/__tests__/setup-progress.test.js",
13
13
  "test:unit": "vitest run src/",
14
14
  "test:auth": "vitest run test/auth*.test.js test/two-layer-auth.test.js",
15
15
  "lint": "eslint .",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@zibby/cli",
3
- "version": "0.7.2",
3
+ "version": "0.7.3",
4
4
  "description": "Zibby CLI - Test automation generator and runner",
5
5
  "type": "module",
6
6
  "bin": {
@@ -9,7 +9,7 @@
9
9
  },
10
10
  "scripts": {
11
11
  "build": "node ../scripts/build.mjs --extra-dirs bin",
12
- "test": "vitest run test/auth*.test.js test/two-layer-auth.test.js test/trigger-params.test.js test/trigger-helpers.test.js test/deploy-helpers.test.js test/deploy-bundles-user-config.test.js test/deploy-skip-unchanged.test.js test/deploy-warm-flag.test.js test/deploy-402-formatter.test.js test/run-loads-user-config.test.js test/env-helpers.test.js test/env-cli.test.js test/chat-agents.test.js test/chat-agents-api.test.js test/chat-agents-picker.test.js test/chat-sandbox-attach.test.js test/credentials-file.test.js test/credentials-api.test.js test/credentials-loader.test.js test/cli-namespace-consistency.test.js test/cli-workflow-subcommands.test.js test/template-resolver.test.js test/workflow-new-template.test.js test/runner-input-state-shape.test.js test/run-bundle-core-import.test.js test/start-respects-config.test.js test/sse-backoff.test.js test/sse-reconnect-loop.test.js test/run-helpers.test.js test/run-banner.test.js test/run-banner-e2e.test.js test/sse-parser.test.js test/cloud-creds-check.test.js test/managed-block.test.js test/app-deploy-solo.test.js test/app-run-solo.test.js",
12
+ "test": "vitest run test/auth*.test.js test/two-layer-auth.test.js test/trigger-params.test.js test/trigger-helpers.test.js test/deploy-helpers.test.js test/deploy-bundles-user-config.test.js test/deploy-skip-unchanged.test.js test/deploy-warm-flag.test.js test/deploy-402-formatter.test.js test/run-loads-user-config.test.js test/env-helpers.test.js test/env-cli.test.js test/chat-agents.test.js test/chat-agents-api.test.js test/chat-agents-picker.test.js test/chat-sandbox-attach.test.js test/credentials-file.test.js test/credentials-api.test.js test/credentials-loader.test.js test/cli-namespace-consistency.test.js test/cli-workflow-subcommands.test.js test/template-resolver.test.js test/workflow-new-template.test.js test/runner-input-state-shape.test.js test/run-bundle-core-import.test.js test/start-respects-config.test.js test/sse-backoff.test.js test/sse-reconnect-loop.test.js test/run-helpers.test.js test/run-banner.test.js test/run-banner-e2e.test.js test/sse-parser.test.js test/cloud-creds-check.test.js test/managed-block.test.js test/app-deploy-solo.test.js test/app-run-solo.test.js src/utils/__tests__/progress-reporter.test.js src/utils/__tests__/setup-progress.test.js",
13
13
  "test:unit": "vitest run src/",
14
14
  "test:auth": "vitest run test/auth*.test.js test/two-layer-auth.test.js",
15
15
  "lint": "eslint .",