aicomputer 0.1.2

package/dist/index.js

@@ -0,0 +1,1450 @@
+#!/usr/bin/env node
+
+// src/index.ts
+import { Command as Command7 } from "commander";
+import chalk7 from "chalk";
+import { createRequire } from "module";
+import { basename as basename2 } from "path";
+
+// src/commands/access.ts
+import { spawn } from "child_process";
+import { Command } from "commander";
+import chalk2 from "chalk";
+import open from "open";
+import ora from "ora";
+
+// src/lib/config.ts
+import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+var CONFIG_DIR = join(homedir(), ".computer");
+var CONFIG_FILE = join(CONFIG_DIR, "config.json");
+function ensureConfigDir() {
+  if (!existsSync(CONFIG_DIR)) {
+    mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
+  }
+}
+function readConfig() {
+  ensureConfigDir();
+  if (!existsSync(CONFIG_FILE)) {
+    return {};
+  }
+  try {
+    return JSON.parse(readFileSync(CONFIG_FILE, "utf8"));
+  } catch {
+    return {};
+  }
+}
+function writeConfig(config) {
+  ensureConfigDir();
+  const tempFile = `${CONFIG_FILE}.${process.pid}.tmp`;
+  writeFileSync(tempFile, JSON.stringify(config, null, 2), { mode: 384 });
+  renameSync(tempFile, CONFIG_FILE);
+}
+function getAPIKey() {
+  const envValue = process.env.COMPUTER_API_KEY ?? process.env.AGENTCOMPUTER_API_KEY;
+  if (envValue) {
+    return envValue.trim();
+  }
+  return getStoredAPIKey();
+}
+function getStoredAPIKey() {
+  return readConfig().auth?.apiKey?.trim() || null;
+}
+function hasEnvAPIKey() {
+  return Boolean(process.env.COMPUTER_API_KEY ?? process.env.AGENTCOMPUTER_API_KEY);
+}
+function setAPIKey(apiKey) {
+  const config = readConfig();
+  config.auth = { apiKey: apiKey.trim() };
+  writeConfig(config);
+}
+function clearAPIKey() {
+  const config = readConfig();
+  delete config.auth;
+  writeConfig(config);
+}
+
+// src/lib/api.ts
+var BASE_URL = process.env.COMPUTER_API_URL ?? process.env.AGENTCOMPUTER_API_URL ?? "https://api.computer.agentcomputer.ai";
+var WEB_URL = process.env.COMPUTER_WEB_URL ?? process.env.AGENTCOMPUTER_WEB_URL ?? resolveDefaultWebURL(BASE_URL);
+var ApiError = class extends Error {
+  constructor(status, message) {
+    super(message);
+    this.status = status;
+    this.name = "ApiError";
+  }
+};
+function getBaseURL() {
+  return BASE_URL;
+}
+function getWebURL() {
+  return WEB_URL;
+}
+async function api(path, options = {}) {
+  const apiKey = getAPIKey();
+  if (!apiKey) {
+    throw new ApiError(401, "not logged in; run 'computer login' first");
+  }
+  return requestWithKey(apiKey, path, options);
+}
+function resolveDefaultWebURL(apiURL) {
+  try {
+    const parsed = new URL(apiURL);
+    if (parsed.hostname === "api.computer.agentcomputer.ai") {
+      return "https://agentcomputer.ai";
+    }
+    if (parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1") {
+      return `${parsed.protocol}//${parsed.hostname}:3000`;
+    }
+  } catch {
+    return "https://agentcomputer.ai";
+  }
+  return "https://agentcomputer.ai";
+}
+async function apiWithKey(apiKey, path, options = {}) {
+  return requestWithKey(apiKey, path, options);
+}
+async function requestWithKey(apiKey, path, options) {
+  const headers = {
+    Accept: "application/json",
+    ...options.headers ?? {}
+  };
+  if (options.body !== void 0) {
+    headers["Content-Type"] = "application/json";
+  }
+  if (apiKey) {
+    headers.Authorization = `Bearer ${apiKey}`;
+  }
+  const response = await fetch(`${BASE_URL}${path}`, {
+    ...options,
+    headers
+  });
+  if (!response.ok) {
+    throw new ApiError(response.status, await readErrorMessage(response));
+  }
+  if (response.status === 204) {
+    return void 0;
+  }
+  return await response.json();
+}
+async function readErrorMessage(response) {
+  const contentType = response.headers.get("content-type") ?? "";
+  if (contentType.includes("application/json")) {
+    try {
+      const payload = await response.json();
+      if (payload.error) {
+        return payload.error;
+      }
+      return JSON.stringify(payload);
+    } catch {
+      return response.statusText || "request failed";
+    }
+  }
+  const body = await response.text();
+  return body || response.statusText || "request failed";
+}
+
+// src/lib/computers.ts
+async function listComputers() {
+  const response = await api("/v1/computers");
+  return response.computers;
+}
+async function getComputerByID(id) {
+  return api(`/v1/computers/${id}`);
+}
+async function createComputer(input) {
+  return api("/v1/computers", {
+    method: "POST",
+    body: JSON.stringify(input)
+  });
+}
+async function getConnectionInfo(computerID) {
+  return api(`/v1/computers/${computerID}/connection`);
+}
+async function createBrowserAccess(computerID) {
+  return api(`/v1/computers/${computerID}/access/browser`, {
+    method: "POST"
+  });
+}
+async function createTerminalAccess(computerID) {
+  return api(`/v1/computers/${computerID}/access/terminal`, {
+    method: "POST"
+  });
+}
+async function listPublishedPorts(computerID) {
+  const response = await api(`/v1/computers/${computerID}/ports`);
+  return response.ports;
+}
+async function publishPort(computerID, input) {
+  return api(`/v1/computers/${computerID}/ports`, {
+    method: "POST",
+    body: JSON.stringify(input)
+  });
+}
+async function deletePublishedPort(computerID, targetPort) {
+  return api(`/v1/computers/${computerID}/ports/${targetPort}`, {
+    method: "DELETE"
+  });
+}
+async function resolveComputer(identifier) {
+  try {
+    return await getComputerByID(identifier);
+  } catch (error) {
+    if (!(error instanceof Error) || !("status" in error)) {
+      throw error;
+    }
+    const status = Reflect.get(error, "status");
+    if (status !== 404) {
+      throw error;
+    }
+  }
+  const computers = await listComputers();
+  const exact = computers.find(
+    (computer) => computer.handle === identifier || computer.id === identifier
+  );
+  if (exact) {
+    return exact;
+  }
+  throw new Error(`computer '${identifier}' not found`);
+}
+function webURL(computer) {
+  return `https://${computer.primary_web_host}${normalizePrimaryPath(computer.primary_path)}`;
+}
+function vncURL(computer) {
+  if (!computer.vnc_enabled) {
+    return null;
+  }
+  const domain = computer.primary_web_host.replace(/^[^.]+\./, "");
+  return `https://6080--${computer.handle}.${domain}/vnc_lite.html`;
+}
+function terminalURL(computer) {
+  if (computer.runtime_family !== "managed-worker") {
+    return null;
+  }
+  const domain = computer.primary_web_host.replace(/^[^.]+\./, "");
+  return `https://8788--${computer.handle}.${domain}`;
+}
+function normalizePrimaryPath(primaryPath) {
+  const trimmed = primaryPath?.trim();
+  if (!trimmed) {
+    return "/";
+  }
+  return trimmed.startsWith("/") ? trimmed : `/${trimmed}`;
+}
+
+// src/lib/ssh-keys.ts
+import { basename } from "path";
+import { homedir as homedir2 } from "os";
+import { readFile } from "fs/promises";
+var DEFAULT_PUBLIC_KEY_PATHS = [
+  `${homedir2()}/.ssh/id_ed25519.pub`,
+  `${homedir2()}/.ssh/id_ecdsa.pub`,
+  `${homedir2()}/.ssh/id_rsa.pub`
+];
+async function ensureDefaultSSHKeyRegistered() {
+  for (const path of DEFAULT_PUBLIC_KEY_PATHS) {
+    try {
+      const publicKey = (await readFile(path, "utf8")).trim();
+      if (!publicKey) {
+        continue;
+      }
+      const key = await api("/v1/ssh-keys", {
+        method: "POST",
+        body: JSON.stringify({
+          name: basename(path),
+          public_key: publicKey
+        })
+      });
+      return {
+        key,
+        publicKeyPath: path,
+        privateKeyPath: path.replace(/\.pub$/, "")
+      };
+    } catch (error) {
+      if (error?.code === "ENOENT") {
+        continue;
+      }
+      throw error;
+    }
+  }
+  throw new Error("no SSH public key found in ~/.ssh (looked for id_ed25519.pub, id_ecdsa.pub, id_rsa.pub)");
+}
+
+// src/lib/format.ts
+import chalk from "chalk";
+function padEnd(str, len) {
+  const visible = str.replace(/\u001b\[[0-9;]*m/g, "");
+  return str + " ".repeat(Math.max(0, len - visible.length));
+}
+function timeAgo(dateStr) {
+  const seconds = Math.floor((Date.now() - new Date(dateStr).getTime()) / 1e3);
+  if (seconds < 60) return `${seconds}s ago`;
+  const minutes = Math.floor(seconds / 60);
+  if (minutes < 60) return `${minutes}m ago`;
+  const hours = Math.floor(minutes / 60);
+  if (hours < 24) return `${hours}h ago`;
+  const days = Math.floor(hours / 24);
+  return `${days}d ago`;
+}
+function formatStatus(status) {
+  switch (status) {
+    case "running":
+      return chalk.green(status);
+    case "pending":
+    case "provisioning":
+    case "starting":
+      return chalk.yellow(status);
+    case "stopping":
+    case "stopped":
+    case "deleted":
+      return chalk.gray(status);
+    case "error":
+      return chalk.red(status);
+    default:
+      return status;
+  }
+}
+
+// src/commands/access.ts
+var openCommand = new Command("open").description("Open a computer in your browser").argument("<id-or-handle>", "Computer id or handle").option("--vnc", "Open VNC desktop instead of gateway").option("--terminal", "Open the terminal surface instead of gateway").action(async (identifier, options) => {
+  const spinner = ora("Preparing access...").start();
+  try {
+    const computer = await resolveComputer(identifier);
+    const info = await getConnectionInfo(computer.id);
+    if (options.vnc && options.terminal) {
+      throw new Error("choose either --vnc or --terminal");
+    }
+    if (options.vnc) {
+      if (!info.connection.vnc_available) {
+        throw new Error("VNC is not available for this computer");
+      }
+      const url = info.connection.vnc_url;
+      spinner.succeed(`Opening VNC for ${chalk2.bold(computer.handle)}`);
+      await open(url);
+      console.log(chalk2.dim(`  ${url}`));
+      return;
+    }
+    if (options.terminal) {
+      if (!info.connection.terminal_available) {
+        throw new Error("Terminal access is not available for this computer");
+      }
+      const access2 = await createTerminalAccess(computer.id);
+      spinner.succeed(`Opening terminal for ${chalk2.bold(computer.handle)}`);
+      await open(access2.access_url);
+      console.log(chalk2.dim(`  ${access2.access_url}`));
+      return;
+    }
+    const access = await createBrowserAccess(computer.id);
+    spinner.succeed(`Opening ${chalk2.bold(computer.handle)}`);
+    await open(access.access_url);
+    console.log(chalk2.dim(`  ${access.access_url}`));
+  } catch (error) {
+    spinner.fail(error instanceof Error ? error.message : "Failed to open computer");
+    process.exit(1);
+  }
+});
+var sshCommand = new Command("ssh").description("Open an SSH session to a computer").argument("<id-or-handle>", "Computer id or handle").action(async (identifier) => {
+  const spinner = ora("Preparing SSH access...").start();
+  try {
+    const computer = await resolveComputer(identifier);
+    const info = await getConnectionInfo(computer.id);
+    if (!info.connection.ssh_available) {
+      throw new Error("SSH is not available for this computer");
+    }
+    const registered = await ensureDefaultSSHKeyRegistered();
+    spinner.succeed(`Connecting to ${chalk2.bold(computer.handle)}`);
+    console.log(
+      chalk2.dim(`  ssh -p ${info.connection.ssh_port} ${info.connection.ssh_user}@${info.connection.ssh_host}`)
+    );
+    console.log();
+    await runSSH([
+      "-i",
+      registered.privateKeyPath,
+      "-p",
+      String(info.connection.ssh_port),
+      `${info.connection.ssh_user}@${info.connection.ssh_host}`
+    ]);
+  } catch (error) {
+    spinner.fail(error instanceof Error ? error.message : "Failed to prepare SSH access");
+    process.exit(1);
+  }
+});
+var portsCommand = new Command("ports").description("Manage published app ports");
+portsCommand.command("ls").description("List published ports for a computer").argument("<id-or-handle>", "Computer id or handle").action(async (identifier) => {
+  const spinner = ora("Fetching ports...").start();
+  try {
+    const computer = await resolveComputer(identifier);
+    const ports = await listPublishedPorts(computer.id);
+    spinner.stop();
+    if (ports.length === 0) {
+      console.log();
+      console.log(chalk2.dim("  No published ports."));
+      console.log();
+      return;
+    }
+    const subWidth = Math.max(10, ...ports.map((p) => p.subdomain.length));
+    console.log();
+    console.log(
+      `  ${chalk2.dim(padEnd("Subdomain", subWidth + 2))}${chalk2.dim(padEnd("Port", 8))}${chalk2.dim("Protocol")}`
+    );
+    console.log(
+      `  ${chalk2.dim("-".repeat(subWidth + 2))}${chalk2.dim("-".repeat(8))}${chalk2.dim("-".repeat(8))}`
+    );
+    for (const port of ports) {
+      const url = `https://${port.subdomain}--${computer.handle}.computer.agentcomputer.ai`;
+      console.log(
+        `  ${padEnd(port.subdomain, subWidth + 2)}${padEnd(String(port.target_port), 8)}${port.protocol}`
+      );
+      console.log(
+        `  ${chalk2.dim(url)}`
+      );
+    }
+    console.log();
+  } catch (error) {
+    spinner.fail(error instanceof Error ? error.message : "Failed to fetch ports");
+    process.exit(1);
+  }
+});
+portsCommand.command("publish").description("Publish an HTTP app port").argument("<id-or-handle>", "Computer id or handle").argument("<port>", "Target port").option("--subdomain <value>", "Custom left-hand host label before --<handle>").option("--protocol <value>", "http or https", "http").action(async (identifier, port, options) => {
+  const spinner = ora("Publishing port...").start();
+  try {
+    const targetPort = Number.parseInt(port, 10);
+    if (!Number.isFinite(targetPort)) {
+      throw new Error("port must be an integer");
+    }
+    const computer = await resolveComputer(identifier);
+    const published = await publishPort(computer.id, {
+      target_port: targetPort,
+      subdomain: options.subdomain,
+      protocol: options.protocol
+    });
+    const url = `https://${published.subdomain}--${computer.handle}.computer.agentcomputer.ai`;
+    spinner.succeed(`Published port ${chalk2.bold(String(published.target_port))}`);
+    console.log(chalk2.dim(`  ${url}`));
+  } catch (error) {
+    spinner.fail(error instanceof Error ? error.message : "Failed to publish port");
+    process.exit(1);
+  }
+});
+portsCommand.command("rm").description("Unpublish an app port").argument("<id-or-handle>", "Computer id or handle").argument("<port>", "Target port").action(async (identifier, port) => {
+  const spinner = ora("Removing port...").start();
+  try {
+    const targetPort = Number.parseInt(port, 10);
+    if (!Number.isFinite(targetPort)) {
+      throw new Error("port must be an integer");
+    }
+    const computer = await resolveComputer(identifier);
+    await deletePublishedPort(computer.id, targetPort);
+    spinner.succeed(`Removed port ${chalk2.bold(String(targetPort))}`);
+  } catch (error) {
+    spinner.fail(error instanceof Error ? error.message : "Failed to remove port");
+    process.exit(1);
+  }
+});
+async function runSSH(args) {
+  await new Promise((resolve, reject) => {
+    const child = spawn("ssh", args, {
+      stdio: "inherit"
+    });
+    child.on("error", reject);
+    child.on("exit", (code) => {
+      if (code === 0) {
+        resolve();
+        return;
+      }
+      reject(new Error(`ssh exited with code ${code ?? 1}`));
+    });
+  });
+}
+
+// src/commands/computers.ts
+import { Command as Command2 } from "commander";
+import chalk3 from "chalk";
+import ora2 from "ora";
+import { select, input as textInput, confirm } from "@inquirer/prompts";
+function isInternalCondition(value) {
+  return /^[A-Z][a-zA-Z]+$/.test(value);
+}
+function printComputer(computer) {
+  const vnc = vncURL(computer);
+  const terminal = terminalURL(computer);
+  const ssh = computer.ssh_enabled ? `ssh -p ${computer.ssh_port} ${computer.handle}@${computer.ssh_host}` : "disabled";
+  const isCustom = computer.runtime_family === "custom-machine";
+  console.log();
+  console.log(`  ${chalk3.bold.white(computer.handle)}  ${formatStatus(computer.status)}`);
+  console.log();
+  console.log(`  ${chalk3.dim("ID")}        ${computer.id}`);
+  console.log(`  ${chalk3.dim("Tier")}      ${computer.tier}`);
+  if (isCustom) {
+    console.log(`  ${chalk3.dim("Runtime")}   ${computer.runtime_family}`);
+    console.log(`  ${chalk3.dim("Source")}    ${computer.source_kind}`);
+    console.log(`  ${chalk3.dim("Image")}     ${computer.image_family}`);
+  }
+  console.log(`  ${chalk3.dim("Primary")}   :${computer.primary_port}${computer.primary_path}`);
+  console.log(`  ${chalk3.dim("Health")}    ${computer.healthcheck_type}${computer.healthcheck_value ? ` (${computer.healthcheck_value})` : ""}`);
+  console.log();
+  console.log(`  ${chalk3.dim("Gateway")}   ${chalk3.cyan(webURL(computer))}`);
+  console.log(`  ${chalk3.dim("VNC")}       ${vnc ? chalk3.cyan(vnc) : chalk3.dim("not available")}`);
+  console.log(`  ${chalk3.dim("Terminal")}  ${terminal ? chalk3.cyan(terminal) : chalk3.dim("not available")}`);
+  console.log(`  ${chalk3.dim("SSH")}       ${computer.ssh_enabled ? chalk3.white(ssh) : chalk3.dim(ssh)}`);
+  if (computer.last_error) {
+    console.log();
+    if (isInternalCondition(computer.last_error)) {
+      console.log(`  ${chalk3.dim("Condition")} ${chalk3.dim(computer.last_error)}`);
+    } else {
+      console.log(`  ${chalk3.dim("Error")}     ${chalk3.red(computer.last_error)}`);
+    }
+  }
+  console.log();
+  console.log(`  ${chalk3.dim("Created")}   ${timeAgo(computer.created_at)}`);
+  console.log();
+}
+function printComputerTable(computers) {
+  const handleWidth = Math.max(6, ...computers.map((c) => c.handle.length));
+  const statusWidth = 12;
+  const createdWidth = 10;
+  console.log();
+  console.log(
+    `  ${chalk3.dim(padEnd("Handle", handleWidth + 2))}${chalk3.dim(padEnd("Status", statusWidth + 2))}${chalk3.dim(padEnd("Created", createdWidth + 2))}${chalk3.dim("URL")}`
+  );
+  console.log(
+    `  ${chalk3.dim("-".repeat(handleWidth + 2))}${chalk3.dim("-".repeat(statusWidth + 2))}${chalk3.dim("-".repeat(createdWidth + 2))}${chalk3.dim("-".repeat(20))}`
+  );
+  for (const computer of computers) {
+    const status = formatStatus(computer.status);
+    const created = chalk3.dim(timeAgo(computer.created_at));
+    console.log(
+      `  ${chalk3.white(padEnd(computer.handle, handleWidth + 2))}${padEnd(status, statusWidth + 2)}${padEnd(created, createdWidth + 2)}${chalk3.cyan(webURL(computer))}`
+    );
+  }
+  console.log();
+}
+function printComputerTableVerbose(computers) {
+  const handleWidth = Math.max(6, ...computers.map((c) => c.handle.length));
+  const statusWidth = 10;
+  console.log();
+  console.log(
+    `  ${chalk3.dim(padEnd("Handle", handleWidth + 2))}${chalk3.dim(padEnd("Status", statusWidth + 2))}${chalk3.dim("URLs")}`
+  );
+  console.log(
+    `  ${chalk3.dim("-".repeat(handleWidth + 2))}${chalk3.dim("-".repeat(statusWidth + 2))}${chalk3.dim("-".repeat(20))}`
+  );
+  for (const computer of computers) {
+    const status = formatStatus(computer.status);
+    const vnc = vncURL(computer);
+    const terminal = terminalURL(computer);
+    console.log(
+      `  ${chalk3.white(padEnd(computer.handle, handleWidth + 2))}${padEnd(status, statusWidth + 2)}${chalk3.cyan(webURL(computer))}`
+    );
+    console.log(
+      `  ${padEnd("", handleWidth + 2)}${padEnd("", statusWidth + 2)}${chalk3.dim(vnc ?? "VNC not available")}`
+    );
+    console.log(
+      `  ${padEnd("", handleWidth + 2)}${padEnd("", statusWidth + 2)}${chalk3.dim(terminal ?? "Terminal not available")}`
+    );
+  }
+  console.log();
+}
+var lsCommand = new Command2("ls").description("List computers").option("--json", "Print raw JSON").option("-v, --verbose", "Show all URLs for each computer").action(async (options) => {
+  const spinner = options.json ? null : ora2("Fetching computers...").start();
+  try {
+    const computers = await listComputers();
+    spinner?.stop();
+    if (options.json) {
+      console.log(JSON.stringify({ computers }, null, 2));
+      return;
+    }
+    if (computers.length === 0) {
+      console.log();
+      console.log(chalk3.dim("  No computers found."));
+      console.log();
+      return;
+    }
+    if (options.verbose) {
+      printComputerTableVerbose(computers);
+    } else {
+      printComputerTable(computers);
+    }
+  } catch (error) {
+    if (spinner) {
+      spinner.fail(
+        error instanceof Error ? error.message : "Failed to fetch computers"
+      );
+    } else {
+      console.error(error instanceof Error ? error.message : "Failed to fetch computers");
+    }
+    process.exit(1);
+  }
+});
+var getCommand = new Command2("get").description("Show computer details").argument("<id-or-handle>", "Computer id or handle").option("--json", "Print raw JSON").action(async (identifier, options) => {
+  const spinner = options.json ? null : ora2("Fetching computer...").start();
+  try {
+    const computer = await resolveComputer(identifier);
+    spinner?.stop();
+    if (options.json) {
+      console.log(JSON.stringify(computer, null, 2));
+      return;
+    }
+    printComputer(computer);
+  } catch (error) {
+    if (spinner) {
+      spinner.fail(
+        error instanceof Error ? error.message : "Failed to fetch computer"
+      );
+    } else {
+      console.error(error instanceof Error ? error.message : "Failed to fetch computer");
+    }
+    process.exit(1);
+  }
+});
+var createCommand = new Command2("create").description("Create a computer").argument("[handle]", "Optional computer handle").option("--name <display-name>", "Display name").option("--tier <tier>", "Tier override").option("--interactive", "Prompt for runtime choices").option("--runtime-family <runtime-family>", "managed-worker or custom-machine").option("--source-kind <source-kind>", "none or oci-image").option("--image-family <family>", "Image family override").option("--image-ref <image>", "Resolved image override").option("--primary-port <port>", "Primary app port").option("--primary-path <path>", "Primary app path").option("--healthcheck-type <type>", "http or tcp").option("--healthcheck-value <value>", "Health check path or port").option("--ssh-enabled", "Enable SSH access").option("--ssh-disabled", "Disable SSH access").option("--vnc-enabled", "Enable VNC access").option("--vnc-disabled", "Disable VNC access").action(async (handle, options) => {
+  let spinner;
+  let timer;
+  let startTime = 0;
+  try {
+    const selectedOptions = await resolveCreateOptions(options);
+    spinner = ora2("Creating computer...").start();
+    startTime = Date.now();
+    timer = setInterval(() => {
+      const elapsed2 = ((Date.now() - startTime) / 1e3).toFixed(1);
+      if (spinner) {
+        spinner.text = `Creating computer... ${chalk3.dim(`${elapsed2}s`)}`;
+      }
+    }, 100);
+    const computer = await createComputer({
+      handle,
+      display_name: selectedOptions.name,
+      tier: selectedOptions.tier,
+      runtime_family: parseRuntimeFamilyOption(selectedOptions.runtimeFamily),
+      source_kind: parseSourceKindOption(selectedOptions.sourceKind),
+      image_family: selectedOptions.imageFamily,
+      image_ref: selectedOptions.imageRef,
+      primary_port: parseOptionalPort(selectedOptions.primaryPort),
+      primary_path: selectedOptions.primaryPath,
+      healthcheck_type: parseHealthcheckTypeOption(selectedOptions.healthcheckType),
+      healthcheck_value: selectedOptions.healthcheckValue,
+      ssh_enabled: resolveOptionalToggle(
+        selectedOptions.sshEnabled,
+        selectedOptions.sshDisabled,
+        "SSH"
+      ),
+      vnc_enabled: resolveOptionalToggle(
+        selectedOptions.vncEnabled,
+        selectedOptions.vncDisabled,
+        "VNC"
+      )
+    });
+    if (timer) {
+      clearInterval(timer);
+    }
+    const elapsed = ((Date.now() - startTime) / 1e3).toFixed(1);
+    spinner.succeed(
+      chalk3.green(`Created ${chalk3.bold(computer.handle)} ${chalk3.dim(`[${elapsed}s]`)}`)
+    );
+    printComputer(computer);
+  } catch (error) {
+    if (timer) {
+      clearInterval(timer);
+    }
+    const message = error instanceof Error ? error.message : "Failed to create computer";
+    if (spinner) {
+      const suffix = startTime ? ` ${chalk3.dim(`[${((Date.now() - startTime) / 1e3).toFixed(1)}s]`)}` : "";
+      spinner.fail(`${message}${suffix}`);
+    } else {
+      console.error(chalk3.red(message));
+    }
+    process.exit(1);
+  }
+});
+async function resolveCreateOptions(options) {
+  const selectedOptions = { ...options };
+  const hasExplicitRuntimeSelection = Boolean(selectedOptions.runtimeFamily) || Boolean(selectedOptions.imageRef) || Boolean(selectedOptions.sourceKind);
+  const shouldPrompt = Boolean(selectedOptions.interactive) || !hasExplicitRuntimeSelection;
+  if (!process.stdin.isTTY || !process.stdout.isTTY || !shouldPrompt) {
+    validateCreateOptions(selectedOptions);
+    return selectedOptions;
+  }
+  const runtimeChoice = await select({
+    message: "Select runtime",
+    choices: [
+      {
+        name: "managed-worker  -  default Ubuntu desktop, SSH, VNC, terminal",
+        value: "managed-worker"
+      },
+      {
+        name: "custom-machine  -  boot a specific OCI image as the machine",
+        value: "custom-machine"
+      }
+    ],
+    default: "managed-worker"
+  });
+  if (runtimeChoice === "custom-machine") {
+    selectedOptions.runtimeFamily = "custom-machine";
+    selectedOptions.sourceKind = "oci-image";
+    selectedOptions.imageRef = (await textInput({ message: "OCI image ref (required):" })).trim();
+    selectedOptions.primaryPort = (await textInput({ message: "Primary port:", default: "3000" })).trim();
+    selectedOptions.primaryPath = (await textInput({ message: "Primary path:", default: "/" })).trim();
+    selectedOptions.healthcheckType = await select({
+      message: "Healthcheck type",
+      choices: [
+        { name: "tcp", value: "tcp" },
+        { name: "http", value: "http" }
+      ],
+      default: "tcp"
+    });
+    selectedOptions.healthcheckValue = (await textInput({ message: "Healthcheck value (optional):" })).trim();
+    selectedOptions.sshEnabled = await confirm({
+      message: "Enable SSH?",
+      default: false
+    });
+    selectedOptions.sshDisabled = !selectedOptions.sshEnabled;
+    selectedOptions.vncDisabled = true;
+  } else {
+    selectedOptions.runtimeFamily = "managed-worker";
+    selectedOptions.imageFamily = selectedOptions.imageFamily ?? "sandbox-agent";
+  }
+  validateCreateOptions(selectedOptions);
+  return selectedOptions;
+}
+var removeCommand = new Command2("rm").description("Delete a computer").argument("<id-or-handle>", "Computer id or handle").option("-y, --yes", "Skip confirmation prompt").action(async (identifier, options, cmd) => {
+  const globalYes = cmd.parent?.opts()?.yes;
+  const skipConfirm = Boolean(options.yes || globalYes);
+  const spinner = ora2("Resolving computer...").start();
+  try {
+    const computer = await resolveComputer(identifier);
+    spinner.stop();
+    if (!skipConfirm && process.stdin.isTTY) {
+      const confirmed = await confirm({
+        message: `Delete computer ${chalk3.bold(computer.handle)}?`,
+        default: false
+      });
+      if (!confirmed) {
+        console.log(chalk3.dim("  Cancelled."));
+        return;
+      }
+    }
+    const deleteSpinner = ora2("Deleting computer...").start();
+    await api(`/v1/computers/${computer.id}`, {
+      method: "DELETE"
+    });
+    deleteSpinner.succeed(chalk3.green(`Deleted ${chalk3.bold(computer.handle)}`));
+  } catch (error) {
+    spinner.fail(
+      error instanceof Error ? error.message : "Failed to delete computer"
+    );
+    process.exit(1);
+  }
+});
+function parseRuntimeFamilyOption(value) {
+  switch (value) {
+    case void 0:
+    case "managed-worker":
+    case "custom-machine":
+      return value;
+    default:
+      throw new Error("--runtime-family must be managed-worker or custom-machine");
+  }
+}
+function validateCreateOptions(options) {
+  const runtimeFamily = parseRuntimeFamilyOption(options.runtimeFamily);
+  const sourceKind = parseSourceKindOption(options.sourceKind);
+  if (runtimeFamily === "custom-machine" && (typeof options.imageRef !== "string" || options.imageRef.trim() === "")) {
+    throw new Error("--image-ref is required for --runtime-family custom-machine");
+  }
+  if (runtimeFamily === "custom-machine" && sourceKind === "none") {
+    throw new Error("--source-kind none is invalid for --runtime-family custom-machine");
+  }
+  if (runtimeFamily === "custom-machine" && options.vncEnabled) {
+    throw new Error("custom-machine does not support platform VNC");
+  }
+}
+function parseSourceKindOption(value) {
+  switch (value) {
+    case void 0:
+    case "none":
+    case "oci-image":
+      return value;
+    default:
+      throw new Error("--source-kind must be none or oci-image");
+  }
+}
+function parseHealthcheckTypeOption(value) {
+  switch (value) {
+    case void 0:
+    case "http":
+    case "tcp":
+      return value;
+    default:
+      throw new Error("--healthcheck-type must be http or tcp");
+  }
+}
+function parseOptionalPort(value) {
+  if (value === void 0) {
+    return void 0;
+  }
+  const parsed = Number.parseInt(value, 10);
+  if (!Number.isFinite(parsed) || parsed < 1 || parsed > 65535) {
+    throw new Error("--primary-port must be an integer between 1 and 65535");
+  }
+  return parsed;
+}
+function resolveOptionalToggle(enabled, disabled, label) {
+  if (enabled && disabled) {
+    throw new Error(`choose either --${label.toLowerCase()}-enabled or --${label.toLowerCase()}-disabled`);
+  }
+  if (enabled) {
+    return true;
+  }
+  if (disabled) {
+    return false;
+  }
+  return void 0;
+}
+
+// src/commands/completion.ts
+import { Command as Command3 } from "commander";
+var ZSH_SCRIPT = `#compdef computer
+
+_computer() {
+  local -a commands
+  commands=(
+    'login:Authenticate the CLI'
+    'logout:Remove stored API key'
+    'whoami:Show current user'
+    'create:Create a computer'
+    'ls:List computers'
+    'get:Show computer details'
+    'open:Open in browser'
+    'ssh:SSH into a computer'
+    'ports:Manage published ports'
+    'rm:Delete a computer'
+    'completion:Generate shell completions'
+    'help:Display help'
+  )
+
+  local -a ports_commands
+  ports_commands=(
+    'ls:List published ports'
+    'publish:Publish an HTTP app port'
+    'rm:Unpublish an app port'
+  )
+
+  _arguments -C \\
+    '(-h --help)'{-h,--help}'[Display help]' \\
+    '(-V --version)'{-V,--version}'[Show version]' \\
+    '1:command:->command' \\
+    '*::arg:->args'
+
+  case "$state" in
+    command)
+      _describe -t commands 'computer command' commands
+      ;;
+    args)
+      case "$words[1]" in
+        login)
+          _arguments \\
+            '--api-key[API key]:key:' \\
+            '--stdin[Read API key from stdin]' \\
+            '(-f --force)'{-f,--force}'[Overwrite existing key]'
+          ;;
+        whoami)
+          _arguments '--json[Print raw JSON]'
+          ;;
+        create)
+          _arguments \\
+            '--name[Display name]:name:' \\
+            '--tier[Tier override]:tier:' \\
+            '--interactive[Prompt for runtime choices]' \\
+            '--runtime-family[Runtime family]:family:(managed-worker custom-machine)' \\
+            '--source-kind[Source kind]:kind:(none oci-image)' \\
+            '--image-family[Image family]:family:' \\
+            '--image-ref[Image reference]:image:' \\
+            '--primary-port[Primary app port]:port:' \\
+            '--primary-path[Primary app path]:path:' \\
+            '--healthcheck-type[Healthcheck type]:type:(http tcp)' \\
+            '--healthcheck-value[Healthcheck value]:value:' \\
+            '--ssh-enabled[Enable SSH]' \\
+            '--ssh-disabled[Disable SSH]' \\
+            '--vnc-enabled[Enable VNC]' \\
+            '--vnc-disabled[Disable VNC]' \\
+            '1:handle:'
+          ;;
+        ls)
+          _arguments \\
+            '--json[Print raw JSON]' \\
+            '(-v --verbose)'{-v,--verbose}'[Show all URLs]'
+          ;;
+        get)
+          _arguments \\
+            '--json[Print raw JSON]' \\
+            '1:computer:_computer_handles'
+          ;;
+        open)
+          _arguments \\
+            '--vnc[Open VNC desktop]' \\
+            '--terminal[Open terminal]' \\
+            '1:computer:_computer_handles'
+          ;;
+        ssh)
+          _arguments '1:computer:_computer_handles'
+          ;;
+        rm)
+          _arguments \\
+            '(-y --yes)'{-y,--yes}'[Skip confirmation]' \\
+            '1:computer:_computer_handles'
+          ;;
+        ports)
+          _arguments -C \\
+            '1:command:->ports_command' \\
+            '*::arg:->ports_args'
+          case "$state" in
+            ports_command)
+              _describe -t commands 'ports command' ports_commands
+              ;;
+            ports_args)
+              case "$words[1]" in
+                ls)
+                  _arguments '1:computer:_computer_handles'
+                  ;;
+                publish)
+                  _arguments \\
+                    '--subdomain[Custom subdomain]:subdomain:' \\
+                    '--protocol[Protocol]:protocol:(http https)' \\
+                    '1:computer:_computer_handles' \\
+                    '2:port:'
+                  ;;
+                rm)
+                  _arguments \\
+                    '1:computer:_computer_handles' \\
+                    '2:port:'
+                  ;;
+              esac
+              ;;
+          esac
+          ;;
+        completion)
+          _arguments '1:shell:(bash zsh)'
+          ;;
+      esac
+      ;;
+  esac
+}
+
+_computer_handles() {
+  local -a handles
+  if handles=(\${(f)"$(computer ls --json 2>/dev/null | grep '"handle"' | sed 's/.*"handle": "\\([^"]*\\)".*/\\1/')"}); then
+    _describe -t handles 'computer handle' handles
+  fi
+}
+
+_computer "$@"`;
+var BASH_SCRIPT = `_computer() {
+  local cur prev words cword
+  _init_completion || return
+
+  local commands="login logout whoami create ls get open ssh ports rm completion help"
+  local ports_commands="ls publish rm"
+
+  if [[ $cword -eq 1 ]]; then
+    COMPREPLY=($(compgen -W "$commands" -- "$cur"))
+    return
+  fi
+
+  local cmd="\${words[1]}"
+
+  case "$cmd" in
+    login)
+      COMPREPLY=($(compgen -W "--api-key --stdin --force -f" -- "$cur"))
+      ;;
+    whoami)
+      COMPREPLY=($(compgen -W "--json" -- "$cur"))
+      ;;
+    create)
+      COMPREPLY=($(compgen -W "--name --tier --interactive --runtime-family --source-kind --image-family --image-ref --primary-port --primary-path --healthcheck-type --healthcheck-value --ssh-enabled --ssh-disabled --vnc-enabled --vnc-disabled" -- "$cur"))
+      ;;
+    ls)
+      COMPREPLY=($(compgen -W "--json --verbose -v" -- "$cur"))
+      ;;
+    get|open|ssh|rm)
+      if [[ $cword -eq 2 ]]; then
+        local handles
+        handles=$(computer ls --json 2>/dev/null | grep '"handle"' | sed 's/.*"handle": "\\([^"]*\\)".*/\\1/')
+        COMPREPLY=($(compgen -W "$handles" -- "$cur"))
+      else
+        case "$cmd" in
+          get) COMPREPLY=($(compgen -W "--json" -- "$cur")) ;;
+          open) COMPREPLY=($(compgen -W "--vnc --terminal" -- "$cur")) ;;
+          rm) COMPREPLY=($(compgen -W "--yes -y" -- "$cur")) ;;
+        esac
+      fi
+      ;;
+    ports)
+      if [[ $cword -eq 2 ]]; then
+        COMPREPLY=($(compgen -W "$ports_commands" -- "$cur"))
+      elif [[ $cword -eq 3 ]]; then
+        local handles
+        handles=$(computer ls --json 2>/dev/null | grep '"handle"' | sed 's/.*"handle": "\\([^"]*\\)".*/\\1/')
+        COMPREPLY=($(compgen -W "$handles" -- "$cur"))
+      fi
+      ;;
+    completion)
+      if [[ $cword -eq 2 ]]; then
+        COMPREPLY=($(compgen -W "bash zsh" -- "$cur"))
+      fi
+      ;;
+  esac
+}
+
+complete -F _computer computer`;
+var completionCommand = new Command3("completion").description("Generate shell completions").argument("<shell>", "Shell type (bash or zsh)").action((shell) => {
+  switch (shell) {
+    case "zsh":
+      console.log(ZSH_SCRIPT);
+      break;
+    case "bash":
+      console.log(BASH_SCRIPT);
+      break;
+    default:
+      console.error(`Unsupported shell: ${shell}. Use "bash" or "zsh".`);
+      process.exit(1);
+  }
+});
+
+// src/commands/login.ts
+import { Command as Command4 } from "commander";
+import chalk4 from "chalk";
+import open2 from "open";
+import ora3 from "ora";
+
+// src/lib/browser-login.ts
+import { randomBytes } from "crypto";
+import { createServer } from "http";
+var CALLBACK_HOST = "127.0.0.1";
+var CALLBACK_PATH = "/callback";
+var LOGIN_TIMEOUT_MS = 5 * 60 * 1e3;
+async function createBrowserLoginAttempt() {
+  const state = randomBytes(16).toString("hex");
+  const deferred = createDeferred();
+  let callbackURL = "";
+  let closed = false;
+  let settled = false;
+  const server = createServer((request, response) => {
+    void handleRequest({
+      callbackURL,
+      deferred,
+      request,
+      response,
+      state,
+      settledRef: {
+        get current() {
+          return settled;
+        },
+        set current(value) {
+          settled = value;
+        }
+      }
+    });
+  });
+  await listen(server);
+  const address = server.address();
+  if (!address || typeof address === "string") {
+    await closeServer(server);
+    throw new Error("Failed to allocate a loopback callback port");
+  }
+  callbackURL = `http://${CALLBACK_HOST}:${address.port}${CALLBACK_PATH}`;
+  const loginURL = buildBrowserLoginURL(callbackURL, state);
+  return {
+    callbackURL,
+    loginURL,
+    async close() {
+      if (closed) {
+        return;
+      }
+      closed = true;
+      await closeServer(server);
+    },
+    async waitForResult(timeoutMs = LOGIN_TIMEOUT_MS) {
+      const timeout = setTimeout(() => {
+        if (settled) {
+          return;
+        }
+        settled = true;
+        deferred.reject(new Error("Timed out waiting for browser login"));
+      }, timeoutMs);
+      try {
+        return await deferred.promise;
+      } finally {
+        clearTimeout(timeout);
+        if (!closed) {
+          closed = true;
+          await closeServer(server);
+        }
+      }
+    }
+  };
+}
+function buildBrowserLoginURL(callbackURL, state) {
+  const url = new URL("/api/cli/auth", getWebURL());
+  url.searchParams.set("callback_url", callbackURL);
+  url.searchParams.set("state", state);
+  return url.toString();
+}
+async function handleRequest(input) {
+  const { callbackURL, deferred, request, response, state, settledRef } = input;
+  if (!request.url || request.method !== "GET") {
+    writeHTML(response, 404, renderErrorPage("Login page not found."));
+    return;
+  }
+  const url = new URL(request.url, callbackURL || `http://${CALLBACK_HOST}`);
+  if (url.pathname !== CALLBACK_PATH) {
+    writeHTML(response, 404, renderErrorPage("Login page not found."));
+    return;
+  }
+  if (settledRef.current) {
+    writeHTML(response, 409, renderErrorPage("This login link has already been used."));
+    return;
+  }
+  const returnedState = url.searchParams.get("state")?.trim();
+  if (!returnedState || returnedState !== state) {
+    settledRef.current = true;
+    const error = new Error("Received an invalid browser login state");
+    deferred.reject(error);
+    writeHTML(response, 400, renderErrorPage(error.message));
+    return;
+  }
+  const returnedError = url.searchParams.get("error")?.trim();
+  if (returnedError) {
+    settledRef.current = true;
+    const error = new Error(returnedError);
+    deferred.reject(error);
+    writeHTML(response, 400, renderErrorPage(returnedError));
+    return;
+  }
+  const apiKey = url.searchParams.get("api_key")?.trim();
+  if (!apiKey) {
+    settledRef.current = true;
+    const error = new Error("Browser login did not return an API key");
+    deferred.reject(error);
+    writeHTML(response, 400, renderErrorPage(error.message));
+    return;
+  }
+  try {
+    const me = await apiWithKey(apiKey, "/v1/me");
+    setAPIKey(apiKey);
+    settledRef.current = true;
+    deferred.resolve({
+      apiKey,
+      callbackURL,
+      loginURL: buildBrowserLoginURL(callbackURL, state),
+      me
+    });
+    writeHTML(response, 200, renderSuccessPage(me.user.email));
+  } catch (error) {
+    settledRef.current = true;
+    const message = error instanceof Error ? error.message : "Failed to validate browser login";
+    deferred.reject(new Error(message));
+    writeHTML(response, 401, renderErrorPage(message));
+  }
+}
+function createDeferred() {
+  let resolve;
+  let reject;
+  const promise = new Promise((resolvePromise, rejectPromise) => {
+    resolve = resolvePromise;
+    reject = rejectPromise;
+  });
+  return {
+    promise,
+    reject,
+    resolve
+  };
+}
+function listen(server) {
+  return new Promise((resolve, reject) => {
+    server.once("error", reject);
+    server.listen(0, CALLBACK_HOST, () => {
+      server.off("error", reject);
+      const address = server.address();
+      if (!address || typeof address === "string") {
+        reject(new Error("Failed to allocate a loopback callback port"));
+        return;
+      }
+      resolve(address);
+    });
+  });
+}
+function closeServer(server) {
+  return new Promise((resolve, reject) => {
+    server.close((error) => {
+      if (error) {
+        reject(error);
+        return;
+      }
+      resolve();
+    });
+  });
+}
+function writeHTML(response, statusCode, body) {
+  response.statusCode = statusCode;
+  response.setHeader("content-type", "text/html; charset=utf-8");
+  response.end(body);
+}
+function renderSuccessPage(email) {
+  return `<!doctype html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8" />
+		<title>Computer CLI login complete</title>
+		<meta name="viewport" content="width=device-width, initial-scale=1" />
+		<style>
+			body { font-family: ui-sans-serif, system-ui, sans-serif; background: #0b1220; color: #e2e8f0; display: grid; min-height: 100vh; place-items: center; margin: 0; }
+			main { width: min(32rem, calc(100vw - 2rem)); background: #111827; border: 1px solid #1f2937; border-radius: 16px; padding: 1.5rem; box-shadow: 0 20px 45px rgba(0, 0, 0, 0.35); }
+			h1 { margin: 0 0 0.75rem; font-size: 1.5rem; }
+			p { margin: 0; line-height: 1.5; color: #cbd5e1; }
+			code { color: #f8fafc; }
+		</style>
+	</head>
+	<body>
+		<main>
+			<h1>Computer CLI login complete</h1>
+			<p>Signed in as <code>${escapeHTML(email)}</code>. You can close this tab.</p>
+		</main>
+		<script>
+			window.setTimeout(() => window.close(), 150);
+		</script>
+	</body>
+</html>`;
+}
+function renderErrorPage(message) {
+  return `<!doctype html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8" />
+		<title>Computer CLI login failed</title>
+		<meta name="viewport" content="width=device-width, initial-scale=1" />
+		<style>
+			body { font-family: ui-sans-serif, system-ui, sans-serif; background: #180c0d; color: #fee2e2; display: grid; min-height: 100vh; place-items: center; margin: 0; }
+			main { width: min(32rem, calc(100vw - 2rem)); background: #2b1114; border: 1px solid #7f1d1d; border-radius: 16px; padding: 1.5rem; box-shadow: 0 20px 45px rgba(0, 0, 0, 0.35); }
+			h1 { margin: 0 0 0.75rem; font-size: 1.5rem; }
+			p { margin: 0; line-height: 1.5; color: #fecaca; }
+		</style>
+	</head>
+	<body>
+		<main>
+			<h1>Computer CLI login failed</h1>
+			<p>${escapeHTML(message)}</p>
+		</main>
+	</body>
+</html>`;
+}
+function escapeHTML(value) {
+  return value.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll('"', "&quot;").replaceAll("'", "&#39;");
+}
+
+// src/commands/login.ts
+var loginCommand = new Command4("login").description("Authenticate the CLI").option("--api-key <key>", "API key starting with ac_live_").option("--stdin", "Read the API key from stdin").option("-f, --force", "Overwrite an existing stored API key").action(async (options) => {
+  const existingKey = getStoredAPIKey();
+  if (existingKey && !options.force) {
+    console.log();
+    console.log(chalk4.yellow("  Already logged in. Use --force to overwrite."));
+    console.log();
+    return;
+  }
+  const wantsManualLogin = Boolean(options.apiKey || options.stdin);
+  const apiKey = await resolveAPIKeyInput(options.apiKey, options.stdin);
+  if (!apiKey && wantsManualLogin) {
+    console.log();
+    console.log(chalk4.dim("  Usage: computer login --api-key <ac_live_...>"));
+    console.log(chalk4.dim(`  API:   ${getBaseURL()}`));
+    console.log();
+    process.exit(1);
+  }
+  if (!apiKey) {
+    await runBrowserLogin();
+    return;
+  }
+  if (!apiKey.startsWith("ac_live_")) {
+    console.log();
+    console.log(chalk4.red("  API key must start with ac_live_"));
+    console.log();
+    process.exit(1);
+  }
+  const spinner = ora3("Authenticating...").start();
+  try {
+    const me = await apiWithKey(apiKey, "/v1/me");
+    setAPIKey(apiKey);
+    spinner.succeed(`Logged in as ${chalk4.bold(me.user.email)}`);
+  } catch (error) {
+    spinner.fail(
+      error instanceof Error ? error.message : "Failed to validate API key"
+    );
+    process.exit(1);
+  }
+});
+async function runBrowserLogin() {
+  const spinner = ora3("Starting browser login...").start();
+  let attempt = null;
+  try {
+    attempt = await createBrowserLoginAttempt();
+    spinner.text = "Opening browser...";
+    try {
+      await open2(attempt.loginURL);
+    } catch {
+      spinner.stop();
+      console.log();
+      console.log(chalk4.yellow("  Browser auto-open failed. Open this URL to continue:"));
+      console.log(chalk4.dim(`  ${attempt.loginURL}`));
+      console.log();
+      spinner.start("Waiting for browser login...");
+    }
+    spinner.text = "Waiting for browser login...";
+    const result = await attempt.waitForResult();
+    spinner.succeed(`Logged in as ${chalk4.bold(result.me.user.email)}`);
+  } catch (error) {
+    spinner.fail(error instanceof Error ? error.message : "Browser login failed");
+    process.exit(1);
+  } finally {
+    await attempt?.close();
+  }
+}
+async function resolveAPIKeyInput(flagValue, readFromStdin) {
+  if (flagValue?.trim()) {
+    return flagValue.trim();
+  }
+  if (!readFromStdin) {
+    return "";
+  }
+  if (process.stdin.isTTY) {
+    return "";
+  }
+  const chunks = [];
+  for await (const chunk of process.stdin) {
+    chunks.push(typeof chunk === "string" ? Buffer.from(chunk) : chunk);
+  }
+  return Buffer.concat(chunks).toString("utf8").trim();
+}
+
+// src/commands/logout.ts
+import { Command as Command5 } from "commander";
+import chalk5 from "chalk";
+var logoutCommand = new Command5("logout").description("Remove stored API key").action(() => {
+  if (!getStoredAPIKey()) {
+    console.log();
+    console.log(chalk5.dim("  Not logged in."));
+    if (hasEnvAPIKey()) {
+      console.log(chalk5.dim("  Environment API key is still active in this shell."));
+    }
+    console.log();
+    return;
+  }
+  clearAPIKey();
+  console.log();
+  console.log(chalk5.green("  Logged out."));
+  if (hasEnvAPIKey()) {
+    console.log(chalk5.dim("  Environment API key is still active in this shell."));
+  }
+  console.log();
+});
+
+// src/commands/whoami.ts
+import { Command as Command6 } from "commander";
+import chalk6 from "chalk";
+import ora4 from "ora";
+var whoamiCommand = new Command6("whoami").description("Show current user").option("--json", "Print raw JSON").action(async (options) => {
+  const spinner = options.json ? null : ora4("Loading user...").start();
+  try {
+    const me = await api("/v1/me");
+    spinner?.stop();
+    if (options.json) {
+      console.log(JSON.stringify(me, null, 2));
+      return;
+    }
+    console.log();
+    console.log(`  ${chalk6.bold.white(me.user.display_name || me.user.email)}`);
+    if (me.user.display_name) {
+      console.log(`  ${chalk6.dim(me.user.email)}`);
+    }
+    if (me.api_key.name) {
+      console.log(`  ${chalk6.dim("Key:")}  ${me.api_key.name}`);
+    }
+    console.log(`  ${chalk6.dim("API:")}  ${chalk6.dim(getBaseURL())}`);
+    console.log();
+  } catch (error) {
+    if (spinner) {
+      spinner.fail(error instanceof Error ? error.message : "Failed to load user");
+    } else {
+      console.error(error instanceof Error ? error.message : "Failed to load user");
+    }
+    process.exit(1);
+  }
+});
+
+// src/index.ts
+var require2 = createRequire(import.meta.url);
+var pkg = require2("../package.json");
+var cliName = process.argv[1] ? basename2(process.argv[1]) : "agentcomputer";
+var program = new Command7();
+program.name(cliName).description("Agent Computer CLI").version(pkg.version ?? "0.0.0").option("-y, --yes", "Skip confirmation prompts").configureHelp({
+  formatHelp(cmd, helper) {
+    const version = pkg.version ?? "0.0.0";
+    const lines = [];
+    lines.push(`${chalk7.bold(cliName)} ${chalk7.dim(`v${version}`)}`);
+    lines.push("");
+    if (cmd.commands.length > 0) {
+      const groups = {
+        Auth: [],
+        Computers: [],
+        Access: [],
+        Other: []
+      };
+      for (const sub of cmd.commands) {
+        const name = sub.name();
+        const desc = sub.description();
+        const entry = { name, desc };
+        if (["login", "logout", "whoami"].includes(name)) {
+          groups.Auth.push(entry);
+        } else if (["create", "ls", "get", "rm"].includes(name)) {
+          groups.Computers.push(entry);
+        } else if (["open", "ssh", "ports"].includes(name)) {
+          groups.Access.push(entry);
+        } else {
+          groups.Other.push(entry);
+        }
+      }
+      for (const [groupName, entries] of Object.entries(groups)) {
+        if (entries.length === 0) continue;
+        lines.push(`  ${chalk7.dim(groupName)}`);
+        for (const entry of entries) {
+          const padded = entry.name.padEnd(14);
+          lines.push(`    ${chalk7.white(padded)}${chalk7.dim(entry.desc)}`);
+        }
+        lines.push("");
+      }
+    }
+    const globalOpts = [
+      { flags: "-y, --yes", desc: "Skip confirmation prompts" },
+      { flags: "-V, --version", desc: "Show version" },
+      { flags: "-h, --help", desc: "Show help" }
+    ];
+    lines.push(`  ${chalk7.dim("Options")}`);
+    for (const opt of globalOpts) {
+      const padded = opt.flags.padEnd(14);
+      lines.push(`    ${chalk7.white(padded)}${chalk7.dim(opt.desc)}`);
+    }
+    lines.push("");
+    return lines.join("\n");
+  }
+});
+program.addCommand(loginCommand);
+program.addCommand(logoutCommand);
+program.addCommand(whoamiCommand);
+program.addCommand(createCommand);
+program.addCommand(lsCommand);
+program.addCommand(getCommand);
+program.addCommand(openCommand);
+program.addCommand(sshCommand);
+program.addCommand(portsCommand);
+program.addCommand(removeCommand);
+program.addCommand(completionCommand);
+program.parse();