airclaw 1.0.0

package/dist/cli.js

@@ -0,0 +1,1660 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import { readFileSync as readFileSync3 } from "fs";
+import { fileURLToPath } from "url";
+import { dirname, join as join2 } from "path";
+
+// src/commands/auth.ts
+import { createInterface } from "readline";
+
+// src/config.ts
+import {
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  writeFileSync,
+  rmSync,
+  chmodSync,
+  cpSync,
+  readdirSync
+} from "fs";
+import { homedir } from "os";
+import { join } from "path";
+var CONFIG_DIR = join(homedir(), ".airclaw");
+var CONFIG_FILE = join(CONFIG_DIR, "config.json");
+var CONNECTIONS_FILE = join(CONFIG_DIR, "connections.json");
+var KEYS_DIR = join(CONFIG_DIR, "keys");
+var AIRTERM_DIR = join(homedir(), ".airterm");
+function ensureDir() {
+  if (!existsSync(CONFIG_DIR)) mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
+  if (!existsSync(KEYS_DIR)) mkdirSync(KEYS_DIR, { recursive: true, mode: 448 });
+  try {
+    chmodSync(CONFIG_DIR, 448);
+  } catch {
+  }
+  try {
+    chmodSync(KEYS_DIR, 448);
+  } catch {
+  }
+}
+function writeSecureFile(path, data) {
+  writeFileSync(path, data, { mode: 384 });
+  chmodSync(path, 384);
+}
+function loadConfig() {
+  migrateFromAirterm();
+  if (!existsSync(CONFIG_FILE)) return {};
+  try {
+    return JSON.parse(readFileSync(CONFIG_FILE, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function saveConfig(config) {
+  ensureDir();
+  writeSecureFile(CONFIG_FILE, JSON.stringify(config, null, 2));
+}
+function getSavedConnections() {
+  migrateFromAirterm();
+  if (!existsSync(CONNECTIONS_FILE)) return [];
+  try {
+    const data = JSON.parse(readFileSync(CONNECTIONS_FILE, "utf-8"));
+    return data.saved || [];
+  } catch {
+    return [];
+  }
+}
+function saveConnections(connections) {
+  ensureDir();
+  writeSecureFile(CONNECTIONS_FILE, JSON.stringify({ saved: connections }, null, 2));
+}
+function addSavedConnection(conn) {
+  const connections = getSavedConnections();
+  const idx = connections.findIndex((c) => c.id === conn.id);
+  if (idx >= 0) {
+    connections[idx] = conn;
+  } else {
+    connections.push(conn);
+  }
+  saveConnections(connections);
+}
+function saveKey(machineId, keyData) {
+  ensureDir();
+  const keyPath = join(KEYS_DIR, `${machineId}.key`);
+  writeFileSync(keyPath, keyData, { mode: 384 });
+  chmodSync(keyPath, 384);
+  return keyPath;
+}
+function resetAll() {
+  const connections = getSavedConnections();
+  const count = connections.length;
+  if (existsSync(CONFIG_DIR)) {
+    if (existsSync(CONNECTIONS_FILE)) rmSync(CONNECTIONS_FILE);
+    if (existsSync(KEYS_DIR)) rmSync(KEYS_DIR, { recursive: true, force: true });
+  }
+  return count;
+}
+var migrated = false;
+function migrateFromAirterm() {
+  if (migrated) return;
+  migrated = true;
+  if (!existsSync(AIRTERM_DIR) || existsSync(CONFIG_DIR)) return;
+  try {
+    ensureDir();
+    const airtermConfig = join(AIRTERM_DIR, "connections.json");
+    if (existsSync(airtermConfig)) {
+      const raw = JSON.parse(readFileSync(airtermConfig, "utf-8"));
+      const oldConns = raw.connections || [];
+      const newConns = oldConns.map((c) => ({
+        id: c.id,
+        name: c.name,
+        hostname: c.hostname,
+        port: c.port,
+        username: c.username,
+        keyPath: c.keyPath.replace(`${AIRTERM_DIR}/`, `${CONFIG_DIR}/`),
+        addedAt: c.addedAt
+      }));
+      saveConnections(newConns);
+    }
+    const airtermKeys = join(AIRTERM_DIR, "keys");
+    if (existsSync(airtermKeys)) {
+      cpSync(airtermKeys, KEYS_DIR, { recursive: true });
+      for (const file of readdirSync(KEYS_DIR)) {
+        chmodSync(join(KEYS_DIR, file), 384);
+      }
+    }
+    console.log(
+      "\x1B[33mMigrated saved connections from ~/.airterm/ to ~/.airclaw/\x1B[0m"
+    );
+    console.log("You can safely delete ~/.airterm/ now.\n");
+  } catch {
+  }
+}
+
+// src/api.ts
+var ApiError = class extends Error {
+  constructor(status3, message) {
+    super(message);
+    this.status = status3;
+    this.name = "ApiError";
+  }
+};
+var AirClawAPI = class {
+  apiKey;
+  baseUrl;
+  constructor(apiKey, baseUrl = "https://app.airclaw.com") {
+    this.apiKey = apiKey;
+    this.baseUrl = baseUrl.replace(/\/$/, "");
+  }
+  async request(method, path, body, query) {
+    const url = new URL(`/api/v1${path}`, this.baseUrl);
+    if (query) {
+      for (const [k, v] of Object.entries(query)) {
+        if (v !== void 0) url.searchParams.set(k, v);
+      }
+    }
+    const headers = {
+      Authorization: `Bearer ${this.apiKey}`
+    };
+    if (body !== void 0) {
+      headers["Content-Type"] = "application/json";
+    }
+    const res = await fetch(url.toString(), {
+      method,
+      headers,
+      body: body !== void 0 ? JSON.stringify(body) : void 0,
+      signal: AbortSignal.timeout(3e4)
+    });
+    if (!res.ok) {
+      const data = await res.json().catch(() => ({}));
+      throw new ApiError(
+        res.status,
+        data.error || `HTTP ${res.status}`
+      );
+    }
+    const text = await res.text();
+    if (!text) return void 0;
+    return JSON.parse(text);
+  }
+  // ── Machines ──
+  async list(source) {
+    return this.request("GET", "/airclaw/list", void 0, source ? { source } : void 0);
+  }
+  async create() {
+    return this.request("POST", "/airclaw");
+  }
+  async get(id) {
+    return this.request("GET", `/airclaw/${encodeURIComponent(id)}`);
+  }
+  async destroy(id) {
+    await this.request("DELETE", `/airclaw/${encodeURIComponent(id)}`);
+  }
+  async sleep(id) {
+    return this.request("POST", `/airclaw/${encodeURIComponent(id)}/sleep`);
+  }
+  // ── SSH ──
+  async sshAccess(id) {
+    return this.request("POST", `/airclaw/${encodeURIComponent(id)}/ssh/access`);
+  }
+  // ── Drive ──
+  async driveUploadUrl(id, path, contentType) {
+    return this.request("POST", `/airclaw/${encodeURIComponent(id)}/drive/upload`, {
+      path,
+      content_type: contentType
+    });
+  }
+  async driveDownloadUrl(id, path) {
+    return this.request("POST", `/airclaw/${encodeURIComponent(id)}/drive/download`, {
+      path
+    });
+  }
+  async driveList(id, prefix, limit) {
+    const query = {};
+    if (prefix) query.prefix = prefix;
+    if (limit) query.limit = String(limit);
+    return this.request("GET", `/airclaw/${encodeURIComponent(id)}/drive/list`, void 0, query);
+  }
+  async driveDelete(id, key) {
+    await this.request("DELETE", `/airclaw/${encodeURIComponent(id)}/drive/${encodeURIComponent(key)}`);
+  }
+  async driveShare(id, path) {
+    return this.request("POST", `/airclaw/${encodeURIComponent(id)}/drive/share`, { path });
+  }
+  // ── Mail ──
+  async mailList(id, limit, pageToken) {
+    const query = {};
+    if (limit) query.limit = String(limit);
+    if (pageToken) query.page_token = pageToken;
+    return this.request("GET", `/airclaw/${encodeURIComponent(id)}/mail`, void 0, query);
+  }
+  async mailRead(id, emailId) {
+    return this.request(
+      "GET",
+      `/airclaw/${encodeURIComponent(id)}/mail/${encodeURIComponent(emailId)}`
+    );
+  }
+  async mailSend(id, opts) {
+    return this.request("POST", `/airclaw/${encodeURIComponent(id)}/mail/send`, opts);
+  }
+  async mailReply(id, messageId, opts) {
+    return this.request("POST", `/airclaw/${encodeURIComponent(id)}/mail/reply`, {
+      message_id: messageId,
+      ...opts
+    });
+  }
+  async mailStatus(id) {
+    return this.request("GET", `/airclaw/${encodeURIComponent(id)}/mail/status`);
+  }
+  async mailClaim(id, username, displayName) {
+    return this.request("POST", `/airclaw/${encodeURIComponent(id)}/mail/claim`, {
+      username,
+      display_name: displayName
+    });
+  }
+  // ── Todos ──
+  async todosList(id, params) {
+    const query = {};
+    if (params?.status) query.status = params.status;
+    if (params?.tag) query.tag = params.tag;
+    return this.request("GET", `/airclaw/${encodeURIComponent(id)}/todos`, void 0, query);
+  }
+  async todosCreate(id, body) {
+    return this.request("POST", `/airclaw/${encodeURIComponent(id)}/todos`, body);
+  }
+  async todosUpdate(id, todoId, body) {
+    return this.request(
+      "PATCH",
+      `/airclaw/${encodeURIComponent(id)}/todos/${encodeURIComponent(todoId)}`,
+      body
+    );
+  }
+  async todosDelete(id, todoId) {
+    await this.request(
+      "DELETE",
+      `/airclaw/${encodeURIComponent(id)}/todos/${encodeURIComponent(todoId)}`
+    );
+  }
+  async todosTags(id) {
+    return this.request("GET", `/airclaw/${encodeURIComponent(id)}/todos/tags`);
+  }
+  async todosCreateTag(id, body) {
+    return this.request("POST", `/airclaw/${encodeURIComponent(id)}/todos/tags`, body);
+  }
+  // ── Gateway ──
+  async getConfig(id) {
+    return this.request("GET", `/airclaw/${encodeURIComponent(id)}/gateway/config`);
+  }
+  async patchConfig(id, patch) {
+    return this.request("PATCH", `/airclaw/${encodeURIComponent(id)}/gateway/config`, patch);
+  }
+  async listModels(id) {
+    return this.request("GET", `/airclaw/${encodeURIComponent(id)}/gateway/models`);
+  }
+  async rpc(id, method, params, timeoutMs) {
+    return this.request("POST", `/airclaw/${encodeURIComponent(id)}/gateway/rpc`, {
+      method,
+      params: params || {},
+      timeout_ms: timeoutMs
+    });
+  }
+  async invokeTool(id, name, args2) {
+    return this.request(
+      "POST",
+      `/airclaw/${encodeURIComponent(id)}/gateway/tools/invoke`,
+      { name, arguments: args2 || {} }
+    );
+  }
+  async *chatStream(id, messages, extraHeaders) {
+    const url = new URL(
+      `/api/v1/airclaw/${encodeURIComponent(id)}/gateway/chat`,
+      this.baseUrl
+    );
+    const headers = {
+      Authorization: `Bearer ${this.apiKey}`,
+      "Content-Type": "application/json",
+      ...extraHeaders
+    };
+    const res = await fetch(url.toString(), {
+      method: "POST",
+      headers,
+      body: JSON.stringify({ messages, stream: true })
+    });
+    if (!res.ok) {
+      const data = await res.json().catch(() => ({}));
+      throw new ApiError(
+        res.status,
+        data.error || `HTTP ${res.status}`
+      );
+    }
+    if (!res.body) throw new ApiError(502, "No response body");
+    const reader = res.body.getReader();
+    const decoder = new TextDecoder();
+    let buffer = "";
+    try {
+      while (true) {
+        const { done, value } = await reader.read();
+        if (done) break;
+        buffer += decoder.decode(value, { stream: true });
+        const lines = buffer.split("\n");
+        buffer = lines.pop() || "";
+        for (const line of lines) {
+          if (!line.startsWith("data: ")) continue;
+          const data = line.slice(6).trim();
+          if (data === "[DONE]") return;
+          try {
+            const parsed = JSON.parse(data);
+            const content = parsed.choices?.[0]?.delta?.content;
+            if (content) yield content;
+          } catch {
+          }
+        }
+      }
+    } finally {
+      reader.releaseLock();
+    }
+  }
+  // ── Keys ──
+  async keysList() {
+    return this.request("GET", "/keys/list");
+  }
+  async keysCreate(name) {
+    return this.request("POST", "/keys", { name });
+  }
+  async keysRevoke(id) {
+    await this.request("DELETE", `/keys/${encodeURIComponent(id)}`);
+  }
+  // ── Static (no auth) ──
+  static async redeemCode(code, baseUrl = "https://app.airclaw.com") {
+    const url = new URL("/api/airterm/redeem", baseUrl);
+    const res = await fetch(url.toString(), {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ code }),
+      signal: AbortSignal.timeout(3e4)
+    });
+    const data = await res.json();
+    if (!res.ok) {
+      throw new ApiError(res.status, data.error || `HTTP ${res.status}`);
+    }
+    return data;
+  }
+  static async downloadKey(url) {
+    const parsed = new URL(url);
+    if (parsed.protocol !== "https:") {
+      throw new ApiError(400, "Key download URL must use HTTPS");
+    }
+    const res = await fetch(url, { signal: AbortSignal.timeout(3e4) });
+    if (!res.ok) throw new ApiError(res.status, `Failed to download key: HTTP ${res.status}`);
+    return res.text();
+  }
+  static async checkMachines(ids, baseUrl = "https://app.airclaw.com") {
+    try {
+      const url = new URL("/api/airterm/check", baseUrl);
+      const res = await fetch(url.toString(), {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ machineIds: ids }),
+        signal: AbortSignal.timeout(1e4)
+      });
+      if (!res.ok) return new Set(ids);
+      const data = await res.json();
+      return new Set(data.alive);
+    } catch {
+      return new Set(ids);
+    }
+  }
+};
+
+// src/utils.ts
+var bold = (s) => `\x1B[1m${s}\x1B[0m`;
+var dim = (s) => `\x1B[2m${s}\x1B[0m`;
+var red = (s) => `\x1B[31m${s}\x1B[0m`;
+var green = (s) => `\x1B[32m${s}\x1B[0m`;
+var yellow = (s) => `\x1B[33m${s}\x1B[0m`;
+var cyan = (s) => `\x1B[36m${s}\x1B[0m`;
+function parseFlags(args2) {
+  const positional = [];
+  const flags = {};
+  for (let i = 0; i < args2.length; i++) {
+    const arg = args2[i];
+    if (arg === "--") {
+      positional.push(...args2.slice(i + 1));
+      break;
+    }
+    if (arg.startsWith("--")) {
+      const key = arg.slice(2);
+      const next = args2[i + 1];
+      if (next && !next.startsWith("-")) {
+        flags[key] = next;
+        i++;
+      } else {
+        flags[key] = true;
+      }
+    } else if (arg.startsWith("-") && arg.length === 2) {
+      const key = arg.slice(1);
+      const next = args2[i + 1];
+      if (next && !next.startsWith("-")) {
+        flags[key] = next;
+        i++;
+      } else {
+        flags[key] = true;
+      }
+    } else {
+      positional.push(arg);
+    }
+  }
+  return { positional, flags };
+}
+function requireAuth() {
+  const envKey = process.env.AIRCLAW_API_KEY;
+  const config = loadConfig();
+  const apiKey = envKey || config.apiKey;
+  const baseUrl = process.env.AIRCLAW_API_URL || config.baseUrl;
+  if (!apiKey) {
+    console.error(red("Not authenticated.") + " Run `airclaw auth login` or set AIRCLAW_API_KEY.");
+    process.exit(1);
+  }
+  return new AirClawAPI(apiKey, baseUrl);
+}
+async function resolveId(idArg, api) {
+  if (idArg) return idArg;
+  const config = loadConfig();
+  if (config.defaultMachine) return config.defaultMachine;
+  const { airclaws } = await api.list();
+  if (airclaws.length === 0) {
+    console.error("No AirClaws found. Create one with: airclaw create");
+    process.exit(1);
+  }
+  if (airclaws.length === 1) return airclaws[0].id;
+  console.error("Multiple AirClaws found. Specify an ID.");
+  console.error(dim("Run `airclaw list` to see your AirClaws."));
+  process.exit(1);
+}
+function formatTable(headers, rows, minWidths) {
+  const widths = headers.map((h, i) => {
+    const min = minWidths?.[i] ?? 0;
+    return Math.max(h.length, min, ...rows.map((r) => (r[i] || "").length));
+  });
+  const sep = widths.map((w) => "\u2500".repeat(w + 2)).join("\u253C");
+  const header = headers.map((h, i) => ` ${bold(h.padEnd(widths[i]))} `).join("\u2502");
+  const body = rows.map(
+    (row) => row.map((cell, i) => ` ${(cell || "").padEnd(widths[i])} `).join("\u2502")
+  ).join("\n");
+  return `${header}
+\u2500${sep}\u2500
+${body}`;
+}
+function die(msg) {
+  console.error(red("Error: ") + msg);
+  process.exit(1);
+}
+async function confirm(prompt2) {
+  const { createInterface: createInterface3 } = await import("readline");
+  return new Promise((resolve) => {
+    const rl = createInterface3({ input: process.stdin, output: process.stdout });
+    rl.question(`${prompt2} (y/N) `, (answer) => {
+      rl.close();
+      resolve(answer.toLowerCase() === "y");
+    });
+  });
+}
+
+// src/commands/auth.ts
+async function handleAuth(args2) {
+  const sub = args2[0];
+  switch (sub) {
+    case "login":
+      return login(args2.slice(1));
+    case "logout":
+      return logout();
+    case "status":
+      return status();
+    default:
+      console.log(`
+  ${bold("airclaw auth")} \u2014 Manage authentication
+
+  Commands:
+    login     Save your API key
+    logout    Remove stored credentials
+    status    Show current auth state
+
+  Usage:
+    airclaw auth login
+    airclaw auth login --key sk-ac-...
+    airclaw auth logout
+    airclaw auth status
+
+  ${dim("Security: prefer the interactive prompt or AIRCLAW_API_KEY env var over --key.")}
+  ${dim("Command-line arguments are visible to other users via process listings (ps).")}
+`);
+  }
+}
+async function login(args2) {
+  const { flags } = parseFlags(args2);
+  let apiKey = flags.key;
+  const baseUrl = flags.url;
+  if (!apiKey) {
+    apiKey = await prompt("API key: ");
+    if (!apiKey) {
+      console.error("No API key provided.");
+      process.exit(1);
+    }
+  }
+  apiKey = apiKey.trim();
+  if (!apiKey.startsWith("sk-ac-")) {
+    console.error(red("Invalid API key format.") + " Keys start with sk-ac-");
+    process.exit(1);
+  }
+  process.stdout.write(dim("Validating..."));
+  try {
+    const api = new AirClawAPI(apiKey, baseUrl);
+    await api.list();
+    process.stdout.write("\r" + " ".repeat(20) + "\r");
+    console.log(green("Authenticated successfully."));
+  } catch (err) {
+    process.stdout.write("\r" + " ".repeat(20) + "\r");
+    if (err.status === 401) {
+      console.error(red("Invalid API key."));
+      process.exit(1);
+    }
+    console.log("Could not validate key (network error). Saving anyway.");
+  }
+  const config = loadConfig();
+  config.apiKey = apiKey;
+  if (baseUrl) config.baseUrl = baseUrl;
+  saveConfig(config);
+  console.log(dim("Key saved to ~/.airclaw/config.json"));
+}
+function logout() {
+  const config = loadConfig();
+  if (!config.apiKey) {
+    console.log("Not logged in.");
+    return;
+  }
+  delete config.apiKey;
+  saveConfig(config);
+  console.log("Logged out. API key removed.");
+}
+function status() {
+  const config = loadConfig();
+  if (config.apiKey) {
+    const prefix = config.apiKey.slice(0, 12);
+    console.log(`${green("Authenticated")} \u2014 key: ${prefix}...`);
+    if (config.baseUrl) console.log(`API: ${config.baseUrl}`);
+    if (config.defaultMachine) console.log(`Default machine: ${config.defaultMachine}`);
+  } else {
+    console.log("Not authenticated. Run `airclaw auth login` to set up.");
+  }
+}
+function prompt(question) {
+  return new Promise((resolve) => {
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer);
+    });
+  });
+}
+
+// src/commands/machines.ts
+async function handleList(args2) {
+  const { flags } = parseFlags(args2);
+  const api = requireAuth();
+  const source = flags.source;
+  const { airclaws } = await api.list(source);
+  if (flags.json) {
+    console.log(JSON.stringify(airclaws, null, 2));
+    return;
+  }
+  if (airclaws.length === 0) {
+    console.log("No AirClaws found. Create one with: airclaw create");
+    return;
+  }
+  const config = loadConfig();
+  const rows = airclaws.map((m) => [
+    m.id === config.defaultMachine ? `${m.id} ${dim("(default)")}` : m.id,
+    statusColor(m.status),
+    m.region || "\u2014",
+    m.source || "\u2014",
+    timeAgo(m.created_at)
+  ]);
+  console.log(formatTable(["ID", "Status", "Region", "Source", "Created"], rows));
+  console.log(dim(`
+${airclaws.length} AirClaw${airclaws.length !== 1 ? "s" : ""}`));
+}
+async function handleCreate(args2) {
+  const { flags } = parseFlags(args2);
+  const api = requireAuth();
+  process.stdout.write(dim("Creating AirClaw..."));
+  const machine = await api.create();
+  process.stdout.write("\r" + " ".repeat(30) + "\r");
+  if (flags.json) {
+    console.log(JSON.stringify(machine, null, 2));
+    return;
+  }
+  console.log(green("AirClaw created"));
+  console.log(`  ID:     ${bold(machine.id)}`);
+  console.log(`  Status: ${statusColor(machine.status)}`);
+  console.log(`  Region: ${machine.region || "\u2014"}`);
+  const { airclaws } = await api.list();
+  if (airclaws.length === 1) {
+    const config = loadConfig();
+    config.defaultMachine = machine.id;
+    saveConfig(config);
+    console.log(dim("  Set as default machine."));
+  }
+}
+async function handleInfo(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const machine = await api.get(id);
+  if (flags.json) {
+    console.log(JSON.stringify(machine, null, 2));
+    return;
+  }
+  console.log(`${bold("AirClaw")} ${machine.id}`);
+  console.log(`  Status:      ${statusColor(machine.status)}`);
+  console.log(`  Region:      ${machine.region || "\u2014"}`);
+  console.log(`  Source:      ${machine.source || "\u2014"}`);
+  console.log(`  Environment: ${machine.environment || "\u2014"}`);
+  console.log(`  Created:     ${new Date(machine.created_at).toLocaleString()}`);
+  if (machine.last_active_at) {
+    console.log(`  Last active: ${new Date(machine.last_active_at).toLocaleString()}`);
+  }
+}
+async function handleDestroy(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  if (!flags.force && !flags.f) {
+    const yes = await confirm(`Destroy AirClaw ${bold(id)}? This cannot be undone.`);
+    if (!yes) {
+      console.log("Cancelled.");
+      return;
+    }
+  }
+  process.stdout.write(dim("Destroying..."));
+  await api.destroy(id);
+  process.stdout.write("\r" + " ".repeat(20) + "\r");
+  console.log(red("Destroyed") + ` AirClaw ${id}`);
+  const config = loadConfig();
+  if (config.defaultMachine === id) {
+    delete config.defaultMachine;
+    saveConfig(config);
+  }
+}
+async function handleSleep(args2) {
+  const { positional } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  await api.sleep(id);
+  console.log(`AirClaw ${bold(id)} suspended. It will wake automatically on next use.`);
+}
+async function handleDefault(args2) {
+  const { positional } = parseFlags(args2);
+  const id = positional[0];
+  if (!id) {
+    const config2 = loadConfig();
+    if (config2.defaultMachine) {
+      console.log(`Default machine: ${bold(config2.defaultMachine)}`);
+    } else {
+      console.log("No default machine set. Usage: airclaw default <id>");
+    }
+    return;
+  }
+  const api = requireAuth();
+  await api.get(id);
+  const config = loadConfig();
+  config.defaultMachine = id;
+  saveConfig(config);
+  console.log(`Default machine set to ${bold(id)}`);
+}
+function statusColor(status3) {
+  switch (status3) {
+    case "started":
+    case "running":
+      return green(status3);
+    case "suspended":
+    case "stopping":
+      return yellow(status3);
+    case "stopped":
+    case "destroyed":
+      return red(status3);
+    default:
+      return status3;
+  }
+}
+function timeAgo(iso) {
+  const diff = Date.now() - new Date(iso).getTime();
+  const mins = Math.floor(diff / 6e4);
+  if (mins < 60) return `${mins}m ago`;
+  const hours = Math.floor(mins / 60);
+  if (hours < 24) return `${hours}h ago`;
+  const days = Math.floor(hours / 24);
+  return `${days}d ago`;
+}
+
+// src/commands/ssh-cmd.ts
+import { existsSync as existsSync2 } from "fs";
+
+// src/ssh.ts
+import { spawnSync } from "child_process";
+function connectSSH(target, command2) {
+  if (!/^[a-zA-Z0-9._-]+$/.test(target.hostname)) {
+    console.error("Invalid hostname.");
+    return 1;
+  }
+  if (!/^[a-zA-Z0-9_-]+$/.test(target.username)) {
+    console.error("Invalid username.");
+    return 1;
+  }
+  const needsTls = target.hostname.endsWith(".fly.dev");
+  const args2 = [
+    "-i",
+    target.keyPath,
+    "-p",
+    String(target.port),
+    "-o",
+    "StrictHostKeyChecking=accept-new",
+    "-o",
+    "UserKnownHostsFile=~/.airclaw/known_hosts",
+    "-o",
+    "LogLevel=ERROR"
+  ];
+  if (needsTls) {
+    args2.push(
+      "-o",
+      `ProxyCommand openssl s_client -connect %h:%p -quiet 2>/dev/null`
+    );
+  }
+  if (command2 && command2.length > 0 && process.stdin.isTTY) {
+    args2.push("-t");
+  }
+  args2.push(`${target.username}@${target.hostname}`);
+  if (command2 && command2.length > 0) {
+    args2.push("--", ...command2);
+  }
+  const result = spawnSync("ssh", args2, { stdio: "inherit" });
+  return result.status ?? 1;
+}
+
+// src/commands/ssh-cmd.ts
+async function handleSSH(args2) {
+  const { positional, flags } = parseFlags(args2);
+  if (flags.list || flags.l) return listConnections();
+  if (flags.reset || flags.r) return resetConnections();
+  const target = positional[0];
+  const remoteCmd = positional.slice(1);
+  if (!target) {
+    return connectDefault(remoteCmd.length > 0 ? remoteCmd : void 0);
+  }
+  if (target.startsWith("otp_")) {
+    return redeemAndConnect(target, remoteCmd.length > 0 ? remoteCmd : void 0);
+  }
+  return connectById(target, remoteCmd.length > 0 ? remoteCmd : void 0);
+}
+async function connectById(id, command2) {
+  const api = requireAuth();
+  const saved = getSavedConnections().find((c) => c.id === id);
+  if (saved && existsSync2(saved.keyPath)) {
+    const exitCode2 = connectSSH(saved, command2);
+    if (exitCode2 === 0) process.exit(0);
+    console.log(dim("Saved credentials failed, fetching fresh ones..."));
+  }
+  process.stdout.write(dim("Getting SSH credentials..."));
+  const creds = await api.sshAccess(id);
+  process.stdout.write("\r" + " ".repeat(35) + "\r");
+  const keyData = await AirClawAPI.downloadKey(creds.key_url);
+  const keyPath = saveKey(id, keyData);
+  const target = {
+    hostname: creds.hostname,
+    port: creds.port,
+    username: creds.username,
+    keyPath
+  };
+  const exitCode = connectSSH(target, command2);
+  if (exitCode !== 0) {
+    console.error(
+      `
+${yellow("Connection failed.")} The machine may be suspended \u2014 try \`airclaw info ${id}\` to check status.`
+    );
+  }
+  process.exit(exitCode);
+}
+async function redeemAndConnect(code, command2) {
+  const config = loadConfig();
+  const baseUrl = config.baseUrl;
+  process.stdout.write(dim("Redeeming code..."));
+  const result = await AirClawAPI.redeemCode(code, baseUrl);
+  process.stdout.write("\r" + " ".repeat(25) + "\r");
+  console.log(`${green("Connected to")} ${bold(result.machineName)}`);
+  const keyData = await AirClawAPI.downloadKey(result.keyUrl);
+  const keyPath = saveKey(result.machineId, keyData);
+  const conn = {
+    id: result.machineId,
+    name: result.machineName,
+    hostname: result.hostname,
+    port: result.port,
+    username: result.username,
+    keyPath,
+    addedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  addSavedConnection(conn);
+  const exitCode = connectSSH(conn, command2);
+  if (exitCode !== 0) {
+    console.error(`
+${yellow("Connection failed.")} Run \`airclaw ssh --reset\` and request a new code.`);
+  }
+  process.exit(exitCode);
+}
+async function connectDefault(command2) {
+  const config = loadConfig();
+  if (config.apiKey) {
+    const api = new AirClawAPI(config.apiKey, config.baseUrl);
+    try {
+      const id = await resolveId(void 0, api);
+      return connectById(id, command2);
+    } catch {
+    }
+  }
+  const saved = getSavedConnections();
+  if (saved.length === 0) {
+    console.error("No AirClaws found.");
+    console.error(dim("Run `airclaw auth login` to authenticate, or `airclaw ssh <code>` to redeem a code."));
+    process.exit(1);
+  }
+  if (saved.length === 1) {
+    const exitCode2 = connectSSH(saved[0], command2);
+    process.exit(exitCode2);
+  }
+  console.log(bold("Saved connections:"));
+  saved.forEach((c, i) => {
+    console.log(`  ${dim(`${i + 1}.`)} ${c.name} ${dim(`(${c.id})`)}`);
+  });
+  console.log();
+  const { createInterface: createInterface3 } = await import("readline");
+  const rl = createInterface3({ input: process.stdin, output: process.stdout });
+  const answer = await new Promise((resolve) => {
+    rl.question(`Select (1-${saved.length}): `, resolve);
+  });
+  rl.close();
+  const idx = parseInt(answer, 10) - 1;
+  if (isNaN(idx) || idx < 0 || idx >= saved.length) {
+    console.error("Invalid selection.");
+    process.exit(1);
+  }
+  const exitCode = connectSSH(saved[idx], command2);
+  process.exit(exitCode);
+}
+function listConnections() {
+  const config = loadConfig();
+  const saved = getSavedConnections();
+  const hasAuth = !!config.apiKey;
+  if (saved.length === 0 && !hasAuth) {
+    console.log("No saved connections.");
+    console.log(dim("Run `airclaw auth login` or `airclaw ssh <code>` to get started."));
+    return;
+  }
+  if (hasAuth) {
+    console.log(dim("Account machines are accessed via API key \u2014 run `airclaw list` to see them."));
+    console.log();
+  }
+  if (saved.length > 0) {
+    console.log(bold("Saved Connections"));
+    for (const conn of saved) {
+      const status3 = existsSync2(conn.keyPath) ? green("key ok") : red("key missing");
+      console.log(`  ${conn.name} ${dim(`(${conn.id})`)}`);
+      console.log(`    ${conn.hostname}:${conn.port} [${status3}]`);
+    }
+  } else {
+    console.log("No saved connections.");
+  }
+}
+function resetConnections() {
+  const count = resetAll();
+  if (count > 0) {
+    console.log(`Removed ${count} saved connection${count !== 1 ? "s" : ""} and keys.`);
+  } else {
+    console.log("No saved connections to remove.");
+  }
+}
+
+// src/commands/chat.ts
+import { createInterface as createInterface2 } from "readline";
+async function handleChat(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const singleMessage = flags.m || flags.message;
+  if (singleMessage) {
+    const messages = [{ role: "user", content: singleMessage }];
+    for await (const chunk of api.chatStream(id, messages)) {
+      process.stdout.write(chunk);
+    }
+    process.stdout.write("\n");
+    return;
+  }
+  console.log(`${bold("AirClaw Chat")} ${dim(`(${id})`)}`);
+  console.log(dim("Type a message and press Enter. Ctrl+C to exit.\n"));
+  const history = [];
+  const rl = createInterface2({
+    input: process.stdin,
+    output: process.stdout,
+    prompt: cyan("You: ")
+  });
+  rl.prompt();
+  for await (const line of rl) {
+    const input = line.trim();
+    if (!input) {
+      rl.prompt();
+      continue;
+    }
+    if (input.toLowerCase() === "exit" || input.toLowerCase() === "quit") {
+      break;
+    }
+    history.push({ role: "user", content: input });
+    process.stdout.write(bold("AirClaw: "));
+    let response = "";
+    try {
+      for await (const chunk of api.chatStream(id, history)) {
+        process.stdout.write(chunk);
+        response += chunk;
+      }
+    } catch (err) {
+      process.stdout.write(red(`
+Error: ${err.message}`));
+    }
+    process.stdout.write("\n\n");
+    if (response) {
+      history.push({ role: "assistant", content: response });
+    }
+    rl.prompt();
+  }
+  console.log(dim("\nGoodbye."));
+}
+
+// src/commands/gateway.ts
+async function handleConfig(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const setVal = flags.set;
+  if (setVal) {
+    let patch;
+    try {
+      patch = JSON.parse(setVal);
+    } catch {
+      die(`Invalid JSON for --set. Usage: airclaw config <id> --set '{"key": "value"}'`);
+    }
+    const result = await api.patchConfig(id, patch);
+    console.log(JSON.stringify(result, null, 2));
+  } else {
+    const config = await api.getConfig(id);
+    console.log(JSON.stringify(config, null, 2));
+  }
+}
+async function handleModels(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const models = await api.listModels(id);
+  if (flags.json) {
+    console.log(JSON.stringify(models, null, 2));
+    return;
+  }
+  if (Array.isArray(models)) {
+    for (const m of models) {
+      const name = typeof m === "string" ? m : m.id || m.name || JSON.stringify(m);
+      console.log(`  ${name}`);
+    }
+  } else {
+    console.log(JSON.stringify(models, null, 2));
+  }
+}
+async function handleRpc(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const method = positional[1];
+  if (!method) {
+    die("Usage: airclaw rpc <id> <method> [--params '{...}']");
+  }
+  let params;
+  const paramsStr = flags.params;
+  if (paramsStr) {
+    try {
+      params = JSON.parse(paramsStr);
+    } catch {
+      die("Invalid JSON for --params");
+    }
+  }
+  const timeoutMs = flags.timeout ? parseInt(flags.timeout, 10) : void 0;
+  const result = await api.rpc(id, method, params, timeoutMs);
+  console.log(JSON.stringify(result, null, 2));
+}
+async function handleTools(args2) {
+  const sub = args2[0];
+  if (sub !== "invoke") {
+    console.log(`
+  ${bold("airclaw tools")} \u2014 Invoke agent tools
+
+  Usage:
+    airclaw tools invoke <id> <tool-name> [--args '{...}']
+`);
+    return;
+  }
+  const { positional, flags } = parseFlags(args2.slice(1));
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const toolName = positional[1];
+  if (!toolName) {
+    die("Usage: airclaw tools invoke <id> <tool-name> [--args '{...}']");
+  }
+  let toolArgs;
+  const argsStr = flags.args;
+  if (argsStr) {
+    try {
+      toolArgs = JSON.parse(argsStr);
+    } catch {
+      die("Invalid JSON for --args");
+    }
+  }
+  const result = await api.invokeTool(id, toolName, toolArgs);
+  console.log(JSON.stringify(result, null, 2));
+}
+
+// src/commands/drive.ts
+import { readFileSync as readFileSync2, writeFileSync as writeFileSync2, statSync } from "fs";
+import { basename, extname } from "path";
+var MIME_TYPES = {
+  ".txt": "text/plain",
+  ".html": "text/html",
+  ".css": "text/css",
+  ".js": "application/javascript",
+  ".ts": "application/typescript",
+  ".json": "application/json",
+  ".xml": "application/xml",
+  ".csv": "text/csv",
+  ".md": "text/markdown",
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".svg": "image/svg+xml",
+  ".webp": "image/webp",
+  ".pdf": "application/pdf",
+  ".zip": "application/zip",
+  ".tar": "application/x-tar",
+  ".gz": "application/gzip",
+  ".mp3": "audio/mpeg",
+  ".mp4": "video/mp4",
+  ".wav": "audio/wav"
+};
+async function handleDrive(args2) {
+  const sub = args2[0];
+  switch (sub) {
+    case "upload":
+      return upload(args2.slice(1));
+    case "download":
+      return download(args2.slice(1));
+    case "list":
+    case "ls":
+      return list(args2.slice(1));
+    case "delete":
+    case "rm":
+      return del(args2.slice(1));
+    case "share":
+      return share(args2.slice(1));
+    default:
+      console.log(`
+  ${bold("airclaw drive")} \u2014 Manage AirClaw files
+
+  Commands:
+    upload <id> <file> [remote-path]   Upload a file
+    download <id> <remote-path> [local] Download a file
+    list <id> [prefix]                  List files
+    delete <id> <path>                  Delete a file
+    share <id> <path>                   Create a shareable link
+`);
+  }
+}
+async function upload(args2) {
+  const { positional } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const localPath = positional[1];
+  const remotePath = positional[2] || basename(localPath || "");
+  if (!localPath) die("Usage: airclaw drive upload <id> <file> [remote-path]");
+  const ext = extname(localPath).toLowerCase();
+  const contentType = MIME_TYPES[ext] || "application/octet-stream";
+  process.stdout.write(dim("Uploading..."));
+  const { url } = await api.driveUploadUrl(id, remotePath, contentType);
+  const fileData = readFileSync2(localPath);
+  const uploadRes = await fetch(url, {
+    method: "PUT",
+    headers: { "Content-Type": contentType },
+    body: fileData
+  });
+  process.stdout.write("\r" + " ".repeat(20) + "\r");
+  if (!uploadRes.ok) {
+    die(`Upload failed: HTTP ${uploadRes.status}`);
+  }
+  const size = statSync(localPath).size;
+  console.log(`${green("Uploaded")} ${remotePath} (${formatBytes(size)})`);
+}
+async function download(args2) {
+  const { positional } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const remotePath = positional[1];
+  const localPath = positional[2] || basename(remotePath || "");
+  if (!remotePath) die("Usage: airclaw drive download <id> <remote-path> [local-path]");
+  process.stdout.write(dim("Downloading..."));
+  const { url } = await api.driveDownloadUrl(id, remotePath);
+  const res = await fetch(url);
+  process.stdout.write("\r" + " ".repeat(20) + "\r");
+  if (!res.ok) {
+    die(`Download failed: HTTP ${res.status}`);
+  }
+  const buffer = Buffer.from(await res.arrayBuffer());
+  writeFileSync2(localPath, buffer);
+  console.log(`${green("Downloaded")} ${remotePath} \u2192 ${localPath} (${formatBytes(buffer.length)})`);
+}
+async function list(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const prefix = positional[1];
+  const limit = flags.limit ? parseInt(flags.limit, 10) : void 0;
+  const result = await api.driveList(id, prefix, limit);
+  if (flags.json) {
+    console.log(JSON.stringify(result, null, 2));
+    return;
+  }
+  if (result.files.length === 0) {
+    console.log("No files found.");
+    return;
+  }
+  const rows = result.files.map((f) => [
+    f.key,
+    formatBytes(f.size),
+    new Date(f.last_modified).toLocaleString()
+  ]);
+  console.log(formatTable(["File", "Size", "Modified"], rows));
+  console.log(dim(`
+Total: ${formatBytes(result.total_size)}`));
+}
+async function del(args2) {
+  const { positional } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const path = positional[1];
+  if (!path) die("Usage: airclaw drive delete <id> <path>");
+  await api.driveDelete(id, path);
+  console.log(`Deleted ${path}`);
+}
+async function share(args2) {
+  const { positional } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const path = positional[1];
+  if (!path) die("Usage: airclaw drive share <id> <path>");
+  const result = await api.driveShare(id, path);
+  console.log(result.url);
+}
+function formatBytes(bytes) {
+  if (bytes === 0) return "0 B";
+  const units = ["B", "KB", "MB", "GB"];
+  const i = Math.floor(Math.log(bytes) / Math.log(1024));
+  const val = bytes / Math.pow(1024, i);
+  return `${val.toFixed(i === 0 ? 0 : 1)} ${units[i]}`;
+}
+
+// src/commands/mail.ts
+async function handleMail(args2) {
+  const sub = args2[0];
+  switch (sub) {
+    case "list":
+    case "ls":
+      return list2(args2.slice(1));
+    case "read":
+      return read(args2.slice(1));
+    case "send":
+      return send(args2.slice(1));
+    case "reply":
+      return reply(args2.slice(1));
+    case "status":
+      return status2(args2.slice(1));
+    case "claim":
+      return claim(args2.slice(1));
+    default:
+      console.log(`
+  ${bold("airclaw mail")} \u2014 Manage AirClaw email
+
+  Commands:
+    list <id>                          List emails
+    read <id> <email-id>               Read an email
+    send <id> --to <addr> --subject <subj> --body <text>
+    reply <id> <email-id> --body <text>
+    status <id>                        Check email configuration
+    claim <id> <username>              Claim an email address
+`);
+  }
+}
+async function list2(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const limit = flags.limit ? parseInt(flags.limit, 10) : void 0;
+  const pageToken = flags.page;
+  const result = await api.mailList(id, limit, pageToken);
+  if (flags.json) {
+    console.log(JSON.stringify(result, null, 2));
+    return;
+  }
+  if (result.emails.length === 0) {
+    console.log("No emails.");
+    return;
+  }
+  for (const email of result.emails) {
+    const from = email.from?.address || email.from || "unknown";
+    const subject = email.subject || "(no subject)";
+    const date = email.created_at ? new Date(email.created_at).toLocaleString() : "";
+    console.log(`${dim(email.id || "")} ${bold(subject)}`);
+    console.log(`  From: ${from}  ${dim(date)}`);
+    console.log();
+  }
+  if (result.next_page_token) {
+    console.log(dim(`More emails available. Use --page ${result.next_page_token}`));
+  }
+}
+async function read(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const emailId = positional[1];
+  if (!emailId) die("Usage: airclaw mail read <id> <email-id>");
+  const { email } = await api.mailRead(id, emailId);
+  if (flags.json) {
+    console.log(JSON.stringify(email, null, 2));
+    return;
+  }
+  console.log(bold(`Subject: ${email.subject || "(no subject)"}`));
+  console.log(`From: ${email.from?.address || email.from || "unknown"}`);
+  if (email.to) console.log(`To: ${Array.isArray(email.to) ? email.to.join(", ") : email.to}`);
+  if (email.created_at) console.log(`Date: ${new Date(email.created_at).toLocaleString()}`);
+  console.log("\u2500".repeat(60));
+  console.log(email.text || email.html || "(empty)");
+}
+async function send(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const to = flags.to;
+  const subject = flags.subject;
+  const body = flags.body;
+  if (!to) die("Usage: airclaw mail send <id> --to <address> --subject <subject> --body <text>");
+  if (!subject) die("--subject is required");
+  if (!body) die("--body is required");
+  const recipients = to.split(",").map((s) => s.trim());
+  await api.mailSend(id, {
+    to: recipients,
+    subject,
+    text: body
+  });
+  console.log(green("Email sent."));
+}
+async function reply(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const emailId = positional[1];
+  if (!emailId) die("Usage: airclaw mail reply <id> <email-id> --body <text>");
+  const body = flags.body;
+  if (!body) die("--body is required");
+  await api.mailReply(id, emailId, { text: body });
+  console.log(green("Reply sent."));
+}
+async function status2(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const result = await api.mailStatus(id);
+  if (flags.json) {
+    console.log(JSON.stringify(result, null, 2));
+    return;
+  }
+  if (result.configured) {
+    console.log(`Email: ${green(result.address || "configured")}`);
+    if (result.display_name) console.log(`Name: ${result.display_name}`);
+  } else {
+    console.log("Email not configured. Run `airclaw mail claim <id> <username>` to set up.");
+  }
+}
+async function claim(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const username = positional[1];
+  if (!username) die("Usage: airclaw mail claim <id> <username>");
+  const displayName = flags.name;
+  const result = await api.mailClaim(id, username, displayName);
+  console.log(`${green("Email claimed:")} ${result.address}`);
+}
+
+// src/commands/todos.ts
+async function handleTodos(args2) {
+  const sub = args2[0];
+  switch (sub) {
+    case "list":
+    case "ls":
+      return list3(args2.slice(1));
+    case "create":
+    case "add":
+      return create(args2.slice(1));
+    case "update":
+      return update(args2.slice(1));
+    case "delete":
+    case "rm":
+      return del2(args2.slice(1));
+    case "tags":
+      return tags(args2.slice(1));
+    default:
+      console.log(`
+  ${bold("airclaw todos")} \u2014 Manage AirClaw todos
+
+  Commands:
+    list <id> [--status <status>] [--tag <tag>]
+    create <id> <text>
+    update <id> <todo-id> [--status <status>] [--text <text>]
+    delete <id> <todo-id>
+    tags <id>
+`);
+  }
+}
+async function list3(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const params = {};
+  if (flags.status) params.status = flags.status;
+  if (flags.tag) params.tag = flags.tag;
+  const result = await api.todosList(id, params);
+  if (flags.json) {
+    console.log(JSON.stringify(result, null, 2));
+    return;
+  }
+  const todos = Array.isArray(result) ? result : result?.todos || [];
+  if (todos.length === 0) {
+    console.log("No todos.");
+    return;
+  }
+  for (const todo of todos) {
+    const check = todo.status === "completed" ? "\x1B[32m[x]\x1B[0m" : "[ ]";
+    const tags2 = todo.tags?.length ? dim(` [${todo.tags.join(", ")}]`) : "";
+    console.log(`  ${check} ${todo.text || todo.title || todo.id}${tags2} ${dim(todo.id || "")}`);
+  }
+}
+async function create(args2) {
+  const { positional } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const text = positional.slice(1).join(" ");
+  if (!text) die("Usage: airclaw todos create <id> <text>");
+  const result = await api.todosCreate(id, { text });
+  console.log(`${green("Created")} todo ${dim(result?.id || "")}`);
+}
+async function update(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const todoId = positional[1];
+  if (!todoId) die("Usage: airclaw todos update <id> <todo-id> [--status <status>] [--text <text>]");
+  const updates = {};
+  if (flags.status) updates.status = flags.status;
+  if (flags.text) updates.text = flags.text;
+  if (Object.keys(updates).length === 0) {
+    die("Specify at least one update: --status or --text");
+  }
+  await api.todosUpdate(id, todoId, updates);
+  console.log(green("Updated."));
+}
+async function del2(args2) {
+  const { positional } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const todoId = positional[1];
+  if (!todoId) die("Usage: airclaw todos delete <id> <todo-id>");
+  await api.todosDelete(id, todoId);
+  console.log("Deleted.");
+}
+async function tags(args2) {
+  const { positional, flags } = parseFlags(args2);
+  const api = requireAuth();
+  const id = await resolveId(positional[0], api);
+  const result = await api.todosTags(id);
+  if (flags.json) {
+    console.log(JSON.stringify(result, null, 2));
+    return;
+  }
+  const tagList = Array.isArray(result) ? result : result?.tags || [];
+  if (tagList.length === 0) {
+    console.log("No tags.");
+    return;
+  }
+  for (const tag of tagList) {
+    console.log(`  ${tag.name || tag.id || tag}`);
+  }
+}
+
+// src/commands/keys.ts
+async function handleKeys(args2) {
+  const sub = args2[0];
+  switch (sub) {
+    case "list":
+    case "ls":
+      return list4(args2.slice(1));
+    case "create":
+      return create2(args2.slice(1));
+    case "revoke":
+      return revoke(args2.slice(1));
+    default:
+      console.log(`
+  ${bold("airclaw keys")} \u2014 Manage API keys
+
+  Commands:
+    list                 List your API keys
+    create [name]        Create a new key
+    revoke <key-id>      Revoke a key
+`);
+  }
+}
+async function list4(args2) {
+  const { flags } = parseFlags(args2);
+  const api = requireAuth();
+  const { keys } = await api.keysList();
+  if (flags.json) {
+    console.log(JSON.stringify(keys, null, 2));
+    return;
+  }
+  if (keys.length === 0) {
+    console.log("No API keys.");
+    return;
+  }
+  const rows = keys.map((k) => [
+    k.id,
+    k.key_prefix + "...",
+    k.name || "\u2014",
+    new Date(k.created_at).toLocaleDateString(),
+    k.last_used_at ? new Date(k.last_used_at).toLocaleDateString() : "never"
+  ]);
+  console.log(formatTable(["ID", "Key", "Name", "Created", "Last Used"], rows));
+}
+async function create2(args2) {
+  const { positional } = parseFlags(args2);
+  const api = requireAuth();
+  const name = positional.join(" ") || void 0;
+  const result = await api.keysCreate(name);
+  console.log(green("API key created"));
+  console.log();
+  console.log(`  ${bold(result.key)}`);
+  console.log();
+  console.log(dim("Save this key \u2014 it won't be shown again."));
+}
+async function revoke(args2) {
+  const { positional } = parseFlags(args2);
+  const api = requireAuth();
+  const keyId = positional[0];
+  if (!keyId) die("Usage: airclaw keys revoke <key-id>");
+  await api.keysRevoke(keyId);
+  console.log(`${red("Revoked")} key ${keyId}`);
+}
+
+// src/cli.ts
+function getVersion() {
+  try {
+    const __dirname = dirname(fileURLToPath(import.meta.url));
+    const pkg = JSON.parse(readFileSync3(join2(__dirname, "..", "package.json"), "utf-8"));
+    return pkg.version;
+  } catch {
+    return "1.0.0";
+  }
+}
+function showHelp(exitCode = 0) {
+  const v = getVersion();
+  console.log(`
+  ${bold("airclaw")} v${v} \u2014 CLI for AirClaw
+
+  ${bold("Usage:")}
+    airclaw <command> [options]
+
+  ${bold("Authentication:")}
+    auth login              Save your API key
+    auth logout             Remove stored credentials
+    auth status             Show current auth state
+
+  ${bold("Machines:")}
+    list                    List your AirClaws
+    create                  Create a new AirClaw
+    info <id>               Get AirClaw details
+    destroy <id>            Destroy an AirClaw
+    sleep <id>              Suspend an AirClaw
+    default <id>            Set default machine
+
+  ${bold("Access:")}
+    ssh <id|code>           SSH into an AirClaw
+    ssh <id> <command...>   Run a remote command
+    chat <id>               Chat with an AirClaw
+    chat <id> -m "message"  Send a single message
+
+  ${bold("Gateway:")}
+    config <id>             View/update configuration
+    models <id>             List available models
+    rpc <id> <method>       Send RPC to gateway
+    tools invoke <id> <n>   Invoke a tool
+
+  ${bold("Resources:")}
+    drive <subcommand>      Manage files (upload, download, list, delete, share)
+    mail <subcommand>       Manage email (list, read, send, reply, status, claim)
+    todos <subcommand>      Manage todos (list, create, update, delete, tags)
+
+  ${bold("API Keys:")}
+    keys list               List your API keys
+    keys create [name]      Create a new key
+    keys revoke <id>        Revoke a key
+
+  ${bold("Options:")}
+    -h, --help              Show help
+    -v, --version           Show version
+    --json                  Output as JSON (where applicable)
+
+  ${bold("Environment:")}
+    AIRCLAW_API_KEY         API key (alternative to 'auth login')
+    AIRCLAW_API_URL         Custom API base URL
+
+  ${bold("Security:")}
+    Prefer ${bold("airclaw auth login")} (interactive prompt) or the ${bold("AIRCLAW_API_KEY")}
+    env var over ${bold("--key")} on the command line. Command-line arguments are
+    visible to other users on the system via process listings (ps).
+
+  ${dim("When <id> is omitted, uses default machine (or auto-selects if only one exists).")}
+  ${dim("Run 'airclaw <command> --help' for command-specific help.")}
+`);
+  process.exit(exitCode);
+}
+var args = process.argv.slice(2);
+var command = args[0];
+async function main() {
+  switch (command) {
+    case "auth":
+      return handleAuth(args.slice(1));
+    case "list":
+    case "ls":
+      return handleList(args.slice(1));
+    case "create":
+      return handleCreate(args.slice(1));
+    case "info":
+      return handleInfo(args.slice(1));
+    case "destroy":
+      return handleDestroy(args.slice(1));
+    case "sleep":
+      return handleSleep(args.slice(1));
+    case "default":
+      return handleDefault(args.slice(1));
+    case "ssh":
+      return handleSSH(args.slice(1));
+    case "chat":
+      return handleChat(args.slice(1));
+    case "config":
+      return handleConfig(args.slice(1));
+    case "models":
+      return handleModels(args.slice(1));
+    case "rpc":
+      return handleRpc(args.slice(1));
+    case "tools":
+      return handleTools(args.slice(1));
+    case "drive":
+      return handleDrive(args.slice(1));
+    case "mail":
+      return handleMail(args.slice(1));
+    case "todos":
+      return handleTodos(args.slice(1));
+    case "keys":
+      return handleKeys(args.slice(1));
+    case "--help":
+    case "-h":
+    case "help":
+      showHelp();
+    case "--version":
+    case "-v":
+      console.log(getVersion());
+      process.exit(0);
+    case void 0:
+      return handleSSH([]);
+    default:
+      console.error(`Unknown command: ${command}`);
+      console.error(dim("Run `airclaw --help` for usage."));
+      process.exit(1);
+  }
+}
+main().catch((err) => {
+  if (err instanceof ApiError) {
+    console.error(red("Error: ") + err.message);
+    if (err.status === 401) {
+      console.error(dim("Run `airclaw auth login` to authenticate."));
+    } else if (err.status === 404) {
+      console.error(dim("The resource was not found. Check the ID and try again."));
+    } else if (err.status === 429) {
+      console.error(dim("Rate limit exceeded. Wait a moment and try again."));
+    }
+    process.exit(1);
+  }
+  if (err.code === "ECONNREFUSED" || err.code === "ENOTFOUND") {
+    console.error(red("Connection failed.") + " Could not reach the API.");
+    process.exit(1);
+  }
+  console.error(red("Error: ") + (err.message || err));
+  process.exit(1);
+});