archbyte 0.4.2 → 0.5.1

package/dist/agents/static/infra-analyzer.js

@@ -150,7 +150,7 @@ async function detectCI(tk, result) {
 }
 async function detectCloud(tk, result) {
     // Check for IaC and cloud config in parallel
-    const [terraformFiles, wranglerToml, vercelJson, netlifyToml, awsCdk, samTemplate, serverlessYml,] = await Promise.all([
+    const [terraformFiles, wranglerTomlRoot, vercelJson, netlifyToml, awsCdk, samTemplate, serverlessYml,] = await Promise.all([
         tk.globFiles("**/*.tf"),
         tk.readFileSafe("wrangler.toml"),
         tk.readJSON("vercel.json"),
@@ -159,6 +159,20 @@ async function detectCloud(tk, result) {
         tk.readYAML("template.yaml"), // AWS SAM
         tk.readYAML("serverless.yml"),
     ]);
+    // Also check subdirectories for wrangler.toml (e.g. cloud/, workers/, api/)
+    let wranglerToml = wranglerTomlRoot;
+    if (!wranglerToml) {
+        const rootEntries = await tk.listDir(".");
+        for (const entry of rootEntries) {
+            if (entry.type === "directory") {
+                const sub = await tk.readFileSafe(`${entry.name}/wrangler.toml`);
+                if (sub) {
+                    wranglerToml = sub;
+                    break;
+                }
+            }
+        }
+    }
     if (terraformFiles.length > 0) {
         result.cloud.iac = "Terraform";
         // Try to detect provider from tf files

package/dist/agents/static/structure-scanner.js

@@ -1,5 +1,6 @@
 // Static Analysis — Structure Scanner
 // Detects project language, framework, monorepo, package manager, entry points
+import { categorizeDep } from "./taxonomy.js";
 export async function scanStructure(tk) {
     const result = {
         projectName: "",
@@ -56,84 +57,82 @@ export async function scanStructure(tk) {
         if (result.language === "unknown")
             result.language = "Python";
     }
-    // Framework detection from deps
+    // Collect all dep names from root + common subdirectory package.json files
+    const allDepNames = [];
     if (pkg) {
-        const allDeps = {
+        allDepNames.push(...Object.keys({
             ...pkg.dependencies,
             ...pkg.devDependencies,
-        };
-        const depNames = Object.keys(allDeps);
-        // JS/TS frameworks
-        if (depNames.includes("next"))
-            result.framework = "Next.js";
-        else if (depNames.includes("nuxt"))
-            result.framework = "Nuxt";
-        else if (depNames.includes("@nestjs/core"))
-            result.framework = "NestJS";
-        else if (depNames.includes("fastify"))
-            result.framework = "Fastify";
-        else if (depNames.includes("express"))
-            result.framework = "Express";
-        else if (depNames.includes("hono"))
-            result.framework = "Hono";
-        else if (depNames.includes("react"))
-            result.framework = "React";
-        else if (depNames.includes("vue"))
-            result.framework = "Vue";
-        else if (depNames.includes("svelte"))
-            result.framework = "Svelte";
-        else if (depNames.includes("angular"))
-            result.framework = "Angular";
-        // Test framework
-        if (depNames.includes("vitest"))
-            result.testFramework = "Vitest";
-        else if (depNames.includes("jest"))
-            result.testFramework = "Jest";
-        else if (depNames.includes("mocha"))
-            result.testFramework = "Mocha";
-        // Build system
-        if (depNames.includes("vite"))
-            result.buildSystem = "Vite";
-        else if (depNames.includes("webpack"))
-            result.buildSystem = "Webpack";
-        else if (depNames.includes("esbuild"))
-            result.buildSystem = "esbuild";
-        else if (depNames.includes("rollup"))
-            result.buildSystem = "Rollup";
-        // Monorepo detection
-        if (pkg.workspaces) {
-            result.isMonorepo = true;
-            result.monorepoTool = "npm-workspaces";
+        }));
+    }
+    const UI_DIRS = ["ui", "client", "frontend", "web", "app", "packages"];
+    const subPkgs = await Promise.all(UI_DIRS.map((d) => tk.readJSON(`${d}/package.json`)));
+    for (const subPkg of subPkgs) {
+        if (!subPkg)
+            continue;
+        allDepNames.push(...Object.keys({
+            ...subPkg.dependencies,
+            ...subPkg.devDependencies,
+        }));
+    }
+    // Framework: first dep matching meta-framework, ui-framework, or http-framework
+    const frameworkCategories = new Set(["meta-framework", "ui-framework", "http-framework"]);
+    for (const dep of allDepNames) {
+        const cat = categorizeDep(dep);
+        if (cat && frameworkCategories.has(cat.category)) {
+            result.framework = cat.displayName;
+            break;
         }
     }
-    // Python frameworks
+    // Test framework: first dep matching test-framework
+    for (const dep of allDepNames) {
+        const cat = categorizeDep(dep);
+        if (cat?.category === "test-framework") {
+            result.testFramework = cat.displayName;
+            break;
+        }
+    }
+    // Build system: first dep matching bundler
+    for (const dep of allDepNames) {
+        const cat = categorizeDep(dep);
+        if (cat?.category === "bundler") {
+            result.buildSystem = cat.displayName;
+            break;
+        }
+    }
+    // Monorepo detection
+    if (pkg?.workspaces) {
+        result.isMonorepo = true;
+        result.monorepoTool = "npm-workspaces";
+    }
+    // Python frameworks (text-based — no package.json)
     if (pyProject) {
         if (pyProject.includes("django"))
-            result.framework = "Django";
+            result.framework = result.framework ?? "Django";
         else if (pyProject.includes("fastapi"))
-            result.framework = "FastAPI";
+            result.framework = result.framework ?? "FastAPI";
         else if (pyProject.includes("flask"))
-            result.framework = "Flask";
+            result.framework = result.framework ?? "Flask";
     }
     // Rust frameworks
     if (cargoToml) {
         if (cargoToml.includes("axum"))
-            result.framework = "Axum";
+            result.framework = result.framework ?? "Axum";
         else if (cargoToml.includes("actix"))
-            result.framework = "Actix";
+            result.framework = result.framework ?? "Actix";
         else if (cargoToml.includes("rocket"))
-            result.framework = "Rocket";
-        result.buildSystem = "Cargo";
+            result.framework = result.framework ?? "Rocket";
+        result.buildSystem = result.buildSystem ?? "Cargo";
     }
     // Go frameworks
     if (goMod) {
         if (goMod.includes("gin-gonic"))
-            result.framework = "Gin";
+            result.framework = result.framework ?? "Gin";
         else if (goMod.includes("labstack/echo"))
-            result.framework = "Echo";
+            result.framework = result.framework ?? "Echo";
         else if (goMod.includes("go-fiber"))
-            result.framework = "Fiber";
-        result.buildSystem = "Go";
+            result.framework = result.framework ?? "Fiber";
+        result.buildSystem = result.buildSystem ?? "Go";
     }
     // Monorepo tools (check files in parallel)
     const [nxJson, turboJson, lernaJson, pnpmWorkspace] = await Promise.all([

package/dist/agents/static/taxonomy.d.ts

@@ -0,0 +1,19 @@
+export interface PackageCategory {
+    pattern: RegExp;
+    category: string;
+    role: string;
+    displayName?: string;
+}
+export declare const PACKAGE_TAXONOMY: PackageCategory[];
+/** Role -> component type mapping (replaces DIR_TYPE_HINTS and detectTypeFromDeps) */
+export declare const ROLE_TO_TYPE: Record<string, string>;
+/** Manifest files that indicate a directory is an independent module */
+export declare const MANIFEST_FILES: string[];
+/** Categorize a single dependency name */
+export declare function categorizeDep(name: string): (PackageCategory & {
+    displayName: string;
+}) | null;
+/** Categorize all deps from a manifest — returns only recognized deps */
+export declare function categorizeAllDeps(depNames: string[]): Map<string, PackageCategory & {
+    displayName: string;
+}>;

package/dist/agents/static/taxonomy.js

@@ -0,0 +1,147 @@
+// Static Analysis — Package Taxonomy
+// Single source of truth for mapping package names to architectural categories.
+// All scanners import from here instead of maintaining their own hardcoded lists.
+export const PACKAGE_TAXONOMY = [
+    // Database clients
+    { pattern: /^(pg|mysql2?|better-sqlite3|@libsql\/client|mongodb|mongoose)$/i, category: "database-client", role: "data", displayName: "PostgreSQL" },
+    { pattern: /^(@prisma\/client|prisma|drizzle-orm|typeorm|sequelize|knex|mikro-orm)$/i, category: "orm", role: "data" },
+    // Cache
+    { pattern: /^(redis|ioredis|@upstash\/redis|memcached|keyv)$/i, category: "cache-client", role: "data", displayName: "Redis" },
+    // Message queues
+    { pattern: /^(kafkajs|amqplib|bullmq|bull|bee-queue|@aws-sdk\/client-sqs|@aws-sdk\/client-sns|@aws-sdk\/client-eventbridge|nats|mqtt|@google-cloud\/pubsub|@azure\/service-bus|@azure\/event-hubs|@confluentinc\/kafka-javascript)$/i, category: "queue-client", role: "messaging" },
+    // HTTP frameworks
+    { pattern: /^(express|fastify|@nestjs\/core|hono|koa|@hapi\/hapi)$/i, category: "http-framework", role: "api" },
+    // Frontend frameworks
+    { pattern: /^(react|react-dom|vue|svelte|@angular\/core|solid-js|preact)$/i, category: "ui-framework", role: "frontend" },
+    // Meta-frameworks
+    { pattern: /^(next|nuxt|@remix-run\/node|gatsby|astro)$/i, category: "meta-framework", role: "frontend" },
+    // Cloud SDKs
+    { pattern: /^@aws-sdk\//i, category: "cloud-sdk", role: "external", displayName: "AWS" },
+    { pattern: /^@google-cloud\//i, category: "cloud-sdk", role: "external", displayName: "GCP" },
+    { pattern: /^@azure\//i, category: "cloud-sdk", role: "external", displayName: "Azure" },
+    // AI/LLM SDKs
+    { pattern: /^(@anthropic-ai\/sdk|openai|@google\/genai|@langchain\/.*)$/i, category: "ai-sdk", role: "external" },
+    // Payment
+    { pattern: /^(stripe|@stripe)/i, category: "payment-sdk", role: "external", displayName: "Stripe" },
+    // Real-time
+    { pattern: /^(socket\.io|ws|@socket\.io)/i, category: "realtime", role: "messaging" },
+    // SSE libraries
+    { pattern: /^(sse-channel|better-sse)$/i, category: "sse", role: "messaging", displayName: "Server-Sent Events" },
+    // CLI frameworks
+    { pattern: /^(commander|yargs|@oclif\/core|clipanion|cac)$/i, category: "cli-framework", role: "cli" },
+    // Build/bundlers
+    { pattern: /^(vite|webpack|esbuild|rollup|parcel|tsup|turbopack)$/i, category: "bundler", role: "build" },
+    // Test frameworks
+    { pattern: /^(vitest|jest|mocha|@playwright\/test|cypress)$/i, category: "test-framework", role: "test" },
+    // Secrets management
+    { pattern: /^(dotenv|@aws-sdk\/client-secrets-manager|node-vault|vault|@google-cloud\/secret-manager|@azure\/keyvault-secrets|infisical-sdk)$/i, category: "secrets", role: "infra" },
+    // GraphQL
+    { pattern: /^(graphql|@apollo\/server|@apollo\/client)$/i, category: "graphql", role: "api", displayName: "GraphQL" },
+    // CSS frameworks (architectural signal for UI)
+    { pattern: /^(tailwindcss|@xyflow\/react)$/i, category: "ui-library", role: "frontend" },
+];
+// Display name overrides for specific packages (when pattern-level displayName is too broad)
+const DISPLAY_NAME_OVERRIDES = {
+    "pg": "PostgreSQL",
+    "mysql2": "MySQL",
+    "mysql": "MySQL",
+    "mongodb": "MongoDB",
+    "mongoose": "MongoDB",
+    "redis": "Redis",
+    "ioredis": "Redis",
+    "@upstash/redis": "Redis",
+    "kafkajs": "Kafka",
+    "@confluentinc/kafka-javascript": "Kafka",
+    "amqplib": "RabbitMQ",
+    "bullmq": "BullMQ",
+    "bull": "Bull",
+    "bee-queue": "Bee-Queue",
+    "nats": "NATS",
+    "mqtt": "MQTT",
+    "@google-cloud/pubsub": "Google Pub/Sub",
+    "@aws-sdk/client-sqs": "AWS SQS",
+    "@aws-sdk/client-sns": "AWS SNS",
+    "@aws-sdk/client-eventbridge": "AWS EventBridge",
+    "@azure/service-bus": "Azure Service Bus",
+    "@azure/event-hubs": "Azure Event Hubs",
+    "socket.io": "Socket.IO",
+    "ws": "WebSocket",
+    "next": "Next.js",
+    "nuxt": "Nuxt",
+    "react": "React",
+    "react-dom": "React",
+    "vue": "Vue",
+    "svelte": "Svelte",
+    "@angular/core": "Angular",
+    "solid-js": "Solid",
+    "preact": "Preact",
+    "express": "Express",
+    "fastify": "Fastify",
+    "@nestjs/core": "NestJS",
+    "hono": "Hono",
+    "koa": "Koa",
+    "@prisma/client": "Prisma",
+    "prisma": "Prisma",
+    "drizzle-orm": "Drizzle",
+    "typeorm": "TypeORM",
+    "sequelize": "Sequelize",
+    "knex": "Knex",
+    "openai": "OpenAI",
+    "@anthropic-ai/sdk": "Anthropic",
+    "@google/genai": "Google AI",
+    "vite": "Vite",
+    "webpack": "Webpack",
+    "esbuild": "esbuild",
+    "rollup": "Rollup",
+    "vitest": "Vitest",
+    "jest": "Jest",
+    "mocha": "Mocha",
+    "@playwright/test": "Playwright",
+    "cypress": "Cypress",
+    "commander": "Commander.js",
+    "yargs": "Yargs",
+    "tailwindcss": "Tailwind CSS",
+    "@xyflow/react": "React Flow",
+    "graphql": "GraphQL",
+    "@apollo/server": "Apollo GraphQL",
+    "typescript": "TypeScript",
+};
+/** Role -> component type mapping (replaces DIR_TYPE_HINTS and detectTypeFromDeps) */
+export const ROLE_TO_TYPE = {
+    frontend: "frontend",
+    api: "api",
+    data: "database",
+    messaging: "worker",
+    external: "service",
+    cli: "service",
+    build: "service",
+    test: "service",
+    infra: "service",
+};
+/** Manifest files that indicate a directory is an independent module */
+export const MANIFEST_FILES = [
+    "package.json", "Cargo.toml", "go.mod", "pyproject.toml",
+    "requirements.txt", "setup.py", "pubspec.yaml", "build.gradle",
+    "pom.xml", "Gemfile", "Makefile", "Dockerfile", "wrangler.toml",
+    "tsconfig.json",
+];
+/** Categorize a single dependency name */
+export function categorizeDep(name) {
+    const match = PACKAGE_TAXONOMY.find(t => t.pattern.test(name));
+    if (!match)
+        return null;
+    return {
+        ...match,
+        displayName: DISPLAY_NAME_OVERRIDES[name] ?? match.displayName ?? name,
+    };
+}
+/** Categorize all deps from a manifest — returns only recognized deps */
+export function categorizeAllDeps(depNames) {
+    const result = new Map();
+    for (const name of depNames) {
+        const cat = categorizeDep(name);
+        if (cat)
+            result.set(name, cat);
+    }
+    return result;
+}

package/dist/agents/tools/local-fs.js

@@ -1,6 +1,8 @@
 import { readFile, readdir, stat } from "node:fs/promises";
 import { resolve, relative, join } from "node:path";
 import { EXCLUDED_DIRS } from "../static/excluded-dirs.js";
+/** Dot-prefixed directories that should NOT be skipped during walks (CI/CD configs) */
+const ALLOWED_DOT_DIRS = new Set([".github", ".circleci", ".gitlab"]);
 export class LocalFSBackend {
     root;
     constructor(projectRoot) {
@@ -83,9 +85,10 @@ export class LocalFSBackend {
             return;
         }
         for (const entry of entries) {
-            if (entry.name.startsWith(".") || EXCLUDED_DIRS.has(entry.name)) {
+            if (EXCLUDED_DIRS.has(entry.name))
+                continue;
+            if (entry.name.startsWith(".") && !ALLOWED_DOT_DIRS.has(entry.name))
                 continue;
-            }
             const relPath = prefix ? `${prefix}/${entry.name}` : entry.name;
             if (entry.isDirectory()) {
                 await this.walk(base, relPath, regex, matches);

package/dist/cli/analyze.js

@@ -6,7 +6,7 @@ import { resolveConfig } from "./config.js";
 import { recordUsage } from "./license-gate.js";
 import { staticResultToSpec, writeSpec, writeMetadata, loadSpec, loadMetadata } from "./yaml-io.js";
 import { getChangedFiles, mapFilesToComponents, shouldRunAgents, isGitAvailable, categorizeChanges, computeNeighbors, getCommitCount } from "./incremental.js";
-import { progressBar } from "./ui.js";
+import { progressBar, confirm } from "./ui.js";
 export async function handleAnalyze(options) {
     const rootDir = options.dir ? path.resolve(options.dir) : process.cwd();
     const isStaticOnly = options.static || options.skipLlm;
@@ -48,12 +48,18 @@ export async function handleAnalyze(options) {
             progress.update(0, `Static analysis: ${msg}`);
         });
         progress.update(1, "Building analysis...");
-        const analysis = buildAnalysisFromStatic(result, rootDir);
+        const freshAnalysis = buildAnalysisFromStatic(result, rootDir);
         const duration = Date.now() - startTime;
+        // Merge into existing analysis if it was produced by an agentic run,
+        // preserving LLM-generated components/connections while refreshing
+        // static data (environments, metadata, project info).
+        const existingAnalysis = loadExistingAnalysis(rootDir);
+        const wasAgentic = existingAnalysis && existingAnalysis.metadata?.mode !== "static";
+        const analysis = wasAgentic ? mergeStaticIntoExisting(existingAnalysis, freshAnalysis) : freshAnalysis;
         // Stamp scan metadata on analysis.json (backward compat)
         const ameta = analysis.metadata;
         ameta.durationMs = duration;
-        ameta.mode = "static";
+        ameta.mode = wasAgentic ? "static-refresh" : "static";
         writeAnalysis(rootDir, analysis);
         // Dual-write: archbyte.yaml + metadata.json
         const existingSpec = loadSpec(rootDir);
@@ -79,28 +85,20 @@ export async function handleAnalyze(options) {
         config.apiKey = options.apiKey;
     }
     if (!config) {
-        const msg = [
-            chalk.red("No model provider configured."),
-            "",
-            chalk.bold("Zero-config (Claude Code users):"),
-            chalk.gray("  Install Claude Code → archbyte analyze just works"),
-            "",
-            chalk.bold("Or set up with:"),
-            chalk.gray("  archbyte config set provider anthropic"),
-            chalk.gray("  archbyte config set api-key sk-ant-..."),
-            "",
-            chalk.bold("Or use environment variables:"),
-            chalk.gray("  export ARCHBYTE_PROVIDER=anthropic"),
-            chalk.gray("  export ARCHBYTE_API_KEY=sk-ant-..."),
-            "",
-            chalk.bold("Or run without a model:"),
-            chalk.gray("  archbyte analyze --static"),
-            "",
-            chalk.bold("Supported providers:"),
-            chalk.gray("  anthropic, openai, google, claude-sdk"),
-        ].join("\n");
-        console.error(msg);
-        throw new Error("No model provider configured");
+        console.log(chalk.yellow("No model provider configured."));
+        console.log();
+        const shouldSetup = await confirm("Set up your AI provider now?");
+        if (shouldSetup) {
+            const { handleSetup } = await import("./setup.js");
+            await handleSetup();
+            config = resolveConfig();
+        }
+        if (!config) {
+            console.log();
+            console.log(chalk.gray("Running static-only analysis (no AI)."));
+            console.log();
+            return handleAnalyze({ ...options, static: true });
+        }
     }
     const providerLabel = config.provider === "claude-sdk" ? "Claude Code (SDK)" : config.provider;
     console.log(chalk.gray(`Provider: ${chalk.white(providerLabel)}`));
@@ -413,10 +411,34 @@ function printSummary(analysis, durationMs, mode, options) {
     if (!options?.skipServeHint) {
         console.log(`  ${chalk.cyan("archbyte serve")}      Open the interactive diagram`);
     }
-    console.log(`  ${chalk.cyan("archbyte validate")}   Check architecture fitness rules ${chalk.yellow("[Pro]")}`);
-    console.log(`  ${chalk.cyan("archbyte patrol")}     Continuous architecture monitoring ${chalk.yellow("[Pro]")}`);
     console.log();
 }
+// ─── Analysis merge helpers ───
+function loadExistingAnalysis(rootDir) {
+    const p = path.join(rootDir, ".archbyte", "analysis.json");
+    try {
+        return JSON.parse(fs.readFileSync(p, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Merge fresh static scan into an existing agentic analysis.
+ * Preserves: components, connections, flows, databases, externalServices (LLM-generated).
+ * Updates: project info, environments, metadata, c4/infra if present.
+ */
+function mergeStaticIntoExisting(existing, fresh) {
+    return {
+        ...existing,
+        project: fresh.project,
+        environments: fresh.environments,
+        metadata: {
+            ...(existing.metadata ?? {}),
+            ...(fresh.metadata ?? {}),
+        },
+    };
+}
 // ─── Analysis converters ───
 /**
  * Convert a StaticAnalysisResult (from pipeline or static-only) into the

package/dist/cli/license-gate.js

@@ -1,6 +1,7 @@
 import chalk from "chalk";
 import { loadCredentials, cacheVerifiedTier, resetOfflineActions, checkOfflineAction } from "./auth.js";
 import { API_BASE, NETWORK_TIMEOUT_MS } from "./constants.js";
+import { confirm } from "./ui.js";
 /**
  * Pre-flight license check. Must be called before scan/analyze/generate.
  *
@@ -16,25 +17,44 @@ import { API_BASE, NETWORK_TIMEOUT_MS } from "./constants.js";
  * the 1-hour cache window. Exceeding limits blocks the action.
  */
 export async function requireLicense(action) {
-    const creds = loadCredentials();
-    // Not logged in
+    let creds = loadCredentials();
+    // Not logged in — offer interactive login
     if (!creds) {
-        console.error();
-        console.error(chalk.red("Authentication required."));
-        console.error();
-        console.error(chalk.gray("Sign in or create a free account:"));
-        console.error(chalk.gray("  archbyte login"));
-        console.error();
-        console.error(chalk.gray("Free tier includes unlimited scans. No credit card required."));
-        process.exit(1);
+        console.log();
+        console.log(chalk.yellow("Not signed in."));
+        console.log(chalk.gray("Free tier includes unlimited scans. No credit card required."));
+        console.log();
+        const shouldLogin = await confirm("Sign in now?");
+        if (!shouldLogin)
+            process.exit(1);
+        const { handleLogin } = await import("./auth.js");
+        await handleLogin();
+        creds = loadCredentials();
+        if (!creds) {
+            console.error(chalk.red("Login failed. Please try again with `archbyte login`."));
+            process.exit(1);
+        }
     }
-    // Token expired locally (treat invalid dates as expired — fail-closed)
+    // Token expired locally — offer re-login
     const expiry = new Date(creds.expiresAt);
     if (isNaN(expiry.getTime()) || expiry < new Date()) {
-        console.error();
-        console.error(chalk.red("Session expired."));
-        console.error(chalk.gray("Run `archbyte login` to refresh your session."));
-        process.exit(1);
+        console.log();
+        console.log(chalk.yellow("Session expired."));
+        const shouldRelogin = await confirm("Sign in again?");
+        if (!shouldRelogin)
+            process.exit(1);
+        const { handleLogin } = await import("./auth.js");
+        await handleLogin();
+        creds = loadCredentials();
+        if (!creds) {
+            console.error(chalk.red("Login failed. Please try again with `archbyte login`."));
+            process.exit(1);
+        }
+        const freshExpiry = new Date(creds.expiresAt);
+        if (isNaN(freshExpiry.getTime()) || freshExpiry < new Date()) {
+            console.error(chalk.red("Session still expired. Please try `archbyte login`."));
+            process.exit(1);
+        }
     }
     // Check usage with server
     try {
@@ -48,10 +68,18 @@ export async function requireLicense(action) {
             signal: AbortSignal.timeout(NETWORK_TIMEOUT_MS),
         });
         if (res.status === 401) {
-            console.error();
-            console.error(chalk.red("Session invalid. Please log in again."));
-            console.error(chalk.gray("  archbyte login"));
-            process.exit(1);
+            console.log();
+            console.log(chalk.yellow("Session invalid."));
+            const shouldRelogin = await confirm("Sign in again?");
+            if (!shouldRelogin)
+                process.exit(1);
+            const { handleLogin } = await import("./auth.js");
+            await handleLogin();
+            creds = loadCredentials();
+            if (!creds)
+                process.exit(1);
+            // Re-check usage with fresh credentials
+            return requireLicense(action);
         }
         if (!res.ok) {
             // Server error — enforce offline limits instead of allowing freely