artyfax 0.2.0

package/dist/cli.js

@@ -0,0 +1,1432 @@
+#!/usr/bin/env node
+
+// src/cli.ts
+import { readFileSync as readFileSync2 } from "fs";
+import { resolve as resolve2 } from "path";
+
+// src/config.ts
+function getConfig(flags) {
+  const apiKey = flags["api-key"] || process.env.ARTYFAX_API_KEY;
+  if (!apiKey) {
+    console.error("No API key. Set ARTYFAX_API_KEY or pass --api-key.");
+    process.exit(1);
+  }
+  return {
+    apiKey,
+    endpoint: flags.endpoint || process.env.ARTYFAX_ENDPOINT || "https://artyfax.io",
+    passphrase: process.env.ARTYFAX_SECURE_PASSPHRASE || null
+  };
+}
+async function apiFetch(config, path, init) {
+  const res = await fetch(`${config.endpoint}/api${path}`, {
+    ...init,
+    headers: {
+      "Content-Type": "application/json",
+      "X-API-Key": config.apiKey,
+      ...init?.headers
+    }
+  });
+  if (!res.ok) {
+    const body = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
+    throw new Error(body.error ?? `HTTP ${res.status}`);
+  }
+  return res.json();
+}
+
+// src/passphrase.ts
+import { createInterface } from "readline";
+
+// ../shared/src/secure-crypto.ts
+var PBKDF2_ITERATIONS = 6e5;
+var VERIFICATION_STRING = "artyfax-secure-docs-v1";
+async function deriveSDK(passphrase, salt) {
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    new TextEncoder().encode(passphrase),
+    "PBKDF2",
+    false,
+    ["deriveKey"]
+  );
+  return crypto.subtle.deriveKey(
+    { name: "PBKDF2", salt, iterations: PBKDF2_ITERATIONS, hash: "SHA-512" },
+    keyMaterial,
+    { name: "AES-GCM", length: 256 },
+    true,
+    ["encrypt", "decrypt"]
+  );
+}
+async function encryptSecure(plaintext, sdk) {
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+  const encoded = new TextEncoder().encode(plaintext);
+  const ciphertext = await crypto.subtle.encrypt({ name: "AES-GCM", iv }, sdk, encoded);
+  const combined = new Uint8Array(iv.length + ciphertext.byteLength);
+  combined.set(iv);
+  combined.set(new Uint8Array(ciphertext), iv.length);
+  return bufferToBase64(combined.buffer);
+}
+async function decryptSecure(blob, sdk) {
+  const data = new Uint8Array(base64ToBuffer(blob));
+  const iv = data.slice(0, 12);
+  const ciphertext = data.slice(12);
+  const decrypted = await crypto.subtle.decrypt({ name: "AES-GCM", iv }, sdk, ciphertext);
+  return new TextDecoder().decode(decrypted);
+}
+async function verifyPassphrase(sdk, verifyBlob) {
+  try {
+    const result = await decryptSecure(verifyBlob, sdk);
+    return result === VERIFICATION_STRING;
+  } catch {
+    return false;
+  }
+}
+function base64ToBuffer(base64) {
+  const binary = atob(base64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes.buffer;
+}
+function bufferToBase64(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary);
+}
+
+// src/passphrase.ts
+async function promptPassphrase(prompt = "Passphrase: ") {
+  return new Promise((resolve3, reject) => {
+    const rl = createInterface({ input: process.stdin, output: process.stderr });
+    process.stderr.write(prompt);
+    const cleanup = () => {
+      if (process.stdin.isTTY) process.stdin.setRawMode(false);
+      process.stdin.removeListener("data", onData);
+      rl.close();
+    };
+    process.on("exit", cleanup);
+    if (process.stdin.isTTY) {
+      process.stdin.setRawMode(true);
+    }
+    let input = "";
+    const onData = (ch) => {
+      const c2 = ch.toString();
+      if (c2 === "\n" || c2 === "\r") {
+        process.stderr.write("\n");
+        cleanup();
+        resolve3(input);
+      } else if (c2 === "" || c2.length === 0) {
+        process.stderr.write("\n");
+        cleanup();
+        process.exit(1);
+      } else if (c2 === "\x7F" || c2 === "\b") {
+        input = input.slice(0, -1);
+      } else {
+        input += c2;
+      }
+    };
+    process.stdin.on("data", onData);
+    process.stdin.resume();
+  });
+}
+async function getSDK(config) {
+  const passphrase = config.passphrase ?? await promptPassphrase();
+  if (config.passphrase) {
+    Reflect.deleteProperty(process.env, "ARTYFAX_SECURE_PASSPHRASE");
+  }
+  const state = await apiFetch(config, "/account/secure-state");
+  if (!state.salt || !state.verify) {
+    throw new Error("E2EE not set up. Configure a passphrase in the Artyfax web app first.");
+  }
+  const saltBytes = new Uint8Array(base64ToBuffer(state.salt));
+  const sdk = await deriveSDK(passphrase, saltBytes);
+  const valid = await verifyPassphrase(sdk, state.verify);
+  if (!valid) {
+    throw new Error("Incorrect passphrase");
+  }
+  return sdk;
+}
+
+// src/ui.ts
+import { createInterface as createInterface2 } from "readline";
+import pc from "picocolors";
+import ora from "ora";
+var isTTY = process.stdout.isTTY === true;
+var c = {
+  amber: (s) => pc.yellow(s),
+  teal: (s) => pc.green(s),
+  rose: (s) => pc.red(s),
+  muted: (s) => pc.dim(s),
+  bright: (s) => pc.bold(s),
+  blue: (s) => pc.blue(s)
+};
+function spinner(text) {
+  return ora({ text, isSilent: !isTTY });
+}
+function table(rows, { header } = {}) {
+  const all = header ? [header, ...rows] : rows;
+  const widths = [];
+  for (const row of all) {
+    for (let i = 0; i < row.length; i++) {
+      const len = stripAnsi(row[i]).length;
+      widths[i] = Math.max(widths[i] || 0, len);
+    }
+  }
+  const termWidth = process.stdout.columns || 120;
+  const lines = [];
+  for (let r = 0; r < all.length; r++) {
+    const row = all[r];
+    const parts = [];
+    for (let i = 0; i < row.length; i++) {
+      const raw = stripAnsi(row[i]);
+      const pad = i < row.length - 1 ? " ".repeat(Math.max(0, widths[i] - raw.length)) : "";
+      parts.push(row[i] + pad);
+    }
+    let line = parts.join("  ");
+    if (stripAnsi(line).length > termWidth) {
+      const plain = stripAnsi(line);
+      line = plain.slice(0, termWidth - 1) + "\u2026";
+    }
+    lines.push(line);
+    if (r === 0 && header) {
+      lines.push(c.muted("\u2500".repeat(Math.min(stripAnsi(line).length, termWidth))));
+    }
+  }
+  return lines.join("\n");
+}
+function stripAnsi(s) {
+  return s.replace(/\x1b\[[0-9;]*m/g, "");
+}
+function confirm(message) {
+  return new Promise((resolve3) => {
+    const rl = createInterface2({ input: process.stdin, output: process.stderr });
+    rl.question(`${message} ${c.muted("[y/N]")} `, (answer) => {
+      rl.close();
+      resolve3(answer.trim().toLowerCase() === "y");
+    });
+  });
+}
+function error(message, suggestion) {
+  console.error(c.rose(`Error: ${message}`));
+  if (suggestion) console.error(c.muted(suggestion));
+  process.exit(1);
+}
+
+// src/commands/save.ts
+async function save(config, opts) {
+  const spin = spinner(opts.url ? "Extracting article\u2026" : "Saving document\u2026");
+  spin.start();
+  if (opts.url && opts.secure) {
+    spin.stop();
+    throw new Error("Cannot combine --url with --secure. URL extraction happens server-side, so the CLI cannot encrypt content it never sees.");
+  }
+  let content = opts.content;
+  if (opts.secure && content) {
+    spin.text = "Encrypting\u2026";
+    const sdk = await getSDK(config);
+    content = await encryptSecure(content, sdk);
+  }
+  try {
+    const body = {
+      title: opts.title || void 0,
+      content: content || void 0,
+      format: opts.format,
+      category: opts.category,
+      doc_type: opts.docType || "original",
+      secure: opts.secure || void 0
+    };
+    if (opts.url) body.url = opts.url;
+    if (opts.tags) body.tags = opts.tags.split(",").map((t) => t.trim());
+    if (opts.theme) body.theme = opts.theme;
+    if (opts.parentId) body.parent_id = opts.parentId;
+    const result = await apiFetch(
+      config,
+      "/ingest",
+      { method: "POST", body: JSON.stringify(body) }
+    );
+    spin.stop();
+    if (opts.json) {
+      console.log(JSON.stringify(result.document));
+    } else {
+      console.log(`${c.teal("Saved:")} ${result.document.slug}${opts.secure ? c.muted(" (encrypted)") : ""}`);
+    }
+  } catch (e) {
+    spin.fail("Save failed");
+    throw e;
+  }
+}
+
+// src/resolve.ts
+async function resolveSlug(config, slugOrId) {
+  if (slugOrId.includes("/")) {
+    try {
+      const doc = await apiFetch(config, `/documents/by-slug/${slugOrId}`);
+      return doc;
+    } catch {
+    }
+  }
+  if (slugOrId.match(/^[0-9a-f-]{36}$/i)) {
+    try {
+      const doc = await apiFetch(config, `/documents/${slugOrId}`);
+      return doc;
+    } catch {
+    }
+  }
+  const docs = await apiFetch(
+    config,
+    `/documents?limit=500`
+  );
+  const exact = docs.documents.find(
+    (d) => d.slug === slugOrId || d.slug.endsWith(`/${slugOrId}`)
+  );
+  if (exact) return exact;
+  const partial = docs.documents.filter(
+    (d) => d.slug.includes(slugOrId) || d.title.toLowerCase().includes(slugOrId.toLowerCase())
+  );
+  if (partial.length === 1) return partial[0];
+  if (partial.length > 1) {
+    throw new Error(
+      `Ambiguous match for "${slugOrId}". Did you mean:
+` + partial.slice(0, 5).map((d) => `  ${d.slug}`).join("\n")
+    );
+  }
+  throw new Error(`Document not found: ${slugOrId}. Try \`arty search ${slugOrId}\` or \`arty list\``);
+}
+
+// src/commands/read.ts
+async function read(config, slugOrId, forceSecure) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  const isSecure = doc.secure === 1 || forceSecure;
+  spin.text = "Fetching content\u2026";
+  const data = await apiFetch(
+    config,
+    `/documents/${doc.id}/content`
+  );
+  spin.stop();
+  if (isSecure) {
+    const sdk = await getSDK(config);
+    const plaintext = await decryptSecure(data.content, sdk);
+    process.stdout.write(plaintext);
+  } else {
+    process.stdout.write(data.md_source ?? data.content);
+  }
+}
+
+// src/commands/secure.ts
+async function secure(config, slugOrId) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  if (doc.secure === 1) {
+    spin.stop();
+    console.log(c.muted(`Already encrypted: ${doc.slug}`));
+    return;
+  }
+  const sdk = await getSDK(config);
+  spin.text = "Fetching content\u2026";
+  const data = await apiFetch(
+    config,
+    `/documents/${doc.id}/content`
+  );
+  const source = data.md_source ?? data.content;
+  spin.text = "Encrypting\u2026";
+  const encrypted = await encryptSecure(source, sdk);
+  spin.text = "Uploading\u2026";
+  await apiFetch(config, `/documents/${doc.id}/content`, {
+    method: "PATCH",
+    body: JSON.stringify({ content: encrypted })
+  });
+  await apiFetch(config, `/documents/${doc.id}`, {
+    method: "PATCH",
+    body: JSON.stringify({ secure: 1 })
+  });
+  spin.succeed(`${c.teal("Encrypted:")} ${doc.slug}`);
+}
+async function unsecure(config, slugOrId) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  if (doc.secure !== 1) {
+    spin.stop();
+    console.log(c.muted(`Not encrypted: ${doc.slug}`));
+    return;
+  }
+  const sdk = await getSDK(config);
+  spin.text = "Fetching content\u2026";
+  const data = await apiFetch(
+    config,
+    `/documents/${doc.id}/content`
+  );
+  spin.text = "Decrypting\u2026";
+  const plaintext = await decryptSecure(data.content, sdk);
+  spin.text = "Uploading\u2026";
+  await apiFetch(config, `/documents/${doc.id}/content`, {
+    method: "PATCH",
+    body: JSON.stringify({ content: plaintext })
+  });
+  await apiFetch(config, `/documents/${doc.id}`, {
+    method: "PATCH",
+    body: JSON.stringify({ secure: 0 })
+  });
+  spin.succeed(`${c.teal("Decrypted:")} ${doc.slug}`);
+}
+
+// src/commands/list.ts
+async function list(config, opts) {
+  const spin = spinner("Loading documents\u2026");
+  spin.start();
+  let path = `/documents?limit=${opts.limit}`;
+  if (opts.category) path += `&category=${encodeURIComponent(opts.category)}`;
+  if (opts.offset) path += `&offset=${opts.offset}`;
+  if (opts.archived) path += `&archived=1`;
+  if (opts.parentId) path += `&parent_id=${encodeURIComponent(opts.parentId)}`;
+  const data = await apiFetch(config, path);
+  spin.stop();
+  if (opts.json) {
+    console.log(JSON.stringify(data.documents));
+    return;
+  }
+  if (data.documents.length === 0) {
+    console.log(c.muted("No documents found."));
+    return;
+  }
+  const rows = data.documents.map((doc) => {
+    const icons = [
+      doc.secure === 1 ? "\u{1F512}" : "",
+      (doc.shared_count ?? 0) > 0 ? "\u{1F517}" : ""
+    ].filter(Boolean).join("") || "  ";
+    return [
+      c.muted(doc.updated_at.slice(0, 10)),
+      icons,
+      doc.title,
+      c.muted(doc.slug)
+    ];
+  });
+  console.log(table(rows, { header: [c.muted("Updated"), "", "Title", c.muted("Slug")] }));
+}
+
+// src/commands/search.ts
+async function search(config, query, json) {
+  const spin = spinner(`Searching for "${query}"\u2026`);
+  spin.start();
+  const data = await apiFetch(
+    config,
+    `/search?q=${encodeURIComponent(query)}`
+  );
+  spin.stop();
+  if (json) {
+    console.log(JSON.stringify(data.results));
+    return;
+  }
+  if (data.results.length === 0) {
+    console.log(c.muted(`No results for "${query}".`));
+    return;
+  }
+  const rows = data.results.map((r) => [
+    r.title,
+    c.muted(r.slug),
+    c.muted(r.updated_at.slice(0, 10))
+  ]);
+  console.log(table(rows, { header: ["Title", c.muted("Slug"), c.muted("Updated")] }));
+  console.log(c.muted(`
+${data.results.length} result${data.results.length === 1 ? "" : "s"}`));
+}
+
+// src/commands/get.ts
+async function get(config, slugOrId) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  spin.stop();
+  console.log(JSON.stringify(doc, null, 2));
+}
+
+// src/commands/delete.ts
+async function del(config, slugOrId, yes, json) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  spin.stop();
+  if (!yes) {
+    const confirmed = await confirm(`Delete ${c.bright(doc.slug)}?`);
+    if (!confirmed) {
+      console.log(c.muted("Cancelled."));
+      return;
+    }
+  }
+  const delSpin = spinner("Deleting\u2026");
+  delSpin.start();
+  await apiFetch(config, `/documents/${doc.id}`, { method: "DELETE" });
+  delSpin.stop();
+  if (json) {
+    console.log(JSON.stringify({ deleted: true, slug: doc.slug, id: doc.id }));
+  } else {
+    console.log(`${c.rose("Deleted:")} ${doc.slug}`);
+  }
+}
+
+// src/commands/open.ts
+import { execFile } from "child_process";
+async function open(config, slugOrId) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  spin.stop();
+  const url = `${config.endpoint}/${doc.slug}`;
+  const platform = process.platform;
+  const cmd = platform === "darwin" ? "open" : platform === "win32" ? "cmd" : "xdg-open";
+  const args = platform === "win32" ? ["/c", "start", url] : [url];
+  execFile(cmd, args, (err) => {
+    if (err) {
+      console.log(c.muted(`Could not open browser. URL: ${url}`));
+    } else {
+      console.log(`${c.teal("Opened:")} ${url}`);
+    }
+  });
+}
+
+// src/commands/update.ts
+import { readFileSync } from "fs";
+import { resolve } from "path";
+async function update(config, slugOrId, file, json) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  spin.text = "Reading content\u2026";
+  let content;
+  if (file === "-" || !file) {
+    if (process.stdin.isTTY) {
+      spin.stop();
+      throw new Error("No file provided and stdin is a terminal. Pipe content or specify a file path.");
+    }
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+      chunks.push(chunk);
+    }
+    content = Buffer.concat(chunks).toString("utf-8");
+  } else {
+    try {
+      content = readFileSync(resolve(file), "utf-8");
+    } catch {
+      spin.stop();
+      throw new Error(`File not found: ${file}`);
+    }
+  }
+  if (doc.secure === 1) {
+    spin.text = "Encrypting (secure document)\u2026";
+    const sdk = await getSDK(config);
+    content = await encryptSecure(content, sdk);
+  }
+  spin.text = "Uploading\u2026";
+  await apiFetch(config, `/documents/${doc.id}/content`, {
+    method: "PATCH",
+    body: JSON.stringify({ content })
+  });
+  spin.stop();
+  if (json) {
+    console.log(JSON.stringify({ updated: true, slug: doc.slug, id: doc.id, secure: doc.secure === 1 }));
+  } else {
+    const suffix = doc.secure === 1 ? c.muted(" (re-encrypted)") : "";
+    console.log(`${c.teal("Updated:")} ${doc.slug}${suffix}`);
+  }
+}
+
+// src/commands/metadata.ts
+async function metadata(config, slugOrId, opts) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  const patch = {};
+  if (opts.category !== void 0) patch.category = opts.category;
+  if (opts.title !== void 0) patch.title = opts.title;
+  if (opts.theme !== void 0) patch.theme = opts.theme;
+  if (opts.visibility !== void 0) patch.visibility = opts.visibility;
+  if (opts.archived !== void 0) patch.archived = opts.archived ? 1 : 0;
+  if (opts.tags !== void 0) patch.tags = opts.tags.split(",").map((t) => t.trim());
+  if (Object.keys(patch).length === 0) {
+    spin.stop();
+    throw new Error("No metadata flags provided. Use --category, --tags, --title, --theme, --visibility, or --archived");
+  }
+  spin.text = "Updating metadata\u2026";
+  await apiFetch(config, `/documents/${doc.id}/metadata`, {
+    method: "PATCH",
+    body: JSON.stringify(patch)
+  });
+  spin.stop();
+  if (opts.json) {
+    console.log(JSON.stringify({ updated: true, slug: doc.slug, id: doc.id, fields: Object.keys(patch) }));
+  } else {
+    const fields = Object.keys(patch).join(", ");
+    console.log(`${c.teal("Updated:")} ${doc.slug} ${c.muted(`(${fields})`)}`);
+  }
+}
+
+// src/commands/share.ts
+async function shareCreate(config, slugOrId, json) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  spin.text = "Creating share link\u2026";
+  const result = await apiFetch(
+    config,
+    "/shares",
+    {
+      method: "POST",
+      body: JSON.stringify({ document_id: doc.id })
+    }
+  );
+  spin.stop();
+  const url = `${config.endpoint}/s/${result.hash}`;
+  if (json) {
+    console.log(JSON.stringify({ hash: result.hash, url, slug: doc.slug }));
+  } else {
+    console.log(`${c.teal("Share created:")} ${url}`);
+  }
+}
+async function shareList(config, slugOrId, json) {
+  const spin = spinner("Loading shares\u2026");
+  spin.start();
+  let path = "/shares";
+  if (slugOrId) {
+    const doc = await resolveSlug(config, slugOrId);
+    path = `/shares/${doc.id}`;
+  }
+  const data = await apiFetch(config, path);
+  spin.stop();
+  if (json) {
+    console.log(JSON.stringify(data.shares));
+    return;
+  }
+  if (data.shares.length === 0) {
+    console.log(c.muted("No shares found."));
+    return;
+  }
+  const rows = data.shares.map((s) => [
+    s.hash,
+    s.title || s.slug || s.document_id,
+    String(s.view_count),
+    c.muted(s.created_at.slice(0, 10))
+  ]);
+  console.log(table(rows, { header: ["Hash", "Document", "Views", c.muted("Created")] }));
+}
+async function shareRevoke(config, hash, yes, json) {
+  if (!yes) {
+    const confirmed = await confirm(`Revoke share ${c.bright(hash)}?`);
+    if (!confirmed) {
+      console.log(c.muted("Cancelled."));
+      return;
+    }
+  }
+  const spin = spinner("Revoking\u2026");
+  spin.start();
+  await apiFetch(config, `/shares/${hash}`, { method: "DELETE" });
+  spin.stop();
+  if (json) {
+    console.log(JSON.stringify({ revoked: true, hash }));
+  } else {
+    console.log(`${c.rose("Revoked:")} ${hash}`);
+  }
+}
+
+// src/commands/category.ts
+async function catList(config, json) {
+  const spin = spinner("Loading categories\u2026");
+  spin.start();
+  const data = await apiFetch(config, "/categories");
+  spin.stop();
+  if (json) {
+    console.log(JSON.stringify(data.categories));
+    return;
+  }
+  if (data.categories.length === 0) {
+    console.log(c.muted("No categories found."));
+    return;
+  }
+  const rows = data.categories.map((cat) => [
+    cat.icon,
+    cat.label,
+    c.muted(cat.slug),
+    String(cat.count)
+  ]);
+  console.log(table(rows, { header: ["", "Label", c.muted("Slug"), "Docs"] }));
+}
+
+// src/commands/tag.ts
+async function tagList(config, json) {
+  const spin = spinner("Loading tags\u2026");
+  spin.start();
+  const data = await apiFetch(config, "/tags");
+  spin.stop();
+  if (json) {
+    console.log(JSON.stringify(data.tags));
+    return;
+  }
+  if (data.tags.length === 0) {
+    console.log(c.muted("No tags found."));
+    return;
+  }
+  const rows = data.tags.map((t) => [t.tag, String(t.count)]);
+  console.log(table(rows, { header: ["Tag", "Count"] }));
+}
+
+// src/commands/version.ts
+async function versionList(config, slugOrId, json) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  spin.text = "Loading versions\u2026";
+  const data = await apiFetch(config, `/documents/${doc.id}/versions`);
+  spin.stop();
+  if (json) {
+    console.log(JSON.stringify(data.versions));
+    return;
+  }
+  if (data.versions.length === 0) {
+    console.log(c.muted("No versions found."));
+    return;
+  }
+  console.log(`${c.bright(doc.slug)} \u2014 ${data.versions.length} version${data.versions.length === 1 ? "" : "s"}
+`);
+  const rows = data.versions.map((v, i) => [
+    i === 0 ? c.teal("current") : c.muted(`v${data.versions.length - i}`),
+    v.timestamp.replace("T", " ").replace(/\.\d+Z$/, ""),
+    v.word_count != null ? `${v.word_count} words` : c.muted("\u2014")
+  ]);
+  console.log(table(rows, { header: ["", "Timestamp", "Words"] }));
+}
+async function versionRestore(config, slugOrId, yes, json) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  spin.text = "Loading versions\u2026";
+  const data = await apiFetch(config, `/documents/${doc.id}/versions`);
+  spin.stop();
+  if (data.versions.length < 2) {
+    console.log(c.muted("No previous versions to restore."));
+    return;
+  }
+  const previous = data.versions.slice(1);
+  console.log(`${c.bright(doc.slug)} \u2014 ${previous.length} previous version${previous.length === 1 ? "" : "s"}:
+`);
+  for (let i = 0; i < previous.length; i++) {
+    const v = previous[i];
+    const label = `v${data.versions.length - 1 - i}`;
+    const ts = v.timestamp.replace("T", " ").replace(/\.\d+Z$/, "");
+    const words = v.word_count != null ? ` (${v.word_count} words)` : "";
+    console.log(`  ${c.amber(label)}  ${ts}${c.muted(words)}`);
+  }
+  const target = previous[0];
+  console.log();
+  if (!yes) {
+    const ts = target.timestamp.replace("T", " ").replace(/\.\d+Z$/, "");
+    const confirmed = await confirm(`Restore to ${ts}?`);
+    if (!confirmed) {
+      console.log(c.muted("Cancelled."));
+      return;
+    }
+  }
+  const restoreSpin = spinner("Restoring\u2026");
+  restoreSpin.start();
+  await apiFetch(config, `/documents/${doc.id}/versions/restore`, {
+    method: "POST",
+    body: JSON.stringify({ timestamp: target.timestamp })
+  });
+  restoreSpin.stop();
+  if (json) {
+    console.log(JSON.stringify({ restored: true, slug: doc.slug, timestamp: target.timestamp }));
+  } else {
+    console.log(`${c.teal("Restored:")} ${doc.slug} to ${target.timestamp.replace("T", " ").replace(/\.\d+Z$/, "")}`);
+  }
+}
+
+// src/commands/note.ts
+async function noteList(config, slugOrId, json) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  spin.text = "Loading annotations\u2026";
+  const data = await apiFetch(
+    config,
+    `/annotations/doc/${doc.id}`
+  );
+  spin.stop();
+  if (json) {
+    console.log(JSON.stringify(data.annotations));
+    return;
+  }
+  if (data.annotations.length === 0) {
+    console.log(c.muted("No annotations found."));
+    return;
+  }
+  console.log(`${c.bright(doc.slug)} \u2014 ${data.annotations.length} annotation${data.annotations.length === 1 ? "" : "s"}
+`);
+  for (const a of data.annotations) {
+    const type = a.type === "highlight" ? c.amber("highlight") : a.type === "comment" ? c.blue("comment") : c.muted(a.type);
+    const date = c.muted(a.created_at.slice(0, 10));
+    console.log(`  ${type}  ${date}`);
+    if (a.selector_text) console.log(`  ${c.muted(">")} ${a.selector_text.slice(0, 80)}${a.selector_text.length > 80 ? "\u2026" : ""}`);
+    if (a.body) console.log(`  ${a.body.slice(0, 120)}${a.body.length > 120 ? "\u2026" : ""}`);
+    console.log();
+  }
+}
+async function noteAdd(config, slugOrId, text, json) {
+  const spin = spinner("Resolving document\u2026");
+  spin.start();
+  const doc = await resolveSlug(config, slugOrId);
+  let body;
+  if (text) {
+    body = text;
+  } else {
+    if (process.stdin.isTTY) {
+      spin.stop();
+      throw new Error("No text provided. Use --text or pipe text via stdin.");
+    }
+    spin.stop();
+    const chunks = [];
+    for await (const chunk of process.stdin) {
+      chunks.push(chunk);
+    }
+    body = Buffer.concat(chunks).toString("utf-8").trim();
+    spin.start();
+  }
+  if (!body) {
+    spin.stop();
+    throw new Error("No text provided. Use --text or pipe to stdin");
+  }
+  spin.text = "Adding annotation\u2026";
+  const result = await apiFetch(
+    config,
+    `/annotations/doc/${doc.id}`,
+    {
+      method: "POST",
+      body: JSON.stringify({ type: "comment", body })
+    }
+  );
+  spin.stop();
+  if (json) {
+    console.log(JSON.stringify({ added: true, id: result.annotation.id, slug: doc.slug }));
+  } else {
+    console.log(`${c.teal("Added note to")} ${doc.slug}`);
+  }
+}
+async function noteSearch(config, query, json) {
+  const spin = spinner(`Searching annotations for "${query}"\u2026`);
+  spin.start();
+  const data = await apiFetch(
+    config,
+    `/annotations/search?q=${encodeURIComponent(query)}`
+  );
+  spin.stop();
+  if (json) {
+    console.log(JSON.stringify(data.annotations));
+    return;
+  }
+  if (data.annotations.length === 0) {
+    console.log(c.muted(`No annotation results for "${query}".`));
+    return;
+  }
+  const rows = data.annotations.map((a) => [
+    a.type === "highlight" ? c.amber("HL") : c.blue("CM"),
+    a.body.slice(0, 60) + (a.body.length > 60 ? "\u2026" : ""),
+    c.muted(a.created_at.slice(0, 10))
+  ]);
+  console.log(table(rows, { header: ["", "Text", c.muted("Date")] }));
+  console.log(c.muted(`
+${data.annotations.length} result${data.annotations.length === 1 ? "" : "s"}`));
+}
+
+// src/commands/doctor.ts
+import { existsSync } from "fs";
+import { join } from "path";
+async function doctor(config, json) {
+  const checks = [];
+  checks.push({ name: "CLI version", status: "ok", detail: `v${VERSION}` });
+  const keySource = process.env.ARTYFAX_API_KEY ? "ARTYFAX_API_KEY env var" : "--api-key flag";
+  checks.push({ name: "API key", status: "ok", detail: `configured via ${keySource}` });
+  checks.push({ name: "Endpoint", status: "ok", detail: config.endpoint });
+  try {
+    await apiFetch(config, "/categories");
+    checks.push({ name: "API reachable", status: "ok", detail: "connected" });
+  } catch (e) {
+    checks.push({ name: "API reachable", status: "fail", detail: e.message });
+  }
+  try {
+    const state = await apiFetch(config, "/account/secure-state");
+    if (state.salt && state.verify) {
+      checks.push({ name: "E2EE", status: "ok", detail: "passphrase configured" });
+    } else {
+      checks.push({ name: "E2EE", status: "warn", detail: "not configured (set up in web app)" });
+    }
+  } catch {
+    checks.push({ name: "E2EE", status: "warn", detail: "could not check" });
+  }
+  if (process.env.ARTYFAX_SECURE_PASSPHRASE) {
+    checks.push({ name: "Passphrase", status: "ok", detail: "ARTYFAX_SECURE_PASSPHRASE set" });
+  } else {
+    checks.push({ name: "Passphrase", status: "warn", detail: "not set (will prompt interactively)" });
+  }
+  const homeDir = process.env.HOME || process.env.USERPROFILE || "";
+  const userSkillPath = join(homeDir, ".claude", "skills");
+  const hasUserSkill = existsSync(join(userSkillPath, "artyfax"));
+  const hasProjectSkill = existsSync(join(process.cwd(), ".claude", "skills", "artyfax"));
+  if (hasUserSkill || hasProjectSkill) {
+    const where = hasProjectSkill ? "project" : "user";
+    checks.push({ name: "Claude skill", status: "ok", detail: `installed (${where}-level)` });
+  } else {
+    checks.push({ name: "Claude skill", status: "warn", detail: "not installed (run `arty skill install`)" });
+  }
+  if (json) {
+    console.log(JSON.stringify(checks));
+    return;
+  }
+  console.log(`${c.amber("artyfax doctor")} ${c.muted(`v${VERSION}`)}
+`);
+  for (const check of checks) {
+    const icon = check.status === "ok" ? c.teal("\u2713") : check.status === "warn" ? c.amber("\u26A0") : c.rose("\u2717");
+    console.log(`  ${icon}  ${check.name.padEnd(16)} ${check.status === "fail" ? c.rose(check.detail) : check.detail}`);
+  }
+  const fails = checks.filter((ch) => ch.status === "fail");
+  const warns = checks.filter((ch) => ch.status === "warn");
+  console.log();
+  if (fails.length > 0) {
+    console.log(c.rose(`${fails.length} issue${fails.length === 1 ? "" : "s"} found.`));
+  } else if (warns.length > 0) {
+    console.log(c.amber(`All good, ${warns.length} optional improvement${warns.length === 1 ? "" : "s"}.`));
+  } else {
+    console.log(c.teal("Everything looks good."));
+  }
+}
+
+// src/commands/skill.ts
+async function skillInstall(_project) {
+  console.log(c.amber("Skill installation is not available yet."));
+  console.log(c.muted("The Artyfax skill content is being designed in design-28."));
+  console.log(c.muted("Once ready, `arty skill install` will write skill files to ~/.claude/skills/artyfax"));
+}
+async function skillStatus() {
+  console.log(c.amber("Skill status is not available yet."));
+  console.log(c.muted("Run `arty doctor` to check basic setup."));
+}
+async function skillUpdate() {
+  console.log(c.amber("Skill update is not available yet."));
+}
+
+// src/cli.ts
+var VERSION = true ? "0.2.0" : "0.0.0-dev";
+function brandedHelp() {
+  return `
+${c.amber("artyfax")} ${c.muted(`v${VERSION}`)} \u2014 your personal document library
+
+${c.bright("Usage:")} arty <command> [options]
+
+${c.bright("Documents")}
+  save <file>            Save a document (markdown or HTML)
+  read <slug>            Read document content (handles E2EE)
+  list                   List documents
+  get <slug>             Document metadata as JSON
+  search <query>         Full-text search
+  update <slug> <file>   Push updated content (auto-encrypts secure docs)
+  metadata <slug>        Update document metadata
+  delete <slug>          Delete a document
+  open <slug>            Open document in browser
+  secure <slug>          Encrypt a document
+  unsecure <slug>        Remove encryption
+
+${c.bright("Sub-resources")}
+  share create <slug>    Create a share link
+  share list [slug]      List shares
+  share revoke <hash>    Revoke a share link
+  cat list               List categories
+  tag list               List tags
+  version list <slug>    Version history
+  version restore <slug> Restore a previous version
+
+${c.bright("Annotations")}
+  note list <slug>       List annotations on a document
+  note add <slug>        Add an annotation
+  note search <query>    Search annotations
+
+${c.bright("Tools")}
+  doctor                 Verify CLI setup
+  skill install          Install Artyfax skills for Claude Code
+  skill status           Check skill installation
+  skill update           Update installed skills
+
+${c.bright("Global options")}
+  --json                 Machine-readable JSON output
+  --yes, -y              Skip confirmations
+  --api-key <key>        API key (prefer ARTYFAX_API_KEY env var)
+  --endpoint <url>       API endpoint (default: https://artyfax.io)
+  --help, -h             Show help
+  --version, -v          Show version
+
+${c.bright("Environment")}
+  ARTYFAX_API_KEY              API key for authentication
+  ARTYFAX_ENDPOINT             API endpoint URL
+  ARTYFAX_SECURE_PASSPHRASE    Passphrase for E2EE (avoids prompt)
+`.trim();
+}
+var COMMAND_HELP = {
+  save: `${c.amber("arty save")} \u2014 save a document
+
+${c.bright("Usage:")} arty save <file> [options]
+        arty save --url <url> [options]
+
+${c.bright("Options:")}
+  --url <url>          Save from URL (server-side extraction)
+  --secure             Encrypt the document
+  --category <name>    Category (default: inbox)
+  --format <md|html>   Content format (default: md)
+  --tags <t1,t2>       Comma-separated tags
+  --doc-type <type>    Document type (default: original, or article for URLs)
+  --theme <name>       Theme override
+  --parent <id>        Parent document ID
+  --title <name>       Title (default: derived from filename)
+  --json               JSON output
+
+${c.bright("Examples:")}
+  arty save notes.md --category inbox
+  arty save --url https://example.com/article --category articles
+  arty save report.md --secure --category reports`,
+  read: `${c.amber("arty read")} \u2014 read document content
+
+${c.bright("Usage:")} arty read <slug>
+
+Outputs the document's markdown source to stdout. Handles E2EE
+decryption automatically (prompts for passphrase if needed).
+
+${c.bright("Examples:")}
+  arty read inbox/my-doc
+  arty read my-doc                  # partial slug match
+  arty read inbox/my-doc > out.md   # pipe to file`,
+  list: `${c.amber("arty list")} \u2014 list documents
+
+${c.bright("Usage:")} arty list [options]
+
+${c.bright("Options:")}
+  --category <name>    Filter by category
+  --limit <n>          Max results (default: 20)
+  --offset <n>         Skip first N results
+  --archived           Include archived documents
+  --parent-id <id>     Filter by parent document
+  --json               JSON output
+
+${c.bright("Examples:")}
+  arty list --category inbox --limit 10
+  arty list --archived --json`,
+  get: `${c.amber("arty get")} \u2014 document metadata
+
+${c.bright("Usage:")} arty get <slug>
+
+Outputs full document metadata as JSON. For scripting and inspection.
+
+${c.bright("Examples:")}
+  arty get inbox/my-doc
+  arty get my-doc | jq .category`,
+  search: `${c.amber("arty search")} \u2014 full-text search
+
+${c.bright("Usage:")} arty search <query> [--json]
+
+${c.bright("Examples:")}
+  arty search "deployment guide"
+  arty search cloudflare --json`,
+  update: `${c.amber("arty update")} \u2014 push updated content
+
+${c.bright("Usage:")} arty update <slug> [file]
+        cat file.md | arty update <slug>
+
+Reads from file or stdin. Auto-encrypts if the target is a secure document.
+
+${c.bright("Examples:")}
+  arty update inbox/my-doc updated.md
+  echo "# New content" | arty update inbox/my-doc`,
+  metadata: `${c.amber("arty metadata")} \u2014 update document metadata
+
+${c.bright("Usage:")} arty metadata <slug> [options]
+
+${c.bright("Options:")}
+  --category <name>    Move to category
+  --tags <t1,t2>       Set tags (comma-separated)
+  --title <name>       Update title
+  --theme <name>       Set theme
+  --visibility <v>     Set visibility (private/public)
+  --archived           Archive the document
+  --json               JSON output
+
+${c.bright("Examples:")}
+  arty metadata inbox/my-doc --category reports --tags "q1,finance"
+  arty metadata my-doc --archived`,
+  delete: `${c.amber("arty delete")} \u2014 delete a document
+
+${c.bright("Usage:")} arty delete <slug> [--yes] [--json]
+
+Prompts for confirmation unless --yes is passed.
+
+${c.bright("Examples:")}
+  arty delete inbox/old-doc
+  arty delete inbox/old-doc --yes   # skip confirmation`,
+  open: `${c.amber("arty open")} \u2014 open in browser
+
+${c.bright("Usage:")} arty open <slug>
+
+Opens the document URL in your default browser.`,
+  share: `${c.amber("arty share")} \u2014 manage share links
+
+${c.bright("Usage:")} arty share create <slug>    Create a share link
+        arty share list [slug]      List all shares (or per-document)
+        arty share revoke <hash>    Revoke a share link
+
+${c.bright("Examples:")}
+  arty share create inbox/my-doc
+  arty share list --json
+  arty share revoke SnP5UJUhP6 --yes`,
+  version: `${c.amber("arty version")} \u2014 version history
+
+${c.bright("Usage:")} arty version list <slug>     Show version history
+        arty version restore <slug>  Restore a previous version
+
+${c.bright("Examples:")}
+  arty version list inbox/my-doc
+  arty version restore inbox/my-doc --yes`,
+  note: `${c.amber("arty note")} \u2014 annotations
+
+${c.bright("Usage:")} arty note list <slug>        List annotations
+        arty note add <slug>         Add a note (--text or stdin)
+        arty note search <query>     Search annotations
+
+${c.bright("Examples:")}
+  arty note list inbox/my-doc
+  arty note add inbox/my-doc --text "Needs review"
+  echo "Reviewed and approved" | arty note add inbox/my-doc
+  arty note search "review"`,
+  doctor: `${c.amber("arty doctor")} \u2014 verify CLI setup
+
+Checks API key, endpoint, connectivity, E2EE status, and skill installation.
+
+${c.bright("Usage:")} arty doctor [--json]`,
+  skill: `${c.amber("arty skill")} \u2014 Claude Code skill management
+
+${c.bright("Usage:")} arty skill install [--project]   Install Artyfax skill
+        arty skill status               Check installation
+        arty skill update               Update to latest version`
+};
+function parseArgs(args) {
+  const flags = {};
+  const positional = [];
+  let command = "";
+  let subcommand = "";
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    if (arg.startsWith("--")) {
+      const key = arg.slice(2);
+      const next = args[i + 1];
+      if (next && !next.startsWith("-")) {
+        flags[key] = next;
+        i++;
+      } else {
+        flags[key] = true;
+      }
+    } else if (arg.startsWith("-")) {
+      flags[arg.slice(1)] = true;
+    } else if (!command) {
+      command = arg;
+    } else if (!subcommand && isSubResource(command)) {
+      subcommand = arg;
+    } else {
+      positional.push(arg);
+    }
+  }
+  return { command, subcommand, positional, flags };
+}
+var SUB_RESOURCES = /* @__PURE__ */ new Set(["share", "cat", "tag", "version", "note", "skill"]);
+function isSubResource(cmd) {
+  return SUB_RESOURCES.has(cmd);
+}
+async function main() {
+  const parsed = parseArgs(process.argv.slice(2));
+  const { command, subcommand, positional, flags } = parsed;
+  const json = !!flags.json;
+  const yes = !!(flags.yes || flags.y);
+  if (flags.version || flags.v) {
+    console.log(json ? JSON.stringify({ version: VERSION }) : `artyfax v${VERSION}`);
+    process.exit(0);
+  }
+  if (flags.help || flags.h) {
+    if (command && COMMAND_HELP[command]) {
+      console.log(COMMAND_HELP[command]);
+    } else {
+      console.log(brandedHelp());
+    }
+    process.exit(0);
+  }
+  if (!command) {
+    console.log(brandedHelp());
+    process.exit(0);
+  }
+  const KNOWN_COMMANDS = /* @__PURE__ */ new Set([
+    "save",
+    "read",
+    "list",
+    "get",
+    "search",
+    "delete",
+    "open",
+    "secure",
+    "unsecure",
+    "update",
+    "metadata",
+    "share",
+    "cat",
+    "tag",
+    "version",
+    "note",
+    "skill",
+    "doctor"
+  ]);
+  if (!KNOWN_COMMANDS.has(command)) {
+    error(`Unknown command: ${command}`, `Run \`arty --help\` for available commands`);
+  }
+  if (command === "skill") {
+    switch (subcommand) {
+      case "install":
+        await skillInstall(!!flags.project);
+        break;
+      case "status":
+        await skillStatus();
+        break;
+      case "update":
+        await skillUpdate();
+        break;
+      default:
+        error(`Unknown skill subcommand: ${subcommand || "(none)"}`, "Usage: arty skill <install|status|update>");
+    }
+    process.exit(0);
+  }
+  const config = getConfig(flags);
+  if (command === "doctor") {
+    await doctor(config, json);
+    process.exit(0);
+  }
+  switch (command) {
+    case "save": {
+      const fileOrUrl = positional[0];
+      const url = flags.url;
+      if (!fileOrUrl && !url) {
+        error("Missing file argument", "Usage: arty save <file> [--secure] [--category <name>]");
+      }
+      if (url) {
+        await save(config, {
+          title: flags.title || "",
+          content: "",
+          category: flags.category || "inbox",
+          format: "md",
+          secure: !!flags.secure,
+          url,
+          tags: flags.tags,
+          docType: flags["doc-type"] || "article",
+          theme: flags.theme,
+          parentId: flags.parent,
+          json
+        });
+        break;
+      }
+      const format = flags.format || "md";
+      if (format !== "md" && format !== "html") {
+        error('--format must be "md" or "html"');
+      }
+      let content;
+      try {
+        content = readFileSync2(resolve2(fileOrUrl), "utf-8");
+      } catch {
+        error(`File not found: ${fileOrUrl}`);
+      }
+      const title = flags.title || fileOrUrl.replace(/\.[^.]+$/, "").replace(/[-_]/g, " ");
+      await save(config, {
+        title,
+        content,
+        category: flags.category || "inbox",
+        format,
+        secure: !!flags.secure,
+        tags: flags.tags,
+        docType: flags["doc-type"] || "original",
+        theme: flags.theme,
+        parentId: flags.parent,
+        json
+      });
+      break;
+    }
+    case "read": {
+      const slug = positional[0];
+      if (!slug) error("Missing slug argument", "Usage: arty read <slug>");
+      await read(config, slug, !!flags.secure);
+      break;
+    }
+    case "list": {
+      let limit = 20;
+      if (flags.limit) {
+        limit = parseInt(flags.limit, 10);
+        if (isNaN(limit) || limit < 1) error("--limit must be a positive integer");
+      }
+      let offset = 0;
+      if (flags.offset) {
+        offset = parseInt(flags.offset, 10);
+        if (isNaN(offset) || offset < 0) error("--offset must be a non-negative integer");
+      }
+      await list(config, {
+        category: flags.category,
+        limit,
+        offset,
+        archived: !!flags.archived,
+        parentId: flags["parent-id"],
+        json
+      });
+      break;
+    }
+    case "get": {
+      const slug = positional[0];
+      if (!slug) error("Missing slug argument", "Usage: arty get <slug>");
+      await get(config, slug);
+      break;
+    }
+    case "search": {
+      const query = positional.join(" ");
+      if (!query) error("Missing search query", "Usage: arty search <query>");
+      await search(config, query, json);
+      break;
+    }
+    case "delete": {
+      const slug = positional[0];
+      if (!slug) error("Missing slug argument", "Usage: arty delete <slug>");
+      await del(config, slug, yes, json);
+      break;
+    }
+    case "open": {
+      const slug = positional[0];
+      if (!slug) error("Missing slug argument", "Usage: arty open <slug>");
+      await open(config, slug);
+      break;
+    }
+    case "secure": {
+      const slug = positional[0];
+      if (!slug) error("Missing slug argument", "Usage: arty secure <slug>");
+      await secure(config, slug);
+      break;
+    }
+    case "unsecure": {
+      const slug = positional[0];
+      if (!slug) error("Missing slug argument", "Usage: arty unsecure <slug>");
+      await unsecure(config, slug);
+      break;
+    }
+    case "update": {
+      const slug = positional[0];
+      if (!slug) error("Missing slug argument", "Usage: arty update <slug> [file] (reads from stdin if no file)");
+      await update(config, slug, positional[1], json);
+      break;
+    }
+    case "metadata": {
+      const slug = positional[0];
+      if (!slug) error("Missing slug argument", "Usage: arty metadata <slug> --category <name> --tags <t1,t2>");
+      await metadata(config, slug, {
+        category: flags.category,
+        tags: flags.tags,
+        title: flags.title,
+        theme: flags.theme,
+        visibility: flags.visibility,
+        archived: flags.archived === true ? true : flags.archived === "false" ? false : void 0,
+        json
+      });
+      break;
+    }
+    case "share": {
+      switch (subcommand) {
+        case "create": {
+          const slug = positional[0];
+          if (!slug) error("Missing slug argument", "Usage: arty share create <slug>");
+          await shareCreate(config, slug, json);
+          break;
+        }
+        case "list":
+          await shareList(config, positional[0], json);
+          break;
+        case "revoke": {
+          const hash = positional[0];
+          if (!hash) error("Missing share hash", "Usage: arty share revoke <hash>");
+          await shareRevoke(config, hash, yes, json);
+          break;
+        }
+        default:
+          error(`Unknown share subcommand: ${subcommand || "(none)"}`, "Usage: arty share <create|list|revoke>");
+      }
+      break;
+    }
+    case "cat": {
+      if (subcommand !== "list") error(`Unknown cat subcommand: ${subcommand || "(none)"}`, "Usage: arty cat list");
+      await catList(config, json);
+      break;
+    }
+    case "tag": {
+      if (subcommand !== "list") error(`Unknown tag subcommand: ${subcommand || "(none)"}`, "Usage: arty tag list");
+      await tagList(config, json);
+      break;
+    }
+    case "version": {
+      switch (subcommand) {
+        case "list": {
+          const slug = positional[0];
+          if (!slug) error("Missing slug argument", "Usage: arty version list <slug>");
+          await versionList(config, slug, json);
+          break;
+        }
+        case "restore": {
+          const slug = positional[0];
+          if (!slug) error("Missing slug argument", "Usage: arty version restore <slug>");
+          await versionRestore(config, slug, yes, json);
+          break;
+        }
+        default:
+          error(`Unknown version subcommand: ${subcommand || "(none)"}`, "Usage: arty version <list|restore>");
+      }
+      break;
+    }
+    case "note": {
+      switch (subcommand) {
+        case "list": {
+          const slug = positional[0];
+          if (!slug) error("Missing slug argument", "Usage: arty note list <slug>");
+          await noteList(config, slug, json);
+          break;
+        }
+        case "add": {
+          const slug = positional[0];
+          if (!slug) error("Missing slug argument", 'Usage: arty note add <slug> --text "..."');
+          await noteAdd(config, slug, flags.text, json);
+          break;
+        }
+        case "search": {
+          const query = positional.join(" ");
+          if (!query) error("Missing search query", "Usage: arty note search <query>");
+          await noteSearch(config, query, json);
+          break;
+        }
+        default:
+          error(`Unknown note subcommand: ${subcommand || "(none)"}`, "Usage: arty note <list|add|search>");
+      }
+      break;
+    }
+    default:
+      error(`Unknown command: ${command}`, `Run \`arty --help\` for available commands`);
+  }
+}
+main().catch((e) => {
+  console.error(c.rose(e.message || String(e)));
+  process.exit(1);
+});
+export {
+  VERSION,
+  parseArgs
+};