auix 0.0.5 → 0.0.6

package/README.md

@@ -82,7 +82,7 @@ Stores credentials. Created by `auix login`.
 {
   "apiKey": "at_...",
   "baseUrl": "https://api.auix.dev",
-  "appUrl": "https://app.auix.dev"
+  "appUrl": "https://auix.dev"
 }
 ```
 

package/dist/index.js

@@ -1393,16 +1393,40 @@ function resolveApp() {
 		if (cwd === full || cwd.startsWith(`${full}/`)) return app;
 	}
 }
-function getApiKey() {
-	const envKey = process.env.AUIX_API_KEY;
-	if (envKey) return envKey;
+function isJwtExpired(jwt) {
+	try {
+		const payload = JSON.parse(Buffer.from(jwt.split(".")[1], "base64url").toString());
+		return Date.now() >= (payload.exp ?? 0) * 1e3;
+	} catch {
+		return true;
+	}
+}
+async function refreshJwt(config) {
+	if (!config.sessionToken || !config.appUrl) return void 0;
+	const base = config.appUrl.replace(/\/$/, "");
+	const res = await fetch(`${base}/api/auth/token`, { headers: { Authorization: `Bearer ${config.sessionToken}` } });
+	if (!res.ok) return void 0;
+	return (await res.json()).token;
+}
+async function getToken() {
+	const envToken = process.env.AUIX_TOKEN;
+	if (envToken) return envToken;
 	const config = loadGlobalConfig();
-	if (config.apiKey) return config.apiKey;
+	if (!config.token) return void 0;
+	if (!isJwtExpired(config.token)) return config.token;
+	const fresh = await refreshJwt(config);
+	if (fresh) {
+		saveGlobalConfig({
+			...config,
+			token: fresh
+		});
+		return fresh;
+	}
 }
-function requireApiKey() {
-	const key = getApiKey();
-	if (!key) throw new Error("No API key found. Run `auix login` or set AUIX_API_KEY.");
-	return key;
+async function requireToken() {
+	const token = await getToken();
+	if (!token) throw new Error("Not authenticated. Run `auix login` or set AUIX_TOKEN.");
+	return token;
 }
 function getBaseUrl() {
 	return process.env.AUIX_BASE_URL ?? loadGlobalConfig().baseUrl ?? DEFAULT_BASE_URL;
@@ -1434,7 +1458,7 @@ async function apiRequest(path, body) {
 		method: "POST",
 		headers: {
 			"Content-Type": "application/json",
-			Authorization: `Bearer ${requireApiKey()}`
+			Authorization: `Bearer ${await requireToken()}`
 		},
 		body: JSON.stringify(body)
 	});
@@ -1467,6 +1491,72 @@ function maskValue(value) {
 	return `${value.slice(0, 2)}****${value.slice(-2)}`;
 }
 
+//#endregion
+//#region src/actions.ts
+async function callAction(name, args) {
+	const baseUrl = getBaseUrl().replace(/\/$/, "");
+	const token = await requireToken();
+	const res = await fetch(`${baseUrl}/v1/actions/${name}`, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/json",
+			Authorization: `Bearer ${token}`
+		},
+		body: JSON.stringify(args)
+	});
+	if (!res.ok) {
+		const text = await res.text().catch(() => "");
+		let msg;
+		try {
+			msg = JSON.parse(text).error ?? text;
+		} catch {
+			msg = text;
+		}
+		logError(`${name} failed (${res.status}): ${msg}`);
+	}
+	return res.json();
+}
+
+//#endregion
+//#region src/commands/audit-list.ts
+const auditListCommand = defineCommand({
+	meta: {
+		name: "list",
+		description: "Query audit logs"
+	},
+	args: {
+		type: {
+			type: "string",
+			description: "Filter by resource type"
+		},
+		action: {
+			type: "string",
+			description: "created, updated, deleted, or accessed"
+		},
+		limit: {
+			type: "string",
+			description: "Max results (default 50)"
+		}
+	},
+	async run({ args }) {
+		const data = await callAction("auix__audit_log_query", {
+			resourceType: args.type,
+			action: args.action,
+			limit: args.limit ? Number(args.limit) : void 0
+		});
+		if (data.items.length === 0) {
+			console.log("No audit logs found.");
+			return;
+		}
+		for (const a of data.items) {
+			const time = new Date(a.createdAt).toISOString().slice(0, 19);
+			const actor = a.actorName ?? "system";
+			console.log(`  ${time}  ${actor.padEnd(16)}  ${a.summary}`);
+		}
+		console.log(`\nShowing ${data.items.length} of ${data.total} logs`);
+	}
+});
+
 //#endregion
 //#region src/commands/branch-create.ts
 const branchCreateCommand = defineCommand({
@@ -1807,6 +1897,257 @@ const dynamicListCommand = defineCommand({
 	}
 });
 
+//#endregion
+//#region src/commands/flow-create.ts
+const flowCreateCommand = defineCommand({
+	meta: {
+		name: "create",
+		description: "Create a new flow"
+	},
+	args: {
+		name: {
+			type: "string",
+			description: "Flow name",
+			required: true
+		},
+		trigger: {
+			type: "string",
+			description: "Trigger type",
+			required: true
+		},
+		actions: {
+			type: "string",
+			description: "Actions JSON array",
+			required: true
+		},
+		conditions: {
+			type: "string",
+			description: "Conditions JSON array"
+		},
+		visibility: {
+			type: "string",
+			description: "personal, project, or organization"
+		},
+		project: {
+			type: "string",
+			description: "Project ID"
+		}
+	},
+	async run({ args }) {
+		let actions;
+		try {
+			actions = JSON.parse(args.actions);
+		} catch {
+			logError("Invalid JSON for --actions");
+			return;
+		}
+		let conditions;
+		if (args.conditions) try {
+			conditions = JSON.parse(args.conditions);
+		} catch {
+			logError("Invalid JSON for --conditions");
+			return;
+		}
+		const data = await callAction("auix__flow_create", {
+			name: args.name,
+			trigger: args.trigger,
+			actions,
+			conditions,
+			visibility: args.visibility,
+			projectId: args.project
+		});
+		console.log(`Created flow ${data.id} (disabled by default)`);
+	}
+});
+
+//#endregion
+//#region src/commands/flow-delete.ts
+const flowDeleteCommand = defineCommand({
+	meta: {
+		name: "delete",
+		description: "Delete a flow"
+	},
+	args: { id: {
+		type: "positional",
+		description: "Flow ID",
+		required: true
+	} },
+	async run({ args }) {
+		const confirmed = await consola.prompt(`Delete flow ${args.id}?`, { type: "confirm" });
+		if (!confirmed || typeof confirmed === "symbol") {
+			console.log("Cancelled.");
+			return;
+		}
+		await callAction("auix__flow_delete", { flowId: args.id });
+		console.log("Deleted.");
+	}
+});
+
+//#endregion
+//#region src/commands/flow-dispatch.ts
+const flowDispatchCommand = defineCommand({
+	meta: {
+		name: "dispatch",
+		description: "Manually trigger a flow"
+	},
+	args: { id: {
+		type: "positional",
+		description: "Flow ID",
+		required: true
+	} },
+	async run({ args }) {
+		const data = await callAction("auix__flow_dispatch", { flowId: args.id });
+		console.log(`Dispatched execution ${data.executionId} (${data.mode})`);
+	}
+});
+
+//#endregion
+//#region src/commands/flow-duplicate.ts
+const flowDuplicateCommand = defineCommand({
+	meta: {
+		name: "duplicate",
+		description: "Duplicate a flow"
+	},
+	args: { id: {
+		type: "positional",
+		description: "Flow ID",
+		required: true
+	} },
+	async run({ args }) {
+		const data = await callAction("auix__flow_duplicate", { flowId: args.id });
+		console.log(`Duplicated as ${data.id} ("${data.name}")`);
+	}
+});
+
+//#endregion
+//#region src/commands/flow-executions.ts
+const flowExecutionsCommand = defineCommand({
+	meta: {
+		name: "executions",
+		description: "List flow execution history"
+	},
+	args: {
+		id: {
+			type: "positional",
+			description: "Flow ID",
+			required: true
+		},
+		limit: {
+			type: "string",
+			description: "Max results (default 20)"
+		}
+	},
+	async run({ args }) {
+		const data = await callAction("auix__flow_executions", {
+			flowId: args.id,
+			limit: args.limit ? Number(args.limit) : void 0
+		});
+		if (data.length === 0) {
+			console.log("No executions found.");
+			return;
+		}
+		for (const e of data) {
+			const time = new Date(e.startedAt).toISOString().slice(0, 19);
+			const err = e.error ? ` | ${e.error.slice(0, 60)}` : "";
+			console.log(`  ${e.id.slice(0, 8)}  ${e.status.padEnd(8)}  ${e.mode.padEnd(10)}  ${time}${err}`);
+		}
+		console.log(`\n${data.length} executions`);
+	}
+});
+
+//#endregion
+//#region src/commands/flow-get.ts
+const flowGetCommand = defineCommand({
+	meta: {
+		name: "get",
+		description: "Get flow details"
+	},
+	args: { id: {
+		type: "positional",
+		description: "Flow ID",
+		required: true
+	} },
+	async run({ args }) {
+		const data = await callAction("auix__flow_get", { flowId: args.id });
+		console.log(JSON.stringify(data, null, 2));
+	}
+});
+
+//#endregion
+//#region src/commands/flow-list.ts
+const flowListCommand = defineCommand({
+	meta: {
+		name: "list",
+		description: "List automation flows"
+	},
+	args: {
+		search: {
+			type: "string",
+			description: "Filter by name"
+		},
+		status: {
+			type: "string",
+			description: "active or disabled"
+		},
+		trigger: {
+			type: "string",
+			description: "Filter by trigger prefix"
+		},
+		limit: {
+			type: "string",
+			description: "Max results (default 20)"
+		}
+	},
+	async run({ args }) {
+		const data = await callAction("auix__flow_list", {
+			search: args.search,
+			status: args.status,
+			trigger: args.trigger,
+			limit: args.limit ? Number(args.limit) : void 0
+		});
+		if (data.length === 0) {
+			console.log("No flows found.");
+			return;
+		}
+		for (const f of data) {
+			const status = f.enabled ? "active" : "disabled";
+			const lastExec = f.lastExecution ? ` [last: ${f.lastExecution.status}]` : "";
+			console.log(`  ${f.id.slice(0, 8)}  ${status.padEnd(8)}  ${f.trigger.padEnd(30)}  ${f.name}${lastExec}`);
+		}
+		console.log(`\n${data.length} flows`);
+	}
+});
+
+//#endregion
+//#region src/commands/flow-toggle.ts
+const flowToggleCommand = defineCommand({
+	meta: {
+		name: "toggle",
+		description: "Enable or disable a flow"
+	},
+	args: {
+		id: {
+			type: "positional",
+			description: "Flow ID",
+			required: true
+		},
+		enabled: {
+			type: "string",
+			description: "true or false",
+			required: true
+		}
+	},
+	async run({ args }) {
+		if (args.enabled !== "true" && args.enabled !== "false") logError("--enabled must be true or false");
+		const enabled = args.enabled === "true";
+		const data = await callAction("auix__flow_toggle", {
+			flowId: args.id,
+			enabled
+		});
+		console.log(`Flow ${data.id} ${data.enabled ? "enabled" : "disabled"}`);
+	}
+});
+
 //#endregion
 //#region src/commands/history.ts
 const historyCommand = defineCommand({
@@ -2067,6 +2408,24 @@ async function selectProject() {
 	return trimmed;
 }
 
+//#endregion
+//#region src/commands/integration-list.ts
+const integrationListCommand = defineCommand({
+	meta: {
+		name: "list",
+		description: "List connected integrations"
+	},
+	async run() {
+		const data = await callAction("auix__integration_list", {});
+		if (data.length === 0) {
+			console.log("No integrations connected.");
+			return;
+		}
+		for (const i of data) console.log(`  ${i.provider.padEnd(16)}  ${i.status}`);
+		console.log(`\n${data.length} integrations`);
+	}
+});
+
 //#endregion
 //#region src/commands/list.ts
 const listCommand = defineCommand({
@@ -2228,6 +2587,51 @@ const lockStatusCommand = defineCommand({
 	}
 });
 
+//#endregion
+//#region src/commands/log-query.ts
+const logQueryCommand = defineCommand({
+	meta: {
+		name: "query",
+		description: "Query structured logs"
+	},
+	args: {
+		source: {
+			type: "string",
+			description: "Filter by source ID"
+		},
+		level: {
+			type: "string",
+			description: "info, warn, error, or fatal"
+		},
+		search: {
+			type: "string",
+			description: "Search in message"
+		},
+		limit: {
+			type: "string",
+			description: "Max results (default 50)"
+		}
+	},
+	async run({ args }) {
+		const data = await callAction("auix__logs_query", {
+			sourceId: args.source,
+			level: args.level,
+			search: args.search,
+			limit: args.limit ? Number(args.limit) : void 0
+		});
+		if (data.items.length === 0) {
+			console.log("No logs found.");
+			return;
+		}
+		for (const l of data.items) {
+			const time = new Date(l.timestamp).toISOString().slice(11, 19);
+			const src = l.source?.name ?? "-";
+			console.log(`  ${time}  ${l.level.padEnd(5)}  ${src.padEnd(16)}  ${l.message.slice(0, 80)}`);
+		}
+		console.log(`\nShowing ${data.items.length} of ${data.total} logs`);
+	}
+});
+
 //#endregion
 //#region src/commands/login.ts
 const CLIENT_ID = "auix-cli";
@@ -2277,9 +2681,9 @@ async function deviceFlow(appUrl) {
 	logError("Device code expired. Please try again.");
 	return "";
 }
-async function selectOrganization(appUrl, token) {
+async function selectOrganization(appUrl, sessionToken) {
 	const base = appUrl.replace(/\/$/, "");
-	const res = await fetch(`${base}/api/auth/organization/list`, { headers: { Authorization: `Bearer ${token}` } });
+	const res = await fetch(`${base}/api/auth/organization/list`, { headers: { Authorization: `Bearer ${sessionToken}` } });
 	if (!res.ok) logError(`Failed to list organizations (${res.status}).`);
 	const orgs = await res.json();
 	if (orgs.length === 0) logError("No organizations found. Create one at the web dashboard.");
@@ -2297,9 +2701,9 @@ async function selectOrganization(appUrl, token) {
 	if (typeof selected === "symbol") logError("Cancelled.");
 	return orgs.find((o) => o.id === selected);
 }
-async function fetchUser(appUrl, token) {
+async function fetchUser(appUrl, sessionToken) {
 	const base = appUrl.replace(/\/$/, "");
-	const res = await fetch(`${base}/api/auth/get-session`, { headers: { Authorization: `Bearer ${token}` } });
+	const res = await fetch(`${base}/api/auth/get-session`, { headers: { Authorization: `Bearer ${sessionToken}` } });
 	if (!res.ok) return {
 		name: "unknown",
 		email: "unknown"
@@ -2310,96 +2714,278 @@ async function fetchUser(appUrl, token) {
 		email: data.user?.email ?? "unknown"
 	};
 }
-async function createApiKey$1(appUrl, token, organizationId) {
+async function getJwt(appUrl, sessionToken, organizationId) {
 	const base = appUrl.replace(/\/$/, "");
-	const res = await fetch(`${base}/api/cli/create-key`, {
+	if (!(await fetch(`${base}/api/auth/organization/set-active`, {
 		method: "POST",
 		headers: {
 			"Content-Type": "application/json",
-			Authorization: `Bearer ${token}`
+			Authorization: `Bearer ${sessionToken}`
 		},
 		body: JSON.stringify({ organizationId })
-	});
-	if (!res.ok) {
-		const text = await res.text().catch(() => "");
-		logError(`Failed to create API key (${res.status}): ${text}`);
+	})).ok) logError("Failed to set active organization.");
+	const tokenRes = await fetch(`${base}/api/auth/token`, { headers: { Authorization: `Bearer ${sessionToken}` } });
+	if (!tokenRes.ok) logError("Failed to obtain access token.");
+	return (await tokenRes.json()).token;
+}
+const loginCommand = defineCommand({
+	meta: {
+		name: "login",
+		description: "Authenticate with auix"
+	},
+	args: {
+		url: {
+			type: "string",
+			description: "Custom API base URL"
+		},
+		"app-url": {
+			type: "string",
+			description: "Custom web app URL"
+		}
+	},
+	async run({ args }) {
+		const baseUrl = args.url ?? getBaseUrl();
+		const appUrl = args["app-url"] ?? getAppUrl();
+		const sessionToken = await deviceFlow(appUrl);
+		const user = await fetchUser(appUrl, sessionToken);
+		console.log(`Authenticated as ${user.email}\n`);
+		const org = await selectOrganization(appUrl, sessionToken);
+		saveGlobalConfig({
+			token: await getJwt(appUrl, sessionToken, org.id),
+			sessionToken,
+			baseUrl,
+			appUrl,
+			user,
+			organization: {
+				name: org.name,
+				slug: org.slug
+			}
+		});
+		console.log(`\nLogged in to ${org.name}.`);
+	}
+});
+
+//#endregion
+//#region src/commands/logout.ts
+const CONFIG_FILE = join(homedir(), ".auix", "config.json");
+const logoutCommand = defineCommand({
+	meta: {
+		name: "logout",
+		description: "Log out and remove credentials"
+	},
+	async run() {
+		if (!existsSync(CONFIG_FILE)) {
+			console.log("Not logged in.");
+			return;
+		}
+		rmSync(CONFIG_FILE);
+		console.log("Logged out.");
+	}
+});
+
+//#endregion
+//#region src/commands/member-list.ts
+const memberListCommand = defineCommand({
+	meta: {
+		name: "list",
+		description: "List organization members"
+	},
+	async run() {
+		const data = await callAction("auix__member_list", {});
+		if (data.length === 0) {
+			console.log("No members found.");
+			return;
+		}
+		for (const m of data) {
+			const name = m.user.name ?? m.user.email;
+			const active = m.lastActiveAt ? new Date(m.lastActiveAt).toISOString().slice(0, 10) : "never";
+			console.log(`  ${m.role.padEnd(6)}  ${name.padEnd(30)}  ${active}`);
+		}
+		console.log(`\n${data.length} members`);
+	}
+});
+
+//#endregion
+//#region src/commands/prism-list.ts
+const prismListCommand = defineCommand({
+	meta: {
+		name: "list",
+		description: "List LLM traces"
+	},
+	args: {
+		model: {
+			type: "string",
+			description: "Filter by model"
+		},
+		name: {
+			type: "string",
+			description: "Filter by name"
+		},
+		project: {
+			type: "string",
+			description: "Filter by project ID"
+		},
+		limit: {
+			type: "string",
+			description: "Max results (default 50)"
+		}
+	},
+	async run({ args }) {
+		const data = await callAction("auix__prism_traces", {
+			model: args.model,
+			name: args.name,
+			projectId: args.project,
+			limit: args.limit ? Number(args.limit) : void 0
+		});
+		if (data.length === 0) {
+			console.log("No traces found.");
+			return;
+		}
+		for (const t of data) {
+			const time = new Date(t.createdAt).toISOString().slice(0, 19);
+			const cost = t.totalCostUsd ? `$${Number(t.totalCostUsd).toFixed(4)}` : "-";
+			const tokens = t.totalTokens ?? "-";
+			console.log(`  ${t.id.slice(0, 8)}  ${(t.model ?? "-").padEnd(20)}  ${String(tokens).padEnd(8)}  ${cost.padEnd(8)}  ${time}`);
+		}
+		console.log(`\n${data.length} traces`);
+	}
+});
+
+//#endregion
+//#region src/commands/prism-metrics.ts
+const prismMetricsCommand = defineCommand({
+	meta: {
+		name: "metrics",
+		description: "Show LLM usage metrics"
+	},
+	args: {
+		project: {
+			type: "string",
+			description: "Filter by project ID"
+		},
+		start: {
+			type: "string",
+			description: "Start date (ISO)"
+		},
+		end: {
+			type: "string",
+			description: "End date (ISO)"
+		}
+	},
+	async run({ args }) {
+		const data = await callAction("auix__prism_metrics", {
+			projectId: args.project,
+			startDate: args.start,
+			endDate: args.end
+		});
+		const s = data.summary;
+		console.log(`Total traces:  ${s.total}`);
+		console.log(`Total tokens:  ${s.totalTokens ?? 0}`);
+		console.log(`Total cost:    $${s.totalCost ? Number(s.totalCost).toFixed(4) : "0.0000"}`);
+		console.log(`Avg latency:   ${s.avgLatencyMs ? Math.round(Number(s.avgLatencyMs)) : 0}ms`);
+		console.log(`Errors:        ${s.errorCount}`);
+		if (data.byModel.length > 0) {
+			console.log("\nBy model:");
+			for (const m of data.byModel) {
+				const cost = m.totalCost ? `$${Number(m.totalCost).toFixed(4)}` : "-";
+				console.log(`  ${m.model.padEnd(24)}  ${String(m.count).padEnd(6)}  ${cost}`);
+			}
+		}
 	}
-	return (await res.json()).key;
-}
-const loginCommand = defineCommand({
+});
+
+//#endregion
+//#region src/commands/project-create.ts
+const projectCreateCommand = defineCommand({
 	meta: {
-		name: "login",
-		description: "Authenticate with auix"
+		name: "create",
+		description: "Create a project"
 	},
 	args: {
-		key: {
+		name: {
 			type: "string",
-			description: "API key (at_xxx...) for non-interactive login"
+			description: "Project name",
+			required: true
 		},
-		url: {
+		slug: {
 			type: "string",
-			description: "Custom API base URL"
+			description: "URL slug",
+			required: true
 		},
-		"app-url": {
+		description: {
 			type: "string",
-			description: "Custom web app URL"
+			description: "Description"
 		}
 	},
 	async run({ args }) {
-		const baseUrl = args.url ?? getBaseUrl();
-		const appUrl = args["app-url"] ?? getAppUrl();
-		if (args.key) {
-			if (!args.key.startsWith("at_")) logError("Invalid API key format. Keys start with 'at_'.");
-			const res = await fetch(`${baseUrl.replace(/\/$/, "")}/v1/env/resolve`, {
-				method: "POST",
-				headers: {
-					"Content-Type": "application/json",
-					Authorization: `Bearer ${args.key}`
-				},
-				body: "{}"
-			});
-			if (!res.ok) logError(`Authentication failed (${res.status}).`);
-			saveGlobalConfig({
-				apiKey: args.key,
-				baseUrl,
-				appUrl
-			});
-			console.log("Logged in successfully.");
+		const data = await callAction("auix__project_create", {
+			name: args.name,
+			slug: args.slug,
+			description: args.description
+		});
+		console.log(`Created project ${data.slug} (${data.id})`);
+	}
+});
+
+//#endregion
+//#region src/commands/project-delete.ts
+const projectDeleteCommand = defineCommand({
+	meta: {
+		name: "delete",
+		description: "Delete a project"
+	},
+	args: { id: {
+		type: "positional",
+		description: "Project ID",
+		required: true
+	} },
+	async run({ args }) {
+		const confirmed = await consola.prompt(`Delete project ${args.id}?`, { type: "confirm" });
+		if (!confirmed || typeof confirmed === "symbol") {
+			console.log("Cancelled.");
 			return;
 		}
-		const token = await deviceFlow(appUrl);
-		const user = await fetchUser(appUrl, token);
-		console.log(`Authenticated as ${user.email}\n`);
-		const org = await selectOrganization(appUrl, token);
-		saveGlobalConfig({
-			apiKey: await createApiKey$1(appUrl, token, org.id),
-			baseUrl,
-			appUrl,
-			user,
-			organization: {
-				name: org.name,
-				slug: org.slug
-			}
-		});
-		console.log(`\nLogged in to ${org.name}.`);
+		await callAction("auix__project_delete", { projectId: args.id });
+		console.log("Deleted.");
 	}
 });
 
 //#endregion
-//#region src/commands/logout.ts
-const CONFIG_FILE = join(homedir(), ".auix", "config.json");
-const logoutCommand = defineCommand({
+//#region src/commands/project-get.ts
+const projectGetCommand = defineCommand({
 	meta: {
-		name: "logout",
-		description: "Log out and remove credentials"
+		name: "get",
+		description: "Get project details"
+	},
+	args: { id: {
+		type: "positional",
+		description: "Project ID",
+		required: true
+	} },
+	async run({ args }) {
+		const data = await callAction("auix__project_get", { projectId: args.id });
+		console.log(JSON.stringify(data, null, 2));
+	}
+});
+
+//#endregion
+//#region src/commands/project-list.ts
+const projectListCommand = defineCommand({
+	meta: {
+		name: "list",
+		description: "List projects"
 	},
 	async run() {
-		if (!existsSync(CONFIG_FILE)) {
-			console.log("Not logged in.");
+		const data = await callAction("auix__project_list", {});
+		if (data.length === 0) {
+			console.log("No projects found.");
 			return;
 		}
-		rmSync(CONFIG_FILE);
-		console.log("Logged out.");
+		for (const p of data) {
+			const desc = p.description ? `  ${p.description}` : "";
+			console.log(`  ${p.slug.padEnd(24)}  ${p.name}${desc}`);
+		}
+		console.log(`\n${data.length} projects`);
 	}
 });
 
@@ -2773,8 +3359,8 @@ function getFingerprint() {
 	return id;
 }
 async function ensureToken(project) {
-	const apiKey = getApiKey();
-	if (apiKey) return apiKey;
+	const token = await getToken();
+	if (token) return token;
 	const session = loadSession();
 	if (session && session.project === project) return session.token;
 	const fingerprint = getFingerprint();
@@ -2798,7 +3384,7 @@ async function ensureToken(project) {
 			os: process.platform,
 			arch: process.arch,
 			nodeVersion: process.version,
-			cliVersion: "0.0.5",
+			cliVersion: "0.0.6",
 			shell: process.env.SHELL ?? process.env.COMSPEC,
 			ci: isCI || void 0,
 			ciName: process.env.GITHUB_ACTIONS ? "github-actions" : process.env.GITLAB_CI ? "gitlab-ci" : process.env.CIRCLECI ? "circleci" : void 0,
@@ -3068,22 +3654,6 @@ const shareCreateCommand = defineCommand({
 
 //#endregion
 //#region src/commands/switch.ts
-async function createApiKey(appUrl, token, organizationId) {
-	const base = appUrl.replace(/\/$/, "");
-	const res = await fetch(`${base}/api/cli/create-key`, {
-		method: "POST",
-		headers: {
-			"Content-Type": "application/json",
-			Authorization: `Bearer ${token}`
-		},
-		body: JSON.stringify({ organizationId })
-	});
-	if (!res.ok) {
-		const text = await res.text().catch(() => "");
-		logError(`Failed to create API key (${res.status}): ${text}`);
-	}
-	return (await res.json()).key;
-}
 const switchCommand = defineCommand({
 	meta: {
 		name: "switch",
@@ -3092,49 +3662,11 @@ const switchCommand = defineCommand({
 	async run() {
 		const config = loadGlobalConfig();
 		const appUrl = config.appUrl ?? getAppUrl();
-		if (!config.apiKey) logError("Not logged in. Run `auix login`.");
+		if (!config.sessionToken) logError("Not logged in. Run `auix login`.");
 		const base = appUrl.replace(/\/$/, "");
-		consola.info("Re-authenticating to switch organization...\n");
-		const codeRes = await fetch(`${base}/api/auth/device/code`, {
-			method: "POST",
-			headers: { "Content-Type": "application/json" },
-			body: JSON.stringify({ client_id: "auix-cli" })
-		});
-		if (!codeRes.ok) logError("Failed to start authentication. Is the server running?");
-		const codeData = await codeRes.json();
-		console.log(`Open: ${codeData.verification_uri_complete}`);
-		console.log(`Code: ${codeData.user_code}\n`);
-		try {
-			const { execSync } = await import("node:child_process");
-			execSync(`${process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open"} ${JSON.stringify(codeData.verification_uri_complete)}`, { stdio: "ignore" });
-		} catch {}
-		const deadline = Date.now() + codeData.expires_in * 1e3;
-		const interval = Math.max((codeData.interval || 5) * 1e3, 5e3);
-		let token = "";
-		while (Date.now() < deadline) {
-			await new Promise((r) => setTimeout(r, interval));
-			const tokenRes = await fetch(`${base}/api/auth/device/token`, {
-				method: "POST",
-				headers: { "Content-Type": "application/json" },
-				body: JSON.stringify({
-					grant_type: "urn:ietf:params:oauth:grant-type:device_code",
-					device_code: codeData.device_code,
-					client_id: "auix-cli"
-				})
-			});
-			if (tokenRes.ok) {
-				token = (await tokenRes.json()).access_token;
-				break;
-			}
-			const err = await tokenRes.json().catch(() => ({}));
-			if (err.error === "authorization_pending" || err.error === "slow_down") continue;
-			if (err.error === "expired_token") logError("Code expired.");
-			if (err.error === "access_denied") logError("Access denied.");
-			logError(`Unexpected error: ${err.error ?? tokenRes.status}`);
-		}
-		if (!token) logError("Code expired. Try again.");
-		const orgsRes = await fetch(`${base}/api/auth/organization/list`, { headers: { Authorization: `Bearer ${token}` } });
-		if (!orgsRes.ok) logError("Failed to list organizations.");
+		const sessionToken = config.sessionToken;
+		const orgsRes = await fetch(`${base}/api/auth/organization/list`, { headers: { Authorization: `Bearer ${sessionToken}` } });
+		if (!orgsRes.ok) logError("Session expired. Run `auix login` to re-authenticate.");
 		const orgs = await orgsRes.json();
 		if (orgs.length === 0) logError("No organizations found.");
 		const selected = await consola.prompt("Select organization", {
@@ -3146,10 +3678,20 @@ const switchCommand = defineCommand({
 		});
 		if (typeof selected === "symbol") logError("Cancelled.");
 		const org = orgs.find((o) => o.id === selected);
-		const apiKey = await createApiKey(appUrl, token, org.id);
+		if (!(await fetch(`${base}/api/auth/organization/set-active`, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				Authorization: `Bearer ${sessionToken}`
+			},
+			body: JSON.stringify({ organizationId: org.id })
+		})).ok) logError("Failed to set active organization.");
+		const tokenRes = await fetch(`${base}/api/auth/token`, { headers: { Authorization: `Bearer ${sessionToken}` } });
+		if (!tokenRes.ok) logError("Failed to obtain access token.");
+		const data = await tokenRes.json();
 		saveGlobalConfig({
 			...config,
-			apiKey,
+			token: data.token,
 			organization: {
 				name: org.name,
 				slug: org.slug
@@ -3517,6 +4059,224 @@ const tokenRevokeCommand = defineCommand({
 	}
 });
 
+//#endregion
+//#region src/commands/tool-list.ts
+const toolListCommand = defineCommand({
+	meta: {
+		name: "list",
+		description: "List all tools"
+	},
+	args: { provider: {
+		type: "string",
+		description: "Filter by provider ID"
+	} },
+	async run({ args }) {
+		const data = await callAction("auix__tool_list", { providerId: args.provider });
+		if (data.length === 0) {
+			console.log("No tools found.");
+			return;
+		}
+		for (const t of data) {
+			const status = t.enabled ? "on " : "off";
+			const desc = t.description ? `  ${t.description.slice(0, 50)}` : "";
+			console.log(`  ${status}  ${t.providerName}/${t.name}${desc}`);
+		}
+		console.log(`\n${data.length} tools`);
+	}
+});
+
+//#endregion
+//#region src/commands/tool-provider-create.ts
+const toolProviderCreateCommand = defineCommand({
+	meta: {
+		name: "create",
+		description: "Create a tool provider"
+	},
+	args: {
+		name: {
+			type: "string",
+			description: "Provider name",
+			required: true
+		},
+		kind: {
+			type: "string",
+			description: "mcp, managed, or openapi",
+			required: true
+		},
+		config: {
+			type: "string",
+			description: "Config JSON",
+			required: true
+		},
+		description: {
+			type: "string",
+			description: "Description"
+		},
+		credentialSource: {
+			type: "string",
+			description: "e.g. integration:github"
+		}
+	},
+	async run({ args }) {
+		let config;
+		try {
+			config = JSON.parse(args.config);
+		} catch {
+			logError("Invalid JSON for --config");
+			return;
+		}
+		const data = await callAction("auix__tool_provider_create", {
+			name: args.name,
+			kind: args.kind,
+			config,
+			description: args.description,
+			credentialSource: args.credentialSource
+		});
+		console.log(`Created provider ${data.id}`);
+	}
+});
+
+//#endregion
+//#region src/commands/tool-provider-delete.ts
+const toolProviderDeleteCommand = defineCommand({
+	meta: {
+		name: "delete",
+		description: "Delete a tool provider"
+	},
+	args: { id: {
+		type: "positional",
+		description: "Provider ID",
+		required: true
+	} },
+	async run({ args }) {
+		const confirmed = await consola.prompt(`Delete provider ${args.id}?`, { type: "confirm" });
+		if (!confirmed || typeof confirmed === "symbol") {
+			console.log("Cancelled.");
+			return;
+		}
+		await callAction("auix__tool_provider_delete", { providerId: args.id });
+		console.log("Deleted.");
+	}
+});
+
+//#endregion
+//#region src/commands/tool-provider-get.ts
+const toolProviderGetCommand = defineCommand({
+	meta: {
+		name: "get",
+		description: "Get tool provider details"
+	},
+	args: { id: {
+		type: "positional",
+		description: "Provider ID",
+		required: true
+	} },
+	async run({ args }) {
+		const data = await callAction("auix__tool_provider_get", { providerId: args.id });
+		console.log(JSON.stringify(data, null, 2));
+	}
+});
+
+//#endregion
+//#region src/commands/tool-provider-list.ts
+const toolProviderListCommand = defineCommand({
+	meta: {
+		name: "list",
+		description: "List tool providers"
+	},
+	async run() {
+		const data = await callAction("auix__tool_provider_list", {});
+		if (data.length === 0) {
+			console.log("No providers found.");
+			return;
+		}
+		for (const p of data) console.log(`  ${p.id.slice(0, 8)}  ${p.kind.padEnd(8)}  ${p.status.padEnd(8)}  ${p.name}`);
+		console.log(`\n${data.length} providers`);
+	}
+});
+
+//#endregion
+//#region src/commands/tool-provider-sync.ts
+const toolProviderSyncCommand = defineCommand({
+	meta: {
+		name: "sync",
+		description: "Discover tools from MCP provider"
+	},
+	args: { id: {
+		type: "positional",
+		description: "Provider ID",
+		required: true
+	} },
+	async run({ args }) {
+		const data = await callAction("auix__tool_provider_sync", { providerId: args.id });
+		console.log(`Synced ${data.synced} tools:`);
+		for (const name of data.tools) console.log(`  ${name}`);
+	}
+});
+
+//#endregion
+//#region src/commands/trace-get.ts
+const traceGetCommand = defineCommand({
+	meta: {
+		name: "get",
+		description: "Get trace details with spans"
+	},
+	args: { id: {
+		type: "positional",
+		description: "Trace ID",
+		required: true
+	} },
+	async run({ args }) {
+		const data = await callAction("auix__trace_get", { traceId: args.id });
+		console.log(JSON.stringify(data, null, 2));
+	}
+});
+
+//#endregion
+//#region src/commands/trace-list.ts
+const traceListCommand = defineCommand({
+	meta: {
+		name: "list",
+		description: "List workflow traces"
+	},
+	args: {
+		status: {
+			type: "string",
+			description: "Filter by status"
+		},
+		name: {
+			type: "string",
+			description: "Filter by name"
+		},
+		project: {
+			type: "string",
+			description: "Filter by project ID"
+		},
+		limit: {
+			type: "string",
+			description: "Max results (default 50)"
+		}
+	},
+	async run({ args }) {
+		const data = await callAction("auix__trace_list", {
+			status: args.status,
+			name: args.name,
+			projectId: args.project,
+			limit: args.limit ? Number(args.limit) : void 0
+		});
+		if (data.length === 0) {
+			console.log("No traces found.");
+			return;
+		}
+		for (const t of data) {
+			const time = new Date(t.createdAt).toISOString().slice(0, 19);
+			const latency = t.latencyMs != null ? `${t.latencyMs}ms` : "-";
+			console.log(`  ${t.id.slice(0, 8)}  ${t.status.padEnd(10)}  ${latency.padEnd(8)}  ${time}  ${t.name}`);
+		}
+		console.log(`\n${data.length} traces`);
+	}
+});
+
 //#endregion
 //#region src/commands/unlock.ts
 const unlockCommand = defineCommand({
@@ -3698,10 +4458,9 @@ const whoamiCommand = defineCommand({
 	},
 	async run() {
 		const config = loadGlobalConfig();
-		if (!config.apiKey) logError("Not logged in. Run `auix login`.");
+		if (!config.token) logError("Not logged in. Run `auix login`.");
 		if (config.user) console.log(`User: ${config.user.name} (${config.user.email})`);
 		if (config.organization) console.log(`Org:  ${config.organization.name} (${config.organization.slug})`);
-		console.log(`Key:  ${config.apiKey.slice(0, 12)}...`);
 		console.log(`API:  ${config.baseUrl ?? "https://api.auix.dev"}`);
 		console.log(`App:  ${config.appUrl ?? "https://auix.dev"}`);
 	}
@@ -3712,7 +4471,7 @@ const whoamiCommand = defineCommand({
 runMain(defineCommand({
 	meta: {
 		name: "auix",
-		version: "0.0.5",
+		version: "0.0.6",
 		description: "AUIX CLI"
 	},
 	subCommands: {
@@ -3808,7 +4567,7 @@ runMain(defineCommand({
 				dynamic: defineCommand({
 					meta: {
 						name: "dynamic",
-						description: "Manage dynamic (ephemeral) secrets"
+						description: "Manage dynamic secrets"
 					},
 					subCommands: {
 						create: dynamicCreateCommand,
@@ -3817,7 +4576,81 @@ runMain(defineCommand({
 					}
 				})
 			}
-		})
+		}),
+		flow: defineCommand({
+			meta: {
+				name: "flow",
+				description: "Manage automation flows"
+			},
+			subCommands: {
+				list: flowListCommand,
+				get: flowGetCommand,
+				create: flowCreateCommand,
+				toggle: flowToggleCommand,
+				duplicate: flowDuplicateCommand,
+				dispatch: flowDispatchCommand,
+				executions: flowExecutionsCommand,
+				delete: flowDeleteCommand
+			}
+		}),
+		tool: defineCommand({
+			meta: {
+				name: "tool",
+				description: "Manage tools and providers"
+			},
+			subCommands: {
+				list: toolListCommand,
+				provider: defineCommand({
+					meta: {
+						name: "provider",
+						description: "Manage tool providers"
+					},
+					subCommands: {
+						list: toolProviderListCommand,
+						get: toolProviderGetCommand,
+						create: toolProviderCreateCommand,
+						sync: toolProviderSyncCommand,
+						delete: toolProviderDeleteCommand
+					}
+				})
+			}
+		}),
+		project: defineCommand({
+			meta: {
+				name: "project",
+				description: "Manage projects"
+			},
+			subCommands: {
+				list: projectListCommand,
+				get: projectGetCommand,
+				create: projectCreateCommand,
+				delete: projectDeleteCommand
+			}
+		}),
+		trace: defineCommand({
+			meta: {
+				name: "trace",
+				description: "Workflow execution traces"
+			},
+			subCommands: {
+				list: traceListCommand,
+				get: traceGetCommand
+			}
+		}),
+		prism: defineCommand({
+			meta: {
+				name: "prism",
+				description: "LLM call tracing"
+			},
+			subCommands: {
+				list: prismListCommand,
+				metrics: prismMetricsCommand
+			}
+		}),
+		log: logQueryCommand,
+		member: memberListCommand,
+		audit: auditListCommand,
+		integration: integrationListCommand
 	}
 }));
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auix",
-  "version": "0.0.5",
+  "version": "0.0.6",
   "description": "CLI for auix platform",
   "type": "module",
   "bin": {