axiom 0.25.0 → 0.27.0

package/dist/bin.cjs

@@ -36,360 +36,10 @@ __export(bin_exports, {
   program: () => program
 });
 module.exports = __toCommonJS(bin_exports);
-var import_commander5 = require("commander");
-
-// src/cli/commands/push.command.ts
-var import_commander = require("commander");
-
-// src/transpiler.ts
-var import_esbuild = require("esbuild");
-var import_node_os = __toESM(require("os"), 1);
-var import_promises = __toESM(require("fs/promises"), 1);
-var import_node_path = __toESM(require("path"), 1);
-var import_node_path2 = require("path");
-async function loadPromptModule(filePath) {
-  const result = await (0, import_esbuild.build)({
-    entryPoints: [filePath],
-    bundle: true,
-    write: false,
-    platform: "node",
-    format: "esm",
-    target: ["node18"],
-    sourcemap: false,
-    external: [
-      // Only Node.js built-ins should be external
-      "fs",
-      "fs/promises",
-      "node:fs",
-      "node:fs/promises",
-      "readline",
-      "node:readline",
-      "path",
-      "node:path",
-      "os",
-      "node:os",
-      "url",
-      "node:url",
-      "util",
-      "node:util",
-      "crypto",
-      "node:crypto",
-      "events",
-      "node:events",
-      "stream",
-      "node:stream",
-      "buffer",
-      "node:buffer",
-      "process",
-      "node:process"
-    ]
-  });
-  const code = result.outputFiles[0].text;
-  const tempDir = import_node_os.default.tmpdir();
-  const tempFileName = `axiom-ai-prompt-${Date.now()}-${Math.random().toString(36).substring(2)}.mjs`;
-  const tempFilePath = import_node_path.default.join(tempDir, tempFileName);
-  try {
-    await import_promises.default.writeFile(tempFilePath, code, "utf-8");
-    const moduleUrl = `file://${tempFilePath}`;
-    const module2 = await import(moduleUrl);
-    return module2.default || module2;
-  } finally {
-    try {
-      await import_promises.default.unlink(tempFilePath);
-    } catch (error) {
-      console.warn(`Failed to clean up temporary file ${tempFilePath}:`, error);
-    }
-  }
-}
-function convertTypeBoxArgumentsToJsonSchema(arguments_) {
-  if (!arguments_ || typeof arguments_ !== "object") {
-    return {
-      type: "object",
-      properties: {},
-      required: [],
-      additionalProperties: false
-    };
-  }
-  const properties = {};
-  const required = [];
-  for (const [key, value] of Object.entries(arguments_)) {
-    if (value && typeof value === "object" && value.type) {
-      properties[key] = {
-        type: value.type,
-        ...value.description && { description: value.description },
-        ...value.enum && { enum: value.enum },
-        ...value.items && { items: value.items },
-        ...value.properties && { properties: value.properties },
-        ...value.required && { required: value.required }
-      };
-      required.push(key);
-    }
-  }
-  return {
-    type: "object",
-    properties,
-    required,
-    additionalProperties: false
-  };
-}
-function extractPromptFromModule(moduleContent, filePath) {
-  const fileBaseName = (0, import_node_path2.basename)(filePath, ".ts");
-  const defaultId = fileBaseName.toLowerCase().replace(/[^a-z0-9]/g, "-");
-  const convertedArguments = convertTypeBoxArgumentsToJsonSchema(moduleContent.arguments);
-  const prompt = {
-    name: moduleContent.name || "Untitled Prompt",
-    slug: moduleContent.slug || defaultId,
-    messages: moduleContent.messages || [],
-    model: moduleContent.model,
-    options: moduleContent.options,
-    arguments: convertedArguments,
-    id: moduleContent.id || defaultId,
-    version: moduleContent.version || "1.0.0",
-    // Optional fields from API response
-    ...moduleContent.promptId && { promptId: moduleContent.promptId },
-    ...moduleContent.description && { description: moduleContent.description }
-  };
-  if (!prompt.name) {
-    throw new Error("Prompt must have a name");
-  }
-  if (!prompt.slug) {
-    throw new Error("Prompt must have a slug");
-  }
-  if (!Array.isArray(prompt.messages)) {
-    throw new Error("Prompt messages must be an array");
-  }
-  if (!prompt.model) {
-    throw new Error("Prompt must have a model");
-  }
-  return prompt;
-}
-function transformJsonSchemaToTypeBox(schema) {
-  if (schema.type === "string") {
-    if (schema.enum && Array.isArray(schema.enum)) {
-      const literals = schema.enum.map((value) => `Type.Literal('${value}')`).join(", ");
-      const options = schema.description ? `, { description: '${schema.description}' }` : "";
-      return `Type.Union([${literals}]${options})`;
-    } else {
-      const options = schema.description ? `{ description: '${schema.description}' }` : "";
-      return `Type.String(${options})`;
-    }
-  }
-  if (schema.type === "number" || schema.type === "integer") {
-    const typeMethod = schema.type === "integer" ? "Integer" : "Number";
-    const options = schema.description ? `{ description: '${schema.description}' }` : "";
-    return `Type.${typeMethod}(${options})`;
-  }
-  if (schema.type === "boolean") {
-    const options = schema.description ? `{ description: '${schema.description}' }` : "";
-    return `Type.Boolean(${options})`;
-  }
-  if (schema.type === "array") {
-    const itemsType = schema.items ? transformJsonSchemaToTypeBox(schema.items) : "Type.String()";
-    const options = schema.description ? `, { description: '${schema.description}' }` : "";
-    return `Type.Array(${itemsType}${options})`;
-  }
-  if (schema.type === "object") {
-    if (schema.properties) {
-      const props = Object.entries(schema.properties).map(([key, value]) => {
-        const isRequired = schema.required && schema.required.includes(key);
-        const propType = transformJsonSchemaToTypeBox(value);
-        return `    ${key}: ${isRequired ? propType : `Type.Optional(${propType})`}`;
-      }).join(",\n");
-      const options = schema.description ? `, { description: '${schema.description}' }` : "";
-      return `Type.Object({
-${props}
-  }${options})`;
-    } else {
-      const options = schema.description ? `{ description: '${schema.description}' }` : "";
-      return `Type.Object({}${options ? `, ${options}` : ""})`;
-    }
-  }
-  return "Type.String()";
-}
-function generatePromptFileFromApiResponse(apiResponse) {
-  const { prompt, version } = apiResponse;
-  const { data, options } = version;
-  let argumentsCode = "{}";
-  if (data.arguments && data.arguments.properties) {
-    const argEntries = Object.entries(data.arguments.properties).map(([key, schema]) => {
-      const isRequired = data.arguments.required && data.arguments.required.includes(key);
-      const typeCode = transformJsonSchemaToTypeBox(schema);
-      return `    ${key}: ${isRequired ? typeCode : `Type.Optional(${typeCode})`}`;
-    }).join(",\n");
-    if (argEntries) {
-      argumentsCode = `{
-${argEntries}
-  }`;
-    }
-  }
-  return `import { Type } from 'axiom/ai';
-
-export default {
-  name: '${prompt.name}',
-  slug: '${prompt.slug}',
-  description: '${prompt.description || ""}',
-  messages: [${data.messages.map(
-    (msg) => `
-    {
-      role: '${msg.role}',
-      content: '${msg.content.replace(/'/g, "\\'")}',
-    }`
-  ).join(",")}
-  ],
-  model: '${data.model || "gpt-4"}',
-  options: {
-${options ? Object.entries(options).map(([key, value]) => `    ${key}: ${value}`).join(",\n") : ""}
-  },
-  arguments: ${argumentsCode},
-  version: '${version.version}',
-  promptId: '${prompt.promptId}',
-};
-`;
-}
-
-// src/cli/commands/push.command.ts
-var import_promises2 = __toESM(require("fs/promises"), 1);
-var import_node_readline = __toESM(require("readline"), 1);
-async function askConfirmation(message) {
-  const rl = import_node_readline.default.createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
-  return new Promise((resolve3) => {
-    rl.question(`${message} (y/N): `, (answer) => {
-      rl.close();
-      resolve3(answer.toLowerCase() === "y" || answer.toLowerCase() === "yes");
-    });
-  });
-}
-var loadPushCommand = (program2) => {
-  const push = new import_commander.Command("push").description("Push a new version of an object").argument(
-    "<object>",
-    "The object to push, could be a prompt, en eval, a monitor, a dashboard, etc."
-  ).option("--prod", "Adds the production tag to the prompt").option("--yes", "Automatically confirm overwriting the file with server response").action(async (filePath, options) => {
-    let content = null;
-    if (!filePath.endsWith(".prompt.ts")) {
-      console.error("Prompt files must end with .prompt.ts");
-      process.exit(1);
-    }
-    try {
-      const moduleContent = await loadPromptModule(filePath);
-      const promptData = extractPromptFromModule(moduleContent, filePath);
-      content = promptData;
-      console.log(`Transpiled prompt: ${promptData.name} (${promptData.slug})`);
-    } catch (error) {
-      console.error("Failed to transpile prompt file:", error);
-      process.exit(1);
-    }
-    if (!content) {
-      console.error("No content found");
-      process.exit(1);
-    }
-    let shouldProceed = options.yes;
-    if (!shouldProceed) {
-      shouldProceed = await askConfirmation(
-        `This will push "${content.name}" to Axiom and overwrite ${filePath}, are you sure you want to continue?`
-      );
-    }
-    if (!shouldProceed) {
-      console.log("Push operation cancelled.");
-      process.exit(0);
-    }
-    try {
-      const response = await fetch(`${process.env.AXIOM_URL}/v1/prompts`, {
-        method: "POST",
-        headers: {
-          Authorization: `Bearer ${process.env.AXIOM_TOKEN}`,
-          "Content-Type": "application/json",
-          "x-axiom-client": "axiom-ai-cli",
-          "x-axiom-check": "good"
-        },
-        body: JSON.stringify({
-          ...content,
-          tags: options.yes ? ["production"] : []
-        })
-      });
-      if (!response.ok) {
-        try {
-          const errorText = await response.clone().json();
-          console.error(`Failed to fetch prompt: ${response.status} ${response.statusText}`);
-          console.error(JSON.stringify(errorText, null, 2));
-          process.exit(1);
-        } catch (_error) {
-          const errorText = await response.clone().text();
-          console.error(`Failed to fetch prompt: ${response.status} ${response.statusText}`);
-          console.error(errorText);
-          process.exit(1);
-        }
-      }
-      const apiResponse = await response.json();
-      console.log(
-        `Successfully pushed prompt: ${apiResponse.prompt.name} (${apiResponse.prompt.slug})`
-      );
-      console.log(`Version: ${apiResponse.version.version}`);
-      const updatedTsContent = generatePromptFileFromApiResponse(apiResponse);
-      await import_promises2.default.writeFile(filePath, updatedTsContent, "utf-8");
-      console.log(`Successfully updated ${filePath}`);
-    } catch (error) {
-      console.error("Failed to push prompt:", error);
-      process.exit(1);
-    }
-  });
-  program2.addCommand(push);
-};
-
-// src/cli/commands/pull.command.ts
-var import_commander2 = require("commander");
-var fs3 = __toESM(require("fs/promises"), 1);
-var path2 = __toESM(require("path"), 1);
-var loadPullCommand = (program2) => {
-  const pull = new import_commander2.Command("pull").description("Pull a version of an object").argument(
-    "<slug>",
-    "The object to pull, could be a prompt, en eval, a monitor, a dashboard, etc."
-  ).option("--version <version>", "The version to pull, default: latest", "latest").option("--output <path>", "Output file path (optional, defaults to <slug>.prompt.ts)").action(async (slug, options) => {
-    try {
-      console.log(`Pulling prompt: ${slug} (version: ${options.version})`);
-      const url = `${process.env.AXIOM_URL}/v1/prompts/${slug}`;
-      const response = await fetch(url, {
-        method: "GET",
-        headers: {
-          Authorization: `Bearer ${process.env.AXIOM_TOKEN}`,
-          "Content-Type": "application/json",
-          "x-axiom-client": "axiom-ai-cli",
-          "x-axiom-check": "good"
-        }
-      });
-      if (!response.ok) {
-        try {
-          const errorText = await response.clone().json();
-          console.error(`Failed to fetch prompt: ${response.status} ${response.statusText}`);
-          console.error(JSON.stringify(errorText, null, 2));
-          process.exit(1);
-        } catch (_error) {
-          const errorText = await response.clone().text();
-          console.error(`Failed to fetch prompt: ${response.status} ${response.statusText}`);
-          console.error(errorText);
-          process.exit(1);
-        }
-      }
-      const apiResponse = await response.json();
-      const tsContent = generatePromptFileFromApiResponse(apiResponse);
-      const outputPath = options.output || `${slug}.prompt.ts`;
-      const fullPath = path2.resolve(outputPath);
-      await fs3.writeFile(fullPath, tsContent, "utf-8");
-      console.log(`Successfully generated prompt file: ${fullPath}`);
-      console.log(`Prompt: ${apiResponse.prompt.name} (${apiResponse.prompt.slug})`);
-      console.log(`Version: ${apiResponse.version.version}`);
-    } catch (error) {
-      console.error("Failed to pull prompt:", error);
-      process.exit(1);
-    }
-  });
-  program2.addCommand(pull);
-};
+var import_commander3 = require("commander");
 
 // src/cli/commands/eval.command.ts
-var import_commander3 = require("commander");
+var import_commander = require("commander");
 var import_nanoid = require("nanoid");
 
 // ../../node_modules/.pnpm/tinyrainbow@2.0.0/node_modules/tinyrainbow/dist/chunk-BVHSVHOK.js
@@ -477,7 +127,11 @@ var r = process.env.FORCE_TTY !== void 0 || (0, import_tty.isatty)(1);
 var u = p(r);
 
 // src/evals/run-vitest.ts
-var import_node_path3 = __toESM(require("path"), 1);
+var import_node_url = require("url");
+var import_node_path = require("path");
+var import_node_fs = require("fs");
+var import_node_os = require("os");
+var import_node_path2 = __toESM(require("path"), 1);
 var import_node = require("vitest/node");
 
 // src/evals/context/storage.ts
@@ -604,7 +258,10 @@ var ATTR_EVAL_TYPE = "eval.type";
 var ATTR_EVAL_TAGS = "eval.tags";
 var ATTR_EVAL_BASELINE_ID = "eval.baseline.id";
 var ATTR_EVAL_BASELINE_NAME = "eval.baseline.name";
+var ATTR_EVAL_BASELINE_VERSION = "eval.baseline.version";
 var ATTR_EVAL_METADATA = "eval.metadata";
+var ATTR_EVAL_CAPABILITY_NAME = "eval.capability.name";
+var ATTR_EVAL_STEP_NAME = "eval.step.name";
 var ATTR_EVAL_COLLECTION_ID = "eval.collection.id";
 var ATTR_EVAL_COLLECTION_SIZE = "eval.collection.size";
 var ATTR_EVAL_COLLECTION_NAME = "eval.collection.name";
@@ -819,7 +476,14 @@ var Attr = {
     Type: ATTR_EVAL_TYPE,
     Baseline: {
       ID: ATTR_EVAL_BASELINE_ID,
-      Name: ATTR_EVAL_BASELINE_NAME
+      Name: ATTR_EVAL_BASELINE_NAME,
+      Version: ATTR_EVAL_BASELINE_VERSION
+    },
+    Capability: {
+      Name: ATTR_EVAL_CAPABILITY_NAME
+    },
+    Step: {
+      Name: ATTR_EVAL_STEP_NAME
     },
     Tags: ATTR_EVAL_TAGS,
     Metadata: ATTR_EVAL_METADATA,
@@ -879,7 +543,7 @@ var import_api4 = require("@opentelemetry/api");
 // package.json
 var package_default = {
   name: "axiom",
-  version: "0.25.0",
+  version: "0.27.0",
   type: "module",
   author: "Axiom, Inc.",
   contributors: [
@@ -962,7 +626,8 @@ var package_default = {
     commander: "^14.0.0",
     defu: "^6.1.4",
     handlebars: "^4.7.8",
-    nanoid: "^5.1.5"
+    nanoid: "^5.1.5",
+    open: "^10.1.0"
   },
   peerDependencies: {
     "@opentelemetry/api": "^1.9.0",
@@ -970,11 +635,11 @@ var package_default = {
   },
   devDependencies: {
     "@ai-sdk/anthropicv1": "npm:@ai-sdk/anthropic@^1.2.12",
-    "@ai-sdk/anthropicv2": "npm:@ai-sdk/anthropic@2.0.0-beta.9",
-    "@ai-sdk/openaiv1": "npm:@ai-sdk/openai@^1.3.23",
-    "@ai-sdk/openaiv2": "npm:@ai-sdk/openai@2.0.0-beta.12",
+    "@ai-sdk/anthropicv2": "npm:@ai-sdk/anthropic@^2.0.44",
+    "@ai-sdk/openaiv1": "npm:@ai-sdk/openai@^1.3.24",
+    "@ai-sdk/openaiv2": "npm:@ai-sdk/openai@^2.0.67",
     "@ai-sdk/providerv1": "npm:@ai-sdk/provider@^1.1.3",
-    "@ai-sdk/providerv2": "npm:@ai-sdk/provider@2.0.0-beta.1",
+    "@ai-sdk/providerv2": "npm:@ai-sdk/provider@^2.0.0",
     "@opentelemetry/api": "^1.9.0",
     "@opentelemetry/core": "^2.0.1",
     "@opentelemetry/sdk-trace-base": "^2.0.1",
@@ -983,9 +648,10 @@ var package_default = {
     "@types/node": "^22.15.29",
     "@vitest/coverage-v8": "^3.2.4",
     aiv4: "npm:ai@^4.3.19",
-    aiv5: "npm:ai@^5.0.0",
+    aiv5: "npm:ai@^5.0.93",
     esbuild: "^0.25.8",
     eslint: "catalog:",
+    msw: "^2.12.2",
     prettier: "catalog:",
     tinyrainbow: "^2.0.0",
     tsup: "catalog:",
@@ -1095,17 +761,36 @@ function resolveAxiomConnection(config) {
     url: config.eval.url,
     consoleEndpointUrl,
     token: config.eval.token,
-    dataset: config.eval.dataset
+    dataset: config.eval.dataset,
+    orgId: config.eval.orgId
   };
 }
 
+// src/cli/errors.ts
+var AxiomCLIError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "AxiomCLIError";
+  }
+};
+function errorToString(error) {
+  if (typeof error === "string") {
+    return error;
+  }
+  if (error instanceof Error) {
+    return error.message;
+  }
+  return JSON.stringify(error);
+}
+
 // src/evals/eval.service.ts
 var findEvaluationCases = async (evalId, config) => {
-  const { dataset, url, token } = resolveAxiomConnection(config);
+  const { dataset, url, token, orgId } = resolveAxiomConnection(config);
   const apl = `['${dataset}'] | where trace_id == "${evalId}" | order by _time`;
   const headers = new Headers({
     Authorization: `Bearer ${token}`,
-    "Content-Type": "application/json"
+    "Content-Type": "application/json",
+    ...orgId ? { "X-AXIOM-ORG-ID": orgId } : {}
   });
   const resp = await fetch(`${url}/v1/datasets/_apl?format=legacy`, {
     headers,
@@ -1698,23 +1383,6 @@ function printFinalReport({
   }
 }
 
-// src/cli/errors.ts
-var AxiomCLIError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "AxiomCLIError";
-  }
-};
-function errorToString(error) {
-  if (typeof error === "string") {
-    return error;
-  }
-  if (error instanceof Error) {
-    return error.message;
-  }
-  return JSON.stringify(error);
-}
-
 // src/evals/reporter.ts
 var AxiomReporter = class {
   constructor() {
@@ -1869,13 +1537,344 @@ var import_api10 = require("@opentelemetry/api");
 var import_c12 = require("c12");
 var import_defu = require("defu");
 
+// src/cli/auth/config.ts
+var import_fs = require("fs");
+var import_path = __toESM(require("path"), 1);
+var import_os = __toESM(require("os"), 1);
+var CONFIG_FILENAME = "config.json";
+var CONFIG_DIR_NAME = "axiom";
+function getConfigDir() {
+  const platform = process.platform;
+  const homeDir = import_os.default.homedir();
+  const xdgConfigHome = process.env.XDG_CONFIG_HOME;
+  if (xdgConfigHome) {
+    return import_path.default.join(xdgConfigHome, CONFIG_DIR_NAME);
+  }
+  if (platform === "win32") {
+    const appData = process.env.APPDATA;
+    if (appData) {
+      return import_path.default.join(appData, CONFIG_DIR_NAME);
+    }
+    return import_path.default.join(homeDir, "AppData", "Roaming", CONFIG_DIR_NAME);
+  }
+  return import_path.default.join(homeDir, ".config", CONFIG_DIR_NAME);
+}
+function getGlobalConfigPath() {
+  return import_path.default.join(getConfigDir(), CONFIG_FILENAME);
+}
+async function loadGlobalConfig() {
+  const configPath = getGlobalConfigPath();
+  try {
+    const content = await import_fs.promises.readFile(configPath, "utf-8");
+    return JSON.parse(content);
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      return { profiles: {} };
+    }
+    throw error;
+  }
+}
+async function saveGlobalConfig(config) {
+  const configPath = getGlobalConfigPath();
+  const configDir = import_path.default.dirname(configPath);
+  const content = JSON.stringify(config, null, 2);
+  await import_fs.promises.mkdir(configDir, { recursive: true, mode: 448 });
+  await import_fs.promises.writeFile(configPath, content, "utf-8");
+  await import_fs.promises.chmod(configPath, 384);
+}
+function getActiveProfile(config) {
+  const profileName = config.active_profile;
+  if (!profileName) return null;
+  const profile = config.profiles[profileName];
+  if (!profile) return null;
+  return profile;
+}
+
+// src/cli/auth/oauth.ts
+var import_crypto = require("crypto");
+var OAUTH_CLIENT_ID = "264d906a404efc209b027f6595e6b616";
+var OAUTH_AUTH_PATH = "/oauth/authorize";
+var OAUTH_TOKEN_PATH = "/oauth/token";
+var OAuth = class {
+  constructor(oauthBaseUrl) {
+    this.oauthBaseUrl = oauthBaseUrl;
+  }
+  static generateCodeVerifier() {
+    return (0, import_crypto.randomBytes)(32).toString("base64url");
+  }
+  static generateCodeChallenge(verifier) {
+    return (0, import_crypto.createHash)("sha256").update(verifier).digest("base64url");
+  }
+  static generateState() {
+    return (0, import_crypto.randomBytes)(16).toString("hex");
+  }
+  buildAuthUrl(params) {
+    const url = new URL(OAUTH_AUTH_PATH, this.oauthBaseUrl);
+    url.searchParams.set("client_id", OAUTH_CLIENT_ID);
+    url.searchParams.set("redirect_uri", params.redirectUri);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("state", params.state);
+    url.searchParams.set("code_challenge", params.codeChallenge);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("scope", "*");
+    return url.toString();
+  }
+  async exchangeCodeForToken(params) {
+    const tokenUrl = new URL(OAUTH_TOKEN_PATH, this.oauthBaseUrl);
+    const body = new URLSearchParams({
+      grant_type: "authorization_code",
+      client_id: OAUTH_CLIENT_ID,
+      code: params.code,
+      redirect_uri: params.redirectUri,
+      code_verifier: params.codeVerifier
+    });
+    const response = await fetch(tokenUrl.toString(), {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: body.toString()
+    });
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`Token exchange failed: ${response.status} ${errorText}`);
+    }
+    const data = await response.json();
+    return data.access_token;
+  }
+};
+
+// src/cli/auth/api.ts
+async function fetchOrganizations(token, apiBaseUrl) {
+  const response = await fetch(`${apiBaseUrl}/v2/orgs`, {
+    headers: {
+      Authorization: `Bearer ${token}`,
+      "Content-Type": "application/json"
+    }
+  });
+  if (!response.ok) {
+    throw new AxiomCLIError(
+      `Failed to fetch organizations: ${response.status} ${response.statusText}`
+    );
+  }
+  const data = await response.json();
+  return data;
+}
+async function verifyToken(token, orgId, apiBaseUrl) {
+  const response = await fetch(`${apiBaseUrl}/v2/user`, {
+    headers: {
+      Authorization: `Bearer ${token}`,
+      "X-Axiom-Org-Id": orgId,
+      "Content-Type": "application/json"
+    }
+  });
+  return response.ok;
+}
+
+// src/cli/auth/callback-server.ts
+var import_http = __toESM(require("http"), 1);
+function escapeHtml(text) {
+  const map = {
+    "&": "&amp;",
+    "<": "&lt;",
+    ">": "&gt;",
+    '"': "&quot;",
+    "'": "&#039;",
+    "`": "&#96;"
+  };
+  return text.replace(/[&<>"']/g, (m2) => map[m2] || m2);
+}
+var SVG_LOGO = `<svg width="124" height="24" viewBox="0 0 124 24" fill="none" xmlns="http://www.w3.org/2000/svg" class="logo">
+<path d="M42.9919 16.8116H36.3696L35.5537 19.1572C35.4209 19.539 34.9714 19.8513 34.5548 19.8513H30.9779C30.5614 19.8513 30.3459 19.5449 30.499 19.1703L36.9816 3.31644C37.1346 2.9419 37.6009 2.63546 38.0174 2.63546H41.3718C41.7883 2.63546 42.2541 2.94207 42.4067 3.3168L48.8634 19.17C49.016 19.5447 48.8 19.8513 48.3835 19.8513H44.8067C44.3901 19.8513 43.9406 19.539 43.8078 19.1572L42.9919 16.8116ZM41.8232 13.4223L39.6807 7.18148L37.5383 13.4223H41.8232ZM64.1105 19.8513C63.694 19.8513 63.1767 19.5694 62.9611 19.2247L59.9029 14.3369L56.8447 19.2247C56.6291 19.5694 56.1119 19.8513 55.6953 19.8513H51.3392C50.9227 19.8513 50.7754 19.5801 51.0119 19.2486L56.8978 11.0013L51.5315 3.24414C51.2999 2.90937 51.4513 2.63546 51.8679 2.63546H55.89C56.3066 2.63546 56.8268 2.91563 57.0461 3.25807L59.9029 7.71959L62.7343 3.25955C62.9522 2.9163 63.4713 2.63546 63.8879 2.63546H67.938C68.3545 2.63546 68.5048 2.90868 68.272 3.24261L62.8801 10.9743L68.7935 19.2489C69.0303 19.5802 68.8832 19.8513 68.4666 19.8513H64.1105ZM76.525 19.119C76.525 19.5218 76.1841 19.8513 75.7675 19.8513H72.5522C72.1356 19.8513 71.7947 19.5218 71.7947 19.119V3.36771C71.7947 2.96498 72.1356 2.63546 72.5522 2.63546H75.7675C76.1841 2.63546 76.525 2.96498 76.525 3.36771V19.119ZM79.3736 11.1896C79.3736 6.18625 83.2688 2.15134 89.2511 2.15134C95.2334 2.15134 99.1289 6.18625 99.1289 11.1896C99.1289 16.2199 95.2334 20.2548 89.2511 20.2548C83.2688 20.2548 79.3736 16.2199 79.3736 11.1896ZM94.2873 11.1896C94.2873 8.58038 92.3953 6.21307 89.2511 6.21307C86.1349 6.21307 84.2149 8.58038 84.2149 11.1896C84.2149 13.7989 86.1349 16.2199 89.2511 16.2199C92.3675 16.2199 94.2873 13.7989 94.2873 11.1896ZM119.318 19.8513C118.902 19.8513 118.517 19.5245 118.463 19.1251L117.225 9.89847L113.65 19.1652C113.505 19.5426 113.045 19.8513 112.628 19.8513H111.055C110.638 19.8513 110.179 19.5423 110.034 19.1645L106.457 9.81766L105.218 19.125C105.165 19.5245 104.781 19.8513 104.364 19.8513H101.344C100.927 19.8513 100.633 19.5249 100.69 19.1259L102.932 3.3609C102.988 2.96191 103.376 2.63546 103.792 2.63546H106.59C107.007 2.63546 107.469 2.94351 107.617 3.32002L111.827 14.041L116.064 3.31949C116.213 2.94327 116.676 2.63546 117.092 2.63546H119.89C120.307 2.63546 120.694 2.96191 120.751 3.3609L122.993 19.1259C123.05 19.5249 122.755 19.8513 122.339 19.8513H119.318ZM23.9616 15.6531L18.8054 6.97021C18.5689 6.57115 17.9863 6.24465 17.5106 6.24465H14.2915C13.5433 6.24465 13.2365 5.73171 13.6097 5.1048L15.375 2.13986C15.5151 1.90455 15.5148 1.61487 15.3743 1.37981C15.2337 1.14476 14.9741 1 14.6933 1H10.2025C9.72681 1 9.14291 1.32577 8.90491 1.72395L0.17865 16.3217C-0.0594434 16.7199 -0.0595348 17.3715 0.178285 17.7698L2.42362 21.5297C2.79777 22.1561 3.41129 22.1569 3.78699 21.5313L5.54143 18.6103C5.91722 17.9847 6.53065 17.9854 6.9048 18.6119L8.49538 21.2754C8.7332 21.6737 9.317 21.9995 9.79273 21.9995H20.1698C20.6455 21.9995 21.2293 21.6737 21.4672 21.2754L23.959 17.1028C24.1968 16.7045 24.198 16.0521 23.9616 15.6531ZM16.9981 15.2352C17.3699 15.8629 17.0619 16.3765 16.3136 16.3765H8.24192C7.49372 16.3765 7.1876 15.864 7.56175 15.2375L11.6007 8.47417C11.9748 7.84772 12.5869 7.84774 12.9611 8.47421L16.9981 15.2352Z" fill="#121224"/>
+</svg>`;
+function renderCallbackPage(error) {
+  const errorClass = error ? ' class="error"' : "";
+  const errorMessage = error ? escapeHtml(error) : "";
+  return `<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <title>Axiom</title>
+    <link rel="icon" href="https://app.axiom.co/static/favicon.ico">
+    <meta name="description" content="Axiom CLI">
+    <meta name="viewport" content="width=device-width,initial-scale=1">
+    <style>
+        html,
+        body,
+        .root {
+            width: 100%;
+            height: 100%;
+            text-rendering: optimizeLegibility;
+            -webkit-font-smoothing: antialiased;
+        }
+        body {
+            color: #334155;
+            font-family: -apple-system, BlinkMacSystemFont, Segoe UI, Helvetica, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji;
+            font-size: 14px;
+            font-weight: 500;
+            font-variant: tabular-nums;
+            line-height: 1.5;
+            background-color: #fff;
+            font-feature-settings: "tnum";
+            margin: 0;
+        }
+        h1,
+        h2,
+        h3,
+        h4,
+        h5,
+        h6 {
+            margin-top: 0;
+            margin-bottom: .5em;
+            font-weight: 500;
+        }
+        p {
+            margin-top: 0;
+            margin-bottom: 1em;
+        }
+        h2 {
+            font-size: 16px;
+            font-weight: 600;
+        }
+        .root {
+            display: flex;
+            align-items: center;
+            justify-content: center;
+        }
+        .logo {
+            width: 92px;
+            float: left;
+            position: absolute;
+            top: 16px;
+            left: 16px;
+        }
+        .center p {
+            padding: 8px 0;
+        }
+        .error .center {
+            color: #bf0e08;
+        }
+    </style>
+</head>
+<body${errorClass}>
+    <div class="root">
+        <a class="" target="_blank" rel="noopener noreferrer" href="https://axiom.co">
+          ${SVG_LOGO}
+        </svg>
+        </a>
+        <div class="center">
+            ${error ? `<h2 id="msg">Login failed</h2>
+            <p id="details">${errorMessage}</p>` : `<h2 id="msg">Login successful</h2>
+            <p id="details">You can close this page and return to your CLI.</p>`}
+        </div>
+    </div>
+    <script>
+        window.history.replaceState({}, '', \`\${window.location.pathname}\`);
+    </script>
+</body>
+</html>`;
+}
+async function startCallbackServer() {
+  return new Promise((resolve3) => {
+    const server = import_http.default.createServer();
+    server.listen(0, "127.0.0.1", () => {
+      const address = server.address();
+      resolve3({
+        server,
+        port: address.port,
+        url: `http://127.0.0.1:${address.port}`
+      });
+    });
+  });
+}
+async function waitForCallback(server, expectedState) {
+  return new Promise((resolve3, reject) => {
+    const timeout = setTimeout(
+      () => {
+        server.close();
+        reject(new Error("Authentication timeout after 5 minutes"));
+      },
+      5 * 60 * 1e3
+    );
+    server.on("request", (req, res) => {
+      const url = new URL(req.url || "", `http://${req.headers.host}`);
+      const code = url.searchParams.get("code");
+      const state = url.searchParams.get("state");
+      const error = url.searchParams.get("error");
+      const errorDescription = url.searchParams.get("error_description");
+      if (error) {
+        const errorMsg = errorDescription || error;
+        res.writeHead(400, { "Content-Type": "text/html" });
+        res.end(renderCallbackPage(errorMsg));
+        clearTimeout(timeout);
+        server.close();
+        reject(new Error(`OAuth error: ${errorMsg}`));
+        return;
+      }
+      if (!code || !state) {
+        res.writeHead(400, { "Content-Type": "text/html" });
+        res.end(renderCallbackPage("Missing code or state parameter"));
+        return;
+      }
+      if (state !== expectedState) {
+        res.writeHead(400, { "Content-Type": "text/html" });
+        res.end(renderCallbackPage("Invalid state parameter (CSRF protection)"));
+        clearTimeout(timeout);
+        server.close();
+        reject(new Error("Invalid state parameter"));
+        return;
+      }
+      res.writeHead(200, { "Content-Type": "text/html" });
+      res.end(renderCallbackPage());
+      clearTimeout(timeout);
+      server.close();
+      resolve3({ code });
+    });
+  });
+}
+
+// src/cli/auth/global-auth.ts
+var authContext = null;
+function getAuthContext() {
+  return authContext;
+}
+async function setupGlobalAuth() {
+  const config = await loadGlobalConfig();
+  const profile = getActiveProfile(config);
+  if (profile) {
+    authContext = {
+      token: profile.token,
+      url: profile.url,
+      orgId: profile.org_id
+    };
+  }
+  return authContext;
+}
+
 // src/config/index.ts
 var DEFAULT_EVAL_INCLUDE = ["**/*.eval.{ts,js,mts,mjs,cts,cjs}"];
 function createPartialDefaults() {
+  let token;
+  let url;
+  let orgId;
+  try {
+    const authContext2 = getAuthContext();
+    if (authContext2) {
+      token = authContext2.token;
+      url = authContext2.url;
+      orgId = authContext2.orgId;
+    }
+  } catch {
+  }
+  token = token || process.env.AXIOM_TOKEN;
+  url = url || process.env.AXIOM_URL;
+  orgId = orgId || process.env.AXIOM_ORG_ID;
   return {
     eval: {
-      url: process.env.AXIOM_URL || "https://api.axiom.co",
-      token: process.env.AXIOM_TOKEN,
+      url: url || "https://api.axiom.co",
+      orgId,
+      token,
       dataset: process.env.AXIOM_DATASET,
       instrumentation: null,
       include: [...DEFAULT_EVAL_INCLUDE],
@@ -1978,7 +1977,8 @@ async function runInstrumentationHook(hook, options) {
 }
 function setupEvalProvider(connection) {
   const headers = {
-    "X-Axiom-Dataset": connection.dataset
+    "X-Axiom-Dataset": connection.dataset,
+    ...connection.orgId ? { "X-AXIOM-ORG-ID": connection.orgId } : {}
   };
   if (connection.token) {
     headers.Authorization = `Bearer ${connection.token}`;
@@ -1998,11 +1998,11 @@ function setupEvalProvider(connection) {
   axiomProvider = new import_sdk_trace_node.NodeTracerProvider({
     resource: (0, import_resources.resourceFromAttributes)({
       ["service.name"]: "axiom",
-      ["service.version"]: "0.25.0"
+      ["service.version"]: "0.27.0"
     }),
     spanProcessors: [processor]
   });
-  axiomTracer = axiomProvider.getTracer("axiom", "0.25.0");
+  axiomTracer = axiomProvider.getTracer("axiom", "0.27.0");
 }
 async function initInstrumentation(config) {
   if (initialized) {
@@ -2014,7 +2014,7 @@ async function initInstrumentation(config) {
   }
   initializationPromise = (async () => {
     if (!config.enabled) {
-      axiomTracer = import_api10.trace.getTracer("axiom", "0.25.0");
+      axiomTracer = import_api10.trace.getTracer("axiom", "0.27.0");
       initialized = true;
       return;
     }
@@ -2026,7 +2026,8 @@ async function initInstrumentation(config) {
       hookResult = await runInstrumentationHook(hook, {
         dataset: connection.dataset,
         token: connection.token,
-        url: connection.url
+        url: connection.url,
+        orgId: connection.orgId
       });
       userProvider = hookResult?.provider ?? userProvider;
     }
@@ -2077,6 +2078,9 @@ var flush = async () => {
 };
 
 // src/evals/run-vitest.ts
+var import_meta2 = {};
+var __filename = (0, import_node_url.fileURLToPath)(import_meta2.url);
+var __dirname = (0, import_node_path.dirname)(__filename);
 var printCollectedEvals = (result, rootDir) => {
   if (!result.testModules || result.testModules.length === 0) {
     console.log(u.yellow("\nNo evaluations found\n"));
@@ -2086,7 +2090,7 @@ var printCollectedEvals = (result, rootDir) => {
   let totalEvals = 0;
   let totalCases = 0;
   for (const module2 of result.testModules) {
-    const relativePath = import_node_path3.default.relative(rootDir, module2.moduleId);
+    const relativePath = import_node_path2.default.relative(rootDir, module2.moduleId);
     for (const suite of module2.children.suites()) {
       totalEvals++;
       const caseCount = suite.children.size;
@@ -2116,6 +2120,16 @@ var runVitest = async (dir, opts) => {
   if (opts.debug) {
     console.log(u.bgWhite(u.blackBright(" Debug mode enabled ")));
   }
+  const tmpDir = (0, import_node_path.join)((0, import_node_os.tmpdir)(), "axiom-eval", opts.runId);
+  (0, import_node_fs.mkdirSync)(tmpDir, { recursive: true });
+  const nameRegistryFile = (0, import_node_path.join)(tmpDir, "names.jsonl");
+  const abortFile = (0, import_node_path.join)(tmpDir, "abort.txt");
+  (0, import_node_fs.writeFileSync)(nameRegistryFile, "", "utf8");
+  if ((0, import_node_fs.existsSync)(abortFile)) {
+    (0, import_node_fs.unlinkSync)(abortFile);
+  }
+  process.env.AXIOM_NAME_REGISTRY_FILE = nameRegistryFile;
+  process.env.AXIOM_ABORT_FILE = abortFile;
   if (opts.list) {
     console.log(u.bgWhite(u.blackBright(" List mode ")));
   }
@@ -2135,6 +2149,7 @@ var runVitest = async (dir, opts) => {
     disableConsoleIntercept: true,
     testTimeout: opts.config?.eval?.timeoutMs || 6e4,
     globals: true,
+    runner: (0, import_node_path.resolve)(__dirname, "evals", "custom-runner.js"),
     provide: {
       baseline: opts.baseline,
       debug: opts.debug,
@@ -2151,6 +2166,12 @@ var runVitest = async (dir, opts) => {
     process.exit(0);
   }
   await vi.start();
+  if ((0, import_node_fs.existsSync)(abortFile)) {
+    const message = (0, import_node_fs.readFileSync)(abortFile, "utf8");
+    console.error("\n" + message);
+    await vi.close();
+    process.exit(1);
+  }
   const dispose = (0, import_node.registerConsoleShortcuts)(vi, process.stdin, process.stdout);
   if (!vi.shouldKeepServer()) {
     dispose();
@@ -2162,7 +2183,7 @@ var runVitest = async (dir, opts) => {
 };
 
 // src/cli/commands/eval.command.ts
-var import_node_fs = require("fs");
+var import_node_fs2 = require("fs");
 
 // src/context.ts
 function overrideFlags(partial) {
@@ -2207,14 +2228,35 @@ function isGlob(str) {
 
 // src/cli/commands/eval.command.ts
 var createRunId = (0, import_nanoid.customAlphabet)("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ", 10);
+function getDefaultToken(value) {
+  if (typeof value === "string") {
+    return value;
+  }
+  const authContext2 = getAuthContext();
+  return authContext2?.token || process.env.AXIOM_TOKEN;
+}
+function getDefaultUrl(value) {
+  if (typeof value === "string") {
+    return value;
+  }
+  const authContext2 = getAuthContext();
+  return authContext2?.url || process.env.AXIOM_URL || "https://api.axiom.co";
+}
+function getDefaultOrgId(value) {
+  if (typeof value === "string") {
+    return value;
+  }
+  const authContext2 = getAuthContext();
+  return authContext2?.orgId ?? process.env.AXIOM_ORG_ID;
+}
 var loadEvalCommand = (program2, flagOverrides = {}) => {
   return program2.addCommand(
-    new import_commander3.Command("eval").description("run evals locally").addArgument(
-      new import_commander3.Argument("[target]", "file, directory, glob pattern, or eval name").default(
+    new import_commander.Command("eval").description("run evals locally").addArgument(
+      new import_commander.Argument("[target]", "file, directory, glob pattern, or eval name").default(
         ".",
         "any *.eval.ts file in current directory"
       )
-    ).option("-w, --watch true", "keep server running and watch for changes", false).option("-t, --token <TOKEN>", "axiom token", process.env.AXIOM_TOKEN).option("-d, --dataset <DATASET>", "axiom dataset name", process.env.AXIOM_DATASET).option("-u, --url <AXIOM URL>", "axiom url", process.env.AXIOM_URL ?? "https://api.axiom.co").option("-b, --baseline <BASELINE ID>", "id of baseline evaluation to compare against").option("--debug", "run locally without sending to Axiom or loading baselines", false).option("--list", "list evaluations and test cases without running them", false).action(async (target, options) => {
+    ).option("-w, --watch true", "keep server running and watch for changes", false).option("-t, --token <TOKEN>", "axiom token", getDefaultToken).option("-d, --dataset <DATASET>", "axiom dataset name", process.env.AXIOM_DATASET).option("-u, --url <AXIOM URL>", "axiom url", getDefaultUrl).option("-o, --org-id <ORG ID>", "axiom organization id", getDefaultOrgId).option("-b, --baseline <BASELINE ID>", "id of baseline evaluation to compare against").option("--debug", "run locally without sending to Axiom or loading baselines", false).option("--list", "list evaluations and test cases without running them", false).action(async (target, options) => {
       try {
         if (options.debug) {
           process.env.AXIOM_DEBUG = "true";
@@ -2223,12 +2265,22 @@ var loadEvalCommand = (program2, flagOverrides = {}) => {
         let exclude;
         let testNamePattern;
         const isGlobPattern = isGlob(target);
-        const { config } = await loadConfig(".");
+        const { config: loadedConfig } = await loadConfig(".");
+        const config = {
+          ...loadedConfig,
+          eval: {
+            ...loadedConfig.eval,
+            ...options.token && { token: options.token },
+            ...options.url && { url: options.url },
+            ...options.dataset && { dataset: options.dataset },
+            ...options.orgId && { orgId: options.orgId }
+          }
+        };
         if (isGlobPattern) {
           include = [target];
         } else {
           try {
-            const stat = (0, import_node_fs.lstatSync)(target);
+            const stat = (0, import_node_fs2.lstatSync)(target);
             if (stat.isDirectory()) {
               include = config?.eval?.include || [];
             } else {
@@ -2276,10 +2328,360 @@ var loadEvalCommand = (program2, flagOverrides = {}) => {
   );
 };
 
+// src/cli/commands/auth-login.command.ts
+var BASE_HOSTNAME = "axiom.co";
+var getApiUrl = (hostname) => {
+  return `https://api.${hostname}`;
+};
+var getOauthUrl = (hostname) => {
+  return `https://login.${hostname}`;
+};
+async function promptSelect(message, choices) {
+  console.log(`
+${message}`);
+  choices.forEach((choice, index) => {
+    console.log(`  ${index + 1}. ${choice.name}`);
+  });
+  const readline = await import("readline");
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve3) => {
+    const askQuestion = () => {
+      rl.question(`
+Select (1-${choices.length}): `, (answer) => {
+        const index = parseInt(answer.trim(), 10) - 1;
+        if (index >= 0 && index < choices.length) {
+          rl.close();
+          resolve3(choices[index].value);
+        } else {
+          console.log("Invalid selection. Please try again.");
+          askQuestion();
+        }
+      });
+    };
+    askQuestion();
+  });
+}
+async function promptInput(message, defaultValue) {
+  const readline = await import("readline");
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve3) => {
+    const prompt = defaultValue ? `${message} (${defaultValue}): ` : `${message}: `;
+    rl.question(prompt, (answer) => {
+      rl.close();
+      resolve3(answer.trim() || defaultValue || "");
+    });
+  });
+}
+async function openBrowser(url) {
+  const { default: open } = await import("open");
+  await open(url);
+}
+async function loginCommand(hostname) {
+  try {
+    console.log("\u{1F510} Starting authentication flow...\n");
+    const codeVerifier = OAuth.generateCodeVerifier();
+    const codeChallenge = OAuth.generateCodeChallenge(codeVerifier);
+    const state = OAuth.generateState();
+    const oauth = new OAuth(getOauthUrl(hostname));
+    const { server, url: redirectUri } = await startCallbackServer();
+    console.log(`\u2713 Started local callback server on ${redirectUri}
+`);
+    const authUrl = oauth.buildAuthUrl({
+      redirectUri,
+      state,
+      codeChallenge
+    });
+    console.log("Opening browser for authentication...");
+    console.log(`If the browser doesn't open, visit: ${authUrl}
+`);
+    try {
+      await openBrowser(authUrl);
+    } catch {
+      console.log("Could not open browser automatically.\n");
+    }
+    console.log("Waiting for authentication...");
+    const { code } = await waitForCallback(server, state);
+    console.log("\u2713 Authentication successful, exchanging code for token...\n");
+    const accessToken = await oauth.exchangeCodeForToken({
+      code,
+      redirectUri,
+      codeVerifier
+    });
+    console.log("\u2713 Token received, fetching organizations...\n");
+    const organizations = await fetchOrganizations(accessToken, getApiUrl(hostname));
+    if (organizations.length === 0) {
+      throw new AxiomCLIError("No organizations found for this account");
+    }
+    let selectedOrgId;
+    if (organizations.length === 1) {
+      selectedOrgId = organizations[0].id;
+      console.log(`\u2713 Using organization: ${organizations[0].name}
+`);
+    } else {
+      selectedOrgId = await promptSelect(
+        "Select an organization:",
+        organizations.map((org) => ({
+          name: `${org.name} (${org.id})`,
+          value: org.id
+        }))
+      );
+    }
+    const selectedOrg = organizations.find((org) => org.id === selectedOrgId);
+    const defaultAlias = selectedOrg.slug || selectedOrg.name.toLowerCase().replace(/\s+/g, "-");
+    const alias = await promptInput("Enter profile alias", defaultAlias);
+    console.log("\n\u2713 Verifying credentials...\n");
+    const isValid = await verifyToken(accessToken, selectedOrgId, getApiUrl(hostname));
+    if (!isValid) {
+      throw new AxiomCLIError("Token verification failed");
+    }
+    const config = await loadGlobalConfig();
+    config.active_profile = alias;
+    config.profiles[alias] = {
+      url: getApiUrl(hostname),
+      token: accessToken,
+      org_id: selectedOrgId
+    };
+    await saveGlobalConfig(config);
+    console.log(`\u2713 Successfully logged in as ${alias}`);
+    console.log(`\u2713 Configuration saved to ${getGlobalConfigPath()}
+`);
+  } catch (error) {
+    if (error instanceof AxiomCLIError) {
+      throw error;
+    }
+    throw new AxiomCLIError(`Login failed: ${error.message}`);
+  }
+}
+function loadAuthLoginCommand(auth, root) {
+  [auth, root].forEach((program2) => {
+    program2.command("login").description("Authenticate with Axiom").option("--hostname <hostname>", "Axiom hostname (default: axiom.co)").action(async (options) => {
+      try {
+        await loginCommand(options.hostname ?? BASE_HOSTNAME);
+      } catch (error) {
+        if (error instanceof AxiomCLIError) {
+          console.error(`
+\u274C Error: ${error.message}
+`);
+        } else {
+          console.error(`
+\u274C Unexpected error: ${error.message}
+`);
+        }
+        process.exit(1);
+      }
+    });
+  });
+}
+
+// src/cli/commands/auth-logout.command.ts
+async function logoutCommand(alias) {
+  const config = await loadGlobalConfig();
+  const profileToRemove = alias || config.active_profile;
+  if (!profileToRemove) {
+    throw new AxiomCLIError("No active profile. Use --alias to specify which profile to remove.");
+  }
+  if (!config.profiles[profileToRemove]) {
+    throw new AxiomCLIError(`Profile "${profileToRemove}" not found`);
+  }
+  delete config.profiles[profileToRemove];
+  if (config.active_profile === profileToRemove) {
+    const remainingProfiles = Object.keys(config.profiles);
+    config.active_profile = remainingProfiles.length > 0 ? remainingProfiles[0] : void 0;
+  }
+  await saveGlobalConfig(config);
+  console.log(`\u2713 Logged out from ${profileToRemove}`);
+  if (config.active_profile) {
+    console.log(`\u2713 Active profile is now: ${config.active_profile}`);
+  } else {
+    console.log('No active profiles remaining. Run "axiom auth login" to authenticate.');
+  }
+}
+function loadAuthLogoutCommand(auth, root) {
+  [auth, root].forEach((program2) => {
+    program2.command("logout").description("Remove authentication credentials").option("-a, --alias <alias>", "Profile alias to remove").action(async (options) => {
+      try {
+        await logoutCommand(options.alias);
+      } catch (error) {
+        if (error instanceof AxiomCLIError) {
+          console.error(`
+\u274C Error: ${error.message}
+`);
+        } else {
+          console.error(`
+\u274C Unexpected error: ${error.message}
+`);
+        }
+        process.exit(1);
+      }
+    });
+  });
+}
+
+// src/cli/commands/auth-status.command.ts
+async function statusCommand() {
+  const config = await loadGlobalConfig();
+  if (Object.keys(config.profiles).length === 0) {
+    console.log("No authenticated profiles found.");
+    console.log('Run "axiom auth login" to authenticate.');
+    return;
+  }
+  console.log("\nAuthentication Status:\n");
+  for (const [alias, profile] of Object.entries(config.profiles)) {
+    const isActive = config.active_profile === alias;
+    const marker = isActive ? "\u2192" : " ";
+    try {
+      const isValid = await verifyToken(profile.token, profile.org_id, profile.url);
+      const status = isValid ? "\u2713" : "\u2717";
+      const statusText = isValid ? "Valid" : "Invalid";
+      console.log(`${marker} ${status} ${alias}`);
+      console.log(`    URL: ${profile.url}`);
+      console.log(`    Org ID: ${profile.org_id}`);
+      console.log(`    Status: ${statusText}`);
+      if (isActive) {
+        console.log(`    (Active)`);
+      }
+      console.log();
+    } catch (error) {
+      console.log(`${marker} \u2717 ${alias}`);
+      console.log(`    URL: ${profile.url}`);
+      console.log(`    Org ID: ${profile.org_id}`);
+      console.log(`    Status: Error - ${error.message}`);
+      if (isActive) {
+        console.log(`    (Active)`);
+      }
+      console.log();
+    }
+  }
+  const activeProfile = getActiveProfile(config);
+  if (process.env.AXIOM_TOKEN) {
+    console.log("Note: Using AXIOM_TOKEN environment variable (overrides config file)\n");
+  } else if (activeProfile && config.active_profile) {
+    console.log(`Active profile: ${config.active_profile}
+`);
+  }
+}
+function loadAuthStatusCommand(program2) {
+  program2.command("status").description("Check authentication status for all profiles").action(async () => {
+    try {
+      await statusCommand();
+    } catch (error) {
+      if (error instanceof AxiomCLIError) {
+        console.error(`
+\u274C Error: ${error.message}
+`);
+      } else {
+        console.error(`
+\u274C Unexpected error: ${error.message}
+`);
+      }
+      process.exit(1);
+    }
+  });
+}
+
+// src/cli/commands/auth-switch.command.ts
+async function promptSelect2(message, choices) {
+  console.log(`
+${message}`);
+  choices.forEach((choice, index) => {
+    console.log(`  ${index + 1}. ${choice.name}`);
+  });
+  const readline = await import("readline");
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve3) => {
+    const askQuestion = () => {
+      rl.question(`
+Select (1-${choices.length}): `, (answer) => {
+        const index = parseInt(answer.trim(), 10) - 1;
+        if (index >= 0 && index < choices.length) {
+          rl.close();
+          resolve3(choices[index].value);
+        } else {
+          console.log("Invalid selection. Please try again.");
+          askQuestion();
+        }
+      });
+    };
+    askQuestion();
+  });
+}
+async function switchCommand(alias) {
+  const config = await loadGlobalConfig();
+  if (Object.keys(config.profiles).length === 0) {
+    throw new AxiomCLIError(
+      'No authenticated profiles found. Run "axiom auth login" to authenticate.'
+    );
+  }
+  let selectedAlias;
+  if (alias) {
+    if (!config.profiles[alias]) {
+      throw new AxiomCLIError(`Profile "${alias}" not found`);
+    }
+    selectedAlias = alias;
+  } else {
+    const profiles = Object.entries(config.profiles).map(([alias2, profile]) => ({
+      name: `${alias2} (${profile.url})`,
+      value: alias2
+    }));
+    if (profiles.length === 1) {
+      selectedAlias = profiles[0].value;
+      console.log(`\u2713 Using profile: ${selectedAlias}
+`);
+    } else {
+      selectedAlias = await promptSelect2("Select a profile to switch to:", profiles);
+    }
+  }
+  if (config.active_profile === selectedAlias) {
+    console.log(`\u2713 Profile "${selectedAlias}" is already active
+`);
+    return;
+  }
+  config.active_profile = selectedAlias;
+  await saveGlobalConfig(config);
+  console.log(`\u2713 Switched to profile: ${selectedAlias}
+`);
+}
+function loadAuthSwitchCommand(program2) {
+  program2.command("switch").description("Switch to a different profile").argument("[alias]", "Profile alias to switch to").action(async (alias) => {
+    try {
+      await switchCommand(alias);
+    } catch (error) {
+      if (error instanceof AxiomCLIError) {
+        console.error(`
+\u274C Error: ${error.message}
+`);
+      } else {
+        console.error(`
+\u274C Unexpected error: ${error.message}
+`);
+      }
+      process.exit(1);
+    }
+  });
+}
+
+// src/cli/commands/auth.command.ts
+function loadAuthCommand(program2) {
+  const auth = program2.command("auth").description("Manage authentication with Axiom");
+  loadAuthLoginCommand(auth, program2);
+  loadAuthLogoutCommand(auth, program2);
+  loadAuthStatusCommand(auth);
+  loadAuthSwitchCommand(auth);
+}
+
 // src/cli/utils/parse-flag-overrides.ts
 var import_zod5 = require("zod");
-var import_node_fs2 = require("fs");
-var import_node_path4 = require("path");
+var import_node_fs3 = require("fs");
+var import_node_path3 = require("path");
 var FLAG_RE = /^--flag\.([^=]+)(?:=(.*))?$/;
 var CONFIG_RE = /^--flags-config(?:=(.*))?$/;
 function ensureNoSpaceSeparatedSyntax(flagName, value, nextToken, flagType) {
@@ -2308,10 +2710,10 @@ function coerceValue(raw) {
     return raw;
   }
 }
-function loadConfigFile(path4) {
-  const abs = (0, import_node_path4.resolve)(process.cwd(), path4);
+function loadConfigFile(path3) {
+  const abs = (0, import_node_path3.resolve)(process.cwd(), path3);
   try {
-    const contents = (0, import_node_fs2.readFileSync)(abs, "utf8");
+    const contents = (0, import_node_fs3.readFileSync)(abs, "utf8");
     const parsed = JSON.parse(contents);
     if (typeof parsed !== "object" || Array.isArray(parsed) || parsed === null) {
       console.error(
@@ -2321,7 +2723,7 @@ function loadConfigFile(path4) {
     }
     return parsed;
   } catch (err) {
-    console.error(`\u274C Could not read or parse flags config "${path4}": ${err.message}`);
+    console.error(`\u274C Could not read or parse flags config "${path3}": ${err.message}`);
     process.exit(1);
   }
 }
@@ -2380,11 +2782,11 @@ function extractOverrides(argv) {
 var import_env = __toESM(require("@next/env"), 1);
 
 // src/cli/commands/version.command.ts
-var import_commander4 = require("commander");
+var import_commander2 = require("commander");
 var loadVersionCommand = (program2) => {
   return program2.addCommand(
-    new import_commander4.Command("version").description("cli version").action(() => {
-      console.log("0.25.0");
+    new import_commander2.Command("version").description("cli version").action(() => {
+      console.log("0.27.0");
     })
   );
 };
@@ -2393,10 +2795,31 @@ var loadVersionCommand = (program2) => {
 var { loadEnvConfig } = import_env.default;
 loadEnvConfig(process.cwd());
 var { cleanedArgv, overrides } = extractOverrides(process.argv.slice(2));
-var program = new import_commander5.Command();
-program.name("axiom").description("Axiom's CLI to manage your objects and run evals").version("0.25.0");
-loadPushCommand(program);
-loadPullCommand(program);
+var program = new import_commander3.Command();
+program.name("axiom").description("Axiom's CLI to manage your objects and run evals").version("0.27.0");
+program.hook("preAction", async (_, actionCommand) => {
+  const commandName = actionCommand.name();
+  const parentCommand = actionCommand.parent;
+  const parentName = parentCommand?.name();
+  if (commandName === "auth" || parentName === "auth" || commandName === "version") {
+    return;
+  }
+  try {
+    await setupGlobalAuth();
+  } catch (error) {
+    if (error instanceof Error) {
+      console.error(`
+\u274C ${error.message}
+`);
+    } else {
+      console.error(`
+\u274C Unexpected error: ${String(error)}
+`);
+    }
+    process.exit(1);
+  }
+});
+loadAuthCommand(program);
 loadEvalCommand(program, overrides);
 loadVersionCommand(program);
 program.parse(["node", "axiom", ...cleanedArgv]);