azdo-cli 0.10.0-develop.394 → 0.10.0-develop.467

package/dist/index.js

@@ -6,15 +6,19 @@ import {
   SETTINGS,
   appendAuthAuditEvent,
   buildScopeString,
+  copyOrgScope,
   defaultScopes,
+  deleteOrgScope,
   deletePat,
   firstPartyShippedScopes,
   getConfigValue,
+  getOrgScopedValue,
   getPat,
   getStoredCredential,
   listOrgsWithStoredPat,
   loadConfig,
   maskedDisplay,
+  moveOrgScope,
   normalizePat,
   openUrl,
   probeBackend,
@@ -22,16 +26,19 @@ import {
   readTokenResponse,
   refreshIfNeeded,
   resolveOAuthConfig,
+  resolveScopedConfig,
   runAuthCodeFlow,
   setConfigValue,
+  setOrgScopedValue,
   storeOAuthCredential,
   storePat,
   tokenResponseToCredential,
-  unsetConfigValue
-} from "./chunk-C7RAZJHV.js";
+  unsetConfigValue,
+  unsetOrgScopedValue
+} from "./chunk-XVXMDWQE.js";
 
 // src/index.ts
-import { Command as Command15 } from "commander";
+import { Command as Command16 } from "commander";
 
 // src/version.ts
 import { readFileSync } from "fs";
@@ -245,28 +252,66 @@ async function fetchWorkItemResponse(context, id, cred, options = {}) {
   }
   return await response.json();
 }
-async function getWorkItem(context, id, cred, extraFields) {
-  const normalizedExtraFields = extraFields ? normalizeFieldList(extraFields) : [];
-  const data = normalizedExtraFields.length > 0 ? await fetchWorkItemResponse(context, id, cred, {
-    fields: normalizeFieldList([...DEFAULT_FIELDS, ...normalizedExtraFields])
-  }) : await fetchWorkItemResponse(context, id, cred, { includeRelations: true });
-  const relationsData = normalizedExtraFields.length > 0 ? await fetchWorkItemResponse(context, id, cred, { includeRelations: true }) : data;
-  const descriptionParts = [];
-  if (data.fields["System.Description"]) {
-    descriptionParts.push({ label: "Description", value: data.fields["System.Description"] });
+async function getOrgFieldNames(context, cred) {
+  const url = new URL(
+    `https://dev.azure.com/${encodeURIComponent(context.org)}/_apis/wit/fields`
+  );
+  url.searchParams.set("api-version", "7.1");
+  const response = await fetchWithErrors(url.toString(), { headers: authHeaders(cred) });
+  if (!response.ok) {
+    throw new Error(`HTTP_${response.status}`);
   }
-  if (data.fields["Microsoft.VSTS.Common.AcceptanceCriteria"]) {
-    descriptionParts.push({ label: "Acceptance Criteria", value: data.fields["Microsoft.VSTS.Common.AcceptanceCriteria"] });
+  const data = await response.json();
+  return (data.value ?? []).map((f) => f.referenceName);
+}
+function buildCombinedDescription(fields) {
+  const parts = [];
+  if (fields["System.Description"]) {
+    parts.push({ label: "Description", value: fields["System.Description"] });
   }
-  if (data.fields["Microsoft.VSTS.TCM.ReproSteps"]) {
-    descriptionParts.push({ label: "Repro Steps", value: data.fields["Microsoft.VSTS.TCM.ReproSteps"] });
+  if (fields["Microsoft.VSTS.Common.AcceptanceCriteria"]) {
+    parts.push({ label: "Acceptance Criteria", value: fields["Microsoft.VSTS.Common.AcceptanceCriteria"] });
+  }
+  if (fields["Microsoft.VSTS.TCM.ReproSteps"]) {
+    parts.push({ label: "Repro Steps", value: fields["Microsoft.VSTS.TCM.ReproSteps"] });
+  }
+  if (parts.length === 0) return null;
+  if (parts.length === 1) return parts[0].value;
+  return parts.map((p) => `<h3>${p.label}</h3>${p.value}`).join("");
+}
+async function fetchWorkItemWithFallback(context, id, cred, normalizedExtraFields) {
+  try {
+    const data = await fetchWorkItemResponse(context, id, cred, {
+      fields: normalizeFieldList([...DEFAULT_FIELDS, ...normalizedExtraFields])
+    });
+    return { data, effectiveExtraFields: normalizedExtraFields };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (!msg.includes("TF51535")) throw err;
+    const orgFieldNames = await getOrgFieldNames(context, cred);
+    const orgFieldsLower = new Set(orgFieldNames.map((n) => n.toLowerCase()));
+    const missing = normalizedExtraFields.filter((f) => !orgFieldsLower.has(f.toLowerCase()));
+    const effectiveExtraFields = normalizedExtraFields.filter((f) => orgFieldsLower.has(f.toLowerCase()));
+    for (const f of missing) {
+      process.stderr.write(`azdo: warning: field '${f}' does not exist in organization '${context.org}' and was skipped
+`);
+    }
+    const data = await fetchWorkItemResponse(context, id, cred, {
+      fields: normalizeFieldList([...DEFAULT_FIELDS, ...effectiveExtraFields])
+    });
+    return { data, effectiveExtraFields };
   }
-  let combinedDescription = null;
-  if (descriptionParts.length === 1) {
-    combinedDescription = descriptionParts.at(0)?.value ?? null;
-  } else if (descriptionParts.length > 1) {
-    combinedDescription = descriptionParts.map((p) => `<h3>${p.label}</h3>${p.value}`).join("");
+}
+async function getWorkItem(context, id, cred, extraFields) {
+  const normalizedExtraFields = extraFields ? normalizeFieldList(extraFields) : [];
+  let effectiveExtraFields = normalizedExtraFields;
+  let data;
+  if (normalizedExtraFields.length > 0) {
+    ({ data, effectiveExtraFields } = await fetchWorkItemWithFallback(context, id, cred, normalizedExtraFields));
+  } else {
+    data = await fetchWorkItemResponse(context, id, cred, { includeRelations: true });
   }
+  const relationsData = normalizedExtraFields.length > 0 ? await fetchWorkItemResponse(context, id, cred, { includeRelations: true }) : data;
   return {
     id: data.id,
     rev: data.rev,
@@ -274,11 +319,11 @@ async function getWorkItem(context, id, cred, extraFields) {
     state: data.fields["System.State"],
     type: data.fields["System.WorkItemType"],
     assignedTo: data.fields["System.AssignedTo"]?.displayName ?? null,
-    description: combinedDescription,
+    description: buildCombinedDescription(data.fields),
     areaPath: data.fields["System.AreaPath"],
     iterationPath: data.fields["System.IterationPath"],
     url: data._links.html.href,
-    extraFields: normalizedExtraFields.length > 0 ? buildExtraFields(data.fields, normalizedExtraFields) : null,
+    extraFields: effectiveExtraFields.length > 0 ? buildExtraFields(data.fields, effectiveExtraFields) : null,
     attachments: extractAttachments(relationsData.relations)
   };
 }
@@ -479,13 +524,13 @@ async function classifyDeviceTokenResponse(response) {
 async function pollForDeviceToken(deviceCode, oauthConfig, initialIntervalSec, expiresAtMs, deps) {
   const fetchFn = deps.fetch ?? fetch;
   const now = deps.now ?? (() => Date.now());
-  const sleep = deps.sleep ?? defaultSleep;
+  const sleep2 = deps.sleep ?? defaultSleep;
   let intervalSec = Math.max(MIN_INTERVAL_SEC, initialIntervalSec);
   for (; ; ) {
     if (now() >= expiresAtMs) {
       throw new DeviceCodeFlowError("expired_token", "device-code flow expired before authorisation completed");
     }
-    await sleep(intervalSec * 1e3);
+    await sleep2(intervalSec * 1e3);
     const body = new URLSearchParams({
       grant_type: "urn:ietf:params:oauth:grant-type:device_code",
       client_id: oauthConfig.clientId,
@@ -765,23 +810,39 @@ async function status() {
 }
 
 // src/services/git-remote.ts
-import { execSync } from "child_process";
+import { execFileSync } from "child_process";
+import fs from "fs";
+import path from "path";
 
 // src/services/remote-warning.ts
-var WARNING = "azdo: warning: origin includes embedded credentials; consider removing them with 'git remote set-url origin <clean-url>'\n";
 var warned = false;
-function noticeCredentialBearingRemote() {
+function buildWarning(remoteName) {
+  return `azdo: warning: ${remoteName} includes embedded credentials; consider removing them with 'git remote set-url ${remoteName} <clean-url>'
+`;
+}
+function noticeCredentialBearingRemote(remoteName = "origin") {
   if (warned) {
     return;
   }
   warned = true;
   try {
-    process.stderr.write(WARNING);
+    process.stderr.write(buildWarning(remoteName));
   } catch {
   }
 }
 
 // src/services/git-remote.ts
+var GIT_BINARY = (() => {
+  const known = process.platform === "win32" ? [String.raw`C:\Program Files\Git\bin\git.exe`, String.raw`C:\Program Files (x86)\Git\bin\git.exe`] : ["/usr/bin/git", "/usr/local/bin/git", "/opt/homebrew/bin/git"];
+  return known.find((p) => {
+    try {
+      execFileSync(p, ["--version"], { stdio: "ignore" });
+      return true;
+    } catch {
+      return false;
+    }
+  }) ?? "git";
+})();
 var patterns = [
   // HTTPS (current): https://[user[:token]@]dev.azure.com/{org}/{project}/_git/{repo}[.git]
   /^https?:\/\/(?:[^@/]+@)?dev\.azure\.com\/([^/]+)\/([^/]+)\/_git\/([^/]+?)(?:\.git)?$/,
@@ -794,41 +855,137 @@ var patterns = [
   // SSH (legacy): {org}@vs-ssh.visualstudio.com:v3/{org}/{project}/{repo}[.git]
   /^[^@]+@vs-ssh\.visualstudio\.com:v3\/([^/]+)\/([^/]+)\/([^/]+?)(?:\.git)?$/
 ];
-var httpsUserinfo = /^https?:\/\/[^@/]+@/;
-function parseAzdoRemote(url) {
+var httpsEmbeddedSecret = /^https?:\/\/[^:@/]+:[^@/]+@/;
+function parseSingleRemoteLine(line) {
+  const trimmed = line.trim();
+  if (!trimmed) return null;
+  const tabIdx = trimmed.indexOf("	");
+  if (tabIdx === -1) return null;
+  const remoteName = trimmed.slice(0, tabIdx);
+  const afterTab = trimmed.slice(tabIdx + 1);
+  const urlEnd = afterTab.lastIndexOf(" (");
+  const url = urlEnd === -1 ? afterTab : afterTab.slice(0, urlEnd);
+  return { remoteName, url };
+}
+function matchAzdoRemote(remoteName, url) {
   for (const pattern of patterns) {
     const match = pattern.exec(url);
-    if (match) {
-      if (httpsUserinfo.test(url)) {
-        noticeCredentialBearingRemote();
+    if (!match) continue;
+    const project = match[2];
+    if (/^DefaultCollection$/i.test(project)) return null;
+    return { remoteName, org: match[1], project, hasEmbeddedSecret: httpsEmbeddedSecret.test(url) };
+  }
+  return null;
+}
+function parseAllAzdoRemotes(output) {
+  const seen = /* @__PURE__ */ new Set();
+  const results = [];
+  for (const line of output.split("\n")) {
+    const parsed = parseSingleRemoteLine(line);
+    if (!parsed) continue;
+    const { remoteName, url } = parsed;
+    if (seen.has(remoteName)) continue;
+    const candidate = matchAzdoRemote(remoteName, url);
+    if (candidate) {
+      seen.add(remoteName);
+      results.push(candidate);
+    }
+  }
+  return results;
+}
+function selectRemote(candidates) {
+  if (candidates.length === 0) {
+    throw new Error("No Azure DevOps remote found. Provide --org and --project explicitly.");
+  }
+  const origin = candidates.find((c) => c.remoteName === "origin");
+  if (origin) return origin;
+  if (candidates.length === 1) return candidates[0];
+  const first = candidates[0];
+  const allSame = candidates.every(
+    (c) => c.org.toLowerCase() === first.org.toLowerCase() && c.project.toLowerCase() === first.project.toLowerCase()
+  );
+  if (allSame) return first;
+  const lines = candidates.map((c) => `  ${c.remoteName.padEnd(8)} \u2192 ${c.org}/${c.project}`).join("\n");
+  throw new Error(
+    `Multiple Azure DevOps remotes found with different org/project:
+${lines}
+Use --org/--project (or 'git remote rename <name> origin') to disambiguate.`
+  );
+}
+function readGitConfigContent() {
+  const gitDirEnv = process.env.GIT_DIR;
+  if (gitDirEnv) {
+    return fs.readFileSync(path.join(gitDirEnv, "config"), "utf-8");
+  }
+  let dir = process.cwd();
+  for (; ; ) {
+    const gitPath = path.join(dir, ".git");
+    try {
+      const stat = fs.statSync(gitPath);
+      if (stat.isDirectory()) {
+        return fs.readFileSync(path.join(gitPath, "config"), "utf-8");
       }
-      const project = match[2];
-      if (/^DefaultCollection$/i.test(project)) {
-        return { org: match[1], project: "" };
+      if (stat.isFile()) {
+        const ref = fs.readFileSync(gitPath, "utf-8");
+        const m = /^gitdir:[ \t]*([^\r\n]+)/m.exec(ref);
+        if (m) {
+          return fs.readFileSync(path.join(path.resolve(dir, m[1].trim()), "config"), "utf-8");
+        }
+      }
+    } catch {
+    }
+    const parent = path.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  throw new Error("Not in a git repository. Provide --org and --project explicitly.");
+}
+function gitConfigToRemoteLines(configContent) {
+  const lines = [];
+  let currentRemote = null;
+  let emittedUrl = false;
+  for (const line of configContent.split("\n")) {
+    const sectionMatch = /^\[remote\s+"([^"]+)"\]/.exec(line);
+    if (sectionMatch) {
+      currentRemote = sectionMatch[1];
+      emittedUrl = false;
+      continue;
+    }
+    if (line.startsWith("[")) {
+      currentRemote = null;
+      emittedUrl = false;
+      continue;
+    }
+    if (currentRemote && !emittedUrl) {
+      const urlMatch = /^[ \t]+url[ \t]*=[ \t]*([^\r\n]+)/.exec(line);
+      if (urlMatch) {
+        lines.push(`${currentRemote}	${urlMatch[1].trim()} (fetch)`);
+        emittedUrl = true;
       }
-      return { org: match[1], project };
     }
   }
-  return null;
+  return lines.join("\n");
 }
 function detectAzdoContext() {
-  let remoteUrl;
+  let configContent;
   try {
-    remoteUrl = execSync("git remote get-url origin", { encoding: "utf-8" }).trim();
+    configContent = readGitConfigContent();
   } catch {
     throw new Error("Not in a git repository. Provide --org and --project explicitly.");
   }
-  const context = parseAzdoRemote(remoteUrl);
-  if (!context || !context.org && !context.project) {
-    throw new Error('Git remote "origin" is not an Azure DevOps URL. Provide --org and --project explicitly.');
+  const remoteLines = gitConfigToRemoteLines(configContent);
+  const candidates = parseAllAzdoRemotes(remoteLines);
+  const selected = selectRemote(candidates);
+  if (selected.hasEmbeddedSecret) {
+    noticeCredentialBearingRemote(selected.remoteName);
   }
-  return context;
+  return { org: selected.org, project: selected.project };
 }
 function parseRepoName(url) {
   for (const pattern of patterns) {
     const match = pattern.exec(url);
     if (match) {
-      if (httpsUserinfo.test(url)) {
+      if (httpsEmbeddedSecret.test(url)) {
         noticeCredentialBearingRemote();
       }
       return match[3];
@@ -839,7 +996,7 @@ function parseRepoName(url) {
 function detectRepoName() {
   let remoteUrl;
   try {
-    remoteUrl = execSync("git remote get-url origin", { encoding: "utf-8" }).trim();
+    remoteUrl = execFileSync(GIT_BINARY, ["remote", "get-url", "origin"], { encoding: "utf-8", stdio: ["ignore", "pipe", "ignore"] }).trim();
   } catch {
     throw new Error('Not in a git repository. Check that git remote "origin" exists and try again.');
   }
@@ -850,7 +1007,7 @@ function detectRepoName() {
   return repo;
 }
 function getCurrentBranch() {
-  const branch = execSync("git rev-parse --abbrev-ref HEAD", { encoding: "utf-8" }).trim();
+  const branch = execFileSync(GIT_BINARY, ["rev-parse", "--abbrev-ref", "HEAD"], { encoding: "utf-8", stdio: ["ignore", "pipe", "ignore"] }).trim();
   if (branch === "HEAD") {
     throw new Error("Not on a named branch. Check out a named branch and try again.");
   }
@@ -886,7 +1043,7 @@ function formatResolutionError() {
   return [
     "Could not resolve an Azure DevOps organization. Options (in priority order):",
     "  1. Pass --org <name> on the command line.",
-    "  2. Run this command from a git repo whose origin remote is an Azure DevOps URL.",
+    "  2. Run this command from a git repo that has an Azure DevOps remote.",
     "  3. Run `azdo config set org <name>` once to set a persistent default."
   ].join("\n");
 }
@@ -899,9 +1056,9 @@ function resolveContext(options) {
     gitContext = detectAzdoContext();
   } catch {
   }
-  const config = loadConfig();
   const org = resolvedOrg?.org;
-  const project = options.project || (gitContext?.project && gitContext.project.length > 0 ? gitContext.project : void 0) || config.project;
+  const scopedCfg = resolveScopedConfig(org);
+  const project = options.project || (gitContext?.project && gitContext.project.length > 0 ? gitContext.project : void 0) || scopedCfg.project;
   if (org && project) {
     return { org, project };
   }
@@ -1354,9 +1511,10 @@ function createGetItemCommand() {
       try {
         context = resolveContext(options);
         const credential = await requireAuthCredential(context.org);
-        const fieldsList = options.fields === void 0 ? parseRequestedFields(loadConfig().fields) : parseRequestedFields(options.fields);
+        const scopedCfg = resolveScopedConfig(context.org);
+        const fieldsList = options.fields === void 0 ? parseRequestedFields(scopedCfg.fields) : parseRequestedFields(options.fields);
         const workItem = await getWorkItem(context, id, credential, fieldsList);
-        const markdownEnabled = options.markdown ?? loadConfig().markdown ?? false;
+        const markdownEnabled = options.markdown ?? scopedCfg.markdown ?? false;
         const output = formatWorkItem(workItem, options.short ?? false, markdownEnabled);
         process.stdout.write(output + "\n");
         if (imageOptions.enabled) {
@@ -1836,18 +1994,47 @@ function formatConfigValue(value, unsetFallback = "") {
   }
   return Array.isArray(value) ? value.join(",") : value;
 }
+function buildConfigListEntries(cfg) {
+  const entries = SETTINGS.map((s) => ({
+    scope: "default",
+    key: s.key,
+    value: cfg[s.key]
+  }));
+  for (const [orgName, scope] of Object.entries(cfg.organizations ?? {})) {
+    for (const [k, v] of Object.entries(scope)) {
+      entries.push({ scope: orgName, key: k, value: v });
+    }
+  }
+  return entries;
+}
 function writeConfigList(cfg) {
   const keyWidth = 10;
   const valueWidth = 30;
+  const scopeWidth = 12;
+  process.stdout.write(
+    `${"scope".padEnd(scopeWidth)}${"key".padEnd(keyWidth)}${"value".padEnd(valueWidth)}description
+`
+  );
   for (const setting of SETTINGS) {
     const raw = cfg[setting.key];
     const value = formatConfigValue(raw, "(not set)");
     const marker = raw === void 0 && setting.required ? " *" : "";
     process.stdout.write(
-      `${setting.key.padEnd(keyWidth)}${String(value).padEnd(valueWidth)}${setting.description}${marker}
+      `${"default".padEnd(scopeWidth)}${setting.key.padEnd(keyWidth)}${String(value).padEnd(valueWidth)}${setting.description}${marker}
 `
     );
   }
+  for (const [orgName, scope] of Object.entries(cfg.organizations ?? {})) {
+    const orgScope = scope;
+    const scopedSettings = Object.entries(orgScope);
+    for (const [k, v] of scopedSettings) {
+      const value = formatConfigValue(v, "(not set)");
+      process.stdout.write(
+        `${orgName.padEnd(scopeWidth)}${k.padEnd(keyWidth)}${String(value).padEnd(valueWidth)}
+`
+      );
+    }
+  }
   const hasUnset = SETTINGS.some((s) => s.required && cfg[s.key] === void 0);
   if (hasUnset) {
     process.stdout.write(
@@ -1891,17 +2078,22 @@ function createConfigCommand() {
   const config = new Command4("config");
   config.description("Manage CLI settings");
   const set = new Command4("set");
-  set.description("Set a configuration value").argument("<key>", "setting key (org, project, fields)").argument("<value>", "setting value").option("--json", "output in JSON format").action((key, value, options) => {
+  set.description("Set a configuration value").argument("<key>", "setting key (org, project, fields, markdown)").argument("<value>", "setting value").option("--org <org>", "set value in an org-scoped configuration").option("--json", "output in JSON format").action((key, value, options) => {
     try {
-      setConfigValue(key, value);
+      if (options.org) {
+        setOrgScopedValue(options.org, key, value);
+      } else {
+        setConfigValue(key, value);
+      }
       if (options.json) {
-        const output = { key, value };
+        const output = { key, value, scope: options.org ?? "default" };
         if (key === "fields") {
           output.value = value.split(",").map((s) => s.trim());
         }
         process.stdout.write(JSON.stringify(output) + "\n");
       } else {
-        process.stdout.write(`Set "${key}" to "${value}"
+        const scopeTag = options.org ? ` (org: ${options.org})` : "";
+        process.stdout.write(`Set "${key}" to "${value}"${scopeTag}
 `);
       }
     } catch (err) {
@@ -1912,12 +2104,12 @@ function createConfigCommand() {
     }
   });
   const get = new Command4("get");
-  get.description("Get a configuration value").argument("<key>", "setting key (org, project, fields)").option("--json", "output in JSON format").action((key, options) => {
+  get.description("Get a configuration value").argument("<key>", "setting key (org, project, fields, markdown)").option("--org <org>", "read from an org-scoped configuration").option("--json", "output in JSON format").action((key, options) => {
     try {
-      const value = getConfigValue(key);
+      const value = options.org ? getOrgScopedValue(options.org, key) : getConfigValue(key);
       if (options.json) {
         process.stdout.write(
-          JSON.stringify({ key, value: value ?? null }) + "\n"
+          JSON.stringify({ key, value: value ?? null, scope: options.org ?? "default" }) + "\n"
         );
       } else if (value === void 0) {
         process.stdout.write(`Setting "${key}" is not configured.
@@ -1925,7 +2117,7 @@ function createConfigCommand() {
       } else if (Array.isArray(value)) {
         process.stdout.write(value.join(",") + "\n");
       } else {
-        process.stdout.write(value + "\n");
+        process.stdout.write(String(value) + "\n");
       }
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
@@ -1938,19 +2130,25 @@ function createConfigCommand() {
   list.description("List all configuration values").option("--json", "output in JSON format").action((options) => {
     const cfg = loadConfig();
     if (options.json) {
-      process.stdout.write(JSON.stringify(cfg) + "\n");
+      const entries = buildConfigListEntries(cfg);
+      process.stdout.write(JSON.stringify(entries) + "\n");
       return;
     }
     writeConfigList(cfg);
   });
   const unset = new Command4("unset");
-  unset.description("Remove a configuration value").argument("<key>", "setting key (org, project, fields)").option("--json", "output in JSON format").action((key, options) => {
+  unset.description("Remove a configuration value").argument("<key>", "setting key (org, project, fields, markdown)").option("--org <org>", "remove from an org-scoped configuration").option("--json", "output in JSON format").action((key, options) => {
     try {
-      unsetConfigValue(key);
+      if (options.org) {
+        unsetOrgScopedValue(options.org, key);
+      } else {
+        unsetConfigValue(key);
+      }
       if (options.json) {
-        process.stdout.write(JSON.stringify({ key, unset: true }) + "\n");
+        process.stdout.write(JSON.stringify({ key, unset: true, scope: options.org ?? "default" }) + "\n");
       } else {
-        process.stdout.write(`Unset "${key}"
+        const scopeTag = options.org ? ` (org: ${options.org})` : "";
+        process.stdout.write(`Unset "${key}"${scopeTag}
 `);
       }
     } catch (err) {
@@ -1982,10 +2180,52 @@ function createConfigCommand() {
     rl.close();
     process.stderr.write("Configuration complete!\n");
   });
+  const orgCopy = new Command4("org-copy");
+  orgCopy.description('Copy settings from one scope to another (use "default" as source to copy top-level settings)').argument("<from>", 'source scope name or "default"').argument("<to>", "destination org name").option("--force", "overwrite existing values on collision").action((from, to, options) => {
+    try {
+      copyOrgScope(from, to, options.force ?? false);
+      process.stdout.write(`Copied scope "${from}" to "${to}"
+`);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      process.stderr.write(`Error: ${message}
+`);
+      process.exit(1);
+    }
+  });
+  const orgMove = new Command4("org-move");
+  orgMove.description("Move settings from one org scope to another").argument("<from>", "source org name").argument("<to>", "destination org name").option("--force", "overwrite existing values on collision").action((from, to, options) => {
+    try {
+      moveOrgScope(from, to, options.force ?? false);
+      process.stdout.write(`Moved scope "${from}" to "${to}"
+`);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      process.stderr.write(`Error: ${message}
+`);
+      process.exit(1);
+    }
+  });
+  const orgDelete = new Command4("org-delete");
+  orgDelete.description("Delete an org-scoped configuration").argument("<name>", "org name").action((name) => {
+    try {
+      deleteOrgScope(name);
+      process.stdout.write(`Deleted scope "${name}"
+`);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      process.stderr.write(`Error: ${message}
+`);
+      process.exit(1);
+    }
+  });
   config.addCommand(set);
   config.addCommand(get);
   config.addCommand(list);
   config.addCommand(unset);
+  config.addCommand(orgCopy);
+  config.addCommand(orgMove);
+  config.addCommand(orgDelete);
   config.addCommand(wizard);
   return config;
 }
@@ -3368,10 +3608,922 @@ function createPrCommand() {
   return command;
 }
 
-// src/commands/comments.ts
+// src/commands/pipeline.ts
 import { Command as Command13 } from "commander";
+
+// src/services/pipeline-client.ts
+var API_VERSION = "7.1";
+function orgProjectBase(context) {
+  return `https://dev.azure.com/${encodeURIComponent(context.org)}/${encodeURIComponent(context.project)}`;
+}
+function withApiVersion(url) {
+  url.searchParams.set("api-version", API_VERSION);
+  return url;
+}
+async function readJsonResponse2(response) {
+  if (!response.ok) {
+    throw new Error(`HTTP_${response.status}`);
+  }
+  return await response.json();
+}
+function mapPipeline(pipeline) {
+  return {
+    id: pipeline.id,
+    name: pipeline.name,
+    folder: pipeline.folder?.trim() ? pipeline.folder : null
+  };
+}
+function mapRunState(state) {
+  if (state === "inProgress" || state === "completed") {
+    return state;
+  }
+  return "unknown";
+}
+function mapRunResult(result) {
+  if (result === "succeeded" || result === "failed" || result === "canceled") {
+    return result;
+  }
+  if (result === "partiallySucceeded") {
+    return "failed";
+  }
+  return null;
+}
+function mapBuildState(status2) {
+  if (status2 === "completed") return "completed";
+  if (status2 === void 0 || status2 === "none") return "unknown";
+  return "inProgress";
+}
+function mapBuildSummary(build) {
+  return {
+    id: build.id,
+    name: build.buildNumber ?? null,
+    state: mapBuildState(build.status),
+    result: mapRunResult(build.result),
+    createdDate: build.queueTime ?? build.startTime ?? null,
+    finishedDate: build.finishTime ?? null,
+    sourceBranch: build.sourceBranch ?? null,
+    sourceCommit: build.sourceVersion ?? null
+  };
+}
+function normalizeRef(branch) {
+  return branch.startsWith("refs/") ? branch : `refs/heads/${branch}`;
+}
+async function getPipelineDefinitions(context, cred) {
+  const url = withApiVersion(new URL(`${orgProjectBase(context)}/_apis/pipelines`));
+  const response = await fetchWithErrors(url.toString(), { headers: authHeaders(cred) });
+  const data = await readJsonResponse2(response);
+  return data.value.map(mapPipeline);
+}
+var COMMIT_LOOKBACK = 200;
+async function getPipelineRuns(context, cred, query) {
+  const url = withApiVersion(new URL(`${orgProjectBase(context)}/_apis/build/builds`));
+  if (query.definitionId !== void 0) {
+    url.searchParams.set("definitions", String(query.definitionId));
+  }
+  if (query.prNumber !== void 0) {
+    url.searchParams.set("branchName", `refs/pull/${query.prNumber}/merge`);
+  } else if (query.branch) {
+    url.searchParams.set("branchName", normalizeRef(query.branch));
+  }
+  url.searchParams.set("queryOrder", "queueTimeDescending");
+  url.searchParams.set("$top", String(query.commit ? COMMIT_LOOKBACK : query.top));
+  const response = await fetchWithErrors(url.toString(), { headers: authHeaders(cred) });
+  const data = await readJsonResponse2(response);
+  let runs = data.value.map(mapBuildSummary);
+  if (query.commit) {
+    const needle = query.commit.toLowerCase();
+    runs = runs.filter((run) => run.sourceCommit?.toLowerCase().startsWith(needle));
+  }
+  return runs.slice(0, query.top);
+}
+async function runPipeline(context, cred, pipelineId, opts) {
+  const url = withApiVersion(
+    new URL(`${orgProjectBase(context)}/_apis/pipelines/${pipelineId}/runs`)
+  );
+  const body = {};
+  if (opts.branch) {
+    const refName = opts.branch.startsWith("refs/") ? opts.branch : `refs/heads/${opts.branch}`;
+    body.resources = { repositories: { self: { refName } } };
+  }
+  if (opts.parameters && Object.keys(opts.parameters).length > 0) {
+    body.templateParameters = opts.parameters;
+  }
+  const response = await fetchWithErrors(url.toString(), {
+    method: "POST",
+    headers: { ...authHeaders(cred), "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  const data = await readJsonResponse2(response);
+  return {
+    id: data.id,
+    state: mapRunState(data.state),
+    webUrl: data._links?.web?.href ?? null
+  };
+}
+function buildUrl(context, buildId) {
+  return withApiVersion(new URL(`${orgProjectBase(context)}/_apis/build/builds/${buildId}`));
+}
+async function getBuild(context, cred, buildId) {
+  const response = await fetchWithErrors(buildUrl(context, buildId).toString(), {
+    headers: authHeaders(cred)
+  });
+  return readJsonResponse2(response);
+}
+async function getBuildStatus(context, cred, buildId) {
+  const build = await getBuild(context, cred, buildId);
+  return { state: mapBuildState(build.status), result: mapRunResult(build.result) };
+}
+async function getBuildTimeline(context, cred, buildId) {
+  const url = withApiVersion(
+    new URL(`${orgProjectBase(context)}/_apis/build/builds/${buildId}/timeline`)
+  );
+  const response = await fetchWithErrors(url.toString(), { headers: authHeaders(cred) });
+  const data = await readJsonResponse2(response);
+  const records = data.records ?? [];
+  const errors = [];
+  const stages = [];
+  const jobs = [];
+  const logSteps = /* @__PURE__ */ new Map();
+  for (const record of records) {
+    for (const issue of record.issues ?? []) {
+      if (issue.type === "error" && issue.message) {
+        errors.push({ message: issue.message, source: record.name ?? null });
+      }
+    }
+    if (record.name && record.log?.id !== void 0) {
+      logSteps.set(record.log.id, record.name);
+    }
+    if (!record.name) continue;
+    const status2 = {
+      name: record.name,
+      state: record.state ?? "unknown",
+      result: record.result ?? null
+    };
+    if (record.type === "Stage") {
+      stages.push(status2);
+    } else if (record.type === "Job") {
+      jobs.push({ startTime: record.startTime, status: status2 });
+    }
+  }
+  jobs.sort((a, b) => {
+    if (a.startTime === b.startTime) return 0;
+    if (a.startTime === void 0) return 1;
+    if (b.startTime === void 0) return -1;
+    return a.startTime < b.startTime ? -1 : 1;
+  });
+  return { errors, stages, jobs: jobs.map((j) => j.status), logSteps };
+}
+async function listTestRuns(context, cred, buildId) {
+  const url = withApiVersion(new URL(`${orgProjectBase(context)}/_apis/test/runs`));
+  url.searchParams.set("buildUri", `vstfs:///Build/Build/${buildId}`);
+  const response = await fetchWithErrors(url.toString(), { headers: authHeaders(cred) });
+  const data = await readJsonResponse2(response);
+  return data.value;
+}
+async function getTestSummary(context, cred, buildId) {
+  const testRuns = await listTestRuns(context, cred, buildId);
+  let total = 0;
+  let failed = 0;
+  for (const run of testRuns) {
+    const runTotal = run.totalTests ?? 0;
+    total += runTotal;
+    const passedOrSkipped = (run.passedTests ?? 0) + (run.notApplicableTests ?? 0) + (run.incompleteTests ?? 0);
+    failed += Math.max(0, runTotal - passedOrSkipped);
+  }
+  if (total === 0) {
+    return { present: false, total: 0, failed: 0, failedTests: [] };
+  }
+  return { present: true, total, failed, failedTests: [] };
+}
+var MAX_FAILED_TESTS = 50;
+async function getFailedTests(context, cred, buildId) {
+  const testRuns = await listTestRuns(context, cred, buildId);
+  const failed = [];
+  for (const testRun of testRuns) {
+    if (failed.length >= MAX_FAILED_TESTS) break;
+    const resultsUrl = withApiVersion(
+      new URL(`${orgProjectBase(context)}/_apis/test/runs/${testRun.id}/results`)
+    );
+    resultsUrl.searchParams.set("outcomes", "Failed");
+    resultsUrl.searchParams.set("$top", String(MAX_FAILED_TESTS - failed.length));
+    const resultsResponse = await fetchWithErrors(resultsUrl.toString(), {
+      headers: authHeaders(cred)
+    });
+    const resultsData = await readJsonResponse2(resultsResponse);
+    for (const result of resultsData.value) {
+      failed.push({
+        name: result.testCaseTitle ?? result.automatedTestName ?? "(unnamed test)",
+        errorMessage: result.errorMessage ?? null
+      });
+    }
+  }
+  return failed;
+}
+function secondsBetween(start, finish) {
+  if (!start || !finish) return null;
+  const ms = Date.parse(finish) - Date.parse(start);
+  return Number.isFinite(ms) ? Math.round(ms / 1e3) : null;
+}
+async function getRunDetail(context, cred, buildId) {
+  const build = await getBuild(context, cred, buildId);
+  let errors = [];
+  let stages = [];
+  let jobs = [];
+  let errorsAvailable = true;
+  try {
+    const timeline = await getBuildTimeline(context, cred, buildId);
+    errors = timeline.errors;
+    stages = timeline.stages;
+    jobs = timeline.jobs;
+  } catch {
+    errorsAvailable = false;
+  }
+  let tests = { present: false, total: 0, failed: 0, failedTests: [] };
+  let testsAvailable = true;
+  try {
+    tests = await getTestSummary(context, cred, buildId);
+    if (tests.failed > 0) {
+      try {
+        tests = { ...tests, failedTests: await getFailedTests(context, cred, buildId) };
+      } catch {
+      }
+    }
+  } catch {
+    testsAvailable = false;
+  }
+  return {
+    id: build.id,
+    name: build.buildNumber ?? null,
+    state: mapBuildState(build.status),
+    result: mapRunResult(build.result),
+    // createdDate is the queue time, matching the run-list mapping.
+    createdDate: build.queueTime ?? build.startTime ?? null,
+    startedDate: build.startTime ?? null,
+    finishedDate: build.finishTime ?? null,
+    durationSeconds: secondsBetween(build.startTime, build.finishTime),
+    reason: build.reason ?? null,
+    requestedFor: build.requestedFor?.displayName ?? null,
+    sourceBranch: build.sourceBranch ?? null,
+    sourceCommit: build.sourceVersion ?? null,
+    webUrl: build._links?.web?.href ?? null,
+    errors,
+    errorsAvailable,
+    stages,
+    jobs,
+    tests,
+    testsAvailable
+  };
+}
+async function getRunLogs(context, cred, buildId) {
+  const url = withApiVersion(
+    new URL(`${orgProjectBase(context)}/_apis/build/builds/${buildId}/logs`)
+  );
+  const response = await fetchWithErrors(url.toString(), { headers: authHeaders(cred) });
+  const data = await readJsonResponse2(response);
+  let logSteps = /* @__PURE__ */ new Map();
+  try {
+    logSteps = (await getBuildTimeline(context, cred, buildId)).logSteps;
+  } catch {
+  }
+  return data.value.map((log) => ({
+    id: log.id,
+    createdOn: log.createdOn ?? null,
+    lineCount: log.lineCount ?? null,
+    step: logSteps.get(log.id) ?? null
+  }));
+}
+async function getRunLog(context, cred, buildId, logId) {
+  const url = withApiVersion(
+    new URL(`${orgProjectBase(context)}/_apis/build/builds/${buildId}/logs/${logId}`)
+  );
+  const response = await fetchWithErrors(url.toString(), { headers: authHeaders(cred) });
+  if (!response.ok) {
+    throw new Error(`HTTP_${response.status}`);
+  }
+  return response.text();
+}
+
+// src/commands/pipeline.ts
+var EXIT_FAILED = 1;
+var EXIT_CANCELED = 2;
+var EXIT_TIMEOUT = 124;
 function writeError2(message) {
   process.stderr.write(`Error: ${message}
+`);
+  process.exitCode = 1;
+}
+function handlePipelineError(err, context) {
+  const error = err instanceof Error ? err : new Error(String(err));
+  if (error.message === "AUTH_FAILED") {
+    writeError2('Authentication failed. Check that your credential is valid and has the "Build (Read)" scope.');
+    return;
+  }
+  if (error.message === "PERMISSION_DENIED") {
+    writeError2(`Access denied. Your credential may lack pipeline permissions for project "${context?.project}".`);
+    return;
+  }
+  if (error.message === "NETWORK_ERROR") {
+    writeError2("Could not connect to Azure DevOps. Check your network connection.");
+    return;
+  }
+  if (error.message.startsWith("NOT_FOUND")) {
+    writeError2(`Resource not found in ${context?.org}/${context?.project}.`);
+    return;
+  }
+  if (error.message.startsWith("HTTP_")) {
+    writeError2(`Azure DevOps request failed with ${error.message}.`);
+    return;
+  }
+  writeError2(error.message);
+}
+function parsePositiveId(raw) {
+  if (!/^\d+$/.test(raw)) return null;
+  const n = Number.parseInt(raw, 10);
+  return Number.isFinite(n) && n > 0 ? n : null;
+}
+function parseOptionalCount(value, flag) {
+  if (value === void 0) return void 0;
+  const parsed = parsePositiveId(value);
+  if (parsed === null) {
+    writeError2(`Invalid ${flag} "${value}"; expected a positive integer.`);
+    return null;
+  }
+  return parsed;
+}
+function formatBranchName2(refName) {
+  if (!refName) return "\u2014";
+  return refName.startsWith("refs/heads/") ? refName.slice("refs/heads/".length) : refName;
+}
+async function resolvePipelineContext(options) {
+  const context = resolveContext(options);
+  const cred = await requireAuthCredential(context.org);
+  return { context, cred };
+}
+function sleep(ms) {
+  return new Promise((resolve2) => {
+    setTimeout(resolve2, ms);
+  });
+}
+function formatTable(rows, rightAlign = /* @__PURE__ */ new Set()) {
+  const widths = [];
+  for (const row of rows) {
+    row.forEach((cell, i) => {
+      widths[i] = Math.max(widths[i] ?? 0, cell.length);
+    });
+  }
+  return rows.map(
+    (row) => row.map((cell, i) => rightAlign.has(i) ? cell.padStart(widths[i]) : cell.padEnd(widths[i])).join("  ").trimEnd()
+  ).join("\n");
+}
+function createPipelineListCommand() {
+  const command = new Command13("list");
+  command.description("List Azure DevOps pipeline definitions").option("--org <org>", "Azure DevOps organization").option("--project <project>", "Azure DevOps project").option("--filter <name>", "filter definitions by name (case-insensitive substring)").option("--json", "output JSON").action(async (options) => {
+    validateOrgProjectPair(options);
+    let context;
+    try {
+      const resolved = await resolvePipelineContext(options);
+      context = resolved.context;
+      let definitions = await getPipelineDefinitions(resolved.context, resolved.cred);
+      if (options.filter) {
+        const needle = options.filter.toLowerCase();
+        definitions = definitions.filter((d) => d.name.toLowerCase().includes(needle));
+      }
+      if (options.json) {
+        process.stdout.write(`${JSON.stringify(definitions, null, 2)}
+`);
+        return;
+      }
+      if (definitions.length === 0) {
+        process.stdout.write("No pipelines found.\n");
+        return;
+      }
+      const hasFolder = definitions.some((d) => d.folder);
+      const rows = definitions.map(
+        (d) => hasFolder ? [String(d.id), d.name, d.folder ?? ""] : [String(d.id), d.name]
+      );
+      process.stdout.write(`${formatTable(rows, /* @__PURE__ */ new Set([0]))}
+`);
+    } catch (err) {
+      handlePipelineError(err, context);
+    }
+  });
+  return command;
+}
+function runRow(run) {
+  const status2 = run.result ? `${run.state}/${run.result}` : run.state;
+  return [
+    String(run.id),
+    `[${status2}]`,
+    run.createdDate ?? "\u2014",
+    formatBranchName2(run.sourceBranch),
+    run.sourceCommit ? run.sourceCommit.slice(0, 8) : "\u2014"
+  ];
+}
+var COMMIT_SHA_PATTERN = /^[0-9a-f]{6,40}$/i;
+function parseGetRunsInputs(defIdRaw, options) {
+  let defId;
+  if (defIdRaw !== void 0) {
+    const parsed = parsePositiveId(defIdRaw);
+    if (parsed === null) {
+      writeError2(`Invalid definition id "${defIdRaw}"; expected a positive integer.`);
+      return null;
+    }
+    defId = parsed;
+  } else if (options.commit === void 0 && options.pr === void 0) {
+    writeError2("Definition id is required unless --commit or --pr is given.");
+    return null;
+  }
+  const limit = parseOptionalCount(options.limit, "--limit");
+  if (limit === null) return null;
+  const prNumber = parseOptionalCount(options.pr, "--pr");
+  if (prNumber === null) return null;
+  if (options.commit !== void 0 && !COMMIT_SHA_PATTERN.test(options.commit)) {
+    writeError2(`Invalid --commit "${options.commit}"; expected 6-40 hex characters.`);
+    return null;
+  }
+  if (options.branch !== void 0 && prNumber !== void 0) {
+    writeError2("Use either --branch or --pr, not both.");
+    return null;
+  }
+  return { defId, limit: limit ?? 10, prNumber };
+}
+function createPipelineGetRunsCommand() {
+  const command = new Command13("get-runs");
+  command.description("List recent runs for a pipeline definition (newest first)").argument("[def_id]", "pipeline definition id (optional with --commit or --pr)").option("--org <org>", "Azure DevOps organization").option("--project <project>", "Azure DevOps project").option("--limit <n>", "maximum number of runs to show (default 10)").option("--branch <branch>", "only show runs for this source branch").option("--commit <sha>", "only show runs that built this commit (full or abbreviated SHA)").option("--pr <number>", "only show runs for this pull request").option("--json", "output JSON").action(async (defIdRaw, options) => {
+    validateOrgProjectPair(options);
+    const inputs = parseGetRunsInputs(defIdRaw, options);
+    if (inputs === null) {
+      return;
+    }
+    let context;
+    try {
+      const resolved = await resolvePipelineContext(options);
+      context = resolved.context;
+      const runs = await getPipelineRuns(resolved.context, resolved.cred, {
+        definitionId: inputs.defId,
+        branch: options.branch,
+        prNumber: inputs.prNumber,
+        commit: options.commit,
+        top: inputs.limit
+      });
+      if (options.json) {
+        process.stdout.write(`${JSON.stringify(runs, null, 2)}
+`);
+        return;
+      }
+      if (runs.length === 0) {
+        process.stdout.write(
+          inputs.defId === void 0 ? "No runs found matching the filters.\n" : `No runs found for pipeline ${inputs.defId}.
+`
+        );
+        return;
+      }
+      process.stdout.write(`${formatTable(runs.map(runRow), /* @__PURE__ */ new Set([0]))}
+`);
+    } catch (err) {
+      handlePipelineError(err, context);
+    }
+  });
+  return command;
+}
+function applyWaitExitCode(result) {
+  if (result.timedOut) {
+    process.exitCode = EXIT_TIMEOUT;
+    return;
+  }
+  switch (result.result) {
+    case "succeeded":
+      return;
+    case "canceled":
+      process.exitCode = EXIT_CANCELED;
+      return;
+    case "failed":
+    default:
+      process.exitCode = EXIT_FAILED;
+  }
+}
+function createPipelineWaitCommand() {
+  const command = new Command13("wait");
+  command.description("Wait for a pipeline run to finish; exit code reflects the result (0 success, non-zero otherwise)").argument("<run_id>", "pipeline run id").option("--org <org>", "Azure DevOps organization").option("--project <project>", "Azure DevOps project").option("--timeout <seconds>", "maximum seconds to wait (default 1800)").option("--poll-interval <seconds>", "seconds between status checks (default 5)").option("--json", "output JSON").action(async (runIdRaw, options) => {
+    validateOrgProjectPair(options);
+    const runId = parsePositiveId(runIdRaw);
+    if (runId === null) {
+      writeError2(`Invalid run id "${runIdRaw}"; expected a positive integer.`);
+      return;
+    }
+    const timeoutSec = options.timeout === void 0 ? 1800 : Number(options.timeout);
+    const pollSec = options.pollInterval === void 0 ? 5 : Number(options.pollInterval);
+    if (!Number.isFinite(timeoutSec) || timeoutSec < 0) {
+      writeError2(`Invalid --timeout "${options.timeout}"; expected a non-negative number.`);
+      return;
+    }
+    if (!Number.isFinite(pollSec) || pollSec <= 0) {
+      writeError2(`Invalid --poll-interval "${options.pollInterval}"; expected a positive number.`);
+      return;
+    }
+    let context;
+    try {
+      const resolved = await resolvePipelineContext(options);
+      context = resolved.context;
+      const deadline = Date.now() + timeoutSec * 1e3;
+      let waitResult = null;
+      for (; ; ) {
+        const status2 = await getBuildStatus(resolved.context, resolved.cred, runId);
+        if (status2.state === "completed") {
+          waitResult = { id: runId, state: status2.state, result: status2.result, timedOut: false };
+          break;
+        }
+        if (Date.now() >= deadline) {
+          waitResult = { id: runId, state: status2.state, result: status2.result, timedOut: true };
+          break;
+        }
+        await sleep(pollSec * 1e3);
+      }
+      applyWaitExitCode(waitResult);
+      if (options.json) {
+        process.stdout.write(`${JSON.stringify(waitResult, null, 2)}
+`);
+        return;
+      }
+      if (waitResult.timedOut) {
+        process.stdout.write(`Run ${runId} did not finish within ${timeoutSec}s (still ${waitResult.state}).
+`);
+      } else {
+        process.stdout.write(`Run ${runId} finished: ${waitResult.result ?? waitResult.state}.
+`);
+      }
+    } catch (err) {
+      handlePipelineError(err, context);
+    }
+  });
+  return command;
+}
+function timelineRows(items, available) {
+  if (!available) {
+    return ["  unavailable"];
+  }
+  if (items.length === 0) {
+    return ["  (none)"];
+  }
+  return items.map((item) => `  - ${item.name} [${item.result ?? item.state}]`);
+}
+function formatDuration(totalSeconds) {
+  const h = Math.floor(totalSeconds / 3600);
+  const m = Math.floor(totalSeconds % 3600 / 60);
+  const s = totalSeconds % 60;
+  if (h > 0) return `${h}h${m}m${s}s`;
+  if (m > 0) return `${m}m${s}s`;
+  return `${s}s`;
+}
+function errorRows(detail) {
+  if (!detail.errorsAvailable) {
+    return ["  unavailable"];
+  }
+  if (detail.errors.length === 0) {
+    return ["  (none)"];
+  }
+  return detail.errors.map((error) => {
+    const source = error.source ? `[${error.source}] ` : "";
+    return `  - ${source}${error.message}`;
+  });
+}
+function failedTestRow(test) {
+  if (!test.errorMessage) {
+    return `  - ${test.name}`;
+  }
+  const firstLine = test.errorMessage.split("\n", 1)[0].trim();
+  return `  - ${test.name}: ${firstLine}`;
+}
+function testRows(detail) {
+  if (!detail.testsAvailable) {
+    return ["  unavailable"];
+  }
+  if (detail.tests.present) {
+    return [
+      `  ${detail.tests.failed} failing of ${detail.tests.total}`,
+      ...detail.tests.failedTests.map(failedTestRow)
+    ];
+  }
+  return ["  no tests present"];
+}
+function formatRunDetail(detail) {
+  const status2 = detail.result ? `${detail.state}/${detail.result}` : detail.state;
+  const name = detail.name ? ` ${detail.name}` : "";
+  const duration = detail.durationSeconds == null ? "\u2014" : formatDuration(detail.durationSeconds);
+  return [
+    `Run #${detail.id} [${status2}]${name}`,
+    `Queued: ${detail.createdDate ?? "\u2014"}    Started: ${detail.startedDate ?? "\u2014"}    Finished: ${detail.finishedDate ?? "\u2014"}`,
+    `Duration: ${duration}    Reason: ${detail.reason ?? "\u2014"}    Requested for: ${detail.requestedFor ?? "\u2014"}`,
+    `Branch: ${formatBranchName2(detail.sourceBranch)}    Commit: ${detail.sourceCommit ?? "unavailable"}`,
+    ...detail.webUrl ? [`Link: ${detail.webUrl}`] : [],
+    "",
+    "Stages:",
+    ...timelineRows(detail.stages, detail.errorsAvailable),
+    "",
+    "Jobs:",
+    ...timelineRows(detail.jobs, detail.errorsAvailable),
+    "",
+    "Errors:",
+    ...errorRows(detail),
+    "",
+    "Tests:",
+    ...testRows(detail)
+  ].join("\n");
+}
+function createPipelineGetRunDetailCommand() {
+  const command = new Command13("get-run-detail");
+  command.description("Show a detailed summary of a single pipeline run (errors, failing tests, stages)").argument("<run_id>", "pipeline run id").option("--org <org>", "Azure DevOps organization").option("--project <project>", "Azure DevOps project").option("--json", "output JSON").action(async (runIdRaw, options) => {
+    validateOrgProjectPair(options);
+    const runId = parsePositiveId(runIdRaw);
+    if (runId === null) {
+      writeError2(`Invalid run id "${runIdRaw}"; expected a positive integer.`);
+      return;
+    }
+    let context;
+    try {
+      const resolved = await resolvePipelineContext(options);
+      context = resolved.context;
+      const detail = await getRunDetail(resolved.context, resolved.cred, runId);
+      if (options.json) {
+        process.stdout.write(`${JSON.stringify(detail, null, 2)}
+`);
+        return;
+      }
+      process.stdout.write(`${formatRunDetail(detail)}
+`);
+    } catch (err) {
+      handlePipelineError(err, context);
+    }
+  });
+  return command;
+}
+function grepWithContext(lines, grep, context) {
+  const include = /* @__PURE__ */ new Set();
+  lines.forEach((line, i) => {
+    if (grep.test(line)) {
+      for (let j = Math.max(0, i - context); j <= Math.min(lines.length - 1, i + context); j++) {
+        include.add(j);
+      }
+    }
+  });
+  const selected = [];
+  let prev = -1;
+  for (const i of [...include].sort((a, b) => a - b)) {
+    if (selected.length > 0 && i > prev + 1) {
+      selected.push("--");
+    }
+    selected.push(lines[i]);
+    prev = i;
+  }
+  return selected;
+}
+function filterLogLines(content, grep, tail, context) {
+  let lines = content.split("\n");
+  if (lines.at(-1) === "") {
+    lines.pop();
+  }
+  if (grep) {
+    lines = context > 0 ? grepWithContext(lines, grep, context) : lines.filter((line) => grep.test(line));
+  }
+  if (tail !== void 0 && lines.length > tail) {
+    lines = lines.slice(-tail);
+  }
+  return lines;
+}
+function parseLogFilters(options) {
+  if (options.logId !== void 0 && options.step !== void 0) {
+    writeError2("Use either --log-id or --step, not both.");
+    return null;
+  }
+  const selectsSingleLog = options.logId !== void 0 || options.step !== void 0;
+  const slices = options.tail !== void 0 || options.grep !== void 0 || options.context !== void 0;
+  if (slices && !selectsSingleLog) {
+    writeError2("--tail, --grep, and --context require --log-id or --step.");
+    return null;
+  }
+  if (options.context !== void 0 && options.grep === void 0) {
+    writeError2("--context requires --grep.");
+    return null;
+  }
+  const tail = parseOptionalCount(options.tail, "--tail");
+  if (tail === null) return null;
+  const contextLines = parseOptionalCount(options.context, "--context");
+  if (contextLines === null) return null;
+  let grep;
+  if (options.grep !== void 0) {
+    try {
+      grep = new RegExp(options.grep);
+    } catch {
+      writeError2(`Invalid --grep "${options.grep}"; expected a valid regular expression.`);
+      return null;
+    }
+  }
+  return { tail, contextLines: contextLines ?? 0, grep };
+}
+function chooseStepLog(logs, step, runId) {
+  const needle = step.toLowerCase();
+  const matches = logs.filter((l) => l.step?.toLowerCase().includes(needle));
+  const exact = matches.filter((l) => l.step?.toLowerCase() === needle);
+  const chosen = exact.length === 1 ? exact : matches;
+  if (chosen.length === 0) {
+    writeError2(`No log matches step "${step}" in run ${runId}.`);
+    return null;
+  }
+  if (chosen.length > 1) {
+    const candidates = chosen.map((l) => `${l.id} (${l.step})`).join(", ");
+    writeError2(`Step "${step}" matches multiple logs: ${candidates}. Be more specific or use --log-id.`);
+    return null;
+  }
+  return chosen[0].id;
+}
+async function resolveRequestedLogId(resolved, runId, options) {
+  if (options.logId !== void 0) {
+    const parsed = parsePositiveId(options.logId);
+    if (parsed === null) {
+      writeError2(`Invalid --log-id "${options.logId}"; expected a positive integer.`);
+      return null;
+    }
+    return parsed;
+  }
+  if (options.step === void 0) {
+    return void 0;
+  }
+  const allLogs = await getRunLogs(resolved.context, resolved.cred, runId);
+  return chooseStepLog(allLogs, options.step, runId);
+}
+function printSingleLog(content, filters) {
+  if (filters.grep !== void 0 || filters.tail !== void 0) {
+    const lines = filterLogLines(content, filters.grep, filters.tail, filters.contextLines);
+    if (lines.length > 0) {
+      process.stdout.write(`${lines.join("\n")}
+`);
+    }
+    return;
+  }
+  process.stdout.write(content.endsWith("\n") ? content : `${content}
+`);
+}
+function createPipelineLogsCommand() {
+  const command = new Command13("logs");
+  command.description("List a pipeline run's logs, or print a specific log with --log-id").argument("<run_id>", "pipeline run id").option("--org <org>", "Azure DevOps organization").option("--project <project>", "Azure DevOps project").option("--log-id <id>", "print the content of this log id").option("--step <name>", "print the log of the step/job matching this name (case-insensitive substring)").option("--tail <n>", "with --log-id/--step, print only the last N lines").option("--grep <pattern>", "with --log-id/--step, print only lines matching this regular expression").option("--context <n>", "with --grep, also print N lines around each match (grep -C)").option("--json", "output JSON").action(async (runIdRaw, options) => {
+    validateOrgProjectPair(options);
+    const runId = parsePositiveId(runIdRaw);
+    if (runId === null) {
+      writeError2(`Invalid run id "${runIdRaw}"; expected a positive integer.`);
+      return;
+    }
+    const filters = parseLogFilters(options);
+    if (filters === null) {
+      return;
+    }
+    let context;
+    try {
+      const resolved = await resolvePipelineContext(options);
+      context = resolved.context;
+      const logId = await resolveRequestedLogId(resolved, runId, options);
+      if (logId === null) {
+        return;
+      }
+      if (logId !== void 0) {
+        const content = await getRunLog(resolved.context, resolved.cred, runId, logId);
+        printSingleLog(content, filters);
+        return;
+      }
+      const logs = await getRunLogs(resolved.context, resolved.cred, runId);
+      if (options.json) {
+        process.stdout.write(`${JSON.stringify(logs, null, 2)}
+`);
+        return;
+      }
+      if (logs.length === 0) {
+        process.stdout.write(`No logs found for run ${runId}.
+`);
+        return;
+      }
+      const rows = logs.map((l) => [
+        String(l.id),
+        l.createdOn ?? "\u2014",
+        l.lineCount == null ? "" : `${l.lineCount} lines`,
+        l.step ?? ""
+      ]);
+      process.stdout.write(`${formatTable(rows, /* @__PURE__ */ new Set([0]))}
+`);
+    } catch (err) {
+      handlePipelineError(err, context);
+    }
+  });
+  return command;
+}
+function createPipelineTestsCommand() {
+  const command = new Command13("tests");
+  command.description("Show a run's test results: summary plus failing tests by name (no log grepping needed)").argument("<run_id>", "pipeline run id").option("--org <org>", "Azure DevOps organization").option("--project <project>", "Azure DevOps project").option("--failed", "list only the failing tests").option("--json", "output JSON").action(async (runIdRaw, options) => {
+    validateOrgProjectPair(options);
+    const runId = parsePositiveId(runIdRaw);
+    if (runId === null) {
+      writeError2(`Invalid run id "${runIdRaw}"; expected a positive integer.`);
+      return;
+    }
+    let context;
+    try {
+      const resolved = await resolvePipelineContext(options);
+      context = resolved.context;
+      const summary = await getTestSummary(resolved.context, resolved.cred, runId);
+      const failedTests = summary.failed > 0 ? await getFailedTests(resolved.context, resolved.cred, runId) : [];
+      if (options.json) {
+        process.stdout.write(`${JSON.stringify({ ...summary, failedTests }, null, 2)}
+`);
+        return;
+      }
+      if (!summary.present) {
+        process.stdout.write(`No test results published for run ${runId}.
+`);
+        return;
+      }
+      if (!options.failed) {
+        process.stdout.write(`Run #${runId}: ${summary.failed} failing of ${summary.total} tests
+`);
+      }
+      if (failedTests.length > 0) {
+        process.stdout.write(`${failedTests.map(failedTestRow).join("\n")}
+`);
+      } else if (options.failed) {
+        process.stdout.write("No failing tests.\n");
+      }
+    } catch (err) {
+      handlePipelineError(err, context);
+    }
+  });
+  return command;
+}
+function parseParameters(values) {
+  const result = {};
+  for (const entry of values ?? []) {
+    const eq = entry.indexOf("=");
+    if (eq <= 0) {
+      return null;
+    }
+    const key = entry.slice(0, eq);
+    const value = entry.slice(eq + 1);
+    result[key] = value;
+  }
+  return result;
+}
+function collectParameter(value, previous) {
+  return previous.concat([value]);
+}
+function createPipelineStartCommand() {
+  const command = new Command13("start");
+  command.description("Queue a new run of a pipeline definition").argument("<def_id>", "pipeline definition id").option("--org <org>", "Azure DevOps organization").option("--project <project>", "Azure DevOps project").option("--branch <branch>", "branch to run against (default: pipeline default branch)").option("--parameter <key=value>", "template parameter (repeatable)", collectParameter, []).option("--json", "output JSON").action(async (defIdRaw, options) => {
+    validateOrgProjectPair(options);
+    const defId = parsePositiveId(defIdRaw);
+    if (defId === null) {
+      writeError2(`Invalid definition id "${defIdRaw}"; expected a positive integer.`);
+      return;
+    }
+    const parameters = parseParameters(options.parameter);
+    if (parameters === null) {
+      writeError2("Invalid --parameter; expected key=value.");
+      return;
+    }
+    let context;
+    try {
+      const resolved = await resolvePipelineContext(options);
+      context = resolved.context;
+      const result = await runPipeline(resolved.context, resolved.cred, defId, {
+        branch: options.branch,
+        parameters
+      });
+      if (options.json) {
+        process.stdout.write(`${JSON.stringify(result, null, 2)}
+`);
+        return;
+      }
+      process.stdout.write(`Queued run #${result.id} [${result.state}]
+${result.webUrl ?? "\u2014"}
+`);
+    } catch (err) {
+      handlePipelineError(err, context);
+    }
+  });
+  return command;
+}
+function createPipelineCommand() {
+  const command = new Command13("pipeline");
+  command.description("Manage Azure DevOps pipelines");
+  command.addCommand(createPipelineListCommand());
+  command.addCommand(createPipelineGetRunsCommand());
+  command.addCommand(createPipelineWaitCommand());
+  command.addCommand(createPipelineGetRunDetailCommand());
+  command.addCommand(createPipelineLogsCommand());
+  command.addCommand(createPipelineTestsCommand());
+  command.addCommand(createPipelineStartCommand());
+  return command;
+}
+
+// src/commands/comments.ts
+import { Command as Command14 } from "commander";
+function writeError3(message) {
+  process.stderr.write(`Error: ${message}
 `);
   process.exit(1);
 }
@@ -3389,7 +4541,7 @@ function formatComments(result, convertMarkdown) {
   return lines.join("\n");
 }
 function createCommentsListCommand() {
-  const command = new Command13("list");
+  const command = new Command14("list");
   command.description("List visible comments for a work item").argument("<id>", "work item ID").option("--org <org>", "Azure DevOps organization").option("--project <project>", "Azure DevOps project").option("--json", "output JSON").option("--markdown", "convert HTML comment bodies to markdown").action(async (idStr, options) => {
     validateOrgProjectPair(options);
     const id = parseWorkItemId(idStr);
@@ -3417,12 +4569,12 @@ function createCommentsListCommand() {
   return command;
 }
 function createCommentsAddCommand() {
-  const command = new Command13("add");
+  const command = new Command14("add");
   command.description("Add a comment to a work item").argument("<id>", "work item ID").argument("<text>", "comment text").option("--org <org>", "Azure DevOps organization").option("--project <project>", "Azure DevOps project").option("--json", "output JSON").option("--markdown", "post comment as markdown").action(async (idStr, text, options) => {
     validateOrgProjectPair(options);
     const id = parseWorkItemId(idStr);
     if (text.trim() === "") {
-      writeError2("Comment text must be a non-empty string.");
+      writeError3("Comment text must be a non-empty string.");
     }
     let context;
     try {
@@ -3444,7 +4596,7 @@ function createCommentsAddCommand() {
   return command;
 }
 function createCommentsCommand() {
-  const command = new Command13("comments");
+  const command = new Command14("comments");
   command.description("Manage Azure DevOps work item comments");
   command.addCommand(createCommentsListCommand());
   command.addCommand(createCommentsAddCommand());
@@ -3452,12 +4604,12 @@ function createCommentsCommand() {
 }
 
 // src/commands/download-attachment.ts
-import { Command as Command14 } from "commander";
+import { Command as Command15 } from "commander";
 import { writeFile as writeFile2 } from "fs/promises";
 import { existsSync as existsSync5 } from "fs";
 import { join as join3 } from "path";
 function createDownloadAttachmentCommand() {
-  const command = new Command14("download-attachment");
+  const command = new Command15("download-attachment");
   command.description("Download an attachment from an Azure DevOps work item").argument("<id>", "work item ID").argument("<filename>", "name of the attachment to download").option("--org <org>", "Azure DevOps organization").option("--project <project>", "Azure DevOps project").option("--output <dir>", "target directory for the downloaded file").action(
     async (idStr, filename, options) => {
       const id = parseWorkItemId(idStr);
@@ -3499,18 +4651,18 @@ function createDownloadAttachmentCommand() {
 }
 
 // src/services/update-check.ts
-import fs from "fs";
-import path from "path";
+import fs2 from "fs";
+import path2 from "path";
 import os from "os";
 var THROTTLE_MS = 10 * 60 * 1e3;
 var FETCH_TIMEOUT_MS = 1500;
 var REGISTRY_URL = "https://registry.npmjs.org/azdo-cli/latest";
 function getCachePath() {
-  return path.join(os.homedir(), ".azdo", "update-check.json");
+  return path2.join(os.homedir(), ".azdo", "update-check.json");
 }
 function defaultReadCache() {
   try {
-    return fs.readFileSync(getCachePath(), "utf-8");
+    return fs2.readFileSync(getCachePath(), "utf-8");
   } catch {
     return null;
   }
@@ -3518,8 +4670,8 @@ function defaultReadCache() {
 function defaultWriteCache(data) {
   try {
     const cachePath = getCachePath();
-    fs.mkdirSync(path.dirname(cachePath), { recursive: true });
-    fs.writeFileSync(cachePath, data);
+    fs2.mkdirSync(path2.dirname(cachePath), { recursive: true });
+    fs2.writeFileSync(cachePath, data);
   } catch {
   }
 }
@@ -3603,7 +4755,15 @@ async function getUpdateNotice(opts) {
 }
 
 // src/index.ts
-var program = new Command15();
+function exitOnEpipe(err) {
+  if (err.code === "EPIPE") {
+    process.exit(0);
+  }
+  throw err;
+}
+process.stdout.on("error", exitOnEpipe);
+process.stderr.on("error", exitOnEpipe);
+var program = new Command16();
 program.name("azdo").description("Azure DevOps CLI tool").version(version, "-v, --version");
 program.option("--no-update-check", "Skip the check for a newer published version");
 program.addCommand(createGetItemCommand());
@@ -3618,6 +4778,7 @@ program.addCommand(createSetMdFieldCommand());
 program.addCommand(createUpsertCommand());
 program.addCommand(createListFieldsCommand());
 program.addCommand(createPrCommand());
+program.addCommand(createPipelineCommand());
 program.addCommand(createCommentsCommand());
 program.addCommand(createDownloadAttachmentCommand());
 program.showHelpAfterError();