curatedmcp 2.0.0

package/dist/auth.js

@@ -0,0 +1,52 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync, chmodSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+export const API_URL = process.env.CURATOR_API_URL || "https://www.curatedmcp.com";
+const CONFIG_DIR = join(homedir(), ".curatedmcp");
+const AUTH_FILE = join(CONFIG_DIR, "auth.json");
+export function loadAuth() {
+    try {
+        return JSON.parse(readFileSync(AUTH_FILE, "utf-8"));
+    }
+    catch {
+        return null;
+    }
+}
+export function getToken() {
+    return process.env.CURATEDMCP_TOKEN || loadAuth()?.token || null;
+}
+export function saveAuth(auth) {
+    if (!existsSync(CONFIG_DIR))
+        mkdirSync(CONFIG_DIR, { recursive: true });
+    writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2), "utf-8");
+    try {
+        chmodSync(AUTH_FILE, 0o600);
+    }
+    catch {
+        // chmod may not be supported (e.g. Windows) — non-fatal.
+    }
+}
+export function clearAuth() {
+    try {
+        writeFileSync(AUTH_FILE, JSON.stringify({ token: "" }), "utf-8");
+    }
+    catch {
+        // ignore
+    }
+}
+/** Validate a token against the control plane. Returns identity + teams or null. */
+export async function whoami(token) {
+    try {
+        const res = await fetch(`${API_URL}/api/auth/cli/whoami`, {
+            headers: { Authorization: `Bearer ${token}` },
+            signal: AbortSignal.timeout(8000),
+        });
+        if (!res.ok)
+            return null;
+        return (await res.json());
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/cli/add.d.ts

@@ -0,0 +1,18 @@
+import { type StackEntry } from "../stack.js";
+export interface AddOptions {
+    /** Pre-supplied env vars (used in non-interactive mode). */
+    env?: Record<string, string>;
+    /** When true, skip prompts. Required env vars must already be in `env` or we error. */
+    nonInteractive: boolean;
+}
+export interface AddResult {
+    entry: StackEntry;
+    summary: string;
+}
+export declare function addToStack(slug: string, opts: AddOptions): Promise<AddResult>;
+/**
+ * Parse `--env KEY=value` flags from CLI argv tail.
+ * Also accepts `--env=KEY=value`.
+ */
+export declare function parseEnvFlags(args: string[]): Record<string, string>;
+//# sourceMappingURL=add.d.ts.map

package/dist/cli/add.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"add.d.ts","sourceRoot":"","sources":["../../src/cli/add.ts"],"names":[],"mappings":"AASA,OAAO,EAAe,KAAK,UAAU,EAAa,MAAM,aAAa,CAAC;AAoBtE,MAAM,WAAW,UAAU;IACzB,4DAA4D;IAC5D,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,uFAAuF;IACvF,cAAc,EAAE,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,UAAU,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,UAAU,CAC9B,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,SAAS,CAAC,CA+CpB;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAsBpE"}

package/dist/cli/add.js

@@ -0,0 +1,114 @@
+/**
+ * `launcher add <slug>` — fetch install config from curatedmcp.com and write to stack.json.
+ *
+ * Two modes:
+ *  1. Interactive (CLI): prompts for required env vars at the terminal
+ *  2. Non-interactive (MCP `add_to_stack` tool): env supplied as an argument
+ */
+import { createInterface } from "node:readline/promises";
+import { stdin as input, stdout as output } from "node:process";
+import { upsertEntry, stackPath } from "../stack.js";
+const API_URL = process.env.CURATOR_API_URL || "https://www.curatedmcp.com";
+export async function addToStack(slug, opts) {
+    const config = await fetchStackConfig(slug);
+    // Resolve required env: pre-supplied → prompt → error
+    const env = { ...(opts.env || {}) };
+    const missing = [];
+    for (const v of config.requiredEnv) {
+        if (env[v.key] === undefined || env[v.key] === "")
+            missing.push(v);
+    }
+    if (missing.length > 0) {
+        if (opts.nonInteractive) {
+            throw new Error(`Missing required env vars for "${slug}": ${missing
+                .map((v) => v.key)
+                .join(", ")}. Re-run with these in the env argument.`);
+        }
+        const filled = await promptForEnv(missing);
+        Object.assign(env, filled);
+    }
+    // Optional env: prefill defaults but don't prompt
+    for (const v of config.optionalEnv) {
+        if (env[v.key] === undefined && v.default !== undefined) {
+            env[v.key] = v.default;
+        }
+    }
+    const entry = {
+        slug: config.slug,
+        name: config.name,
+        command: config.command,
+        args: config.args,
+        env: Object.keys(env).length > 0 ? env : undefined,
+    };
+    upsertEntry(entry);
+    const summary = `Added \`${config.name}\` (${config.slug}) to stack at ${stackPath()}.\n` +
+        `Command: ${config.command} ${config.args.join(" ")}` +
+        (Object.keys(env).length > 0
+            ? `\nEnv: ${Object.keys(env).join(", ")}`
+            : "");
+    return { entry, summary };
+}
+/**
+ * Parse `--env KEY=value` flags from CLI argv tail.
+ * Also accepts `--env=KEY=value`.
+ */
+export function parseEnvFlags(args) {
+    const env = {};
+    for (let i = 0; i < args.length; i++) {
+        const a = args[i];
+        let value;
+        if (a === "--env" || a === "-e") {
+            value = args[++i];
+        }
+        else if (a.startsWith("--env=")) {
+            value = a.slice("--env=".length);
+        }
+        else {
+            continue;
+        }
+        if (!value)
+            continue;
+        const eq = value.indexOf("=");
+        if (eq <= 0) {
+            throw new Error(`Bad --env flag "${value}". Expected KEY=value (e.g. --env GITHUB_TOKEN=ghp_xxx).`);
+        }
+        env[value.slice(0, eq)] = value.slice(eq + 1);
+    }
+    return env;
+}
+async function fetchStackConfig(slug) {
+    const url = `${API_URL}/api/launcher/stack-config?slug=${encodeURIComponent(slug)}`;
+    const res = await fetch(url, {
+        headers: { "User-Agent": "@curatedmcp/launcher/1.0.0" },
+    });
+    if (res.status === 404) {
+        throw new Error(`Server "${slug}" not found in the CuratedMCP catalog. ` +
+            `Browse https://curatedmcp.com/marketplace to find the right slug.`);
+    }
+    if (!res.ok) {
+        throw new Error(`Failed to fetch install config for "${slug}": ${res.status} ${res.statusText}`);
+    }
+    return (await res.json());
+}
+async function promptForEnv(vars) {
+    const rl = createInterface({ input, output });
+    try {
+        const out = {};
+        console.log(`\nThis server needs ${vars.length} environment variable${vars.length === 1 ? "" : "s"}:`);
+        for (const v of vars) {
+            if (v.description)
+                console.log(`  ${v.key} — ${v.description}`);
+            const answer = await rl.question(`  ${v.key}: `);
+            if (!answer.trim()) {
+                throw new Error(`${v.key} is required.`);
+            }
+            out[v.key] = answer.trim();
+        }
+        console.log("");
+        return out;
+    }
+    finally {
+        rl.close();
+    }
+}
+//# sourceMappingURL=add.js.map

package/dist/cli/audit.d.ts

@@ -0,0 +1,2 @@
+export declare function runAuditCommand(args: string[]): Promise<number>;
+//# sourceMappingURL=audit.d.ts.map

package/dist/cli/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/cli/audit.ts"],"names":[],"mappings":"AA2CA,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAiBrE"}

package/dist/cli/audit.js

@@ -0,0 +1,58 @@
+import { runAudit } from "../audit/index.js";
+import { printReport, printJson } from "../audit/report.js";
+import { API_URL, getToken } from "../auth.js";
+async function forwardScan(report, token) {
+    try {
+        const res = await fetch(`${API_URL}/api/auth/cli/scan`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Authorization: `Bearer ${token}`,
+                "User-Agent": "@curatedmcp/cli",
+            },
+            body: JSON.stringify({
+                scannedAt: report.scannedAt,
+                totalServers: report.totalServers,
+                configFiles: report.configFiles,
+                high: report.high.map((s) => ({
+                    name: s.name,
+                    flags: s.flags,
+                    command: s.command ?? null,
+                    sourceFile: s.sourceFile,
+                })),
+                medium: report.medium.map((s) => ({
+                    name: s.name,
+                    flags: s.flags,
+                    command: s.command ?? null,
+                    sourceFile: s.sourceFile,
+                })),
+                unverified: report.unverified.map((s) => ({
+                    name: s.name,
+                    sourceFile: s.sourceFile,
+                })),
+                verified: report.verified.map((s) => ({ name: s.name })),
+            }),
+            signal: AbortSignal.timeout(8000),
+        });
+        return res.ok;
+    }
+    catch {
+        return false;
+    }
+}
+export async function runAuditCommand(args) {
+    const jsonMode = args.includes("--json");
+    const offline = args.includes("--offline");
+    const report = await runAudit({ offline });
+    if (jsonMode) {
+        printJson(report);
+        return report.high.length > 0 ? 1 : 0;
+    }
+    const token = !offline ? getToken() : null;
+    let synced = false;
+    if (token)
+        synced = await forwardScan(report, token);
+    await printReport(report, { synced });
+    return report.high.length > 0 ? 1 : 0;
+}
+//# sourceMappingURL=audit.js.map

package/dist/cli/guard.d.ts

@@ -0,0 +1,2 @@
+export declare function runGuardCommand(args: string[]): Promise<number>;
+//# sourceMappingURL=guard.d.ts.map

package/dist/cli/guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../../src/cli/guard.ts"],"names":[],"mappings":"AAkDA,wBAAsB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAYrE"}

package/dist/cli/guard.js

@@ -0,0 +1,58 @@
+import { runGuard } from "../guard/index.js";
+/**
+ * Parse `guard [options] -- <downstream command...>`.
+ * Everything after `--` (or the first non-flag token) is the downstream MCP server command.
+ */
+function parse(args) {
+    const opts = { command: [] };
+    const sep = args.indexOf("--");
+    const flagArgs = sep === -1 ? args : args.slice(0, sep);
+    let command = sep === -1 ? [] : args.slice(sep + 1);
+    for (let i = 0; i < flagArgs.length; i++) {
+        const a = flagArgs[i];
+        const next = () => flagArgs[++i];
+        switch (a) {
+            case "--dashboard":
+                opts.dashboard = true;
+                break;
+            case "--port":
+                opts.port = parseInt(next(), 10);
+                break;
+            case "--policy":
+                opts.policyPath = next();
+                break;
+            case "--db":
+                opts.dbPath = next();
+                break;
+            case "--registry-key":
+                opts.registryKey = next();
+                break;
+            case "--registry-slug":
+                opts.registrySlug = next();
+                break;
+            case "--registry-url":
+                opts.registryUrl = next();
+                break;
+            default:
+                // No `--` separator used: treat the first bare token (and rest) as the command.
+                if (sep === -1 && !a.startsWith("-")) {
+                    command = flagArgs.slice(i);
+                    i = flagArgs.length;
+                }
+        }
+    }
+    opts.command = command;
+    return opts;
+}
+export async function runGuardCommand(args) {
+    const opts = parse(args);
+    if (opts.command.length === 0) {
+        console.error("Usage: curatedmcp guard [--dashboard] [--port N] -- <mcp server command>\n" +
+            "Example: curatedmcp guard -- npx -y @modelcontextprotocol/server-filesystem /tmp");
+        return 1;
+    }
+    await runGuard(opts);
+    // Proxy + dashboard keep the process alive; resolve only on shutdown.
+    return 0;
+}
+//# sourceMappingURL=guard.js.map

package/dist/cli/init.d.ts

@@ -0,0 +1,2 @@
+export declare function runInit(): number;
+//# sourceMappingURL=init.d.ts.map

package/dist/cli/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../../src/cli/init.ts"],"names":[],"mappings":"AA8CA,wBAAgB,OAAO,IAAI,MAAM,CAGhC"}

package/dist/cli/init.js

@@ -0,0 +1,44 @@
+/**
+ * `launcher init` — print the one-line config snippet to add Launcher to each AI client.
+ *
+ * This is the lowest-friction onboarding: a developer who just installed Launcher
+ * runs `launcher init`, copy-pastes the snippet that matches their tool, and they're done.
+ */
+import { stackPath } from "../stack.js";
+const CONFIG_SNIPPET = JSON.stringify({
+    mcpServers: {
+        curatedmcp: {
+            command: "npx",
+            args: ["-y", "@curatedmcp/launcher"],
+        },
+    },
+}, null, 2);
+const INSTRUCTIONS = `
+@curatedmcp/launcher — The MCP Hub
+Add this entry to your AI client's MCP config:
+
+${CONFIG_SNIPPET}
+
+Config locations:
+  Claude Desktop  ~/Library/Application Support/Claude/claude_desktop_config.json
+                  %APPDATA%\\Claude\\claude_desktop_config.json   (Windows)
+  Cursor          ~/.cursor/mcp.json
+  Windsurf        ~/.codeium/windsurf/mcp_config.json
+  Claude Code     ~/.claude/mcp.json (or .claude/mcp.json in your project)
+
+Then add servers to your stack:
+  launcher add github           # interactive — prompts for GITHUB_TOKEN
+  launcher add postgres         # adds the Postgres server
+  launcher list                 # see your stack
+
+Servers in your stack live at:
+  ${stackPath()}
+
+Restart your AI client after adding/removing servers — their tools will appear
+under the prefix "<slug>__" (e.g. "github__create_issue").
+`.trim();
+export function runInit() {
+    console.log(INSTRUCTIONS);
+    return 0;
+}
+//# sourceMappingURL=init.js.map

package/dist/cli/list.d.ts

@@ -0,0 +1,5 @@
+/**
+ * `launcher list` — print the user's current stack in human-readable form.
+ */
+export declare function listStack(): number;
+//# sourceMappingURL=list.d.ts.map

package/dist/cli/list.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../src/cli/list.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,SAAS,IAAI,MAAM,CAiClC"}

package/dist/cli/list.js

@@ -0,0 +1,33 @@
+import { readStack, stackPath } from "../stack.js";
+/**
+ * `launcher list` — print the user's current stack in human-readable form.
+ */
+export function listStack() {
+    const stack = readStack();
+    if (stack.entries.length === 0) {
+        console.log("Your stack is empty.");
+        console.log(`Add a server with \`launcher add <slug>\`.`);
+        console.log(`Browse https://curatedmcp.com/marketplace to find one.`);
+        return 0;
+    }
+    console.log(`Stack (${stackPath()}):`);
+    console.log("");
+    for (const e of stack.entries) {
+        const flag = e.disabled ? " [disabled]" : "";
+        console.log(`  • ${e.name || e.slug} (${e.slug})${flag}`);
+        console.log(`      ${e.command} ${e.args.join(" ")}`);
+        if (e.env && Object.keys(e.env).length > 0) {
+            console.log(`      env: ${Object.keys(e.env).join(", ")}`);
+        }
+    }
+    console.log("");
+    console.log(`Total: ${stack.entries.length} server(s). Tools appear in your AI client as \`<slug>__<tool>\`.`);
+    // One-line upsell — only when the user has 2+ servers, so it's relevant, not spam.
+    if (stack.entries.length >= 2) {
+        console.log("");
+        console.log(`Tip: get continuous security audits for everything in your stack →`);
+        console.log(`     https://curatedmcp.com/sentinel`);
+    }
+    return 0;
+}
+//# sourceMappingURL=list.js.map

package/dist/cli/login.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Authenticate the agent to a CuratedMCP account using a personal token.
+ * Token can be supplied as an arg (`login <token>`) or pasted interactively.
+ */
+export declare function runLogin(args: string[]): Promise<number>;
+//# sourceMappingURL=login.d.ts.map

package/dist/cli/login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/cli/login.ts"],"names":[],"mappings":"AAaA;;;GAGG;AACH,wBAAsB,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAqC9D"}

package/dist/cli/login.js

@@ -0,0 +1,43 @@
+import { createInterface } from "readline";
+import { API_URL, saveAuth, whoami } from "../auth.js";
+function prompt(question) {
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    return new Promise((resolve) => rl.question(question, (answer) => {
+        rl.close();
+        resolve(answer.trim());
+    }));
+}
+/**
+ * Authenticate the agent to a CuratedMCP account using a personal token.
+ * Token can be supplied as an arg (`login <token>`) or pasted interactively.
+ */
+export async function runLogin(args) {
+    const tokenUrl = `${API_URL}/dashboard/registry`;
+    let token = args.find((a) => !a.startsWith("-"));
+    if (!token) {
+        console.log(`\nGenerate an API key under your team registry (Keys tab):\n  ${tokenUrl}\n`);
+        token = await prompt("Paste your token: ");
+    }
+    if (!token) {
+        console.error("No token provided.");
+        return 1;
+    }
+    const id = await whoami(token);
+    if (!id) {
+        console.error("Token is invalid or expired. Generate a new one at " + tokenUrl);
+        return 1;
+    }
+    saveAuth({
+        token,
+        userId: id.userId,
+        email: id.email ?? undefined,
+        savedAt: new Date().toISOString(),
+    });
+    console.log(`\n✓ Signed in${id.email ? ` as ${id.email}` : ""}.`);
+    if (id.teams.length > 0) {
+        console.log(`  Teams: ${id.teams.map((t) => t.slug).join(", ")}`);
+        console.log(`  Run \`curatedmcp sync\` to pull your team's MCP policy.`);
+    }
+    return 0;
+}
+//# sourceMappingURL=login.js.map

package/dist/cli/remove.d.ts

@@ -0,0 +1,6 @@
+/**
+ * `launcher remove <slug>` — drop a server from the stack.
+ * Returns 0 on success, 1 if the slug wasn't in the stack.
+ */
+export declare function removeFromStack(slug: string): number;
+//# sourceMappingURL=remove.d.ts.map

package/dist/cli/remove.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove.d.ts","sourceRoot":"","sources":["../../src/cli/remove.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAYpD"}

package/dist/cli/remove.js

@@ -0,0 +1,15 @@
+import { removeEntry, stackPath } from "../stack.js";
+/**
+ * `launcher remove <slug>` — drop a server from the stack.
+ * Returns 0 on success, 1 if the slug wasn't in the stack.
+ */
+export function removeFromStack(slug) {
+    const removed = removeEntry(slug);
+    if (!removed) {
+        console.error(`"${slug}" is not in your stack. Run \`launcher list\` to see what is.`);
+        return 1;
+    }
+    console.log(`Removed \`${slug}\` from stack (${stackPath()}). Restart your AI client for the change to take effect.`);
+    return 0;
+}
+//# sourceMappingURL=remove.js.map

package/dist/cli/sync.d.ts

@@ -0,0 +1,2 @@
+export declare function runSync(args: string[]): Promise<number>;
+//# sourceMappingURL=sync.d.ts.map

package/dist/cli/sync.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sync.d.ts","sourceRoot":"","sources":["../../src/cli/sync.ts"],"names":[],"mappings":"AAiEA,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAyD7D"}

package/dist/cli/sync.js

@@ -0,0 +1,104 @@
+import { API_URL, getToken, whoami } from "../auth.js";
+import { upsertEntry } from "../stack.js";
+import { runAudit } from "../audit/index.js";
+async function fetchTeamConfig(slug) {
+    try {
+        const res = await fetch(`${API_URL}/api/teams/${slug}/config`, {
+            headers: { "User-Agent": "@curatedmcp/cli" },
+            signal: AbortSignal.timeout(8000),
+        });
+        if (!res.ok)
+            return null;
+        return (await res.json());
+    }
+    catch {
+        return null;
+    }
+}
+async function pushAudit(token) {
+    try {
+        const report = await runAudit({});
+        const res = await fetch(`${API_URL}/api/auth/cli/scan`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Authorization: `Bearer ${token}`,
+                "User-Agent": "@curatedmcp/cli",
+            },
+            body: JSON.stringify({
+                scannedAt: report.scannedAt,
+                totalServers: report.totalServers,
+                configFiles: report.configFiles,
+                high: report.high.map((s) => ({
+                    name: s.name,
+                    flags: s.flags,
+                    command: s.command ?? null,
+                    sourceFile: s.sourceFile,
+                })),
+                medium: report.medium.map((s) => ({
+                    name: s.name,
+                    flags: s.flags,
+                    command: s.command ?? null,
+                    sourceFile: s.sourceFile,
+                })),
+                unverified: report.unverified.map((s) => ({
+                    name: s.name,
+                    sourceFile: s.sourceFile,
+                })),
+                verified: report.verified.map((s) => ({ name: s.name })),
+            }),
+            signal: AbortSignal.timeout(8000),
+        });
+        return res.ok;
+    }
+    catch {
+        return false;
+    }
+}
+export async function runSync(args) {
+    const token = getToken();
+    if (!token) {
+        console.error("Not signed in. Run `curatedmcp login` first.");
+        return 1;
+    }
+    const id = await whoami(token);
+    if (!id) {
+        console.error("Session expired. Run `curatedmcp login` again.");
+        return 1;
+    }
+    const flagSlug = (() => {
+        const i = args.indexOf("--team");
+        return i >= 0 ? args[i + 1] : undefined;
+    })();
+    const slug = flagSlug ?? id.teams[0]?.slug;
+    if (!slug) {
+        console.error("No team found on your account. Create one at " + `${API_URL}/teams`);
+        return 1;
+    }
+    const config = await fetchTeamConfig(slug);
+    if (!config) {
+        console.error(`Could not fetch config for team "${slug}".`);
+        return 1;
+    }
+    let added = 0;
+    for (const [name, def] of Object.entries(config.mcpServers)) {
+        if (!def.command)
+            continue; // stack requires a spawnable command (skip url/http servers)
+        upsertEntry({
+            slug: name,
+            command: def.command,
+            args: def.args ?? [],
+            env: def.env,
+            note: `team:${slug}`,
+        });
+        added++;
+    }
+    console.log(`\n✓ Synced ${added} server(s) from team "${config._meta?.team ?? slug}" into your stack.`);
+    const pushed = await pushAudit(token);
+    console.log(pushed
+        ? "✓ Local security audit reported to the team."
+        : "ℹ️  Audit not reported (endpoint unavailable or no permission).");
+    console.log("  Restart your AI client to load the synced servers.\n");
+    return 0;
+}
+//# sourceMappingURL=sync.js.map

package/dist/cli.d.ts

@@ -0,0 +1,10 @@
+/**
+ * True if argv contains a CLI subcommand or top-level flag.
+ * False means run as an MCP server (the default mode used by AI clients).
+ *
+ * NOTE: We deliberately exclude `--no-telemetry` here because Telemetry
+ * already handles that flag in MCP server mode.
+ */
+export declare function isCliInvocation(argv: readonly string[]): boolean;
+export declare function runCli(argv: readonly string[]): Promise<number>;
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":"AAyDA;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAoBhE;AAED,wBAAsB,MAAM,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CA2DrE"}