deepline 0.1.0 → 0.1.1

package/dist/repo/sdk/src/cli/commands/auth.ts

@@ -0,0 +1,482 @@
+import { writeFileSync, existsSync, mkdirSync } from 'node:fs';
+import { hostname } from 'node:os';
+import { dirname } from 'node:path';
+import { Command } from 'commander';
+import { hostEnvFilePath, loadCliEnv, autoDetectBaseUrl, parseEnvFile } from '../../config.js';
+import { argsWantJson, openInBrowser } from '../utils.js';
+
+const EXIT_OK = 0;
+const EXIT_AUTH = 1;
+const EXIT_SERVER = 2;
+
+function envFilePath(baseUrl: string): string {
+  return hostEnvFilePath(baseUrl);
+}
+
+function saveEnvValues(values: Record<string, string>, baseUrl: string): void {
+  const filePath = envFilePath(baseUrl);
+  const dir = dirname(filePath);
+  if (!existsSync(dir)) {
+    mkdirSync(dir, { recursive: true });
+  }
+
+  // Merge with existing values
+  const existing = existsSync(filePath) ? parseEnvFile(filePath) : {};
+  const merged = { ...existing, ...values };
+
+  const lines = Object.entries(merged)
+    .filter(([, v]) => v !== '')
+    .map(([k, v]) => `${k}=${v}`);
+  writeFileSync(filePath, lines.join('\n') + '\n', 'utf-8');
+}
+
+async function httpJson(
+  method: string,
+  url: string,
+  apiKey: string | null,
+  body?: unknown,
+): Promise<{ status: number; data: Record<string, unknown> }> {
+  const headers: Record<string, string> = { 'Content-Type': 'application/json' };
+  if (apiKey) headers['Authorization'] = `Bearer ${apiKey}`;
+
+  let response: Response | null = null;
+  let lastError: unknown = null;
+  for (const candidateUrl of buildCandidateUrls(url)) {
+    try {
+      response = await fetch(candidateUrl, {
+        method,
+        headers,
+        body: body !== undefined ? JSON.stringify(body) : undefined,
+      });
+      break;
+    } catch (error) {
+      lastError = error;
+    }
+  }
+
+  if (!response) {
+    throw lastError instanceof Error ? lastError : new Error(String(lastError));
+  }
+
+  let data: Record<string, unknown>;
+  try {
+    data = (await response.json()) as Record<string, unknown>;
+  } catch {
+    data = {};
+  }
+  return { status: response.status, data };
+}
+
+function buildCandidateUrls(url: string): string[] {
+  try {
+    const parsed = new URL(url);
+    const candidates = [url];
+    const configuredInternalOrigin =
+      process.env.DEEPLINE_INTERNAL_APP_URL ||
+      process.env.WORKTREE_INTERNAL_APP_URL ||
+      (process.env.PORT ? `http://127.0.0.1:${process.env.PORT}` : '');
+    if (parsed.hostname === 'localhost') {
+      const loopback = new URL(url);
+      loopback.hostname = '127.0.0.1';
+      candidates.push(loopback.toString());
+    }
+    if (parsed.hostname.endsWith('.localhost') && configuredInternalOrigin) {
+      const internal = new URL(url);
+      const origin = new URL(configuredInternalOrigin);
+      internal.protocol = origin.protocol;
+      internal.hostname = origin.hostname;
+      internal.port = origin.port;
+      candidates.push(internal.toString());
+    }
+    return [...new Set(candidates)];
+  } catch {
+    return [url];
+  }
+}
+
+function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+export async function handleRegister(args: string[]): Promise<number> {
+  const baseUrl = autoDetectBaseUrl().replace(/\/$/, '');
+
+  let orgName = '';
+  let agentName = '';
+  let noWait = false;
+
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === '--org-name' && args[i + 1]) orgName = args[++i]!;
+    else if (args[i] === '--agent-name' && args[i + 1]) agentName = args[++i]!;
+    else if (args[i] === '--no-wait') noWait = true;
+  }
+
+  if (!agentName) {
+    try {
+      agentName = hostname() || 'Deepline CLI (TS)';
+    } catch {
+      agentName = 'Deepline CLI (TS)';
+    }
+  }
+
+  const payload: Record<string, string> = {};
+  if (orgName) payload.org_name = orgName;
+  if (agentName) payload.agent_name = agentName;
+
+  const { status, data } = await httpJson('POST', `${baseUrl}/api/v2/auth/cli/register`, null, payload);
+
+  if (status >= 400) {
+    console.error(`Auth register failed (status ${status}).`);
+    if (data.error) console.error(String(data.error));
+    return EXIT_SERVER;
+  }
+
+  const claimUrl = String(data.claim_url || '');
+  const claimToken = String(data.claim_token || '');
+
+  if (claimToken) {
+    saveEnvValues({
+      DEEPLINE_ORIGIN_URL: baseUrl,
+      DEEPLINE_CLAIM_TOKEN: claimToken,
+    }, baseUrl);
+  }
+
+  if (claimUrl) {
+    console.log('  Opening approval page in your browser.');
+    console.log(`  If it didn't open, cmd+click: ${claimUrl}`);
+    openInBrowser(claimUrl);
+  }
+
+  if (data.cli_message) {
+    console.log(String(data.cli_message));
+  }
+
+  if (noWait) return EXIT_OK;
+
+  if (!claimToken) {
+    console.error('Missing claim token from register response.');
+    return EXIT_SERVER;
+  }
+
+  // Poll for claim approval
+  while (true) {
+    const { status: s, data: statusData } = await httpJson(
+      'POST',
+      `${baseUrl}/api/v2/auth/cli/status`,
+      null,
+      { claim_token: claimToken, reveal: true },
+    );
+
+    if (s === 401 || s === 403) {
+      console.log('Status: unauthorized');
+      return EXIT_AUTH;
+    }
+    if (s >= 500 || s === 0 || s === 400) {
+      await sleep(2000);
+      continue;
+    }
+    if (s >= 400) {
+      console.error(`Auth status error (status ${s}).`);
+      return EXIT_SERVER;
+    }
+
+    const state = String(statusData.status || '').toLowerCase();
+    if (state === 'claimed') {
+      const apiKey = String(statusData.api_key || '');
+      if (apiKey) {
+        saveEnvValues({
+          DEEPLINE_ORIGIN_URL: baseUrl,
+          DEEPLINE_API_KEY: apiKey,
+          DEEPLINE_CLAIM_TOKEN: '',
+        }, baseUrl);
+        console.log('');
+        console.log('DEEPLINE');
+        console.log('All set! Your CLI is connected.');
+        if (statusData.org_name) {
+          console.log(`  Signed in with organization: ${statusData.org_name}`);
+        }
+        return EXIT_OK;
+      }
+    }
+    if (state === 'expired') {
+      console.log('That approval link expired. Please run: deepline auth register');
+      return EXIT_AUTH;
+    }
+    await sleep(2000);
+  }
+}
+
+export async function handleWait(args: string[]): Promise<number> {
+  const baseUrl = autoDetectBaseUrl().replace(/\/$/, '');
+  let timeoutSeconds = 300;
+
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === '--timeout' && args[i + 1]) {
+      const parsed = Number.parseInt(args[++i]!, 10);
+      if (Number.isFinite(parsed) && parsed > 0) {
+        timeoutSeconds = parsed;
+      }
+    }
+  }
+
+  const env = loadCliEnv(baseUrl);
+  if (env.DEEPLINE_API_KEY?.trim()) {
+    console.log('Already connected.');
+    return EXIT_OK;
+  }
+
+  const claimToken = env.DEEPLINE_CLAIM_TOKEN?.trim() || '';
+  if (!claimToken) {
+    console.error('No pending approval. Run: deepline auth register --no-wait');
+    return EXIT_AUTH;
+  }
+
+  const deadline = Date.now() + timeoutSeconds * 1000;
+  while (Date.now() <= deadline) {
+    const { status, data } = await httpJson(
+      'POST',
+      `${baseUrl}/api/v2/auth/cli/status`,
+      null,
+      { claim_token: claimToken, reveal: true },
+    );
+
+    if (status === 401 || status === 403) {
+      console.error('Claim is invalid. Run: deepline auth register');
+      return EXIT_AUTH;
+    }
+    if (status >= 500 || status === 0 || status === 400) {
+      await sleep(2000);
+      continue;
+    }
+    if (status >= 400) {
+      console.error(`Auth status error (status ${status}).`);
+      return EXIT_SERVER;
+    }
+
+    const state = String(data.status || '').toLowerCase();
+    if (state === 'claimed') {
+      const apiKey = String(data.api_key || '');
+      if (apiKey) {
+        saveEnvValues({
+          DEEPLINE_ORIGIN_URL: baseUrl,
+          DEEPLINE_API_KEY: apiKey,
+          DEEPLINE_CLAIM_TOKEN: '',
+        }, baseUrl);
+        console.log('All set! Your CLI is connected.');
+        return EXIT_OK;
+      }
+    }
+    if (state === 'expired') {
+      console.error('That approval link expired. Run: deepline auth register');
+      return EXIT_AUTH;
+    }
+
+    await sleep(2000);
+  }
+
+  console.error('Still pending. Approve the browser link, then run: deepline auth wait');
+  return EXIT_AUTH;
+}
+
+export async function handleStatus(args: string[]): Promise<number> {
+  const baseUrl = autoDetectBaseUrl().replace(/\/$/, '');
+  const reveal = args.includes('--reveal');
+  const jsonOutput = argsWantJson(args);
+  let hostStatusPayload: Record<string, unknown> | null = null;
+
+  // Health check
+  try {
+    const { status: hStatus, data: hData } = await httpJson('GET', `${baseUrl}/api/v2/health`, null);
+    if (hStatus === 200) {
+      hostStatusPayload = {
+        host: baseUrl,
+        hostStatus: hData.status || 'ok',
+        hostVersion: hData.version || '(unknown)',
+      };
+      if (!jsonOutput) {
+        console.log(`Host: ${baseUrl}`);
+        console.log(`Host status: ${hData.status || 'ok'}`);
+        console.log(`Host version: ${hData.version || '(unknown)'}`);
+      }
+    }
+  } catch {
+    hostStatusPayload = {
+      host: baseUrl,
+      hostStatus: 'unreachable',
+      hostVersion: null,
+    };
+    if (!jsonOutput) {
+      console.log(`Host: ${baseUrl} (unreachable)`);
+    }
+  }
+
+  const env = loadCliEnv(baseUrl);
+  const apiKey =
+    process.env.DEEPLINE_API_KEY?.trim() ||
+    env.DEEPLINE_API_KEY ||
+    '';
+
+  if (!apiKey) {
+    if (env.DEEPLINE_CLAIM_TOKEN?.trim()) {
+      if (jsonOutput) {
+        process.stdout.write(`${JSON.stringify({
+          ...(hostStatusPayload ?? { host: baseUrl }),
+          status: 'pending',
+          connected: false,
+          next: 'deepline auth wait',
+        })}\n`);
+        return EXIT_OK;
+      }
+      console.log('Status: pending');
+      console.log('Run: deepline auth wait');
+      return EXIT_OK;
+    }
+    if (jsonOutput) {
+      process.stdout.write(`${JSON.stringify({
+        ...(hostStatusPayload ?? { host: baseUrl }),
+        status: 'not connected',
+        connected: false,
+        next: 'deepline auth register',
+      })}\n`);
+      return EXIT_OK;
+    }
+    console.log('Status: not connected');
+    console.log('Run: deepline auth register');
+    return EXIT_OK;
+  }
+
+  const { status, data } = await httpJson('POST', `${baseUrl}/api/v2/auth/cli/status`, apiKey, {
+    api_key: apiKey,
+    reveal,
+  });
+
+  if (status === 401 || status === 403) {
+    if (jsonOutput) {
+      process.stdout.write(`${JSON.stringify({
+        ...(hostStatusPayload ?? { host: baseUrl }),
+        status: 'unauthorized',
+        connected: false,
+        next: 'deepline auth register',
+      })}\n`);
+      return EXIT_AUTH;
+    }
+    console.log('Status: unauthorized');
+    console.log('Run: deepline auth register');
+    return EXIT_AUTH;
+  }
+  if (status >= 400) {
+    console.error(`Auth status error (status ${status}).`);
+    return EXIT_SERVER;
+  }
+
+  const payload = {
+    ...(hostStatusPayload ?? { host: baseUrl }),
+    status: data.status || '(unknown)',
+    connected: true,
+    rateLimitTier: data.rate_limit_tier || '(unknown)',
+    workspace: {
+      id: data.org_id ?? null,
+      name: data.org_name ?? null,
+      slug: data.org_slug ?? null,
+    },
+    user: {
+      id: data.user_id ?? null,
+    },
+    examples: Array.isArray(data.examples) ? data.examples : [],
+  };
+
+  if (jsonOutput) {
+    process.stdout.write(`${JSON.stringify(payload)}\n`);
+  } else {
+    console.log(`Status: ${payload.status}`);
+    console.log(`Rate limit tier: ${payload.rateLimitTier}`);
+    if (payload.workspace.name) console.log(`Workspace: ${payload.workspace.name}`);
+    if (payload.workspace.slug) console.log(`Workspace slug: ${payload.workspace.slug}`);
+    if (payload.workspace.id != null) console.log(`Org ID: ${payload.workspace.id}`);
+    if (payload.user.id != null) console.log(`User ID: ${payload.user.id}`);
+    if (payload.examples.length > 0) {
+      console.log('Examples:');
+      for (const example of payload.examples.slice(0, 3)) {
+        console.log(`  ${String(example)}`);
+      }
+    }
+  }
+
+  if (reveal) {
+    const apiKeyResp = String(data.api_key || apiKey);
+    if (apiKeyResp) {
+      saveEnvValues({
+        DEEPLINE_ORIGIN_URL: baseUrl,
+        DEEPLINE_API_KEY: apiKeyResp,
+        DEEPLINE_CLAIM_TOKEN: '',
+      }, baseUrl);
+      console.log(`Saved API key to ${envFilePath(baseUrl)}`);
+    }
+  }
+
+  return EXIT_OK;
+}
+
+export function registerAuthCommands(program: Command): void {
+  const auth = program
+    .command('auth')
+    .description('Register this device and show CLI auth status.')
+    .addHelpText(
+      'after',
+      `
+Common commands:
+  deepline auth register
+  deepline auth status
+  deepline auth status --json
+`,
+    );
+
+  auth
+    .command('register')
+    .description('Register this device and open the approval page in your browser.')
+    .option('--org-name <name>', 'Workspace name to prefill')
+    .option('--agent-name <name>', 'Agent name to register')
+    .option('--no-wait', 'Return immediately after opening the approval page')
+    .action(async (options) => {
+      process.exitCode = await handleRegister([
+        ...(options.orgName ? ['--org-name', options.orgName] : []),
+        ...(options.agentName ? ['--agent-name', options.agentName] : []),
+        ...(options.noWait || options.wait === false ? ['--no-wait'] : []),
+      ]);
+    });
+
+  auth
+    .command('wait')
+    .description('Wait for a pending browser approval and save the API key.')
+    .option('--timeout <seconds>', 'Maximum seconds to wait', '300')
+    .action(async (options) => {
+      process.exitCode = await handleWait([
+        ...(options.timeout ? ['--timeout', options.timeout] : []),
+      ]);
+    });
+
+  auth
+    .command('status')
+    .description('Show the current CLI auth and workspace status.')
+    .addHelpText(
+      'after',
+      `
+Notes:
+  Shows the host, server health, connection state, active workspace, and user id.
+  Use --reveal only when you intentionally want the server to return and persist
+  the API key into this host's CLI auth file.
+
+Examples:
+  deepline auth status
+  deepline auth status --json
+`,
+    )
+    .option('--reveal', 'Persist the revealed API key back to the host auth file')
+    .option('--json', 'Emit JSON output. Also automatic when stdout is piped')
+    .action(async (options) => {
+      process.exitCode = await handleStatus([
+        ...(options.reveal ? ['--reveal'] : []),
+        ...(options.json ? ['--json'] : []),
+      ]);
+    });
+}

package/dist/repo/sdk/src/cli/commands/billing.ts

@@ -0,0 +1,188 @@
+import { Command } from 'commander';
+import { getAuthedHttpClient, openInBrowser, printJson, shouldEmitJson, writeCsvRowsFile } from '../utils.js';
+
+type UsageEntry = {
+  operation?: string | null;
+  provider?: string | null;
+  credits?: number | string | null;
+  billing_mode?: string | null;
+  status?: string | null;
+  created_at?: string | null;
+  batch_count?: number | null;
+  request_id?: string | null;
+};
+
+function humanize(value: string | null | undefined): string {
+  return String(value || '')
+    .split('_')
+    .filter(Boolean)
+    .map((token) => token[0]?.toUpperCase() + token.slice(1))
+    .join(' ') || 'Unknown';
+}
+
+function printRecentUsage(entries: UsageEntry[]): void {
+  if (entries.length === 0) {
+    process.stdout.write('Recent activity: none yet\n');
+    return;
+  }
+  process.stdout.write('Recent activity:\n');
+  for (const entry of entries) {
+    const op = `${humanize(entry.provider)} ${humanize(entry.operation)}`.trim();
+    const charge = entry.billing_mode === 'no_bill' ? 'free' : `${entry.credits ?? 0} cr`;
+    const status = entry.status || 'completed';
+    process.stdout.write(`  ${op} | ${charge} | ${status} | ${entry.created_at || 'unknown'}\n`);
+  }
+}
+
+async function handleBalance(options: { json?: boolean }): Promise<void> {
+  const { http } = getAuthedHttpClient();
+  const payload = await http.get<Record<string, unknown>>('/api/v2/billing/balance');
+  if (shouldEmitJson(options.json)) return printJson(payload);
+  const status = String(payload.balance_status || '');
+  if (status === 'no_billing') {
+    process.stdout.write('Balance: 0 credits\n');
+    process.stdout.write("Billing: No billing account or payment method set up for this workspace.\n");
+    return;
+  }
+  process.stdout.write(`Balance: ${payload.balance ?? '(unknown)'} credits\n`);
+}
+
+async function handleUsage(options: { limit?: string; offset?: string; json?: boolean }): Promise<void> {
+  const { http } = getAuthedHttpClient();
+  const params = new URLSearchParams();
+  if (options.limit) params.set('recent_limit', options.limit);
+  if (options.offset) params.set('recent_offset', options.offset);
+  const suffix = params.size > 0 ? `?${params.toString()}` : '';
+  const payload = await http.get<Record<string, unknown>>(`/api/v2/billing/usage${suffix}`);
+  if (shouldEmitJson(options.json)) return printJson(payload);
+  const usage = (payload.usage ?? {}) as Record<string, unknown>;
+  const quota = (payload.quota ?? {}) as Record<string, unknown>;
+  const recent = (payload.recent ?? {}) as Record<string, unknown>;
+  process.stdout.write(`Balance: ${payload.balance ?? '(unknown)'}\n`);
+  process.stdout.write(`Last 30 days spent: ${usage.month_spent_credits ?? '(unknown)'}\n`);
+  process.stdout.write(
+    `Monthly limit: ${quota.enabled ? quota.monthly_credits_limit ?? '(unknown)' : 'off'}\n`,
+  );
+  printRecentUsage(Array.isArray(recent.entries) ? (recent.entries as UsageEntry[]) : []);
+}
+
+async function handleLimit(options: { json?: boolean }): Promise<void> {
+  const { http } = getAuthedHttpClient();
+  const payload = await http.get<Record<string, unknown>>('/api/v2/billing/limit');
+  if (shouldEmitJson(options.json)) return printJson(payload);
+  if (payload.enabled) {
+    process.stdout.write(`Monthly limit: ${payload.monthly_credits_limit ?? '(unknown)'}\n`);
+    process.stdout.write(`Remaining before cap: ${payload.remaining_credits ?? '(unknown)'}\n`);
+    return;
+  }
+  process.stdout.write('Monthly limit: off\n');
+}
+
+async function handleSetLimit(credits: string, options: { json?: boolean }): Promise<void> {
+  const { http } = getAuthedHttpClient();
+  const payload = await http.request('/api/v2/billing/limit', {
+    method: 'PUT',
+    body: { monthly_credits_limit: Number.parseInt(credits, 10) },
+  });
+  if (shouldEmitJson(options.json)) return printJson(payload);
+  process.stdout.write(`Monthly billing limit set to ${credits} credits.\n`);
+}
+
+async function handleLimitOff(options: { json?: boolean }): Promise<void> {
+  const { http } = getAuthedHttpClient();
+  const payload = await http.request('/api/v2/billing/limit', { method: 'DELETE' });
+  if (shouldEmitJson(options.json)) return printJson(payload);
+  process.stdout.write('Monthly billing limit is now off.\n');
+}
+
+async function handleHistory(
+  options: { time: '1d' | '1w' | '1m' | '1y'; json?: boolean },
+): Promise<void> {
+  const { http } = getAuthedHttpClient();
+  const windows: Record<string, number> = { '1d': 86400, '1w': 604800, '1m': 2592000, '1y': 31536000 };
+  const sinceAt = Math.max(0, Math.floor(Date.now() / 1000) - windows[options.time]) * 1000;
+  const payload = await http.get<Record<string, unknown>>(`/api/v2/billing/ledger?since_at=${sinceAt}&limit=5000`);
+  const entries = Array.isArray(payload.entries) ? payload.entries as Array<Record<string, unknown>> : [];
+  const rows = entries.map((entry) => {
+    const metadata = (entry.metadata ?? {}) as Record<string, unknown>;
+    return {
+      created_at: entry.created_at ?? '',
+      delta_credits: entry.delta ?? '',
+      reason: entry.reason ?? '',
+      provider: metadata.provider ?? '',
+      operation: metadata.operation ?? '',
+    };
+  });
+  const outputPath = await writeCsvRowsFile(`billing-history-${options.time}`, rows);
+  if (shouldEmitJson(options.json)) {
+    return printJson({ output_path: outputPath, row_count: rows.length, time_window: options.time });
+  }
+  process.stdout.write(`Billing history written to ${outputPath}\n`);
+  process.stdout.write(`${rows.length} row(s) exported.\n`);
+}
+
+async function handleCheckout(options: {
+  tier?: string;
+  credits?: string;
+  discountCode?: string;
+  noOpen?: boolean;
+  json?: boolean;
+}): Promise<void> {
+  const { http } = getAuthedHttpClient();
+  const payload = await http.post<Record<string, unknown>>('/api/v2/billing/checkout', {
+    ...(options.tier ? { tierId: options.tier } : {}),
+    ...(options.credits ? { credits: Number.parseInt(options.credits, 10) } : {}),
+    ...(options.discountCode ? { discountCode: options.discountCode } : {}),
+  });
+  if (shouldEmitJson(options.json)) return printJson(payload);
+  const url = String(payload.url || payload.checkout_url || '');
+  if (!options.noOpen && url) openInBrowser(url);
+  process.stdout.write(`${url || 'Checkout session created.'}\n`);
+}
+
+async function handleRedeemCode(code: string, options: { noOpen?: boolean; json?: boolean }): Promise<void> {
+  const { http } = getAuthedHttpClient();
+  const payload = await http.post<Record<string, unknown>>('/api/v2/billing/checkout/verify', { code });
+  if (shouldEmitJson(options.json)) return printJson(payload);
+  const url = String(payload.url || '');
+  if (!options.noOpen && url) openInBrowser(url);
+  process.stdout.write(`${url || 'Code redeemed.'}\n`);
+}
+
+export function registerBillingCommands(program: Command): void {
+  const billing = program.command('billing').description('Inspect balance, usage, limits, and checkout flows.');
+
+  billing.command('balance').description('Show current billing balance.').option('--json', 'Emit JSON output').action(handleBalance);
+  billing
+    .command('usage')
+    .description('Show current usage plus recent calls.')
+    .option('--limit <n>', 'Recent-call page size')
+    .option('--offset <n>', 'Recent-call offset')
+    .option('--json', 'Emit JSON output')
+    .action(handleUsage);
+  billing.command('limit').description('Show configured monthly limit state.').option('--json', 'Emit JSON output').action(handleLimit);
+  billing.command('set-limit').description('Set monthly credit cap.').argument('<credits>', 'Monthly credits limit').option('--json', 'Emit JSON output').action(handleSetLimit);
+  billing.command('off').description('Disable monthly credit cap.').option('--json', 'Emit JSON output').action(handleLimitOff);
+  billing
+    .command('history')
+    .description('Export billing ledger history to CSV.')
+    .requiredOption('--time <window>', 'Rolling time window: 1d, 1w, 1m, or 1y')
+    .option('--json', 'Emit JSON output')
+    .action(handleHistory);
+  billing
+    .command('checkout')
+    .description('Create a checkout session and optionally open it in your browser.')
+    .option('--tier <tierId>', 'Named pricing tier')
+    .option('--credits <credits>', 'Custom credit amount')
+    .option('--discount-code <code>', 'Apply a discount code')
+    .option('--no-open', 'Print the checkout URL without opening a browser')
+    .option('--json', 'Emit JSON output')
+    .action(handleCheckout);
+  billing
+    .command('redeem-code')
+    .description('Redeem a billing code.')
+    .requiredOption('--code <code>', 'Code to redeem')
+    .option('--no-open', 'Do not open a browser')
+    .option('--json', 'Emit JSON output')
+    .action(({ code, ...options }) => handleRedeemCode(code, options));
+}