doordash-cli 0.2.0 → 0.3.1

package/CHANGELOG.md

@@ -9,6 +9,22 @@ All notable changes to `doordash-cli` will be documented in this file.
 
 See [docs/releasing.md](docs/releasing.md) for the maintainer release flow.
 
+## [0.3.1](https://github.com/LatencyTDH/doordash-cli/compare/v0.3.0...v0.3.1) (2026-03-11)
+
+### Bug Fixes
+
+* keep managed browser session imports quiet ([#28](https://github.com/LatencyTDH/doordash-cli/issues/28)) ([dc25e04](https://github.com/LatencyTDH/doordash-cli/commit/dc25e0444ca63c7af1c2feaa2f32ede54b1c1f98))
+
+## [0.3.0](https://github.com/LatencyTDH/doordash-cli/compare/v0.2.0...v0.3.0) (2026-03-11)
+
+### Features
+
+* rename auth commands to login/logout ([#27](https://github.com/LatencyTDH/doordash-cli/issues/27)) ([f5bf85c](https://github.com/LatencyTDH/doordash-cli/commit/f5bf85c556d23e7cefc95f346777d33fb1021bcc))
+
+### Bug Fixes
+
+* preserve existing-order docs in release-flow cleanup ([#25](https://github.com/LatencyTDH/doordash-cli/issues/25)) ([4789089](https://github.com/LatencyTDH/doordash-cli/commit/4789089dd831b42cd037707e82a0f102988fd830))
+
 ## 0.2.0 (2026-03-11)
 
 ### Features

package/README.md

@@ -46,7 +46,7 @@ npm run cli -- --help
 
 ### Browser prerequisite
 
-If you plan to use `auth-bootstrap`, install Playwright's Chromium build once:
+If you plan to sign in with `login`, install Playwright's Chromium build once:
 
 ```bash
 doordash-cli install-browser
@@ -57,7 +57,7 @@ npm run install:browser
 ## First run
 
 ```bash
-doordash-cli auth-bootstrap
+doordash-cli login
 doordash-cli auth-check
 doordash-cli set-address --address "350 5th Ave, New York, NY 10118"
 doordash-cli search --query sushi
@@ -65,7 +65,7 @@ doordash-cli search --query sushi
 
 If you are running from a checkout without `npm link`, replace `doordash-cli` with `npm run cli --`.
 
-If you already have a compatible signed-in DoorDash browser session available, `auth-check` may reuse it instead of asking you to sign in again.
+If you already have a compatible signed-in DoorDash managed-browser session available, `auth-check` may quietly reuse it instead of asking you to sign in again. Routine direct commands stay quiet; use `login` when you want explicit browser interaction.
 
 ## Command surface
 
@@ -73,8 +73,8 @@ If you already have a compatible signed-in DoorDash browser session available, `
 
 - `install-browser`
 - `auth-check`
-- `auth-bootstrap`
-- `auth-clear`
+- `login`
+- `logout`
 
 ### Discovery
 

package/dist/cli.js

@@ -24,8 +24,8 @@ export function usage() {
         "Safe commands:",
         "  install-browser",
         "  auth-check",
-        "  auth-bootstrap",
-        "  auth-clear",
+        "  login",
+        "  logout",
         '  set-address --address "350 5th Ave, New York, NY 10118"',
         "  search --query sushi [--cuisine japanese]",
         "  menu --restaurant-id 123456",
@@ -43,7 +43,8 @@ export function usage() {
         "  - install-browser downloads the matching Playwright Chromium build used by this package.",
         "  - Manual pages ship with the project: man dd-cli or man doordash-cli.",
         "  - Direct GraphQL/HTTP is the default path for auth-check, set-address, search, menu, item, orders, order, cart, add-to-cart, and update-cart.",
-        "  - auth-check can reuse an already-signed-in compatible DoorDash browser session when one is available.",
+        "  - login launches Chromium for a one-time manual sign-in flow and saves reusable state for later direct API calls.",
+        "  - auth-check can quietly reuse an already-signed-in compatible managed-browser DoorDash session when one is available; use login for explicit browser interaction.",
         "  - set-address now uses DoorDash autocomplete/get-or-create plus addConsumerAddressV2 for brand-new address enrollment when needed.",
         "  - configurable items require explicit --options-json selections.",
         '  - standalone recommended add-ons that open a nested cursor step are supported via children, e.g. [{"groupId":"recommended_option_546935995","optionId":"546936011","children":[{"groupId":"780057412","optionId":"4702669757"}]}].',
@@ -58,9 +59,9 @@ export function usage() {
         "  dd-cli search --query sushi",
         "  dd-cli orders --active-only",
         "  doordash-cli order --order-id 3f4c6d0e-1234-5678-90ab-cdef12345678",
-        "  doordash-cli auth-check",
+        "  doordash-cli login",
         "",
-        "Allowed commands: install-browser, auth-check, auth-bootstrap, auth-clear, set-address, search, menu, item, orders, order, add-to-cart, update-cart, cart",
+        "Allowed commands: install-browser, auth-check, login, logout, set-address, search, menu, item, orders, order, add-to-cart, update-cart, cart",
     ].join("\n");
 }
 export function normalizeOptionToken(token) {

package/dist/cli.test.js

@@ -33,8 +33,8 @@ test("safe command allowlist stays cart-safe while adding install helpers", () =
     assert.deepEqual(SAFE_COMMANDS, [
         "install-browser",
         "auth-check",
-        "auth-bootstrap",
-        "auth-clear",
+        "login",
+        "logout",
         "set-address",
         "search",
         "menu",
@@ -46,11 +46,13 @@ test("safe command allowlist stays cart-safe while adding install helpers", () =
         "cart",
     ]);
 });
-test("dangerous and unsupported legacy commands are rejected", () => {
+test("dangerous and renamed legacy commands are rejected with guidance", () => {
     assert.throws(() => assertSafeCommand("checkout"), /Blocked command: checkout/);
     assert.throws(() => assertSafeCommand("place-order"), /Blocked command: place-order/);
     assert.throws(() => assertSafeCommand("track-order"), /Use `orders` or `order --order-id/);
     assert.throws(() => assertSafeCommand("payment"), /Blocked command: payment/);
+    assert.throws(() => assertSafeCommand("auth-bootstrap"), /renamed it to login/);
+    assert.throws(() => assertSafeCommand("auth-clear"), /renamed it to logout/);
 });
 test("unsupported flags are rejected before network work runs", () => {
     assert.throws(() => assertAllowedFlags("cart", { payment: "visa" }), /Unsupported flag\(s\) for cart/);
@@ -102,7 +104,8 @@ test("help output shows the direct read-only/cart-safe command surface", () => {
     assert.match(result.stdout, /dd-cli <command>/);
     assert.match(result.stdout, /doordash-cli <command>/);
     assert.match(result.stdout, /install-browser/);
-    assert.match(result.stdout, /auth-bootstrap/);
+    assert.match(result.stdout, /login/);
+    assert.match(result.stdout, /logout/);
     assert.match(result.stdout, /set-address --address/);
     assert.match(result.stdout, /orders \[--limit 20\] \[--active-only\]/);
     assert.match(result.stdout, /order --order-id/);
@@ -110,12 +113,17 @@ test("help output shows the direct read-only/cart-safe command surface", () => {
     assert.match(result.stdout, /--version, -v/);
     assert.match(result.stdout, /man dd-cli/);
     assert.match(result.stdout, /Out-of-scope commands remain intentionally unsupported/);
+    assert.doesNotMatch(result.stdout, /auth-bootstrap/);
+    assert.doesNotMatch(result.stdout, /auth-clear/);
     assert.doesNotMatch(result.stdout, /Dd-cli/);
 });
 test("repository ships man pages for the supported lowercase command names", () => {
     const ddManPath = join(distDir, "..", "man", "dd-cli.1");
     const aliasManPath = join(distDir, "..", "man", "doordash-cli.1");
     assert.match(readFileSync(ddManPath, "utf8"), /install-browser/);
+    assert.match(readFileSync(ddManPath, "utf8"), /\.B login/);
+    assert.doesNotMatch(readFileSync(ddManPath, "utf8"), /auth-bootstrap/);
+    assert.doesNotMatch(readFileSync(ddManPath, "utf8"), /auth-clear/);
     assert.doesNotMatch(readFileSync(ddManPath, "utf8"), /Dd-cli/);
     assert.equal(readFileSync(aliasManPath, "utf8").trim(), ".so man1/dd-cli.1");
 });
@@ -141,6 +149,16 @@ test("version flag prints the package version", () => {
     assert.equal(result.status, 0);
     assert.equal(result.stdout.trim(), version());
 });
+test("legacy auth command invocations point users to login/logout", () => {
+    const loginRename = runCli(["auth-bootstrap"]);
+    assert.equal(loginRename.status, 1);
+    assert.match(loginRename.stderr, /Unsupported command: auth-bootstrap/);
+    assert.match(loginRename.stderr, /renamed it to login/);
+    const logoutRename = runCli(["auth-clear"]);
+    assert.equal(logoutRename.status, 1);
+    assert.match(logoutRename.stderr, /Unsupported command: auth-clear/);
+    assert.match(logoutRename.stderr, /renamed it to logout/);
+});
 test("blocked commands fail immediately", () => {
     const result = runCli(["checkout"]);
     assert.equal(result.status, 1);

package/dist/direct-api.d.ts

@@ -1,3 +1,4 @@
+import { type Cookie } from "playwright";
 export type AuthResult = {
     success: true;
     isLoggedIn: boolean;
@@ -521,6 +522,12 @@ export declare function resolveAvailableAddressMatch(input: {
     printableAddress: string | null;
     source: SetAddressResult["matchedAddressSource"];
 } | null;
+export declare function isDoorDashUrl(value: string): boolean;
+export declare function hasDoorDashCookies(cookies: ReadonlyArray<Pick<Cookie, "domain">>): boolean;
+export declare function selectManagedBrowserImportMode(input: {
+    pageUrls: readonly string[];
+    cookies: ReadonlyArray<Pick<Cookie, "domain">>;
+}): "page" | "cookies" | "skip";
 export declare function parseSearchRestaurants(body: unknown[]): SearchRestaurantResult[];
 export declare function parseSearchRestaurantRow(entry: unknown): SearchRestaurantResult | null;
 export declare function parseExistingOrderLifecycleStatus(orderRoot: unknown): ExistingOrderLifecycleStatus;

package/dist/direct-api.js

@@ -808,6 +808,9 @@ class DoorDashDirectSession {
             return;
         }
         this.attemptedManagedImport = true;
+        if (await hasPersistedSessionArtifacts()) {
+            return;
+        }
         await importManagedBrowserSessionIfAvailable().catch(() => { });
     }
 }
@@ -1535,39 +1538,69 @@ function normalizeAddressText(value) {
         .replace(/[.,]/g, "")
         .replace(/\s+/g, " ");
 }
+export function isDoorDashUrl(value) {
+    try {
+        const url = new URL(value);
+        return url.hostname === "doordash.com" || url.hostname.endsWith(".doordash.com");
+    }
+    catch {
+        return false;
+    }
+}
+export function hasDoorDashCookies(cookies) {
+    return cookies.some((cookie) => {
+        const domain = cookie.domain.trim().replace(/^\./, "").toLowerCase();
+        return domain === "doordash.com" || domain.endsWith(".doordash.com");
+    });
+}
+export function selectManagedBrowserImportMode(input) {
+    if (input.pageUrls.some((url) => isDoorDashUrl(url))) {
+        return "page";
+    }
+    if (hasDoorDashCookies(input.cookies)) {
+        return "cookies";
+    }
+    return "skip";
+}
 async function importManagedBrowserSessionIfAvailable() {
     for (const cdpUrl of await getManagedBrowserCdpCandidates()) {
         if (!(await isCdpEndpointReachable(cdpUrl))) {
             continue;
         }
         let browser = null;
-        let tempPage = null;
         try {
             browser = await chromium.connectOverCDP(cdpUrl);
             const context = browser.contexts()[0];
             if (!context) {
                 continue;
             }
-            let page = context.pages().find((candidate) => candidate.url().includes("doordash.com")) ?? null;
-            if (!page) {
-                tempPage = await context.newPage();
-                page = tempPage;
-                await page.goto(`${BASE_URL}/home`, { waitUntil: "domcontentloaded", timeout: 90_000 }).catch(() => { });
-                await page.waitForTimeout(1_000);
-            }
-            const consumerData = await fetchConsumerViaPage(page);
-            const consumer = consumerData.consumer ?? null;
-            if (!consumer || consumer.isGuest !== false) {
+            const cookies = await context.cookies();
+            const pages = context.pages();
+            const reusablePage = pages.find((candidate) => isDoorDashUrl(candidate.url())) ?? null;
+            const importMode = selectManagedBrowserImportMode({
+                pageUrls: reusablePage ? [reusablePage.url()] : [],
+                cookies,
+            });
+            if (importMode === "skip") {
                 continue;
             }
-            await saveContextState(context);
-            return true;
+            if (reusablePage) {
+                const consumerData = await fetchConsumerViaPage(reusablePage).catch(() => null);
+                const consumer = consumerData?.consumer ?? null;
+                if (consumer?.isGuest === false) {
+                    await saveContextState(context, cookies);
+                    return true;
+                }
+            }
+            if (hasDoorDashCookies(cookies)) {
+                await saveContextState(context, cookies);
+                return true;
+            }
         }
         catch {
             continue;
         }
         finally {
-            await tempPage?.close().catch(() => { });
             await browser?.close().catch(() => { });
         }
     }
@@ -1588,12 +1621,12 @@ async function fetchConsumerViaPage(page) {
     });
     return parseGraphQlResponse("managedBrowserConsumerImport", raw.status, raw.text);
 }
-async function saveContextState(context) {
+async function saveContextState(context, cookies = null) {
     const storageStatePath = getStorageStatePath();
     await ensureConfigDir();
     await context.storageState({ path: storageStatePath });
-    const cookies = await context.cookies();
-    await writeFile(getCookiesPath(), JSON.stringify(cookies, null, 2));
+    const resolvedCookies = cookies ?? (await context.cookies());
+    await writeFile(getCookiesPath(), JSON.stringify(resolvedCookies, null, 2));
 }
 async function getManagedBrowserCdpCandidates() {
     const candidates = new Set();
@@ -2282,6 +2315,12 @@ async function hasStorageState() {
         return false;
     }
 }
+async function hasPersistedSessionArtifacts() {
+    if (await hasStorageState()) {
+        return true;
+    }
+    return (await readStoredCookies()).length > 0;
+}
 async function readStoredCookies() {
     try {
         const raw = await readFile(getCookiesPath(), "utf8");

package/dist/direct-api.test.js

@@ -1,6 +1,6 @@
 import test from "node:test";
 import assert from "node:assert/strict";
-import { buildAddConsumerAddressPayload, buildAddToCartPayload, buildUpdateCartPayload, extractExistingOrdersFromApolloCache, normalizeItemName, parseExistingOrderLifecycleStatus, parseExistingOrdersResponse, parseOptionSelectionsJson, parseSearchRestaurantRow, resolveAvailableAddressMatch, } from "./direct-api.js";
+import { buildAddConsumerAddressPayload, buildAddToCartPayload, buildUpdateCartPayload, extractExistingOrdersFromApolloCache, hasDoorDashCookies, normalizeItemName, parseExistingOrderLifecycleStatus, parseExistingOrdersResponse, parseOptionSelectionsJson, parseSearchRestaurantRow, resolveAvailableAddressMatch, selectManagedBrowserImportMode, } from "./direct-api.js";
 function configurableItemDetail() {
     return {
         success: true,
@@ -144,6 +144,25 @@ test("parseSearchRestaurantRow extracts restaurant metadata from facet rows", ()
         url: "https://www.doordash.com/store/24633898/?pickup=false",
     });
 });
+test("managed browser import falls back to cookie reuse without opening a DoorDash page", () => {
+    const cookies = [{ domain: ".doordash.com" }];
+    assert.equal(hasDoorDashCookies(cookies), true);
+    assert.equal(selectManagedBrowserImportMode({ pageUrls: [], cookies }), "cookies");
+});
+test("managed browser import prefers an existing DoorDash page when one is already open", () => {
+    const cookies = [{ domain: ".doordash.com" }];
+    assert.equal(selectManagedBrowserImportMode({
+        pageUrls: ["https://github.com/LatencyTDH/doordash-cli/pulls", "https://www.doordash.com/home"],
+        cookies,
+    }), "page");
+});
+test("managed browser import skips unrelated browser contexts", () => {
+    assert.equal(hasDoorDashCookies([{ domain: ".github.com" }]), false);
+    assert.equal(selectManagedBrowserImportMode({
+        pageUrls: ["https://github.com/LatencyTDH/doordash-cli"],
+        cookies: [{ domain: ".github.com" }],
+    }), "skip");
+});
 test("parseOptionSelectionsJson parses structured recursive option selections", () => {
     assert.deepEqual(parseOptionSelectionsJson('[{"groupId":"703393388","optionId":"4716032529"},{"groupId":"recommended_option_546935995","optionId":"546936011","children":[{"groupId":"780057412","optionId":"4702669757","quantity":2}]}]'), [
         { groupId: "703393388", optionId: "4716032529" },

package/dist/lib.d.ts

@@ -1,5 +1,5 @@
 import { type AddToCartResult, type AuthBootstrapResult, type AuthResult, type CartResult, type ItemResult, type MenuResult, type OrderResult, type OrdersResult, type SearchResult, type SetAddressResult, type UpdateCartResult } from "./direct-api.js";
-export declare const SAFE_COMMANDS: readonly ["install-browser", "auth-check", "auth-bootstrap", "auth-clear", "set-address", "search", "menu", "item", "orders", "order", "add-to-cart", "update-cart", "cart"];
+export declare const SAFE_COMMANDS: readonly ["install-browser", "auth-check", "login", "logout", "set-address", "search", "menu", "item", "orders", "order", "add-to-cart", "update-cart", "cart"];
 export declare const BLOCKED_COMMANDS: readonly ["checkout", "place-order", "track-order", "payment", "pay", "tip", "submit-order"];
 export type SafeCommand = (typeof SAFE_COMMANDS)[number];
 export type CommandFlags = Record<string, string>;

package/dist/lib.js

@@ -8,8 +8,8 @@ const PLAYWRIGHT_CLI_PATH = join(dirname(require.resolve("playwright/package.jso
 export const SAFE_COMMANDS = [
     "install-browser",
     "auth-check",
-    "auth-bootstrap",
-    "auth-clear",
+    "login",
+    "logout",
     "set-address",
     "search",
     "menu",
@@ -29,11 +29,15 @@ export const BLOCKED_COMMANDS = [
     "tip",
     "submit-order",
 ];
+const LEGACY_COMMAND_RENAMES = {
+    "auth-bootstrap": "login",
+    "auth-clear": "logout",
+};
 const COMMAND_FLAGS = {
     "install-browser": [],
     "auth-check": [],
-    "auth-bootstrap": [],
-    "auth-clear": [],
+    login: [],
+    logout: [],
     "set-address": ["address"],
     search: ["query", "cuisine"],
     menu: ["restaurant-id"],
@@ -58,6 +62,10 @@ export function assertSafeCommand(value) {
         const guidance = value === "track-order" ? " Use `orders` or `order --order-id ...` for read-only existing-order status instead." : "";
         throw new Error(`Blocked command: ${value}. This CLI is read-only for browse, cart, and existing-order inspection only; checkout, order placement, and payment actions stay out of scope.${guidance}`);
     }
+    const renamedTo = LEGACY_COMMAND_RENAMES[value];
+    if (renamedTo) {
+        throw new Error(`Unsupported command: ${value}. This CLI renamed it to ${renamedTo}.`);
+    }
     throw new Error(`Unsupported command: ${value}. Allowed commands: ${SAFE_COMMANDS.join(", ")}`);
 }
 export function assertAllowedFlags(command, args) {
@@ -76,9 +84,9 @@ export async function runCommand(command, args) {
             return installBrowser();
         case "auth-check":
             return checkAuthDirect();
-        case "auth-bootstrap":
+        case "login":
             return bootstrapAuthSession();
-        case "auth-clear":
+        case "logout":
             return clearStoredSession();
         case "set-address": {
             const address = requiredArg(args, "address");

package/docs/examples.md

@@ -1,6 +1,6 @@
 # doordash-cli examples
 
-Use the preferred lowercase command name `dd-cli`. `doordash-cli` is an equivalent alias.
+Use the preferred lowercase command name `doordash-cli`. `dd-cli` is an equivalent shorter alias.
 
 If you are running from a local checkout without linking, prefix commands with:
 
@@ -17,25 +17,25 @@ All commands print JSON.
 Install the matching Chromium build once if you do not already have it:
 
 ```bash
-dd-cli install-browser
+doordash-cli install-browser
 ```
 
 Check whether you already have reusable session state:
 
 ```bash
-dd-cli auth-check
+doordash-cli auth-check
 ```
 
 If needed, launch Chromium for a one-time sign-in and save reusable state:
 
 ```bash
-dd-cli auth-bootstrap
+doordash-cli login
 ```
 
 Reset saved session state when you want a clean start:
 
 ```bash
-dd-cli auth-clear
+doordash-cli logout
 ```
 
 ## Search, menus, and items
@@ -43,21 +43,21 @@ dd-cli auth-clear
 Set the active delivery address before discovery commands:
 
 ```bash
-dd-cli set-address --address "350 5th Ave, New York, NY 10118"
+doordash-cli set-address --address "350 5th Ave, New York, NY 10118"
 ```
 
 Search by query, with or without a cuisine filter:
 
 ```bash
-dd-cli search --query tacos
-dd-cli search --query tacos --cuisine mexican
+doordash-cli search --query tacos
+doordash-cli search --query tacos --cuisine mexican
 ```
 
 Inspect a restaurant menu and a specific item:
 
 ```bash
-dd-cli menu --restaurant-id 1721744
-dd-cli item --restaurant-id 1721744 --item-id 546936015
+doordash-cli menu --restaurant-id 1721744
+doordash-cli item --restaurant-id 1721744 --item-id 546936015
 ```
 
 ## Existing orders
@@ -65,20 +65,20 @@ dd-cli item --restaurant-id 1721744 --item-id 546936015
 List recent existing orders:
 
 ```bash
-dd-cli orders
-dd-cli orders --limit 5
+doordash-cli orders
+doordash-cli orders --limit 5
 ```
 
 Focus on still-active orders only:
 
 ```bash
-dd-cli orders --active-only
+doordash-cli orders --active-only
 ```
 
 Inspect one order in detail. `--order-id` accepts the CLI's returned internal ID, `orderUuid`, or `deliveryUuid`:
 
 ```bash
-dd-cli order --order-id 3f4c6d0e-1234-5678-90ab-cdef12345678
+doordash-cli order --order-id 3f4c6d0e-1234-5678-90ab-cdef12345678
 ```
 
 ## Cart basics
@@ -86,19 +86,19 @@ dd-cli order --order-id 3f4c6d0e-1234-5678-90ab-cdef12345678
 Add by item ID:
 
 ```bash
-dd-cli add-to-cart --restaurant-id 1721744 --item-id 876658890 --quantity 2
+doordash-cli add-to-cart --restaurant-id 1721744 --item-id 876658890 --quantity 2
 ```
 
 Add by visible item name:
 
 ```bash
-dd-cli add-to-cart --restaurant-id 1721744 --item-name "Spicy Tuna Roll"
+doordash-cli add-to-cart --restaurant-id 1721744 --item-name "Spicy Tuna Roll"
 ```
 
 Add with special instructions:
 
 ```bash
-dd-cli add-to-cart \
+doordash-cli add-to-cart \
   --restaurant-id 1721744 \
   --item-name "Fries" \
   --special-instructions "extra crispy"
@@ -107,14 +107,14 @@ dd-cli add-to-cart \
 Update quantity or remove an item:
 
 ```bash
-dd-cli update-cart --cart-item-id 3b231d03-5a72-4636-8d12-c8769d706d45 --quantity 1
-dd-cli update-cart --cart-item-id 3b231d03-5a72-4636-8d12-c8769d706d45 --quantity 0
+doordash-cli update-cart --cart-item-id 3b231d03-5a72-4636-8d12-c8769d706d45 --quantity 1
+doordash-cli update-cart --cart-item-id 3b231d03-5a72-4636-8d12-c8769d706d45 --quantity 0
 ```
 
-Inspect the active cart:
+Inspect the active cart before or after a mutation:
 
 ```bash
-dd-cli cart
+doordash-cli cart
 ```
 
 ## Configurable items
@@ -122,7 +122,7 @@ dd-cli cart
 For items with required option groups, pass `--options-json` with explicit selections:
 
 ```bash
-dd-cli add-to-cart \
+doordash-cli add-to-cart \
   --restaurant-id 1721744 \
   --item-id 546936015 \
   --options-json '[
@@ -134,7 +134,7 @@ dd-cli add-to-cart \
 Supported standalone recommended add-ons can include recursive `children` selections:
 
 ```bash
-dd-cli add-to-cart \
+doordash-cli add-to-cart \
   --restaurant-id 1721744 \
   --item-id 546936015 \
   --options-json '[

package/docs/install.md

@@ -33,7 +33,7 @@ If you stay in checkout mode, replace `doordash-cli` with `npm run cli --` in th
 
 ## Install the browser once
 
-If you plan to use `auth-bootstrap`, install the matching Playwright Chromium build:
+If you plan to sign in with `login`, install the matching Playwright Chromium build:
 
 ### Global or linked install
 
@@ -50,7 +50,7 @@ npm run install:browser
 ## First run
 
 ```bash
-doordash-cli auth-bootstrap
+doordash-cli login
 doordash-cli auth-check
 doordash-cli set-address --address "350 5th Ave, New York, NY 10118"
 doordash-cli search --query sushi
@@ -58,6 +58,6 @@ doordash-cli search --query sushi
 
 ## Session reuse
 
-If you already have a compatible signed-in DoorDash browser session available, direct commands may reuse it instead of opening a fresh browser context.
+If you already have a compatible signed-in DoorDash managed-browser session available, direct commands may quietly reuse it instead of opening or navigating a DoorDash tab.
 
-If not, run `doordash-cli auth-bootstrap` once to save reusable state for later commands.
+If not, run `doordash-cli login` once to save reusable state for later commands.

package/man/dd-cli.1

@@ -1,6 +1,6 @@
-.TH DD-CLI 1 "2026-03-10" "doordash-cli 0.1.0" "User Commands"
+.TH DD-CLI 1 "2026-03-11" "doordash-cli 0.3.0" "User Commands"
 .SH NAME
-dd-cli, doordash-cli \- unofficial cart-safe DoorDash CLI for browsing, read-only order inspection, and cart management
+dd-cli, doordash-cli \- unofficial cart-safe DoorDash CLI for browsing, read-only existing-order inspection, and cart management
 .SH SYNOPSIS
 .B dd-cli
 [\fICOMMAND\fR] [\fIOPTIONS\fR]
@@ -14,18 +14,18 @@ fit well in a terminal: signing in, setting delivery context, searching stores,
 inspecting menus and items, inspecting existing orders, and managing the cart.
 .PP
 The command surface is intentionally small. The CLI does not expose checkout,
-order placement, payment actions, or order mutation/cancellation. Read-only
-existing-order inspection is allowed. If a payload cannot be validated safely
-from known DoorDash consumer-web request shapes, the tool fails closed instead
-of guessing.
+order placement, payment actions, live tracking, or order mutation/cancellation.
+Read-only existing-order inspection is allowed. If a payload cannot be
+validated safely from known DoorDash consumer-web request shapes, the tool
+fails closed instead of guessing.
 .PP
 If invoked with no command, or with
 .BR -h / --help ,
 it prints usage text and exits successfully.
 .PP
 The preferred command name is
-.BR dd-cli .
-.B doordash-cli
+.BR doordash-cli .
+.B dd-cli
 is installed as a lowercase alias.
 .SH COMMANDS
 .TP
@@ -34,14 +34,14 @@ Install the matching Playwright Chromium build used by this package.
 .TP
 .B auth-check
 Verify whether the saved session appears authenticated. This command can also
-import an already-signed-in compatible managed-browser DoorDash session when a
-usable CDP endpoint is available.
+quietly reuse an already-signed-in compatible managed-browser DoorDash session
+when a usable CDP endpoint is available.
 .TP
-.B auth-bootstrap
+.B login
 Launch Chromium for a one-time manual sign-in flow, then save reusable browser
 state for later direct API calls.
 .TP
-.B auth-clear
+.B logout
 Delete stored session material used by this CLI.
 .TP
 .BI "set-address --address " ADDRESS
@@ -155,34 +155,34 @@ man dd-cli
 Install the matching browser build once:
 .PP
 .EX
-dd-cli install-browser
+doordash-cli install-browser
 .EE
 .PP
 Bootstrap a reusable session:
 .PP
 .EX
-dd-cli auth-bootstrap
+doordash-cli login
 .EE
 .PP
 Set an address and search for sushi:
 .PP
 .EX
-dd-cli set-address --address "350 5th Ave, New York, NY 10118"
-dd-cli search --query sushi
+doordash-cli set-address --address "350 5th Ave, New York, NY 10118"
+doordash-cli search --query sushi
 .EE
 .PP
 Inspect existing orders:
 .PP
 .EX
-dd-cli orders
-dd-cli orders --active-only
-dd-cli order --order-id 3f4c6d0e-1234-5678-90ab-cdef12345678
+doordash-cli orders
+doordash-cli orders --active-only
+doordash-cli order --order-id 3f4c6d0e-1234-5678-90ab-cdef12345678
 .EE
 .PP
 Add a configurable item to the cart:
 .PP
 .EX
-dd-cli add-to-cart \
+doordash-cli add-to-cart \
   --restaurant-id 1721744 \
   --item-id 546936015 \
   --options-json '[{"groupId":"703393388","optionId":"4716032529"},{"groupId":"703393389","optionId":"4716042466"}]'
@@ -194,7 +194,7 @@ parsers, or scripts.
 The CLI persists reusable session state under the user's configuration
 directory. The exact file layout is an implementation detail and may evolve over
 time, but the saved state is reused across runs unless cleared with
-.BR auth-clear .
+.BR logout .
 .SH ENVIRONMENT
 .TP
 .B DOORDASH_MANAGED_BROWSER_CDP_URL
@@ -211,10 +211,10 @@ Success, including help and no-argument usage output.
 .B 1
 Validation error, blocked command, unsupported flag, or runtime failure.
 .SH SAFETY
-The CLI is intentionally limited to browsing, read-only existing-order
-inspection, and cart management. Dangerous commands such as checkout,
-place-order, payment actions, and order mutation/cancellation are blocked
-immediately. The legacy
+The CLI is intentionally limited to session, discovery, read-only
+existing-order inspection, and cart management. Dangerous commands such as
+checkout, place-order, payment actions, live tracking, and order
+mutation/cancellation are blocked immediately. The legacy
 .B track-order
 verb remains blocked; use
 .B orders

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "doordash-cli",
-  "version": "0.2.0",
+  "version": "0.3.1",
   "description": "Cart-safe DoorDash CLI with direct API support for browse, read-only existing-order, and cart workflows.",
   "type": "module",
   "main": "dist/lib.js",