figmanage 1.3.8 → 1.4.1

package/README.md

@@ -1,27 +1,55 @@
 # figmanage
 
-The Figma workspace layer that agents can manage. Seats, teams, permissions, billing, offboarding -- from Claude Code, Cursor, OpenClaw, or the terminal. Runs locally.
+Let agents manage your Figma workspace. Seats, teams, permissions, billing, offboarding, cleanup -- handled in conversation instead of clicking through admin panels.
+
+Every Figma MCP is design-to-code. figmanage is the management layer: 102 tools that let agents operate on the workspace itself. Works with Claude Code, Cursor, OpenClaw, or as a standalone CLI.
 
 [![npm](https://img.shields.io/npm/v/figmanage)](https://www.npmjs.com/package/figmanage)
 [![downloads](https://img.shields.io/npm/dm/figmanage)](https://www.npmjs.com/package/figmanage)
-[![tests](https://img.shields.io/badge/tests-209%20passing-brightgreen)](https://github.com/dannykeane/figmanage)
+[![tests](https://img.shields.io/badge/tests-257%20passing-brightgreen)](https://github.com/dannykeane/figmanage)
 [![license](https://img.shields.io/badge/license-MIT-blue)](LICENSE)
 [![MCP](https://img.shields.io/badge/MCP-marketplace-violet)](https://mcp-marketplace.io/server/io-github-dannykeane-figmanage)
 
-```bash
-npm install -g figmanage
+## examples
+
+### workspace management (admins)
+
+```
+"which paid seats haven't been active in 30 days? how much would we save?"
+
+"offboard sarah@company.com -- show me everything she owns, then transfer it
+ to jake and remove her from the org"
+
+"set up a new hire: invite alex@company.com to Design and Engineering as an editor"
+
+"create a user group called Platform Design and add the three designers"
+
+"run a quarterly design ops report for the org"
+```
+
+### everyday design work (everyone)
+
 ```
+"clean up the Mobile App project -- find stale files and archive dead branches"
+
+"what are the unresolved comments across the Platform project?"
+
+"export all the icons from the Design System file as SVGs"
 
-## MCP
+"move the Q4 files into the Archive project"
+
+"share the Homepage mockup with alex@company.com and set link access to view-only"
+
+"summarize the Brand Guidelines file -- pages, components, styles"
+```
 
-figmanage runs as an MCP server for Claude Code, Cursor, OpenClaw, and other AI assistants. Runs locally via stdio.
+## install
 
 ```bash
 # Claude Code
 claude mcp add figmanage -- npx -y figmanage
 
 # Cursor / OpenClaw / other MCP clients
-# Add to your MCP config:
 {
   "mcpServers": {
     "figmanage": {
@@ -32,97 +60,83 @@ claude mcp add figmanage -- npx -y figmanage
 }
 ```
 
-On first run, figmanage walks you through setup right in the conversation -- extracts your Chrome session cookie, asks you to create a PAT, and stores credentials locally. No env vars, no JSON editing, no separate terminal step.
+On first run, figmanage walks you through setup in the conversation -- extracts your Chrome session cookie, asks you to create a PAT, stores credentials locally. No env vars, no JSON editing.
 
-### what you can ask
+Also works as a CLI:
 
+```bash
+npm install -g figmanage
+figmanage login
 ```
-"which paid seats haven't been active in 30 days? how much would we save?"
 
-"offboard sarah@company.com -- show me everything she owns, then transfer it to jake"
+## how it works
 
-"audit and clean up the Mobile App project -- stale files, permissions, branches"
+Figma's public REST API covers design files but nothing on the management side -- no seats, no teams, no permissions, no billing. figmanage uses both APIs:
 
-"set up a new hire: invite alex@company.com to Design and Engineering as an editor"
-
-"run a quarterly design ops report for the org"
+| API | Auth | What it covers |
+|-----|------|---------------|
+| Internal | Session cookie | Seats, teams, permissions, billing, user groups, org admin, search |
+| Public | Personal Access Token | Files, comments, export, components, versions, webhooks, variables |
 
-"audit permissions on the Platform team -- flag external users or overshared files"
-```
+Both together unlock all 102 tools. Cookie-only or PAT-only works but limits available tools.
 
-### toolset presets
+**Admin auto-detection.** At startup, figmanage checks whether you're an org admin. Admins see all 102 tools. Non-admins see 68 -- everything except org management, seat changes, billing, user groups, and offboarding. No configuration needed.
 
-Use `FIGMA_TOOLSETS` to expose only specific tool groups:
+**Toolset presets.** Use `FIGMA_TOOLSETS` to expose only specific tool groups:
 
-| Preset | Toolsets |
-|--------|----------|
+| Preset | What's included |
+|--------|----------------|
 | `starter` | navigate, reading, comments, export |
 | `admin` | navigate, org, permissions, analytics, teams, libraries |
 | `readonly` | navigate, reading, comments, export, components, versions |
 | `full` | everything (default) |
 
-## usage
+## CLI
 
-Also works as a CLI. Commands use a noun-verb pattern: `figmanage <group> <action>`.
+Commands use a noun-verb pattern: `figmanage <group> <action>`.
 
 ```bash
 figmanage org seat-optimization                    # find inactive paid seats
 figmanage org offboard sarah@co.com                # audit what a user owns
 figmanage org offboard sarah@co.com --execute \
-  --transfer-to jake@co.com                        # execute the offboarding
+  --transfer-to jake@co.com                        # soft offboard
+figmanage org offboard sarah@co.com --execute \
+  --transfer-to jake@co.com --remove-from-org      # hard offboard (permanent)
 figmanage org onboard alex@co.com --teams 123,456 \
   --role editor --seat full --confirm              # set up a new hire
 figmanage org quarterly-report                     # org-wide design ops snapshot
 figmanage org members --search danny               # find org members
-figmanage navigate list-teams                      # list all teams
-figmanage permissions get file abc123              # who has access to a file
 figmanage permissions audit --scope team --id 789  # audit a team's permissions
 figmanage branches cleanup 573408414               # find stale branches
-figmanage files summary abc123                     # pages, components, styles overview
 ```
 
-Run `figmanage <group> --help` for available subcommands. All commands output JSON when piped or when `--json` is passed.
+All commands output JSON when piped or when `--json` is passed. Run `figmanage <group> --help` for subcommands.
 
 ## setup
 
 Log into figma.com in Chrome, then:
 
 ```bash
-figmanage login
-```
-
-Extracts your Chrome session cookie, prompts for a PAT, and stores credentials locally at `~/.config/figmanage/`. One-time setup -- no env vars, no JSON config editing.
-
-```bash
+figmanage login     # extract cookie, create PAT, store credentials
 figmanage whoami    # verify auth
 figmanage logout    # clear credentials
 ```
 
-If you prefer CLI setup or need to reconfigure: `npx figmanage login`.
+Credentials stored at `~/.config/figmanage/` with 0o600 permissions.
 
-Env vars (`FIGMA_PAT`, `FIGMA_AUTH_COOKIE`, etc.) override the config file for backwards compatibility. HTTP transport available via `--mcp --http <port>`.
+Env vars (`FIGMA_PAT`, `FIGMA_AUTH_COOKIE`, etc.) override the config file. HTTP transport available via `--mcp --http <port>`.
 
-## auth
+## tool reference
 
-figmanage uses two Figma API surfaces:
+<details>
+<summary>All 102 tools across 17 groups (click to expand)</summary>
 
-| Client | Auth | Capabilities |
-|--------|------|-------------|
-| Internal API | Session cookie | Workspace management, search, permissions, org admin, seats, billing |
-| Public API | Personal Access Token | Comments, export, file reading, components, versions, webhooks, variables |
-
-Both together give full access to all 85 tools. Cookie-only or PAT-only work but limit available tools.
-
-Auth resolution: env vars > config file > interactive setup (MCP) or `figmanage login` (CLI).
-
-## commands
-
-The tables below list all 85 commands. The Command column shows MCP tool names (snake_case). The CLI equivalent is the noun-verb form: `figmanage <group> <action>` where `<action>` is the kebab-case version of the tool name without the group prefix (e.g. `list_recent_files` becomes `figmanage navigate list-recent-files`).
+The tables below show MCP tool names (snake_case). CLI equivalents use kebab-case: `list_recent_files` becomes `figmanage navigate list-recent-files`.
 
 ### navigate (10)
 
-| Command | Auth | Description |
-|---------|------|-------------|
+| Tool | Auth | Description |
+|------|------|-------------|
 | `check_auth` | either | Validate PAT and cookie authentication |
 | `list_orgs` | cookie | List available Figma workspaces |
 | `switch_org` | cookie | Switch active workspace for this session |
@@ -136,8 +150,8 @@ The tables below list all 85 commands. The Command column shows MCP tool names (
 
 ### files (10)
 
-| Command | Auth | Description |
-|---------|------|-------------|
+| Tool | Auth | Description |
+|------|------|-------------|
 | `create_file` | cookie | Create design, whiteboard, slides, or sites file |
 | `rename_file` | cookie | Rename a file |
 | `move_files` | cookie | Move files between projects (batch) |
@@ -151,8 +165,8 @@ The tables below list all 85 commands. The Command column shows MCP tool names (
 
 ### projects (8)
 
-| Command | Auth | Description |
-|---------|------|-------------|
+| Tool | Auth | Description |
+|------|------|-------------|
 | `create_project` | cookie | Create a project in a team |
 | `rename_project` | cookie | Rename a project |
 | `move_project` | cookie | Move a project to another team |
@@ -164,8 +178,8 @@ The tables below list all 85 commands. The Command column shows MCP tool names (
 
 ### permissions (8)
 
-| Command | Auth | Description |
-|---------|------|-------------|
+| Tool | Auth | Description |
+|------|------|-------------|
 | `get_permissions` | cookie | List who has access with roles |
 | `set_permissions` | cookie | Change a user's access level |
 | `share` | cookie | Invite someone by email |
@@ -175,127 +189,146 @@ The tables below list all 85 commands. The Command column shows MCP tool names (
 | `deny_role_request` | cookie | Decline an access request |
 | `permission_audit` | cookie | Team/project access audit with oversharing flags |
 
+### org (24, admin-only)
+
+| Tool | Auth | Description |
+|------|------|-------------|
+| `list_admins` | cookie | Org admins with permission levels |
+| `list_org_teams` | cookie | All teams with member and project counts |
+| `seat_usage` | cookie | Seat breakdown by type and activity |
+| `list_team_members` | cookie | Team members with roles and activity |
+| `list_org_members` | cookie | All org members with seats and activity |
+| `contract_rates` | cookie | Per-seat pricing |
+| `change_seat` | cookie | Change a user's seat type |
+| `billing_overview` | cookie | Invoice history and billing status |
+| `list_invoices` | cookie | Open and upcoming invoices |
+| `list_payments` | cookie | Paid invoices / payment history |
+| `org_domains` | cookie | Domain config and SSO/SAML |
+| `ai_credit_usage` | cookie | AI credit usage (resolves plan from team) |
+| `export_members` | cookie | Trigger CSV export of all members |
+| `activity_log` | cookie | Org audit log with email filtering and pagination |
+| `create_user_group` | cookie | Create a user group |
+| `delete_user_groups` | cookie | Delete user groups |
+| `add_user_group_members` | cookie | Add members to a user group by email |
+| `remove_user_group_members` | cookie | Remove members from a user group |
+| `remove_org_member` | cookie | Permanently remove a member from the org |
+| `workspace_overview` | cookie | Org snapshot: teams, seats, billing |
+| `seat_optimization` | cookie | Inactive seat detection with cost analysis |
+| `offboard_user` | cookie | Audit + execute user departure (soft or hard) |
+| `onboard_user` | cookie | Batch invite to teams, share files, set seat |
+| `quarterly_design_ops_report` | cookie | Seat utilization, billing, teams, library adoption |
+
+### teams (5, admin-only)
+
+| Tool | Auth | Description |
+|------|------|-------------|
+| `create_team` | cookie | Create a team |
+| `rename_team` | cookie | Rename a team |
+| `delete_team` | cookie | Delete a team |
+| `add_team_member` | cookie | Add a member by email |
+| `remove_team_member` | cookie | Remove a member |
+
+### analytics (2, admin-only)
+
+| Tool | Auth | Description |
+|------|------|-------------|
+| `library_usage` | cookie | Team-level library adoption metrics |
+| `component_usage` | cookie | Per-file component usage |
+
+### comments (9)
+
+| Tool | Auth | Description |
+|------|------|-------------|
+| `list_comments` | pat | Comments with thread structure |
+| `post_comment` | pat | Post a comment |
+| `delete_comment` | pat | Delete a comment |
+| `resolve_comment` | cookie | Resolve or unresolve a comment thread |
+| `edit_comment` | cookie | Edit the text of an existing comment |
+| `list_comment_reactions` | pat | Emoji reactions on a comment |
+| `add_comment_reaction` | pat | Add an emoji reaction |
+| `remove_comment_reaction` | pat | Remove an emoji reaction |
+| `open_comments` | pat | Unresolved comments across a project |
+
 ### versions (2)
 
-| Command | Auth | Description |
-|---------|------|-------------|
+| Tool | Auth | Description |
+|------|------|-------------|
 | `list_versions` | pat | Version history |
 | `create_version` | cookie | Create a named version checkpoint |
 
 ### branches (4)
 
-| Command | Auth | Description |
-|---------|------|-------------|
+| Tool | Auth | Description |
+|------|------|-------------|
 | `list_branches` | either | List branches of a file |
 | `create_branch` | cookie | Create a branch |
 | `delete_branch` | cookie | Archive a branch |
 | `branch_cleanup` | either | Stale branch detection with optional archival |
 
-### comments (5)
+### reading (2)
 
-| Command | Auth | Description |
-|---------|------|-------------|
-| `list_comments` | pat | Comments with thread structure |
-| `post_comment` | pat | Post a comment |
-| `delete_comment` | pat | Delete a comment |
-| `list_comment_reactions` | pat | Emoji reactions on a comment |
-| `open_comments` | pat | Unresolved comments across a project |
+| Tool | Auth | Description |
+|------|------|-------------|
+| `get_file` | pat | Read file as a node tree with depth control |
+| `get_nodes` | pat | Read specific nodes by ID |
 
 ### export (2)
 
-| Command | Auth | Description |
-|---------|------|-------------|
+| Tool | Auth | Description |
+|------|------|-------------|
 | `export_nodes` | pat | Export as PNG, SVG, PDF, or JPG |
 | `get_image_fills` | pat | URLs for all images used as fills |
 
-### reading (2)
-
-| Command | Auth | Description |
-|---------|------|-------------|
-| `get_file` | pat | Read file as a node tree with depth control |
-| `get_nodes` | pat | Read specific nodes by ID |
+### components (7)
 
-### components (4)
-
-| Command | Auth | Description |
-|---------|------|-------------|
+| Tool | Auth | Description |
+|------|------|-------------|
 | `list_file_components` | pat | Components published from a file |
 | `list_file_styles` | pat | Styles in a file |
 | `list_team_components` | pat | Published components across a team |
 | `list_team_styles` | pat | Published styles across a team |
+| `list_dev_resources` | pat | Dev resources (links, annotations) on a file |
+| `create_dev_resource` | pat | Attach a dev resource to a node |
+| `delete_dev_resource` | pat | Remove a dev resource |
 
-### webhooks (4)
+### webhooks (5)
 
-| Command | Auth | Description |
-|---------|------|-------------|
+| Tool | Auth | Description |
+|------|------|-------------|
 | `list_webhooks` | pat | List webhooks for a team |
 | `create_webhook` | pat | Create a webhook subscription |
 | `update_webhook` | pat | Update a webhook |
 | `delete_webhook` | pat | Delete a webhook |
+| `webhook_requests` | pat | Delivery history (last 7 days) |
 
 ### variables (3, Enterprise)
 
-| Command | Auth | Description |
-|---------|------|-------------|
+| Tool | Auth | Description |
+|------|------|-------------|
 | `list_local_variables` | pat | Local variables and collections |
 | `list_published_variables` | pat | Published variables from a library |
 | `update_variables` | pat | Bulk create, update, or delete variables |
 
-### analytics (2)
-
-| Command | Auth | Description |
-|---------|------|-------------|
-| `library_usage` | cookie | Team-level library adoption metrics |
-| `component_usage` | cookie | Per-file component usage |
-
-### org (17)
-
-| Command | Auth | Description |
-|---------|------|-------------|
-| `list_admins` | cookie | Org admins with permission levels |
-| `list_org_teams` | cookie | All teams with member and project counts |
-| `seat_usage` | cookie | Seat breakdown by type and activity |
-| `list_team_members` | cookie | Team members with roles and activity |
-| `list_org_members` | cookie | All org members with seats and activity |
-| `contract_rates` | cookie | Per-seat pricing |
-| `change_seat` | cookie | Change a user's seat type |
-| `billing_overview` | cookie | Invoice history and billing status |
-| `list_invoices` | cookie | Open and upcoming invoices |
-| `org_domains` | cookie | Domain config and SSO/SAML |
-| `ai_credit_usage` | cookie | AI credit usage summary |
-| `export_members` | cookie | Trigger CSV export of all members |
-| `workspace_overview` | cookie | Org snapshot: teams, seats, billing |
-| `seat_optimization` | cookie | Inactive seat detection with cost analysis |
-| `offboard_user` | cookie | Audit + execute user departure |
-| `onboard_user` | cookie | Batch invite to teams, share files, set seat |
-| `quarterly_design_ops_report` | cookie | Seat utilization, billing, teams, library adoption |
-
 ### libraries (1)
 
-| Command | Auth | Description |
-|---------|------|-------------|
+| Tool | Auth | Description |
+|------|------|-------------|
 | `list_org_libraries` | cookie | Design system libraries with sharing info |
 
-### teams (3)
-
-| Command | Auth | Description |
-|---------|------|-------------|
-| `create_team` | cookie | Create a team |
-| `rename_team` | cookie | Rename a team |
-| `delete_team` | cookie | Delete a team |
+</details>
 
 ## security
 
-All parameters that accept Figma IDs are validated against `/^[\w.:-]+$/` before use. Rate limit retries are restricted to safe HTTP methods. Mutations are never retried. Billing responses strip PII. Destructive operations default to dry-run mode. Config file is stored with 0o600 permissions.
+All ID parameters validated against `/^[\w.:-]+$/`. Rate limit retries restricted to safe HTTP methods -- mutations never retried. Billing responses strip PII. Destructive operations default to dry-run mode. Org removal requires explicit double-confirmation. Config file stored with 0o600 permissions.
 
 ## known limitations
 
 - **list_favorites**: Figma BigInt overflow bug on their server. `favorite_file` works fine.
-- **Branch merging**: Requires Figma's multiplayer protocol, no REST endpoint.
+- **Branch merging / version restore**: Require Figma's multiplayer protocol, no REST endpoint.
 - **Cookie expiry**: ~30 days. Run `figmanage login --refresh` to renew.
 - **Windows cookies**: Best-effort DPAPI extraction. Falls back to PAT-only.
 - **Variables**: Enterprise-gated scopes.
-- **get_file**: Returns full document tree. Use `depth` param or `get_nodes`.
+- **User groups**: Write-only (create, delete, add/remove members). No list endpoint -- Figma renders the page server-side.
 
 ## development
 
@@ -307,18 +340,16 @@ npm run build
 npm test
 ```
 
-### architecture
-
-Three-layer design: shared operations power both the CLI and MCP server.
+Three-layer architecture: operations hold all business logic, tools and CLI are thin wrappers.
 
 ```
 src/
   index.ts            Entry: --setup, --mcp, or CLI mode
-  mcp.ts              MCP server setup, toolset presets
+  mcp.ts              MCP server setup, admin detection, toolset presets
   setup.ts            Cross-platform Chrome cookie extraction
   auth/               AuthConfig from env vars and config file
   clients/            Axios clients for internal (cookie) and public (PAT) APIs
-  operations/         Shared business logic (18 modules)
+  operations/         Shared business logic (19 modules)
   tools/              MCP tool wrappers (thin, call operations)
   cli/                CLI Commander wrappers (thin, call operations)
   types/figma.ts      Shared types including Toolset union

package/dist/auth/client.d.ts

@@ -8,6 +8,7 @@ export interface AuthConfig {
     userId?: string;
     orgId?: string;
     orgs?: OrgEntry[];
+    isAdmin?: boolean;
 }
 /**
  * Load auth from environment variables. This is the original path --

package/dist/auth/health.js

@@ -73,7 +73,8 @@ export function formatAuthStatus(status, config) {
         if (config.orgId) {
             const currentOrg = config.orgs?.find(o => o.id === config.orgId);
             const orgLabel = currentOrg ? `${currentOrg.name} (${config.orgId})` : config.orgId;
-            lines.push(`\nWorkspace: ${orgLabel}`);
+            const role = config.isAdmin ? 'admin' : 'member';
+            lines.push(`\nWorkspace: ${orgLabel} (${role})`);
             const others = (config.orgs || []).filter(o => o.id !== config.orgId);
             if (others.length > 0) {
                 lines.push(`Other workspaces: ${others.map(o => `${o.name} (${o.id})`).join(', ')}`);

package/dist/cli/comments.js

@@ -1,8 +1,8 @@
 import { Command } from 'commander';
-import { listComments, formatCommentsAsMarkdown, postComment, deleteComment, listCommentReactions, } from '../operations/comments.js';
+import { listComments, formatCommentsAsMarkdown, postComment, deleteComment, resolveComment, editComment, addCommentReaction, removeCommentReaction, listCommentReactions, } from '../operations/comments.js';
 import { output, error } from './format.js';
 import { formatApiError } from '../helpers.js';
-import { requirePat } from './helpers.js';
+import { requirePat, requireCookie } from './helpers.js';
 export function commentsCommand() {
     const comments = new Command('comments')
         .description('Manage file comments');
@@ -87,6 +87,83 @@ export function commentsCommand() {
             process.exit(1);
         }
     });
+    comments
+        .command('resolve <file-key> <comment-id>')
+        .description('Resolve a comment thread')
+        .option('--unresolve', 'Unresolve instead of resolve')
+        .option('--json', 'Force JSON output')
+        .action(async (fileKey, commentId, options) => {
+        try {
+            const config = requireCookie();
+            const msg = await resolveComment(config, {
+                file_key: fileKey,
+                comment_id: commentId,
+                resolved: !options.unresolve,
+            });
+            output({ message: msg }, options);
+        }
+        catch (e) {
+            error(formatApiError(e));
+            process.exit(1);
+        }
+    });
+    comments
+        .command('edit <file-key> <comment-id> <message>')
+        .description('Edit the text of an existing comment')
+        .option('--json', 'Force JSON output')
+        .action(async (fileKey, commentId, message, options) => {
+        try {
+            const config = requireCookie();
+            const msg = await editComment(config, {
+                file_key: fileKey,
+                comment_id: commentId,
+                message,
+            });
+            output({ message: msg }, options);
+        }
+        catch (e) {
+            error(formatApiError(e));
+            process.exit(1);
+        }
+    });
+    comments
+        .command('react <file-key> <comment-id> <emoji>')
+        .description('Add an emoji reaction to a comment')
+        .option('--json', 'Force JSON output')
+        .action(async (fileKey, commentId, emoji, options) => {
+        try {
+            const config = requirePat();
+            const result = await addCommentReaction(config, {
+                file_key: fileKey,
+                comment_id: commentId,
+                emoji,
+            });
+            output(result, options);
+        }
+        catch (e) {
+            error(formatApiError(e));
+            process.exit(1);
+        }
+    });
+    comments
+        .command('unreact <file-key> <comment-id> <emoji>')
+        .description('Remove an emoji reaction from a comment')
+        .option('--json', 'Force JSON output')
+        .action(async (fileKey, commentId, emoji, options) => {
+        try {
+            const config = requirePat();
+            await removeCommentReaction(config, {
+                file_key: fileKey,
+                comment_id: commentId,
+                emoji,
+            });
+            output({ removed: emoji, comment_id: commentId }, options);
+        }
+        catch (e) {
+            error(formatApiError(e));
+            process.exit(1);
+        }
+    });
     return comments;
 }
 //# sourceMappingURL=comments.js.map

package/dist/cli/components.js

@@ -1,5 +1,6 @@
 import { Command } from 'commander';
 import { listFileComponents, listFileStyles, listTeamComponents, listTeamStyles, } from '../operations/components.js';
+import { listDevResources, createDevResource, deleteDevResource, } from '../operations/dev-resources.js';
 import { output, error } from './format.js';
 import { formatApiError } from '../helpers.js';
 import { requirePat } from './helpers.js';
@@ -94,6 +95,71 @@ export function componentsCommand() {
             process.exit(1);
         }
     });
+    components
+        .command('list-dev-resources <file-key>')
+        .description('List dev resources (links, annotations) on a file')
+        .option('--node-ids <ids>', 'Comma-separated node IDs to filter')
+        .option('--json', 'Force JSON output')
+        .action(async (fileKey, options) => {
+        try {
+            const config = requirePat();
+            const result = await listDevResources(config, {
+                file_key: fileKey,
+                node_ids: options.nodeIds?.split(','),
+            });
+            if (result.length === 0) {
+                console.log('No dev resources found.');
+                return;
+            }
+            output(result, options);
+        }
+        catch (e) {
+            error(formatApiError(e));
+            process.exit(1);
+        }
+    });
+    components
+        .command('create-dev-resource <file-key> <node-id>')
+        .description('Create a dev resource on a node')
+        .requiredOption('--name <name>', 'Resource name/label')
+        .requiredOption('--url <url>', 'Resource URL')
+        .option('--json', 'Force JSON output')
+        .action(async (fileKey, nodeId, options) => {
+        try {
+            const config = requirePat();
+            const result = await createDevResource(config, {
+                file_key: fileKey,
+                node_id: nodeId,
+                name: options.name,
+                url: options.url,
+            });
+            output(result, options);
+        }
+        catch (e) {
+            error(formatApiError(e));
+            process.exit(1);
+        }
+    });
+    components
+        .command('delete-dev-resource <file-key> <dev-resource-id>')
+        .description('Delete a dev resource')
+        .option('--json', 'Force JSON output')
+        .action(async (fileKey, devResourceId, options) => {
+        try {
+            const config = requirePat();
+            const { confirmAction } = await import('./helpers.js');
+            if (!await confirmAction(`Delete dev resource ${devResourceId}?`)) {
+                console.log('Cancelled.');
+                return;
+            }
+            await deleteDevResource(config, { file_key: fileKey, dev_resource_id: devResourceId });
+            output({ deleted: devResourceId }, options);
+        }
+        catch (e) {
+            error(formatApiError(e));
+            process.exit(1);
+        }
+    });
     return components;
 }
 //# sourceMappingURL=components.js.map

package/dist/cli/compound-commands.js

@@ -219,6 +219,7 @@ export function offboardUserCommand() {
         .argument('<user>', 'Email or user_id to offboard')
         .option('--execute', 'Execute the offboarding (default: audit only)')
         .option('--transfer-to <user>', 'Email or user_id to transfer file ownership to')
+        .option('--remove-from-org', 'Permanently remove from org after offboarding (cannot be undone)')
         .option('--json', 'Force JSON output')
         .action(async (user, options) => {
         try {
@@ -227,6 +228,7 @@ export function offboardUserCommand() {
                 user_identifier: user,
                 execute: options.execute === true,
                 transfer_to: options.transferTo,
+                remove_from_org: options.removeFromOrg === true,
             });
             output(result, options);
         }