freestyle-sandboxes 0.1.21 → 0.1.23

package/README.md

@@ -108,6 +108,23 @@ const { repoId } = await freestyle.git.repos.create({
   },
 });
 
+// Create a new branch from the default branch
+const repo = freestyle.git.repos.ref({ repoId });
+const { name, sha } = await repo.branches.create({
+  name: "feature/something",
+});
+
+// Create commits with files (text and binary)
+const { commit } = await repo.commits.create({
+  message: "Add new feature",
+  branch: "feature/something",
+  files: [
+    { path: "README.md", content: "# My Project" },
+    { path: "logo.png", content: base64Image, encoding: "base64" }
+  ],
+  author: { name: "John Doe", email: "john@example.com" }
+});
+
 // Develop code with VMs.
 const { vm } = await freestyle.vms.create({
   gitRepos: [{ repo: repoId, path: "/repo" }],

package/cli.mjs

@@ -6,17 +6,382 @@ import { Freestyle, VmSpec } from './index.mjs';
 import * as fs from 'fs';
 import * as path from 'path';
 import * as dotenv from 'dotenv';
+import * as os from 'os';
 import { spawn } from 'child_process';
 
-function getFreestyleClient() {
+const DEFAULT_STACK_API_URL = "https://api.stack-auth.com";
+const DEFAULT_STACK_APP_URL = "https://dash.freestyle.sh";
+const DEFAULT_STACK_PROJECT_ID = "0edf478c-f123-46fb-818f-34c0024a9f35";
+const DEFAULT_STACK_PUBLISHABLE_CLIENT_KEY = "pck_h2aft7g9pqjzrkdnzs199h1may5wjtdtdxeex7m2wzp1r";
+const CLI_AUTH_TIMEOUT_MILLIS = 10 * 60 * 1e3;
+const POLL_INTERVAL_MILLIS = 2e3;
+const STACK_REFRESH_TOKEN_ENV_KEY = "FREESTYLE_STACK_REFRESH_TOKEN";
+const STACK_SAVE_TO_DOTENV_ENV_KEY = "FREESTYLE_STACK_SAVE_TO_DOTENV";
+function isTruthy(value) {
+  if (!value) {
+    return false;
+  }
+  const normalized = value.trim().toLowerCase();
+  return normalized === "1" || normalized === "true" || normalized === "yes";
+}
+function loadRefreshTokenFromDotenv() {
+  const refreshToken = process.env[STACK_REFRESH_TOKEN_ENV_KEY];
+  if (!refreshToken || typeof refreshToken !== "string") {
+    return null;
+  }
+  const trimmed = refreshToken.trim();
+  return trimmed.length > 0 ? trimmed : null;
+}
+function shouldSaveToDotenv(options) {
+  if (typeof options?.saveToDotenv === "boolean") {
+    return options.saveToDotenv;
+  }
+  return isTruthy(process.env[STACK_SAVE_TO_DOTENV_ENV_KEY]);
+}
+function persistRefreshTokenToDotenv(refreshToken, options) {
+  if (!shouldSaveToDotenv(options)) {
+    return;
+  }
+  const envPath = path.join(process.cwd(), ".env");
+  const line = `${STACK_REFRESH_TOKEN_ENV_KEY}=${refreshToken}`;
+  let existing = "";
+  if (fs.existsSync(envPath)) {
+    existing = fs.readFileSync(envPath, "utf-8");
+  }
+  const pattern = new RegExp(`^${STACK_REFRESH_TOKEN_ENV_KEY}=.*$`, "m");
+  let next;
+  if (pattern.test(existing)) {
+    next = existing.replace(pattern, line);
+  } else if (existing.length === 0) {
+    next = `${line}
+`;
+  } else if (existing.endsWith("\n")) {
+    next = `${existing}${line}
+`;
+  } else {
+    next = `${existing}
+${line}
+`;
+  }
+  fs.writeFileSync(envPath, next, { encoding: "utf-8" });
+}
+function walkUpDirectories(startDir) {
+  const result = [];
+  let current = path.resolve(startDir);
+  while (true) {
+    result.push(current);
+    const parent = path.dirname(current);
+    if (parent === current) {
+      break;
+    }
+    current = parent;
+  }
+  return result;
+}
+function readEnvFileValue(filePath, key) {
+  if (!fs.existsSync(filePath)) {
+    return void 0;
+  }
+  const content = fs.readFileSync(filePath, "utf-8");
+  const pattern = new RegExp(`^${key}=(.*)$`, "m");
+  const match = content.match(pattern);
+  if (!match?.[1]) {
+    return void 0;
+  }
+  return match[1].trim().replace(/^['\"]|['\"]$/g, "");
+}
+function readYamlEnvValue(filePath, envName) {
+  if (!fs.existsSync(filePath)) {
+    return void 0;
+  }
+  const content = fs.readFileSync(filePath, "utf-8");
+  const escapedEnv = envName.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const pattern = new RegExp(
+    `-\\s+name:\\s+${escapedEnv}\\s*[\\r\\n]+\\s*value:\\s*([^\\r\\n#]+)`,
+    "m"
+  );
+  const match = content.match(pattern);
+  if (!match?.[1]) {
+    return void 0;
+  }
+  return match[1].trim().replace(/^['\"]|['\"]$/g, "");
+}
+function discoverStackConfigFromWorkspace() {
+  const discovered = {};
+  const roots = walkUpDirectories(process.cwd());
+  for (const root of roots) {
+    if (!discovered.projectId || !discovered.publishableClientKey) {
+      const dashboardEnv = path.join(root, "freestyle-dashboard", ".env.local");
+      discovered.projectId ||= readEnvFileValue(
+        dashboardEnv,
+        "VITE_STACK_PROJECT_ID"
+      );
+      discovered.publishableClientKey ||= readEnvFileValue(
+        dashboardEnv,
+        "VITE_STACK_PUBLISHABLE_CLIENT_KEY"
+      );
+    }
+    if (!discovered.projectId || !discovered.publishableClientKey) {
+      const adminEnv = path.join(root, "freestyle-sandbox-admin", ".env.local");
+      discovered.projectId ||= readEnvFileValue(
+        adminEnv,
+        "NEXT_PUBLIC_STACK_PROJECT_ID"
+      );
+      discovered.publishableClientKey ||= readEnvFileValue(
+        adminEnv,
+        "NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY"
+      );
+    }
+    if (!discovered.projectId || !discovered.publishableClientKey) {
+      const dashK8s = path.join(root, "k8s", "freestyle-dash.yml");
+      discovered.projectId ||= readYamlEnvValue(
+        dashK8s,
+        "VITE_STACK_PROJECT_ID"
+      );
+      discovered.publishableClientKey ||= readYamlEnvValue(
+        dashK8s,
+        "VITE_STACK_PUBLISHABLE_CLIENT_KEY"
+      );
+    }
+    if (discovered.projectId && discovered.publishableClientKey) {
+      break;
+    }
+  }
+  return discovered;
+}
+function resolveStackConfig() {
+  const discovered = discoverStackConfigFromWorkspace();
+  const projectId = process.env.FREESTYLE_STACK_PROJECT_ID ?? process.env.NEXT_PUBLIC_STACK_PROJECT_ID ?? process.env.VITE_STACK_PROJECT_ID ?? discovered.projectId ?? DEFAULT_STACK_PROJECT_ID;
+  const publishableClientKey = process.env.FREESTYLE_STACK_PUBLISHABLE_CLIENT_KEY ?? process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY ?? process.env.VITE_STACK_PUBLISHABLE_CLIENT_KEY ?? discovered.publishableClientKey ?? DEFAULT_STACK_PUBLISHABLE_CLIENT_KEY;
+  if (!projectId || !publishableClientKey) {
+    return null;
+  }
+  const stackApiUrl = (process.env.FREESTYLE_STACK_API_URL ?? DEFAULT_STACK_API_URL).replace(/\/+$/, "");
+  const appUrl = (process.env.FREESTYLE_STACK_APP_URL ?? DEFAULT_STACK_APP_URL).replace(/\/+$/, "");
+  const authFilePath = process.env.FREESTYLE_STACK_AUTH_FILE ?? path.join(os.homedir(), ".freestyle", "stack-auth.json");
+  return {
+    stackApiUrl,
+    appUrl,
+    projectId,
+    publishableClientKey,
+    authFilePath
+  };
+}
+function clientHeaders(config) {
+  return {
+    "Content-Type": "application/json",
+    "x-stack-project-id": config.projectId,
+    "x-stack-access-type": "client",
+    "x-stack-publishable-client-key": config.publishableClientKey
+  };
+}
+function loadStoredAuth(config) {
+  try {
+    if (!fs.existsSync(config.authFilePath)) {
+      return null;
+    }
+    const auth = JSON.parse(fs.readFileSync(config.authFilePath, "utf-8"));
+    if (!auth.refreshToken || typeof auth.refreshToken !== "string") {
+      return null;
+    }
+    return {
+      refreshToken: auth.refreshToken,
+      updatedAt: typeof auth.updatedAt === "number" ? auth.updatedAt : Date.now()
+    };
+  } catch {
+    return null;
+  }
+}
+function persistAuth(config, refreshToken) {
+  const dirPath = path.dirname(config.authFilePath);
+  fs.mkdirSync(dirPath, { recursive: true });
+  fs.writeFileSync(
+    config.authFilePath,
+    JSON.stringify(
+      {
+        refreshToken,
+        updatedAt: Date.now()
+      },
+      null,
+      2
+    ),
+    { encoding: "utf-8", mode: 384 }
+  );
+}
+function clearStoredAuth(config) {
+  try {
+    if (fs.existsSync(config.authFilePath)) {
+      fs.unlinkSync(config.authFilePath);
+    }
+  } catch {
+  }
+}
+function tryOpenBrowser(url) {
+  try {
+    if (process.platform === "darwin") {
+      const child2 = spawn("open", [url], {
+        stdio: "ignore",
+        detached: true
+      });
+      child2.unref();
+      return true;
+    }
+    if (process.platform === "win32") {
+      const child2 = spawn("cmd", ["/c", "start", "", url], {
+        stdio: "ignore",
+        detached: true
+      });
+      child2.unref();
+      return true;
+    }
+    const child = spawn("xdg-open", [url], {
+      stdio: "ignore",
+      detached: true
+    });
+    child.unref();
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function startCliLogin(config) {
+  const initResponse = await fetch(`${config.stackApiUrl}/api/v1/auth/cli`, {
+    method: "POST",
+    headers: clientHeaders(config),
+    body: JSON.stringify({
+      expires_in_millis: CLI_AUTH_TIMEOUT_MILLIS
+    })
+  });
+  if (!initResponse.ok) {
+    const errorText = await initResponse.text();
+    throw new Error(
+      `Failed to start Stack Auth CLI login (${initResponse.status}). ${errorText || "Check Stack project ID and publishable client key."}`
+    );
+  }
+  const initData = await initResponse.json();
+  if (!initData.polling_code || !initData.login_code) {
+    throw new Error("Stack Auth CLI login did not return polling/login codes.");
+  }
+  const loginUrl = `${config.appUrl}/handler/cli-auth-confirm?login_code=${encodeURIComponent(initData.login_code)}`;
+  console.log("\nStack authentication is required.");
+  console.log(`Open this URL to continue:
+${loginUrl}
+`);
+  const opened = tryOpenBrowser(loginUrl);
+  if (opened) {
+    console.log("Opened your browser for authentication...");
+  } else {
+    console.log("Could not open browser automatically. Open the URL manually.");
+  }
+  const deadline = Date.now() + CLI_AUTH_TIMEOUT_MILLIS;
+  while (Date.now() < deadline) {
+    const pollResponse = await fetch(
+      `${config.stackApiUrl}/api/v1/auth/cli/poll`,
+      {
+        method: "POST",
+        headers: clientHeaders(config),
+        body: JSON.stringify({
+          polling_code: initData.polling_code
+        })
+      }
+    );
+    if (![200, 201].includes(pollResponse.status)) {
+      throw new Error(
+        `Failed while polling Stack Auth CLI login (${pollResponse.status}).`
+      );
+    }
+    const pollData = await pollResponse.json();
+    if (pollData.status === "success") {
+      if (!pollData.refresh_token) {
+        throw new Error(
+          "Stack Auth login completed without a refresh token response."
+        );
+      }
+      return pollData.refresh_token;
+    }
+    if (pollData.status === "cancelled" || pollData.status === "expired" || pollData.status === "error") {
+      throw new Error(
+        pollData.error || `Stack Auth login ${pollData.status}. Please retry.`
+      );
+    }
+    await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MILLIS));
+  }
+  throw new Error("Timed out waiting for Stack Auth CLI authentication.");
+}
+async function refreshStackAccessToken(config, refreshToken) {
+  const response = await fetch(
+    `${config.stackApiUrl}/api/v1/auth/sessions/current/refresh`,
+    {
+      method: "POST",
+      headers: {
+        ...clientHeaders(config),
+        "x-stack-refresh-token": refreshToken
+      }
+    }
+  );
+  if (!response.ok) {
+    return null;
+  }
+  const data = await response.json();
+  if (!data.access_token) {
+    return null;
+  }
+  return {
+    accessToken: data.access_token,
+    refreshToken: data.refresh_token
+  };
+}
+async function getStackAccessTokenForCli(options) {
+  const config = resolveStackConfig();
+  if (!config) {
+    return null;
+  }
+  let refreshTokenFromEnv = loadRefreshTokenFromDotenv();
+  const stored = loadStoredAuth(config);
+  if (options?.forceRelogin) {
+    refreshTokenFromEnv = null;
+    clearStoredAuth(config);
+  }
+  let refreshToken = refreshTokenFromEnv ?? stored?.refreshToken;
+  if (!refreshToken) {
+    refreshToken = await startCliLogin(config);
+    persistAuth(config, refreshToken);
+    persistRefreshTokenToDotenv(refreshToken, options);
+  }
+  let refreshed = await refreshStackAccessToken(config, refreshToken);
+  if (!refreshed) {
+    if (!refreshTokenFromEnv) {
+      clearStoredAuth(config);
+    }
+    refreshToken = await startCliLogin(config);
+    persistAuth(config, refreshToken);
+    persistRefreshTokenToDotenv(refreshToken, options);
+    refreshed = await refreshStackAccessToken(config, refreshToken);
+  }
+  if (!refreshed) {
+    throw new Error("Failed to authenticate with Stack Auth.");
+  }
+  if (refreshed.refreshToken && refreshed.refreshToken !== refreshToken) {
+    persistAuth(config, refreshed.refreshToken);
+    persistRefreshTokenToDotenv(refreshed.refreshToken, options);
+  }
+  return refreshed.accessToken;
+}
+
+async function getFreestyleClient() {
   const apiKey = process.env.FREESTYLE_API_KEY;
   const baseUrl = process.env.FREESTYLE_API_URL;
-  if (!apiKey) {
-    console.error("Error: FREESTYLE_API_KEY environment variable is not set.");
-    console.error('Run "freestyle init" to set it up, or set it manually.');
-    process.exit(1);
+  if (apiKey) {
+    return new Freestyle({ apiKey, baseUrl });
+  }
+  const accessToken = await getStackAccessTokenForCli();
+  if (accessToken) {
+    return new Freestyle({ accessToken, baseUrl });
   }
-  return new Freestyle({ apiKey, baseUrl });
+  console.error(
+    "Error: authentication is required. Set FREESTYLE_API_KEY, or configure Stack Auth via FREESTYLE_STACK_PROJECT_ID and FREESTYLE_STACK_PUBLISHABLE_CLIENT_KEY."
+  );
+  process.exit(1);
 }
 function handleError(error) {
   if (error.response) {
@@ -44,12 +409,14 @@ function formatTable(headers, rows) {
   console.log(headerRow);
   console.log(separator);
   rows.forEach((row) => {
-    console.log(row.map((cell, i) => (cell || "").padEnd(colWidths[i])).join("  "));
+    console.log(
+      row.map((cell, i) => (cell || "").padEnd(colWidths[i])).join("  ")
+    );
   });
 }
 
 async function sshIntoVm(vmId, options = {}) {
-  const freestyle = getFreestyleClient();
+  const freestyle = await getFreestyleClient();
   console.log("Setting up SSH connection...");
   const { identity, identityId } = await freestyle.identities.create();
   console.log(`Created identity: ${identityId}`);
@@ -139,7 +506,7 @@ const vmCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           let createOptions = {};
           if (args.snapshot) {
             createOptions.snapshotId = args.snapshot;
@@ -229,7 +596,7 @@ Exec exit code: ${execResult.statusCode || 0}`);
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           const vms = await freestyle.vms.list();
           if (args.json) {
             console.log(JSON.stringify(vms, null, 2));
@@ -296,7 +663,7 @@ Exec exit code: ${execResult.statusCode || 0}`);
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           const vm = freestyle.vms.ref({ vmId: args.vmId });
           console.log(`Executing command on VM ${args.vmId}...`);
           const result = await vm.exec({
@@ -334,7 +701,7 @@ Exit code: ${result.statusCode || 0}`);
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           console.log(`Deleting VM ${args.vmId}...`);
           await freestyle.vms.delete({ vmId: args.vmId });
           console.log("\u2713 VM deleted successfully!");
@@ -378,9 +745,7 @@ const deployCommand = {
       const hasFile = !!argv.file;
       const hasRepo = !!argv.repo;
       if (!hasCode && !hasFile && !hasRepo) {
-        throw new Error(
-          "You must specify one of --code, --file, or --repo"
-        );
+        throw new Error("You must specify one of --code, --file, or --repo");
       }
       if ([hasCode, hasFile, hasRepo].filter(Boolean).length > 1) {
         throw new Error(
@@ -394,7 +759,7 @@ const deployCommand = {
     loadEnv();
     const args = argv;
     try {
-      const freestyle = getFreestyleClient();
+      const freestyle = await getFreestyleClient();
       let code;
       let repo;
       if (args.code) {
@@ -471,7 +836,7 @@ const runCommand = {
     loadEnv();
     const args = argv;
     try {
-      const freestyle = getFreestyleClient();
+      const freestyle = await getFreestyleClient();
       let code;
       if (args.code) {
         code = args.code;
@@ -544,7 +909,7 @@ const gitCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           const body = {
             public: args.public
           };
@@ -592,7 +957,7 @@ const gitCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           const repos = await freestyle.git.repos.list({
             limit: args.limit,
             cursor: args.cursor
@@ -642,7 +1007,7 @@ Total: ${repos.total}`);
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           console.log(`Deleting repository ${args.repoId}...`);
           await freestyle.git.repos.delete({ repoId: args.repoId });
           console.log("\u2713 Repository deleted");
@@ -681,7 +1046,7 @@ const domainsCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           const domains = await freestyle.domains.list({
             limit: args.limit,
             cursor: args.cursor
@@ -722,7 +1087,7 @@ const domainsCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           const result = await freestyle.domains.verifications.create({
             domain: args.domain
           });
@@ -772,7 +1137,7 @@ const domainsCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           const result = args.verificationId ? await freestyle.domains.verifications.complete({
             verificationId: args.verificationId
           }) : await freestyle.domains.verifications.complete({
@@ -802,7 +1167,7 @@ const domainsCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           const verifications = await freestyle.domains.verifications.list();
           if (args.json) {
             console.log(JSON.stringify(verifications, null, 2));
@@ -865,7 +1230,7 @@ const domainsCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           const result = args.deploymentId ? await freestyle.domains.mappings.create({
             domain: args.domain,
             deploymentId: args.deploymentId
@@ -907,7 +1272,7 @@ const domainsCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           await freestyle.domains.mappings.delete({ domain: args.domain });
           console.log("\u2713 Domain mapping deleted");
         } catch (error) {
@@ -938,7 +1303,7 @@ const domainsCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           const { mappings } = await freestyle.domains.mappings.list({
             domain: args.domain,
             limit: args.limit,
@@ -974,7 +1339,7 @@ const domainsCommand = {
 };
 
 async function getCronJobById(scheduleId) {
-  const freestyle = getFreestyleClient();
+  const freestyle = await getFreestyleClient();
   const { jobs } = await freestyle.cron.list();
   const job = jobs.find((candidate) => candidate.schedule.id === scheduleId);
   if (!job) {
@@ -1018,7 +1383,7 @@ const cronCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           let parsedPayload = {};
           if (args.payload) {
             try {
@@ -1065,7 +1430,7 @@ const cronCommand = {
         loadEnv();
         const args = argv;
         try {
-          const freestyle = getFreestyleClient();
+          const freestyle = await getFreestyleClient();
           const { jobs } = await freestyle.cron.list({
             deploymentId: args.deploymentId
           });
@@ -1258,4 +1623,61 @@ const cronCommand = {
   }
 };
 
-yargs(hideBin(process.argv)).scriptName("freestyle").usage("$0 <command> [options]").command(vmCommand).command(gitCommand).command(domainsCommand).command(cronCommand).command(deployCommand).command(runCommand).demandCommand(1, "You need to specify a command").help().alias("help", "h").version().alias("version", "v").strict().parse();
+const loginCommand = {
+  command: "login",
+  describe: "Authenticate the CLI with Stack Auth",
+  builder: (yargs) => {
+    return yargs.option("save-to-dotenv", {
+      type: "boolean",
+      description: "Save the Stack refresh token into the current folder's .env as FREESTYLE_STACK_REFRESH_TOKEN",
+      default: false
+    }).option("force", {
+      type: "boolean",
+      description: "Force a fresh login flow even if a stored token exists",
+      default: false
+    }).option("stack-project-id", {
+      type: "string",
+      description: "Stack project ID (overrides environment for this run)"
+    }).option("stack-publishable-client-key", {
+      type: "string",
+      description: "Stack publishable client key (overrides environment for this run)"
+    }).option("stack-app-url", {
+      type: "string",
+      description: "Stack app URL for browser confirmation (default: https://freestyle.sh)"
+    });
+  },
+  handler: async (argv) => {
+    loadEnv();
+    const args = argv;
+    if (args.stackProjectId) {
+      process.env.FREESTYLE_STACK_PROJECT_ID = args.stackProjectId;
+    }
+    if (args.stackPublishableClientKey) {
+      process.env.FREESTYLE_STACK_PUBLISHABLE_CLIENT_KEY = args.stackPublishableClientKey;
+    }
+    if (args.stackAppUrl) {
+      process.env.FREESTYLE_STACK_APP_URL = args.stackAppUrl;
+    }
+    try {
+      const accessToken = await getStackAccessTokenForCli({
+        saveToDotenv: args.saveToDotenv,
+        forceRelogin: args.force
+      });
+      if (!accessToken) {
+        throw new Error(
+          "Stack Auth is not configured. Set FREESTYLE_STACK_PROJECT_ID and FREESTYLE_STACK_PUBLISHABLE_CLIENT_KEY."
+        );
+      }
+      console.log("\u2713 Authenticated with Stack Auth");
+      if (args.saveToDotenv) {
+        console.log("\u2713 Saved refresh token to .env in current directory");
+      } else {
+        console.log("\u2713 Saved refresh token to global CLI auth store");
+      }
+    } catch (error) {
+      handleError(error);
+    }
+  }
+};
+
+yargs(hideBin(process.argv)).scriptName("freestyle").usage("$0 <command> [options]").command(vmCommand).command(gitCommand).command(domainsCommand).command(cronCommand).command(loginCommand).command(deployCommand).command(runCommand).demandCommand(1, "You need to specify a command").help().alias("help", "h").version().alias("version", "v").strict().parse();