npm - fuzzi-cli - Versions diffs - 0.1.0 → 0.1.1 - Mend

fuzzi-cli 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -9,7 +9,7 @@ var __export = (target, all) => {
 };
 // src/types/brand.ts
-var BRAND, RISK_COLORS, VERSION, DEFAULT_API_URL;
+var BRAND, RISK_COLORS, VERSION, APP_ORIGIN, DEFAULT_API_URL;
 var init_brand = __esm({
   "src/types/brand.ts"() {
     "use strict";
@@ -27,8 +27,9 @@ var init_brand = __esm({
       HIGH: "#EF4444",
       CRITICAL: "#A855F7"
     };
-    VERSION = "0.1.0";
-    DEFAULT_API_URL = "https://app.fuzzi.dev/api";
+    VERSION = "0.1.1";
+    APP_ORIGIN = "https://app.fuzzi.dev";
+    DEFAULT_API_URL = `${APP_ORIGIN}/api`;
   }
 });
@@ -396,6 +397,9 @@ function getCapabilities() {
   };
   return cached;
 }
+function resetCapabilities() {
+  cached = null;
+}
 var cached;
 var init_capabilities = __esm({
   "src/terminal/capabilities.ts"() {
@@ -434,6 +438,9 @@ function success(text) {
 function warn(text) {
   return color("#F59E0B", chalk.yellow)(text);
 }
+function info(text) {
+  return color(BRAND.accent, chalk.cyan)(text);
+}
 var accent, accentBold, muted, bold, dim;
 var init_theme = __esm({
   "src/terminal/theme.ts"() {
@@ -448,14 +455,6 @@ var init_theme = __esm({
   }
 });
-// src/lib/theme.ts
-var init_theme2 = __esm({
-  "src/lib/theme.ts"() {
-    "use strict";
-    init_theme();
-  }
-});
 // src/terminal/table.ts
 import Table from "cli-table3";
 function createTable(headers, rows) {
@@ -510,33 +509,52 @@ var init_strings = __esm({
   }
 });
+// src/terminal/width.ts
+import { stdout as stdout2 } from "process";
+function terminalWidth() {
+  resetCapabilities();
+  return Math.max(64, (stdout2.columns ?? 80) - 2);
+}
+function contentWidth() {
+  return terminalWidth() - 4;
+}
+var init_width = __esm({
+  "src/terminal/width.ts"() {
+    "use strict";
+    init_capabilities();
+  }
+});
 // src/terminal/layout.ts
 import boxen from "boxen";
 function panel(content, opts = {}) {
+  const width = opts.fullWidth !== false ? terminalWidth() : void 0;
   return boxen(content, {
     title: opts.title ? accentBold(opts.title) : void 0,
     padding: opts.padding ?? 1,
     margin: { top: 0, bottom: opts.marginBottom ?? 1, left: 0, right: 0 },
     borderStyle: "round",
     borderColor: getCapabilities().trueColor ? BRAND.accent : void 0,
-    titleAlignment: "left"
+    titleAlignment: "left",
+    width
   });
 }
 function columns(left, right, leftWidth) {
-  const width = leftWidth ?? Math.floor(getCapabilities().width * 0.45);
+  const total = contentWidth();
+  const split = leftWidth ?? Math.floor(total * 0.48);
   const leftLines = left.split("\n");
   const rightLines = right.split("\n");
   const rows = Math.max(leftLines.length, rightLines.length);
   const out = [];
   for (let i = 0; i < rows; i++) {
-    const l = padEndVisible(leftLines[i] ?? "", width);
+    const l = padEndVisible(leftLines[i] ?? "", split);
     const r = rightLines[i] ?? "";
     out.push(`${l}  ${r}`);
   }
   return out.join("\n");
 }
 function divider(char = "\u2500", width) {
-  const w = width ?? getCapabilities().width - 4;
+  const w = width ?? contentWidth();
   return dim(char.repeat(Math.max(20, w)));
 }
 function statusBar(parts) {
@@ -547,6 +565,13 @@ function keyValue(rows, indent = 2) {
   const maxKey = Math.max(...rows.map(([k]) => k.length), 4);
   return rows.map(([k, v]) => `${pad}${muted(k.padEnd(maxKey))}  ${v}`).join("\n");
 }
+function centerBlock(text, width = contentWidth()) {
+  return text.split("\n").map((line) => {
+    const plain = line.replace(/\x1b\[[0-9;]*m/g, "");
+    const pad = Math.max(0, Math.floor((width - plain.length) / 2));
+    return " ".repeat(pad) + line;
+  }).join("\n");
+}
 var init_layout = __esm({
   "src/terminal/layout.ts"() {
     "use strict";
@@ -554,6 +579,15 @@ var init_layout = __esm({
     init_theme();
     init_capabilities();
     init_strings();
+    init_width();
+  }
+});
+// src/lib/theme.ts
+var init_theme2 = __esm({
+  "src/lib/theme.ts"() {
+    "use strict";
+    init_theme();
   }
 });
@@ -648,16 +682,125 @@ init_credentials();
 init_api_client();
 init_credentials();
 init_config();
-init_theme2();
-import { password, input } from "@inquirer/prompts";
+init_theme();
+import { password, input, confirm } from "@inquirer/prompts";
+// src/lib/browser-auth.ts
+init_config();
+init_credentials();
+init_api_client();
+init_brand();
+init_logger();
+import { randomBytes } from "crypto";
+import { createServer } from "http";
+import { exec } from "child_process";
+var TIMEOUT_MS = 5 * 60 * 1e3;
+function generateState() {
+  return randomBytes(24).toString("base64url");
+}
+function openBrowser(url) {
+  const platform = process.platform;
+  const cmd = platform === "darwin" ? `open ${JSON.stringify(url)}` : platform === "win32" ? `start "" ${JSON.stringify(url)}` : `xdg-open ${JSON.stringify(url)}`;
+  exec(cmd, (err) => {
+    if (err) log.warn("could not open browser automatically", err.message);
+  });
+}
+function apiOrigin(apiUrl) {
+  return apiUrl.replace(/\/api\/?$/, "") || APP_ORIGIN;
+}
+async function runBrowserLogin() {
+  const config = await loadConfig();
+  const state = generateState();
+  const handoffToken = await new Promise((resolve, reject) => {
+    const server = createServer((req, res) => {
+      try {
+        const addr = server.address();
+        const port = typeof addr === "object" && addr ? addr.port : 0;
+        const url = new URL(req.url ?? "/", `http://127.0.0.1:${port}`);
+        if (url.pathname !== "/callback") {
+          res.writeHead(404);
+          res.end();
+          return;
+        }
+        const token = url.searchParams.get("token");
+        const returnedState = url.searchParams.get("state");
+        if (!token || returnedState !== state) {
+          res.writeHead(400);
+          res.end("Invalid callback");
+          reject(new ApiError("Invalid sign-in callback.", 400, "invalid_callback", void 0, 2));
+          return;
+        }
+        res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+        res.end(`<!DOCTYPE html><html><body style="font-family:system-ui;text-align:center;padding:48px">
+          <h1>Signed in to Fuzzi CLI</h1><p>Return to your terminal.</p>
+          <script>setTimeout(()=>window.close(),1200)</script></body></html>`);
+        server.close();
+        resolve(token);
+      } catch (e) {
+        server.close();
+        reject(e);
+      }
+    });
+    const timer = setTimeout(() => {
+      server.close();
+      reject(new ApiError("Sign-in timed out after 5 minutes.", 408, "auth_timeout", void 0, 2));
+    }, TIMEOUT_MS);
+    server.listen(0, "127.0.0.1", () => {
+      const addr = server.address();
+      const port = typeof addr === "object" && addr ? addr.port : 0;
+      const loginUrl = `${apiOrigin(config.api_url)}/cli-auth?state=${encodeURIComponent(state)}&callback_port=${port}`;
+      openBrowser(loginUrl);
+      log.debug("browser auth", loginUrl);
+    });
+    server.on("error", (e) => {
+      clearTimeout(timer);
+      reject(e);
+    });
+  });
+  const client = new FuzziApiClient(config.api_url);
+  const handoff = await client.post("/cli/handoff", {
+    handoff_token: handoffToken,
+    state
+  });
+  if (!handoff.api_key) {
+    throw new ApiError("Sign-in failed: no API key returned.", 500, "handoff_failed", void 0, 2);
+  }
+  client.setToken(handoff.api_key);
+  const profile = await client.get("/me");
+  await saveCredentials({
+    api_key: handoff.api_key,
+    auth_method: "api_key",
+    key_prefix: handoff.prefix || profile.key_prefix || maskApiKey(handoff.api_key),
+    key_expires_at: handoff.expires_at || profile.key_expires_at || void 0,
+    email: profile.email,
+    full_name: profile.full_name || void 0,
+    saved_at: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  const name = profile.full_name || profile.email;
+  return { message: `Signed in as ${name}`, profile };
+}
+// src/commands/auth.ts
 async function runAuthLogin(opts = {}) {
+  if (opts.browser || opts.interactive !== false && !opts.apiKey && !opts.apiKeyOnly) {
+    try {
+      const result = await runBrowserLogin();
+      return success(result.message);
+    } catch (e) {
+      if (opts.browser) throw e;
+      if (opts.apiKeyOnly) throw e;
+    }
+  }
+  return runApiKeyLogin(opts);
+}
+async function runApiKeyLogin(opts = {}) {
   const config = await loadConfig();
   const client = new FuzziApiClient(config.api_url);
   let apiKey = opts.apiKey?.trim();
   if (!apiKey) {
     if (opts.interactive === false) {
       throw new ApiError(
-        "No API key provided. Generate one at https://app.fuzzi.dev/settings/api-keys",
+        "No API key provided. Run fuzzi auth login or sign in via browser.",
         401,
         "missing_key",
         void 0,
@@ -909,9 +1052,9 @@ function parseTomlSimple(raw) {
   }
   return config;
 }
-async function loadProjectConfig(cwd5) {
-  const fuzzirc = join3(cwd5, ".fuzzirc");
-  const fuzzitoml = join3(cwd5, "fuzzi.toml");
+async function loadProjectConfig(cwd4) {
+  const fuzzirc = join3(cwd4, ".fuzzirc");
+  const fuzzitoml = join3(cwd4, "fuzzi.toml");
   if (existsSync(fuzzirc)) {
     try {
       const raw = await readFile3(fuzzirc, "utf8");
@@ -1079,8 +1222,8 @@ async function runScanCommand(client, opts) {
   log.debug("creating scan", { url: opts.url, env });
   const created = await withRetry(() => client.post("/scan", body));
   if (!shouldWait) {
-    const output2 = format === "json" ? JSON.stringify(created, null, 2) : [success("Scan started"), muted(`ID: ${created.scan_id}`), muted(created.message)].join("\n");
-    return { output: output2, exitCode: 0 };
+    const output3 = format === "json" ? JSON.stringify(created, null, 2) : [success("Scan started"), muted(`ID: ${created.scan_id}`), muted(created.message)].join("\n");
+    return { output: output3, exitCode: 0 };
   }
   const host = hostnameFromUrl(opts.url);
   const progress = opts.onProgress ? { update: opts.onProgress, stop: () => {
@@ -1189,9 +1332,17 @@ function exitWith(code) {
 function buildProgram() {
   const program = new Command("fuzzi").name("fuzzi").description("Fuzzi security scanner CLI \u2014 interactive shell and scriptable commands").version(VERSION);
   const auth = program.command("auth").description("Authentication");
-  auth.command("login").description("Authenticate with an API key from https://app.fuzzi.dev/settings/api-keys").option("--api-key <key>", "API key (fz_live_...)").action(async (opts) => {
+  auth.command("login").description("Sign in via browser (default) or API key").option("--browser", "Sign in via browser (default when interactive)").option("--api-key <key>", "Paste an API key (fz_live_...)").action(async (opts) => {
     try {
-      console.log(await runAuthLogin({ apiKey: opts.apiKey, interactive: !opts.apiKey }));
+      const useApiKey = !!opts.apiKey;
+      console.log(
+        await runAuthLogin({
+          apiKey: opts.apiKey,
+          interactive: !opts.apiKey,
+          browser: !useApiKey,
+          apiKeyOnly: useApiKey
+        })
+      );
     } catch (e) {
       handleCommandError(e);
     }
@@ -1300,11 +1451,6 @@ function buildProgram() {
   return program;
 }
-// src/cli/bootstrap.ts
-init_credentials();
-init_api_client();
-import { cwd as cwd4 } from "process";
 // src/shell/prompt-loop.ts
 import * as readline from "readline/promises";
 import { stdin as input3, stdout as output } from "process";
@@ -1326,6 +1472,7 @@ function renderFuzziMark() {
 init_brand();
 init_theme();
 init_layout();
+init_width();
 // src/lib/assets.ts
 import { readFile as readFile4 } from "fs/promises";
@@ -1352,33 +1499,61 @@ async function readAsset(name) {
 }
 // src/shell/home-screen.ts
-async function fetchHomeData(profile, cwd5) {
+async function fetchHomeData(profile, cwd4) {
   let changelog = [];
   try {
     changelog = JSON.parse(await readAsset("changelog.json"));
   } catch {
     changelog = [];
   }
-  return { profile, cwd: cwd5, changelog };
+  return { profile, cwd: cwd4, changelog };
 }
 function renderHomeScreen(data) {
+  const w = contentWidth();
   const name = data.profile?.full_name || data.profile?.email?.split("@")[0] || "there";
   const org = data.profile?.organization?.trim();
-  const welcome = data.profile ? accentBold(`Welcome back, ${name}!`) : muted("Welcome to Fuzzi");
-  const mark = accent(renderFuzziMark());
-  const connected = data.profile ? statusBar([accent("Connected"), org ?? null].filter(Boolean)) : muted("Not connected");
-  const headerBody = ["", welcome, "", mark, "", connected, muted(data.cwd), ""].join("\n");
+  const welcome = data.profile ? accentBold(`Welcome back, ${name}!`) : accentBold("Welcome to Fuzzi");
+  const mark = centerBlock(accent(renderFuzziMark()), w);
+  const statusLine = data.profile ? [accent("\u25CF Connected"), org, muted(data.profile.email)].filter(Boolean).join(muted("  \xB7  ")) : muted("Not connected") + muted("  \xB7  ") + info("Press Enter to sign in via browser");
+  const cwdLine = centerBlock(muted(data.cwd), w);
   const latest = data.changelog[0];
-  const whatsNew = latest ? [...latest.highlights.slice(0, 2).map((h) => muted(`\xB7 ${h}`)), muted("/changelog for more")].join("\n") : muted("Stay tuned for updates");
+  const whatsNewTitle = accentBold("What's new");
+  const whatsNew = latest ? [
+    whatsNewTitle,
+    ...latest.highlights.slice(0, 3).map((h) => muted(`  \xB7 ${h}`)),
+    muted("  /changelog for more")
+  ].join("\n") : [whatsNewTitle, muted("  Stay tuned for updates")].join("\n");
+  const quickTitle = accentBold("Quick actions");
   const quickActions = [
-    accent("/scan") + muted(" <url>") + muted("  scan a target"),
-    accent("/scans") + muted("       browse history"),
-    accent("/status") + muted("      account info"),
-    accent("/palette") + muted("     search commands"),
-    accent("/help") + muted("        all commands")
+    quickTitle,
+    accent("/scan") + muted(" <url>     ") + muted("security scan"),
+    accent("/scans") + muted("          ") + muted("browse history"),
+    accent("/status") + muted("         ") + muted("account info"),
+    accent("/auth") + muted("           ") + muted("sign in (browser)"),
+    accent("/auth-key") + muted("       ") + muted("paste API key"),
+    accent("/palette") + muted("        ") + muted("search commands"),
+    accent("/help") + muted("           ") + muted("all commands")
   ].join("\n");
-  const panels = panel(columns(quickActions, whatsNew, 38), { title: "Quick actions" });
-  return panel(headerBody, { title: `Fuzzi CLI v${VERSION}`, marginBottom: 0 }) + "\n" + panels;
+  const footer = data.profile ? muted("Type a command below  \xB7  /palette to search  \xB7  Ctrl+C to exit") : muted("Press Enter at startup to sign in via browser  \xB7  or /auth-key");
+  const body = [
+    "",
+    centerBlock(welcome, w),
+    "",
+    mark,
+    "",
+    centerBlock(statusLine, w),
+    cwdLine,
+    "",
+    divider(),
+    "",
+    columns(quickActions, whatsNew),
+    "",
+    divider(),
+    "",
+    centerBlock(footer, w),
+    ""
+  ].join("\n");
+  return panel(body, { title: `Fuzzi CLI v${VERSION}`, marginBottom: 0 });
 }
 function renderChangelog(entries) {
   if (!entries.length) return muted("No changelog entries.");
@@ -1393,7 +1568,7 @@ function renderChangelog(entries) {
 // src/shell/slash-commands.ts
 init_api_client();
-import { confirm, input as input2 } from "@inquirer/prompts";
+import { confirm as confirm2, input as input2 } from "@inquirer/prompts";
 // src/commands/keys.ts
 init_table();
@@ -1422,9 +1597,9 @@ async function searchPalette(message, choices) {
   try {
     return await search({
       message,
-      source: async (input4) => {
-        if (!input4) return choices;
-        const q = input4.toLowerCase();
+      source: async (input5) => {
+        if (!input5) return choices;
+        const q = input5.toLowerCase();
         return choices.filter((c) => c.value.includes(q) || c.description?.includes(q));
       }
     });
@@ -1482,13 +1657,14 @@ var SLASH_COMMANDS = [
   { name: "/palette", description: "Open command palette", aliases: ["/commands"] },
   { name: "/changelog", description: "View release notes" },
   { name: "/help", description: "Show all commands" },
-  { name: "/auth", description: "Log in with API key", aliases: ["/login"] },
+  { name: "/auth", description: "Sign in via browser", aliases: ["/login"] },
+  { name: "/auth-key", description: "Paste an API key instead", usage: "/auth-key" },
   { name: "/clear", description: "Clear screen and refresh home" },
   { name: "/history", description: "Show recent commands" },
   { name: "/exit", description: "Exit the shell", aliases: ["/quit"] }
 ];
-function findCommand(input4) {
-  const cmd = input4.trim().split(/\s/)[0].toLowerCase();
+function findCommand(input5) {
+  const cmd = input5.trim().split(/\s/)[0].toLowerCase();
   return SLASH_COMMANDS.find(
     (c) => c.name === cmd || c.aliases?.some((a) => a === cmd)
   );
@@ -1569,14 +1745,59 @@ function successBox(message) {
 // src/shell/slash-commands.ts
 init_strings();
+function normalizeInput(line) {
+  let t = line.trim();
+  if (!t || t.startsWith("/")) return t;
+  if (t.toLowerCase().startsWith("fuzzi ")) t = t.slice(6).trim();
+  const lower = t.toLowerCase();
+  const aliases = {
+    "auth login": "/auth",
+    auth: "/auth",
+    login: "/auth",
+    "auth-key": "/auth-key",
+    logout: "/exit",
+    help: "/help",
+    exit: "/exit",
+    quit: "/exit",
+    clear: "/clear",
+    changelog: "/changelog",
+    status: "/status",
+    scans: "/scans",
+    keys: "/keys",
+    palette: "/palette"
+  };
+  if (aliases[lower]) return aliases[lower];
+  if (lower.startsWith("scan ")) return `/scan ${t.slice(5).trim()}`;
+  if (lower.startsWith("config set ")) {
+    const parts = t.slice(11).trim().split(/\s+/);
+    if (parts.length >= 2) return `/config ${parts[0]}=${parts.slice(1).join(" ")}`;
+  }
+  if (lower.startsWith("config ")) return `/config ${t.slice(7).trim().replace(/\s+/, "=")}`;
+  if (!t.includes(" ") && t.includes(".")) return `/scan ${t}`;
+  return t;
+}
+function normalizeScanUrl(url) {
+  const u = url.trim();
+  if (!/^https?:\/\//i.test(u)) return `https://${u}`;
+  return u;
+}
 async function dispatchSlashCommand(line, ctx) {
   const trimmed = line.trim();
   if (!trimmed) return {};
   if (trimmed === "/exit" || trimmed === "/quit") return { exit: true };
   const [cmd, ...rest] = trimmed.split(/\s+/);
   const arg = rest.join(" ").trim();
-  const def = findCommand(cmd);
-  if (!def && cmd.startsWith("/")) {
+  if (!cmd.startsWith("/")) {
+    ctx.sink.write(
+      errorBox(
+        `Not a shell command: ${trimmed}`,
+        `Use slash commands here \u2014 e.g. ${accent("/auth")} not "fuzzi auth login"
+${accent("/help")} lists everything`
+      )
+    );
+    return {};
+  }
+  if (!findCommand(cmd) && cmd.startsWith("/")) {
     ctx.sink.write(errorBox(`Unknown command: ${cmd}`, "Type /help or /palette"));
     return {};
   }
@@ -1606,9 +1827,10 @@ async function dispatchSlashCommand(line, ctx) {
         const client = await getAuthenticatedClient();
         const progress = createStreamProgress(ctx.sink);
         const result = await runScanCommand(client, {
-          url: arg,
+          url: normalizeScanUrl(arg),
           wait: true,
-          onProgress: progress.update
+          onProgress: progress.update,
+          streamProgress: true
         });
         progress.stop();
         ctx.sink.write(result.output);
@@ -1674,7 +1896,12 @@ ${muted("Rate limit")}  ${rate}` : status);
       }
       case "/login":
       case "/auth": {
-        ctx.sink.write(await runAuthLogin({ interactive: true }));
+        ctx.sink.write(await runAuthLogin({ interactive: true, browser: true }));
+        const client = await getAuthenticatedClient();
+        return { profile: await client.get("/me"), redraw: true };
+      }
+      case "/auth-key": {
+        ctx.sink.write(await runApiKeyLogin({ interactive: true }));
         const client = await getAuthenticatedClient();
         return { profile: await client.get("/me"), redraw: true };
       }
@@ -1737,7 +1964,7 @@ async function runKeysInteractive(ctx) {
   if (action.toLowerCase() === "r") {
     const keyId = await pickKeyForRevoke(client);
     if (!keyId) return;
-    const ok = await confirm({ message: "Revoke this API key?", default: false }).catch(() => false);
+    const ok = await confirm2({ message: "Revoke this API key?", default: false }).catch(() => false);
     if (ok) ctx.sink.write(successBox(await runKeyRevoke(client, keyId)));
   } else if (action.toLowerCase() === "n") {
     const name = await promptNewKeyName();
@@ -1775,15 +2002,16 @@ async function runPromptLoop(initialProfile) {
   const workDir = cwd3();
   const history = await loadHistory();
   const refresh = async () => {
-    if (getCapabilities().interactive) console.clear();
+    if (getCapabilities().interactive) {
+      process.stdout.write("\x1B[2J\x1B[H");
+    }
     const data = await fetchHomeData(profile, workDir);
     console.log(renderHomeScreen(data));
-    const bar = statusBar([
+    console.log(statusBar([
       profile ? muted(profile.email) : muted("guest"),
       dim(workDir),
       isDebugMode() ? muted("debug") : null
-    ].filter(Boolean));
-    console.log(bar);
+    ].filter(Boolean)));
     console.log("");
   };
   await refresh();
@@ -1809,7 +2037,8 @@ async function runPromptLoop(initialProfile) {
       error: (text) => console.error(text),
       clearLine: () => process.stdout.write("\r\x1B[K")
     };
-    const result = await dispatchSlashCommand(line, {
+    const normalized = normalizeInput(line);
+    const result = await dispatchSlashCommand(normalized, {
       cwd: workDir,
       profile,
       sink,
@@ -1826,22 +2055,16 @@ async function runPromptLoop(initialProfile) {
   }
 }
-// src/shell/onboarding.ts
+// src/shell/auth-gate.ts
+init_layout();
 init_theme();
-function renderOnboarding() {
-  return [
-    muted("Authenticate to run scans and browse results."),
-    "",
-    `  1. Generate an API key at ${accent("app.fuzzi.dev/settings/api-keys")}`,
-    `  2. Run ${accent("/auth")} or ${accent("fuzzi auth login")}`,
-    `  3. Scan a URL with ${accent("/scan https://example.com")}`,
-    "",
-    muted("Type /help for all commands  \xB7  /palette to search")
-  ].join("\n");
-}
+init_width();
+import * as readline2 from "readline";
+import { stdin as input4, stdout as output2 } from "process";
-// src/cli/bootstrap.ts
-init_layout();
+// src/cli/profile.ts
+init_credentials();
+init_api_client();
 init_logger();
 async function tryGetProfile() {
   try {
@@ -1854,13 +2077,61 @@ async function tryGetProfile() {
     return null;
   }
 }
+// src/shell/auth-gate.ts
+function renderAuthGate() {
+  const w = contentWidth();
+  const body = [
+    "",
+    centerBlock(accent(renderFuzziMark()), w),
+    "",
+    centerBlock(accentBold("Sign in to continue"), w),
+    "",
+    centerBlock(muted("The CLI needs your Fuzzi account to run scans."), w),
+    "",
+    divider(),
+    "",
+    centerBlock(info("Press Enter to open your browser and sign in"), w),
+    centerBlock(muted("Or type /auth-key later to paste an API key instead"), w),
+    ""
+  ].join("\n");
+  return panel(body, { title: "Fuzzi CLI", marginBottom: 1 });
+}
+function waitForEnter() {
+  return new Promise((resolve) => {
+    const rl = readline2.createInterface({ input: input4, output: output2, terminal: true });
+    output2.write(accent("\n  \u203A Press Enter to open browser... "));
+    rl.once("line", () => {
+      rl.close();
+      resolve();
+    });
+  });
+}
+async function runAuthGate() {
+  const existing = await tryGetProfile();
+  if (existing) return existing;
+  if (!output2.isTTY) return null;
+  console.log(renderAuthGate());
+  await waitForEnter();
+  const progress = createProgress("Opening browser...");
+  try {
+    const result = await runBrowserLogin();
+    progress.succeed("Signed in");
+    console.log(accent(result.message));
+    return result.profile;
+  } catch (e) {
+    progress.fail("Sign-in failed");
+    console.log(muted(formatApiError(e)));
+    console.log(muted("You can still use /auth-key to paste an API key, or /auth to retry browser login."));
+    return null;
+  }
+}
+// src/cli/bootstrap.ts
 async function runInteractiveMode() {
-  const profile = await tryGetProfile();
-  const workDir = cwd4();
-  const data = await fetchHomeData(profile, workDir);
-  console.log(renderHomeScreen(data));
+  let profile = await tryGetProfile();
   if (!profile) {
-    console.log(panel(renderOnboarding(), { title: "Get started" }));
+    profile = await runAuthGate();
   }
   await runPromptLoop(profile);
 }