kahunas-cli 1.0.6 → 1.3.0

package/README.md

@@ -1,188 +1,36 @@
 # Kahunas CLI
 
-A TypeScript CLI for Kahunas (kahunas.io) to fetch check-ins and workouts.
-
-![Kahunas CLI screenshot](https://unpkg.com/kahunas-cli@latest/ai-screenshot.png)
+Fetch workouts from Kahunas and preview them locally.
 
 ## Quick start
 
-1) Install dependencies and build:
+1) Install and build:
 
 ```bash
 pnpm install
 pnpm build
 ```
 
-2) Log in once (opens a browser):
-
-```bash
-pnpm kahunas -- auth login
-```
-
-3) Fetch data:
+2) Optional: add auto-login credentials at `~/.config/kahunas/auth.json`:
 
-```bash
-pnpm kahunas -- checkins list
-pnpm kahunas -- workout list
-pnpm kahunas -- workout pick
-```
-
-You can also run without installing globally:
-
-```bash
-npx kahunas-cli checkins list
-npx kahunas-cli workout events
+```json
+{
+  "email": "you@example.com",
+  "password": "your-password"
+}
 ```
 
-## Commands
-
-### Auth
-
-- `kahunas auth login`
-  - Opens a browser, lets you log in, and saves the `auth-user-token`.
-- `kahunas auth status`
-  - Checks whether the stored token is valid.
-- `kahunas auth show`
-  - Prints the stored token.
-
-Tokens are saved to:
-
-- `~/.config/kahunas/config.json`
-
-### Check-ins
-
-- `kahunas checkins list`
-  - Lists recent check-ins.
-
-### Workouts
-
-- `kahunas workout list`
-  - Lists workout programs.
-- `kahunas workout pick`
-  - Shows a numbered list and lets you choose a program.
-- `kahunas workout latest`
-  - Loads the most recently updated program.
-- `kahunas workout events`
-  - Lists workout log events with dates and a human-friendly workout summary (from the calendar endpoint).
-- `kahunas workout serve`
-  - Starts a local dev server with a workout preview page and a JSON endpoint that matches the CLI output.
-- `kahunas workout program <id>`
-  - Fetches a program by UUID.
-
-### Workout sync (browser capture)
-
-If the API list is missing a program you see in the web UI, run:
-
-```bash
-pnpm kahunas -- workout sync
-```
-
-This opens a browser, you log in, then navigate to your workouts page. After you press Enter, the CLI captures the workout list from network responses and writes a cache:
-
-- `~/.config/kahunas/workouts.json`
-
-`workout list`, `workout pick`, and `workout latest` automatically merge the API list with this cache.
-Raw output (`--raw`) prints the API response only.
-
-### Workout events (dates)
-
-To see when workouts happened, the calendar endpoint returns log events with timestamps. By default each event is summarized into a human-friendly structure (total volume sets, exercises, supersets). Use `--full` to return the full program payload (best effort; falls back to cached summary if needed).
-
-```bash
-pnpm kahunas -- workout events --user <user-uuid>
-```
-
-Or via pnpm:
-
-```bash
-pnpm kahunas -- workout events
-```
-
-Default timezone is `Europe/London`. Override with `--timezone`.
-
-You can filter by program or workout UUID:
+3) Sync workouts, then run the preview server:
 
 ```bash
-pnpm kahunas -- workout events --program <program-uuid>
-pnpm kahunas -- workout events --workout <workout-uuid>
+pnpm kahunas sync
+pnpm kahunas serve
 ```
 
-Use `--minimal` to return the raw event objects without program enrichment. Use `--full` to return the full enriched output. Use `--latest` for only the most recent event, or `--limit N` for the most recent N events. Use `--debug-preview` to log where preview HTML was discovered (stderr only).
+Open `http://127.0.0.1:3000`.
 
-If the user UUID is missing, `workout events` will attempt to discover it from check-ins and save it. You can also set it directly:
-
-- `KAHUNAS_USER_UUID=...`
-- `--user <uuid>`
-
-### Workout preview server
-
-Run a local dev server to preview workouts in a browser:
-
-```bash
-pnpm kahunas -- workout serve
-```
-
-The HTML page is available at `http://127.0.0.1:3000` and the JSON endpoint is at `http://127.0.0.1:3000/api/workout`.
-The JSON response matches the CLI output for `workout events --latest`, so there is only one data shape to maintain.
-
-Options:
-
-```bash
-pnpm kahunas -- workout serve --program <program-uuid>
-pnpm kahunas -- workout serve --workout <workout-uuid>
-pnpm kahunas -- workout serve --limit 3
-```
-
-Use `?day=<index>` to switch the selected workout day tab in the browser.
-
-## Auto-login
-
-Most commands auto-login by default if a token is missing or expired. To disable:
-
-```bash
-pnpm kahunas -- checkins list --no-auto-login
-```
-
-## Flags
-
-- `--raw` prints raw API responses (no formatting).
-- `--headless` runs Playwright without a visible browser window.
-
-## Environment variables
-
-- `KAHUNAS_TOKEN`
-- `KAHUNAS_CSRF`
-- `KAHUNAS_CSRF_COOKIE`
-- `KAHUNAS_COOKIE`
-- `KAHUNAS_WEB_BASE_URL`
-- `KAHUNAS_USER_UUID`
-
-## Playwright
-
-If Playwright did not download a browser during install:
-
-```bash
-pnpm exec playwright install chromium
-```
-
-## Testing
-
-Run the unit tests with:
-
-```bash
-pnpm test
-```
-
-## Publishing
-
-The npm package is built from `dist/cli.js`. Publishing runs the build automatically:
-
-```bash
-pnpm publish
-```
+If `auth.json` is missing, `sync` will prompt for credentials and save them.
 
-## Notes
+## Advanced usage
 
-- This CLI uses the same APIs the web app uses; tokens can expire quickly.
-- `auth login` is the most reliable way to refresh the token.
-- `workout events` relies on session cookies captured during `auth login`.
+See `docs/advanced.md` for all commands, flags, and configuration options.

package/dist/cli.js

@@ -6,6 +6,7 @@ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __commonJSMin = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
 var __copyProps = (to, from, except, desc) => {
 	if (from && typeof from === "object" || typeof from === "function") {
 		for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
@@ -68,17 +69,13 @@ function isFlagEnabled(options, name) {
 	const value = options[name];
 	return value === "true" || value === "1" || value === "yes";
 }
-function shouldAutoLogin(options, defaultValue) {
-	if (isFlagEnabled(options, "auto-login")) return true;
-	if (isFlagEnabled(options, "no-auto-login")) return false;
-	return defaultValue;
-}
 
 //#endregion
 //#region src/config.ts
 const DEFAULT_BASE_URL = "https://api.kahunas.io";
 const DEFAULT_WEB_BASE_URL = "https://kahunas.io";
 const CONFIG_PATH = node_path.join(node_os.homedir(), ".config", "kahunas", "config.json");
+const AUTH_PATH = node_path.join(node_os.homedir(), ".config", "kahunas", "auth.json");
 const WORKOUT_CACHE_PATH = node_path.join(node_os.homedir(), ".config", "kahunas", "workouts.json");
 function readConfig() {
 	if (!node_fs.existsSync(CONFIG_PATH)) return {};
@@ -89,6 +86,20 @@ function readConfig() {
 		throw new Error(`Invalid JSON in ${CONFIG_PATH}.`);
 	}
 }
+function readAuthConfig() {
+	if (!node_fs.existsSync(AUTH_PATH)) return;
+	const raw = node_fs.readFileSync(AUTH_PATH, "utf-8");
+	try {
+		return JSON.parse(raw);
+	} catch {
+		throw new Error(`Invalid JSON in ${AUTH_PATH}.`);
+	}
+}
+function writeAuthConfig(auth) {
+	const dir = node_path.dirname(AUTH_PATH);
+	node_fs.mkdirSync(dir, { recursive: true });
+	node_fs.writeFileSync(AUTH_PATH, `${JSON.stringify(auth, null, 2)}\n`, "utf-8");
+}
 function writeConfig(config) {
 	const dir = node_path.dirname(CONFIG_PATH);
 	node_fs.mkdirSync(dir, { recursive: true });
@@ -113,26 +124,26 @@ function writeWorkoutCache(plans) {
 	node_fs.writeFileSync(WORKOUT_CACHE_PATH, `${JSON.stringify(cache, null, 2)}\n`, "utf-8");
 	return cache;
 }
-function resolveToken(options, config) {
-	return options.token ?? process.env.KAHUNAS_TOKEN ?? config.token;
+function resolveToken(_, config) {
+	return config.token;
 }
-function resolveCsrfToken(options, config) {
-	return options.csrf ?? process.env.KAHUNAS_CSRF ?? config.csrfToken;
+function resolveCsrfToken(_, config) {
+	return config.csrfToken;
 }
-function resolveCsrfCookie(options, config) {
-	return options["csrf-cookie"] ?? process.env.KAHUNAS_CSRF_COOKIE ?? config.csrfCookie;
+function resolveCsrfCookie(_, config) {
+	return config.csrfCookie;
 }
-function resolveAuthCookie(options, config) {
-	return options.cookie ?? process.env.KAHUNAS_COOKIE ?? config.authCookie;
+function resolveAuthCookie(_, config) {
+	return config.authCookie;
 }
-function resolveUserUuid(options, config) {
-	return options.user ?? process.env.KAHUNAS_USER_UUID ?? config.userUuid;
+function resolveUserUuid(_, config) {
+	return config.userUuid;
 }
 function resolveBaseUrl(options, config) {
-	return options["base-url"] ?? config.baseUrl ?? DEFAULT_BASE_URL;
+	return config.baseUrl ?? DEFAULT_BASE_URL;
 }
 function resolveWebBaseUrl(options, config) {
-	return options["web-base-url"] ?? process.env.KAHUNAS_WEB_BASE_URL ?? config.webBaseUrl ?? DEFAULT_WEB_BASE_URL;
+	return config.webBaseUrl ?? DEFAULT_WEB_BASE_URL;
 }
 
 //#endregion
@@ -172,6 +183,37 @@ function isLikelyLoginHtml(text) {
 	if (!trimmed.startsWith("<")) return false;
 	return trimmed.includes("login to your account") || trimmed.includes("welcome back") || trimmed.includes("<title>kahunas");
 }
+function extractJwtExpiry(token) {
+	const parts = token.split(".");
+	if (parts.length < 2) return;
+	const payload = decodeBase64Url(parts[1]);
+	if (!payload) return;
+	try {
+		const data = JSON.parse(payload);
+		if (typeof data.exp !== "number" || !Number.isFinite(data.exp)) return;
+		return (/* @__PURE__ */ new Date(data.exp * 1e3)).toISOString();
+	} catch {
+		return;
+	}
+}
+const DEFAULT_TOKEN_TTL_MS = 7200 * 1e3;
+function resolveTokenExpiry(token, tokenUpdatedAt) {
+	const jwtExpiry = extractJwtExpiry(token);
+	if (jwtExpiry) return jwtExpiry;
+	const updatedAt = Date.parse(tokenUpdatedAt);
+	if (!Number.isFinite(updatedAt)) return;
+	return new Date(updatedAt + DEFAULT_TOKEN_TTL_MS).toISOString();
+}
+function decodeBase64Url(value) {
+	const normalized = value.replace(/-/g, "+").replace(/_/g, "/");
+	const padding = normalized.length % 4;
+	const padded = padding === 0 ? normalized : normalized + "=".repeat(4 - padding);
+	try {
+		return Buffer.from(padded, "base64").toString("utf-8");
+	} catch {
+		return;
+	}
+}
 
 //#endregion
 //#region src/http.ts
@@ -249,6 +291,20 @@ async function fetchAuthToken(csrfToken, cookieHeader, webBaseUrl) {
 	};
 }
 
+//#endregion
+//#region src/output.ts
+function printResponse(response, rawOutput) {
+	if (rawOutput) {
+		console.log(response.text);
+		return;
+	}
+	if (response.json !== void 0) {
+		console.log(JSON.stringify(response.json, null, 2));
+		return;
+	}
+	console.log(response.text);
+}
+
 //#endregion
 //#region src/responses.ts
 function isTokenExpiredResponse(payload) {
@@ -272,18 +328,107 @@ function extractUserUuidFromCheckins(payload) {
 }
 
 //#endregion
-//#region src/utils.ts
-function parseNumber$1(value, fallback) {
-	if (!value) return fallback;
-	const parsed = Number.parseInt(value, 10);
-	if (Number.isNaN(parsed)) return fallback;
-	return parsed;
+//#region node_modules/.pnpm/picocolors@1.1.1/node_modules/picocolors/picocolors.js
+var require_picocolors = /* @__PURE__ */ __commonJSMin(((exports, module) => {
+	let p = process || {}, argv = p.argv || [], env = p.env || {};
+	let isColorSupported = !(!!env.NO_COLOR || argv.includes("--no-color")) && (!!env.FORCE_COLOR || argv.includes("--color") || p.platform === "win32" || (p.stdout || {}).isTTY && env.TERM !== "dumb" || !!env.CI);
+	let formatter = (open, close, replace = open) => (input) => {
+		let string = "" + input, index = string.indexOf(close, open.length);
+		return ~index ? open + replaceClose(string, close, replace, index) + close : open + string + close;
+	};
+	let replaceClose = (string, close, replace, index) => {
+		let result = "", cursor = 0;
+		do {
+			result += string.substring(cursor, index) + replace;
+			cursor = index + close.length;
+			index = string.indexOf(close, cursor);
+		} while (~index);
+		return result + string.substring(cursor);
+	};
+	let createColors = (enabled = isColorSupported) => {
+		let f = enabled ? formatter : () => String;
+		return {
+			isColorSupported: enabled,
+			reset: f("\x1B[0m", "\x1B[0m"),
+			bold: f("\x1B[1m", "\x1B[22m", "\x1B[22m\x1B[1m"),
+			dim: f("\x1B[2m", "\x1B[22m", "\x1B[22m\x1B[2m"),
+			italic: f("\x1B[3m", "\x1B[23m"),
+			underline: f("\x1B[4m", "\x1B[24m"),
+			inverse: f("\x1B[7m", "\x1B[27m"),
+			hidden: f("\x1B[8m", "\x1B[28m"),
+			strikethrough: f("\x1B[9m", "\x1B[29m"),
+			black: f("\x1B[30m", "\x1B[39m"),
+			red: f("\x1B[31m", "\x1B[39m"),
+			green: f("\x1B[32m", "\x1B[39m"),
+			yellow: f("\x1B[33m", "\x1B[39m"),
+			blue: f("\x1B[34m", "\x1B[39m"),
+			magenta: f("\x1B[35m", "\x1B[39m"),
+			cyan: f("\x1B[36m", "\x1B[39m"),
+			white: f("\x1B[37m", "\x1B[39m"),
+			gray: f("\x1B[90m", "\x1B[39m"),
+			bgBlack: f("\x1B[40m", "\x1B[49m"),
+			bgRed: f("\x1B[41m", "\x1B[49m"),
+			bgGreen: f("\x1B[42m", "\x1B[49m"),
+			bgYellow: f("\x1B[43m", "\x1B[49m"),
+			bgBlue: f("\x1B[44m", "\x1B[49m"),
+			bgMagenta: f("\x1B[45m", "\x1B[49m"),
+			bgCyan: f("\x1B[46m", "\x1B[49m"),
+			bgWhite: f("\x1B[47m", "\x1B[49m"),
+			blackBright: f("\x1B[90m", "\x1B[39m"),
+			redBright: f("\x1B[91m", "\x1B[39m"),
+			greenBright: f("\x1B[92m", "\x1B[39m"),
+			yellowBright: f("\x1B[93m", "\x1B[39m"),
+			blueBright: f("\x1B[94m", "\x1B[39m"),
+			magentaBright: f("\x1B[95m", "\x1B[39m"),
+			cyanBright: f("\x1B[96m", "\x1B[39m"),
+			whiteBright: f("\x1B[97m", "\x1B[39m"),
+			bgBlackBright: f("\x1B[100m", "\x1B[49m"),
+			bgRedBright: f("\x1B[101m", "\x1B[49m"),
+			bgGreenBright: f("\x1B[102m", "\x1B[49m"),
+			bgYellowBright: f("\x1B[103m", "\x1B[49m"),
+			bgBlueBright: f("\x1B[104m", "\x1B[49m"),
+			bgMagentaBright: f("\x1B[105m", "\x1B[49m"),
+			bgCyanBright: f("\x1B[106m", "\x1B[49m"),
+			bgWhiteBright: f("\x1B[107m", "\x1B[49m")
+		};
+	};
+	module.exports = createColors();
+	module.exports.createColors = createColors;
+}));
+
+//#endregion
+//#region src/logger.ts
+var import_picocolors = /* @__PURE__ */ __toESM(require_picocolors());
+function formatLabel(label, color) {
+	return import_picocolors.default.bold(color(label));
+}
+function logInfo(message) {
+	console.log(`${formatLabel("info", import_picocolors.default.cyan)} ${message}`);
+}
+function logError(message) {
+	console.error(`${formatLabel("error", import_picocolors.default.red)} ${message}`);
+}
+function logDebug(enabled, message) {
+	if (!enabled) return;
+	console.error(`${formatLabel("debug", import_picocolors.default.gray)} ${message}`);
 }
-function askQuestion(prompt) {
+function logPlain(message) {
+	console.log(message);
+}
+function formatHeading(message) {
+	return import_picocolors.default.bold(message);
+}
+function formatDim(message) {
+	return import_picocolors.default.dim(message);
+}
+
+//#endregion
+//#region src/utils.ts
+function askQuestion(prompt, output = process.stdout) {
 	return new Promise((resolve) => {
 		const rl = node_readline.createInterface({
 			input: process.stdin,
-			output: process.stdout
+			output
 		});
 		rl.question(prompt, (answer) => {
 			rl.close();
@@ -291,8 +436,11 @@ function askQuestion(prompt) {
 		});
 	});
 }
-function waitForEnter(prompt) {
-	return askQuestion(prompt).then(() => void 0);
+function waitForEnter(prompt, output = process.stdout) {
+	return askQuestion(prompt, output).then(() => void 0);
+}
+function debugLog(enabled, message) {
+	logDebug(enabled, message);
 }
 
 //#endregion
@@ -401,9 +549,181 @@ function buildWorkoutPlanIndex(plans) {
 
 //#endregion
 //#region src/auth.ts
+const LOGIN_SELECTORS = {
+	username: [
+		"input[name=\"email\"]",
+		"input[id=\"email\"]",
+		"input[type=\"email\"]",
+		"input[autocomplete=\"email\"]",
+		"input[autocomplete=\"username\"]",
+		"input[name=\"username\"]",
+		"input[id=\"username\"]",
+		"input[placeholder*=\"email\" i]",
+		"input[placeholder*=\"username\" i]",
+		"input[type=\"text\"]"
+	],
+	password: [
+		"input[name=\"password\"]",
+		"input[id=\"password\"]",
+		"input[type=\"password\"]",
+		"input[autocomplete=\"current-password\"]"
+	],
+	submit: [
+		"button[type=\"submit\"]",
+		"input[type=\"submit\"]",
+		"button:has-text(\"Log in\")",
+		"button:has-text(\"Login\")",
+		"button:has-text(\"Sign in\")",
+		"button:has-text(\"Continue\")"
+	]
+};
+const PASSWORD_SELECTOR = LOGIN_SELECTORS.password.join(", ");
+const WORKOUT_NAV_SELECTORS = [
+	"#client-workout_plan-view-button",
+	".select-client-action[data-action=\"workout_program\"]",
+	"[data-action=\"workout_program\"]"
+];
+const WORKOUT_NAV_QUERY_SELECTORS = [
+	"#client-workout_plan-view-button",
+	".select-client-action[data-action=\"workout_program\"]",
+	"[data-action=\"workout_program\"]",
+	"a.nav-link",
+	"button"
+];
+function normalizePath(pathname) {
+	if (pathname.startsWith("/")) return pathname;
+	return `/${pathname}`;
+}
+function normalizeToken(token) {
+	return token.trim().replace(/^"(.*)"$/, "$1").replace(/^'(.*)'$/, "$1").replace(/^bearer\s+/i, "");
+}
+function resolveStoredAuth() {
+	const auth = readAuthConfig();
+	if (!auth) return;
+	const login = auth.username ?? auth.email;
+	if (!login || !auth.password) throw new Error(`Invalid auth.json at ${AUTH_PATH}. Expected \"username\" or \"email\" and \"password\".`);
+	return {
+		login,
+		password: auth.password,
+		loginPath: auth.loginPath
+	};
+}
+async function isSelectorVisible(page, selector) {
+	try {
+		return await page.isVisible(selector);
+	} catch {
+		return false;
+	}
+}
+async function findVisibleSelector(page, selectors) {
+	for (const selector of selectors) if (await isSelectorVisible(page, selector)) return selector;
+}
+async function waitForAnyVisibleSelector(page, selectors, timeoutMs) {
+	const combined = selectors.join(", ");
+	try {
+		await page.waitForSelector(combined, {
+			state: "visible",
+			timeout: timeoutMs
+		});
+		return true;
+	} catch {
+		return false;
+	}
+}
+async function waitForAnySelectorMatch(page, selectors, timeoutMs) {
+	const started = Date.now();
+	while (Date.now() - started < timeoutMs) {
+		for (const selector of selectors) if (await page.$(selector)) return true;
+		await page.waitForTimeout(300);
+	}
+	return false;
+}
+async function waitForPasswordFieldGone(page, timeoutMs) {
+	const started = Date.now();
+	while (Date.now() - started < timeoutMs) {
+		if (!await isSelectorVisible(page, PASSWORD_SELECTOR)) return true;
+		await page.waitForTimeout(500);
+	}
+	return false;
+}
+async function attemptAutoLogin(page, auth, debug) {
+	if (!await waitForAnyVisibleSelector(page, LOGIN_SELECTORS.password, 5e3)) {
+		debugLog(debug, "Login form not detected; skipping auto-login.");
+		return false;
+	}
+	const usernameSelector = await findVisibleSelector(page, LOGIN_SELECTORS.username);
+	const passwordSelector = await findVisibleSelector(page, LOGIN_SELECTORS.password);
+	if (!passwordSelector) return false;
+	if (usernameSelector) await page.fill(usernameSelector, auth.login);
+	await page.fill(passwordSelector, auth.password);
+	const submitSelector = await findVisibleSelector(page, LOGIN_SELECTORS.submit);
+	if (submitSelector) await page.click(submitSelector);
+	else await page.press(passwordSelector, "Enter");
+	await page.waitForTimeout(1500);
+	debugLog(debug, "Submitted login form.");
+	return true;
+}
+async function waitForPlans(plans, timeoutMs) {
+	const started = Date.now();
+	while (Date.now() - started < timeoutMs) {
+		if (plans.length > 0) return true;
+		await new Promise((resolve) => setTimeout(resolve, 250));
+	}
+	return plans.length > 0;
+}
+async function clickWorkoutNav(page, debug) {
+	for (const selector of WORKOUT_NAV_SELECTORS) {
+		const locator = page.locator(selector).first();
+		if (await locator.count() === 0) continue;
+		try {
+			await locator.scrollIntoViewIfNeeded();
+		} catch {}
+		try {
+			await locator.click({
+				timeout: 2e3,
+				force: true
+			});
+			debugLog(debug, `Clicked workout nav selector: ${selector}`);
+			return true;
+		} catch {}
+	}
+	try {
+		return await page.evaluate((selectors) => {
+			const resolveCandidates = (sel) => Array.from(document.querySelectorAll(sel)).filter((node) => node instanceof HTMLElement);
+			const candidates = selectors.flatMap(resolveCandidates);
+			const byAction = candidates.find((node) => node.dataset.action === "workout_program");
+			const byText = candidates.find((node) => /workout/i.test(node.textContent ?? ""));
+			const target = byAction ?? byText;
+			if (!target) return false;
+			target.dispatchEvent(new MouseEvent("click", {
+				bubbles: true,
+				cancelable: true,
+				view: window
+			}));
+			target.click();
+			return true;
+		}, WORKOUT_NAV_QUERY_SELECTORS);
+	} catch {
+		return false;
+	}
+}
+async function triggerWorkoutCapture(page, webOrigin, plans, debug) {
+	if (plans.length > 0) return true;
+	if (!await waitForAnySelectorMatch(page, WORKOUT_NAV_SELECTORS, 12e3)) {
+		debugLog(debug, "Workout nav not detected.");
+		return false;
+	}
+	if (!await clickWorkoutNav(page, debug)) debugLog(debug, "Workout nav click failed.");
+	await page.waitForTimeout(1e3);
+	await waitForPlans(plans, 8e3);
+	debugLog(debug, `Workout capture plans=${plans.length}`);
+	return plans.length > 0;
+}
 async function captureWorkoutsFromBrowser(options, config) {
 	const webBaseUrl = resolveWebBaseUrl(options, config);
-	const headless = isFlagEnabled(options, "headless");
+	const headless = config.headless ?? true;
+	const debug = config.debug === true;
+	const storedAuth = resolveStoredAuth();
 	const browser = await (await import("playwright")).chromium.launch({ headless });
 	const context = await browser.newContext();
 	const plans = [];
@@ -411,7 +731,8 @@ async function captureWorkoutsFromBrowser(options, config) {
 	let observedToken;
 	const recordToken = (candidate) => {
 		if (!candidate || observedToken) return;
-		if (isLikelyAuthToken(candidate)) observedToken = candidate;
+		const normalized = normalizeToken(candidate);
+		if (isLikelyAuthToken(normalized)) observedToken = normalized;
 	};
 	const recordPlans = (incoming) => {
 		for (const plan of incoming) {
@@ -438,12 +759,25 @@ async function captureWorkoutsFromBrowser(options, config) {
 	try {
 		const page = await context.newPage();
 		const webOrigin = new URL(webBaseUrl).origin;
-		await page.goto(`${webOrigin}/dashboard`, { waitUntil: "domcontentloaded" });
-		await waitForEnter("Log in, open your workouts page, then press Enter to capture...");
+		const startPath = storedAuth?.loginPath ? normalizePath(storedAuth.loginPath) : "/dashboard";
+		await page.goto(new URL(startPath, webOrigin).toString(), { waitUntil: "domcontentloaded" });
+		debugLog(debug, `Opened ${startPath}`);
+		if (storedAuth) {
+			debugLog(debug, "auth.json detected; attempting auto-login.");
+			if (await attemptAutoLogin(page, storedAuth, debug)) await waitForPasswordFieldGone(page, 15e3);
+			if (!await triggerWorkoutCapture(page, webOrigin, plans, debug)) await waitForEnter("Log in, open your workouts page, then press Enter to capture...");
+		} else await waitForEnter("Log in, open your workouts page, then press Enter to capture...");
 		const cookies = await context.cookies(webOrigin);
 		cookieHeader = cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join("; ");
 		csrfCookie = cookies.find((cookie) => cookie.name === "csrf_kahunas_cookie_token")?.value;
 		csrfToken = csrfCookie ?? resolveCsrfToken(options, config);
+		if (!observedToken && csrfToken && cookieHeader) try {
+			const { token: fetchedToken } = await fetchAuthToken(csrfToken, cookieHeader, webBaseUrl);
+			recordToken(fetchedToken);
+			debugLog(debug, "Fetched auth token via /get-token.");
+		} catch (error) {
+			debugLog(debug, `Failed to fetch auth token via /get-token: ${error instanceof Error ? error.message : "unknown error"}`);
+		}
 		if (plans.length === 0) await page.waitForTimeout(1500);
 	} finally {
 		await browser.close();
@@ -459,13 +793,16 @@ async function captureWorkoutsFromBrowser(options, config) {
 }
 async function loginWithBrowser(options, config) {
 	const webBaseUrl = resolveWebBaseUrl(options, config);
-	const headless = isFlagEnabled(options, "headless");
+	const headless = config.headless ?? true;
+	const debug = config.debug === true;
+	const storedAuth = resolveStoredAuth();
 	const browser = await (await import("playwright")).chromium.launch({ headless });
 	const context = await browser.newContext();
 	let observedToken;
 	const recordToken = (candidate) => {
 		if (!candidate || observedToken) return;
-		if (isLikelyAuthToken(candidate)) observedToken = candidate;
+		const normalized = normalizeToken(candidate);
+		if (isLikelyAuthToken(normalized)) observedToken = normalized;
 	};
 	context.on("request", (request) => {
 		recordToken(request.headers()["auth-user-token"]);
@@ -473,8 +810,15 @@ async function loginWithBrowser(options, config) {
 	try {
 		const page = await context.newPage();
 		const webOrigin = new URL(webBaseUrl).origin;
-		await page.goto(`${webOrigin}/dashboard`, { waitUntil: "domcontentloaded" });
-		await waitForEnter("Finish logging in, then press Enter to continue...");
+		const startPath = storedAuth?.loginPath ? normalizePath(storedAuth.loginPath) : "/dashboard";
+		await page.goto(new URL(startPath, webOrigin).toString(), { waitUntil: "domcontentloaded" });
+		debugLog(debug, `Opened ${startPath}`);
+		if (storedAuth) {
+			debugLog(debug, "auth.json detected; attempting auto-login.");
+			if (await attemptAutoLogin(page, storedAuth, debug)) {
+				if (!await waitForPasswordFieldGone(page, 15e3)) await waitForEnter("Finish logging in, then press Enter to continue...");
+			}
+		} else await waitForEnter("Finish logging in, then press Enter to continue...");
 		if (!observedToken) {
 			await page.reload({ waitUntil: "domcontentloaded" });
 			await page.waitForTimeout(1500);
@@ -495,7 +839,7 @@ async function loginWithBrowser(options, config) {
 		const csrfToken = csrfCookie ?? resolveCsrfToken(options, config);
 		let raw;
 		if (!observedToken) {
-			if (!csrfToken) throw new Error("Missing CSRF token after login. Try again or provide --csrf.");
+			if (!csrfToken) throw new Error("Missing CSRF token after login. Try again or run 'kahunas workout sync'.");
 			if (!cookieHeader) throw new Error("Missing cookies after login. Try again.");
 			const { token: extractedToken, raw: fetchedRaw } = await fetchAuthToken(csrfToken, cookieHeader, webBaseUrl);
 			recordToken(extractedToken);
@@ -516,10 +860,14 @@ async function loginWithBrowser(options, config) {
 }
 async function loginAndPersist(options, config, outputMode) {
 	const result = await loginWithBrowser(options, config);
+	const tokenUpdatedAt = (/* @__PURE__ */ new Date()).toISOString();
+	const tokenExpiresAt = resolveTokenExpiry(result.token, tokenUpdatedAt) ?? null;
 	const nextConfig = {
 		...config,
 		token: result.token,
-		webBaseUrl: result.webBaseUrl
+		webBaseUrl: result.webBaseUrl,
+		tokenUpdatedAt,
+		tokenExpiresAt
 	};
 	if (result.csrfToken) nextConfig.csrfToken = result.csrfToken;
 	if (result.cookieHeader) nextConfig.authCookie = result.cookieHeader;
@@ -533,120 +881,7 @@ async function loginAndPersist(options, config, outputMode) {
 //#endregion
 //#region src/usage.ts
 function printUsage() {
-	console.log(`kahunas - CLI for Kahunas API\n\nUsage:\n  kahunas auth set <token> [--base-url URL] [--csrf CSRF] [--web-base-url URL] [--cookie COOKIE] [--csrf-cookie VALUE]\n  kahunas auth token [--csrf CSRF] [--cookie COOKIE] [--csrf-cookie VALUE] [--web-base-url URL] [--raw]\n  kahunas auth login [--web-base-url URL] [--headless] [--raw]\n  kahunas auth status [--token TOKEN] [--base-url URL] [--auto-login] [--headless]\n  kahunas auth show\n  kahunas checkins list [--page N] [--rpp N] [--token TOKEN] [--base-url URL] [--raw] [--no-auto-login] [--headless]\n  kahunas workout list [--page N] [--rpp N] [--token TOKEN] [--base-url URL] [--raw] [--no-auto-login] [--headless]\n  kahunas workout pick [--page N] [--rpp N] [--token TOKEN] [--base-url URL] [--raw] [--no-auto-login] [--headless]\n  kahunas workout latest [--token TOKEN] [--base-url URL] [--raw] [--no-auto-login] [--headless]\n  kahunas workout events [--user UUID] [--timezone TZ] [--program UUID] [--workout UUID] [--minimal] [--full] [--latest] [--limit N] [--debug-preview] [--raw] [--no-auto-login] [--headless]\n  kahunas workout serve [--host HOST] [--port N] [--timezone TZ] [--program UUID] [--workout UUID] [--limit N] [--cache-ttl MS] [--no-auto-login] [--headless]\n  kahunas workout sync [--headless]\n  kahunas workout program <id> [--csrf CSRF] [--token TOKEN] [--base-url URL] [--raw] [--no-auto-login] [--headless]\n\nEnv:\n  KAHUNAS_TOKEN=...\n  KAHUNAS_CSRF=...\n  KAHUNAS_CSRF_COOKIE=...\n  KAHUNAS_COOKIE=...\n  KAHUNAS_WEB_BASE_URL=...\n  KAHUNAS_USER_UUID=...\n\nConfig:\n  ${CONFIG_PATH}`);
-}
-
-//#endregion
-//#region src/commands/auth.ts
-async function handleAuth(positionals, options) {
-	const action = positionals[0];
-	if (!action || action === "help") {
-		printUsage();
-		return;
-	}
-	if (action === "set") {
-		const token = positionals[1] ?? options.token;
-		if (!token) throw new Error("Missing token for auth set.");
-		const config = readConfig();
-		const baseUrl = resolveBaseUrl(options, config);
-		const csrfToken = resolveCsrfToken(options, config);
-		const webBaseUrl = resolveWebBaseUrl(options, config);
-		const authCookie = resolveAuthCookie(options, config);
-		const csrfCookie = resolveCsrfCookie(options, config);
-		writeConfig({
-			...config,
-			token,
-			baseUrl,
-			csrfToken,
-			webBaseUrl,
-			authCookie,
-			csrfCookie
-		});
-		console.log(`Saved token to ${CONFIG_PATH}`);
-		return;
-	}
-	if (action === "token") {
-		const config = readConfig();
-		const csrfToken = resolveCsrfToken(options, config);
-		if (!csrfToken) throw new Error("Missing CSRF token. Provide --csrf or set KAHUNAS_CSRF.");
-		const webBaseUrl = resolveWebBaseUrl(options, config);
-		const authCookie = resolveAuthCookie(options, config);
-		const csrfCookie = resolveCsrfCookie(options, config);
-		const cookieHeader = authCookie ?? `csrf_kahunas_cookie_token=${csrfCookie ?? csrfToken}`;
-		const rawOutput = isFlagEnabled(options, "raw");
-		const { token: extractedToken, raw } = await fetchAuthToken(csrfToken, cookieHeader, webBaseUrl);
-		const token = extractedToken && isLikelyAuthToken(extractedToken) ? extractedToken : void 0;
-		if (rawOutput) {
-			console.log(raw);
-			return;
-		}
-		if (!token) {
-			console.log(raw);
-			return;
-		}
-		const nextConfig = {
-			...config,
-			token,
-			csrfToken,
-			webBaseUrl
-		};
-		if (authCookie) nextConfig.authCookie = authCookie;
-		if (csrfCookie) nextConfig.csrfCookie = csrfCookie;
-		writeConfig(nextConfig);
-		console.log(token);
-		return;
-	}
-	if (action === "login") {
-		await loginAndPersist(options, readConfig(), isFlagEnabled(options, "raw") ? "raw" : "token");
-		return;
-	}
-	if (action === "status") {
-		const config = readConfig();
-		const autoLogin = shouldAutoLogin(options, false);
-		let token = resolveToken(options, config);
-		if (!token) if (autoLogin) token = await loginAndPersist(options, config, "silent");
-		else throw new Error("Missing auth token. Set KAHUNAS_TOKEN or run 'kahunas auth login'.");
-		const baseUrl = resolveBaseUrl(options, config);
-		let response = await postJson("/api/v2/checkin/list", token, baseUrl, {
-			page: 1,
-			rpp: 1
-		});
-		if (autoLogin && isTokenExpiredResponse(response.json)) {
-			token = await loginAndPersist(options, config, "silent");
-			response = await postJson("/api/v2/checkin/list", token, baseUrl, {
-				page: 1,
-				rpp: 1
-			});
-		}
-		if (!response.ok) throw new Error(`HTTP ${response.status}: ${response.text}`);
-		if (response.json === void 0) {
-			console.log("unknown");
-			return;
-		}
-		console.log(isTokenExpiredResponse(response.json) ? "expired" : "valid");
-		return;
-	}
-	if (action === "show") {
-		const config = readConfig();
-		if (!config.token) throw new Error("No token saved. Use 'kahunas auth set <token>' or set KAHUNAS_TOKEN.");
-		console.log(config.token);
-		return;
-	}
-	throw new Error(`Unknown auth action: ${action}`);
-}
-
-//#endregion
-//#region src/output.ts
-function printResponse(response, rawOutput) {
-	if (rawOutput) {
-		console.log(response.text);
-		return;
-	}
-	if (response.json !== void 0) {
-		console.log(JSON.stringify(response.json, null, 2));
-		return;
-	}
-	console.log(response.text);
+	logPlain(`${formatHeading("kahunas - CLI for Kahunas API")}\n\nUsage:\n  kahunas checkins list [--raw]\n  kahunas workout list [--raw]\n  kahunas workout pick [--raw]\n  kahunas workout latest [--raw]\n  kahunas workout events [--minimal] [--full] [--debug-preview] [--raw]\n  kahunas workout serve\n  kahunas serve\n  kahunas workout sync\n  kahunas sync\n  kahunas workout program <id> [--raw]\n\n${formatDim("Config:")}\n  ${CONFIG_PATH}`);
 }
 
 //#endregion
@@ -659,19 +894,17 @@ async function handleCheckins(positionals, options) {
 	}
 	if (action !== "list") throw new Error(`Unknown checkins action: ${action}`);
 	const config = readConfig();
-	const autoLogin = shouldAutoLogin(options, true);
 	let token = resolveToken(options, config);
-	if (!token) if (autoLogin) token = await loginAndPersist(options, config, "silent");
-	else throw new Error("Missing auth token. Set KAHUNAS_TOKEN or run 'kahunas auth login'.");
+	if (!token) token = await loginAndPersist(options, config, "silent");
 	const baseUrl = resolveBaseUrl(options, config);
-	const page = parseNumber$1(options.page, 1);
-	const rpp = parseNumber$1(options.rpp, 12);
+	const page = 1;
+	const rpp = 12;
 	const rawOutput = isFlagEnabled(options, "raw");
 	let response = await postJson("/api/v2/checkin/list", token, baseUrl, {
 		page,
 		rpp
 	});
-	if (autoLogin && isTokenExpiredResponse(response.json)) {
+	if (isTokenExpiredResponse(response.json)) {
 		token = await loginAndPersist(options, config, "silent");
 		response = await postJson("/api/v2/checkin/list", token, baseUrl, {
 			page,
@@ -1822,16 +2055,15 @@ async function handleWorkout(positionals, options) {
 		return;
 	}
 	const config = readConfig();
-	const autoLogin = shouldAutoLogin(options, true);
+	const debug = config.debug === true;
+	const autoLogin = true;
 	let token = resolveToken(options, config);
 	const ensureToken = async () => {
-		if (!token) if (autoLogin) token = await loginAndPersist(options, config, "silent");
-		else throw new Error("Missing auth token. Set KAHUNAS_TOKEN or run 'kahunas auth login'.");
+		if (!token) token = await loginAndPersist(options, config, "silent");
 		return token;
 	};
 	let webLoginInFlight = null;
 	const ensureWebLogin = async () => {
-		if (!autoLogin) return;
 		if (!webLoginInFlight) webLoginInFlight = loginAndPersist(options, config, "silent").then(() => void 0).finally(() => {
 			webLoginInFlight = null;
 		});
@@ -1839,16 +2071,15 @@ async function handleWorkout(positionals, options) {
 	};
 	const baseUrl = resolveBaseUrl(options, config);
 	const rawOutput = isFlagEnabled(options, "raw");
-	const page = parseNumber$1(options.page, 1);
-	const rpp = parseNumber$1(options.rpp, 12);
-	const listRpp = action === "latest" && options.rpp === void 0 ? 100 : rpp;
+	const page = 1;
+	const listRpp = action === "latest" ? 100 : 12;
 	const fetchList = async () => {
 		await ensureToken();
 		const url = new URL("/api/v1/workoutprogram", baseUrl);
-		if (page) url.searchParams.set("page", String(page));
+		url.searchParams.set("page", String(page));
 		if (listRpp) url.searchParams.set("rpp", String(listRpp));
 		let response = await getWithAuth(url.pathname + url.search, token, baseUrl);
-		if (autoLogin && isTokenExpiredResponse(response.json)) {
+		if (isTokenExpiredResponse(response.json)) {
 			token = await loginAndPersist(options, config, "silent");
 			response = await getWithAuth(url.pathname + url.search, token, baseUrl);
 		}
@@ -1864,7 +2095,7 @@ async function handleWorkout(positionals, options) {
 	const fetchWorkoutEventsPayload = async () => {
 		const baseWebUrl = resolveWebBaseUrl(options, config);
 		const webOrigin = new URL(baseWebUrl).origin;
-		const timezone = options.timezone ?? process.env.TZ ?? Intl.DateTimeFormat().resolvedOptions().timeZone ?? "Europe/London";
+		const timezone = process.env.TZ ?? Intl.DateTimeFormat().resolvedOptions().timeZone ?? "Europe/London";
 		let userUuid = resolveUserUuid(options, config);
 		if (!userUuid) try {
 			await ensureToken();
@@ -1872,7 +2103,7 @@ async function handleWorkout(positionals, options) {
 				page: 1,
 				rpp: 1
 			});
-			if (autoLogin && isTokenExpiredResponse(checkinsResponse.json)) {
+			if (isTokenExpiredResponse(checkinsResponse.json)) {
 				token = await loginAndPersist(options, config, "silent");
 				checkinsResponse = await postJson("/api/v2/checkin/list", token, baseUrl, {
 					page: 1,
@@ -1890,7 +2121,7 @@ async function handleWorkout(positionals, options) {
 				}
 			}
 		} catch {}
-		if (!userUuid) throw new Error("Missing user uuid. Use --user or run 'kahunas checkins list' once.");
+		if (!userUuid) throw new Error("Missing user uuid. Run 'kahunas checkins list' or 'kahunas workout sync' once.");
 		if (userUuid !== config.userUuid) writeConfig({
 			...config,
 			userUuid
@@ -1909,13 +2140,13 @@ async function handleWorkout(positionals, options) {
 			effectiveCsrfToken = csrfCookie ?? csrfToken$1;
 			cookieHeader = authCookie ?? (effectiveCsrfToken ? `csrf_kahunas_cookie_token=${effectiveCsrfToken}` : void 0);
 		}
-		if (!effectiveCsrfToken) throw new Error("Missing CSRF token. Run 'kahunas auth login' and try again.");
-		if (!cookieHeader) throw new Error("Missing cookies. Run 'kahunas auth login' and try again.");
+		if (!effectiveCsrfToken) throw new Error("Missing CSRF token. Run 'kahunas workout sync' and try again.");
+		if (!cookieHeader) throw new Error("Missing cookies. Run 'kahunas workout sync' and try again.");
 		const url = new URL(`/coach/clients/calendar/getEvent/${userUuid}`, webOrigin);
 		url.searchParams.set("timezone", timezone);
 		const body = new URLSearchParams();
 		body.set("csrf_kahunas_token", effectiveCsrfToken);
-		body.set("filter", options.filter ?? "");
+		body.set("filter", "");
 		let response = await fetch(url.toString(), {
 			method: "POST",
 			headers: {
@@ -1930,7 +2161,7 @@ async function handleWorkout(positionals, options) {
 		});
 		let text = await response.text();
 		if (!response.ok) throw new Error(`HTTP ${response.status}: ${text}`);
-		if (autoLogin && isLikelyLoginHtml(text)) {
+		if (isLikelyLoginHtml(text)) {
 			await ensureWebLogin();
 			const refreshed = readConfig();
 			csrfToken$1 = resolveCsrfToken(options, refreshed);
@@ -1938,7 +2169,7 @@ async function handleWorkout(positionals, options) {
 			authCookie = resolveAuthCookie(options, refreshed);
 			effectiveCsrfToken = csrfCookie ?? csrfToken$1;
 			cookieHeader = authCookie ?? (effectiveCsrfToken ? `csrf_kahunas_cookie_token=${effectiveCsrfToken}` : void 0);
-			if (!effectiveCsrfToken || !cookieHeader) throw new Error("Login required. Run 'kahunas auth login' and try again.");
+			if (!effectiveCsrfToken || !cookieHeader) throw new Error("Login required. Run 'kahunas workout sync' and try again.");
 			const retry = await fetch(url.toString(), {
 				method: "POST",
 				headers: {
@@ -1970,7 +2201,7 @@ async function handleWorkout(positionals, options) {
 			listUrl.searchParams.set("page", "1");
 			listUrl.searchParams.set("rpp", "100");
 			let listResponse = await getWithAuth(listUrl.pathname + listUrl.search, token, baseUrl);
-			if (autoLogin && isTokenExpiredResponse(listResponse.json)) {
+			if (isTokenExpiredResponse(listResponse.json)) {
 				token = await loginAndPersist(options, config, "silent");
 				listResponse = await getWithAuth(listUrl.pathname + listUrl.search, token, baseUrl);
 			}
@@ -1990,7 +2221,7 @@ async function handleWorkout(positionals, options) {
 			try {
 				await ensureToken();
 				let responseProgram$1 = await fetchWorkoutProgram(token, baseUrl, programId$1, effectiveCsrfToken);
-				if (autoLogin && isTokenExpiredResponse(responseProgram$1.json)) {
+				if (isTokenExpiredResponse(responseProgram$1.json)) {
 					token = await loginAndPersist(options, config, "silent");
 					responseProgram$1 = await fetchWorkoutProgram(token, baseUrl, programId$1, effectiveCsrfToken);
 				}
@@ -2056,9 +2287,9 @@ async function handleWorkout(positionals, options) {
 		if (!response.ok) throw new Error(`HTTP ${response.status}: ${response.text}`);
 		if (plans.length === 0) throw new Error("No workout programs found.");
 		if (!rawOutput) {
-			console.log("Pick a workout program:");
+			logPlain(formatHeading("Pick a workout program:"));
 			plans.forEach((plan, index) => {
-				console.log(`${index + 1}) ${formatWorkoutSummary(plan)}`);
+				logPlain(`${index + 1}) ${formatWorkoutSummary(plan)}`);
 			});
 		}
 		const answer = await askQuestion(`Enter number (1-${plans.length}): `);
@@ -2068,7 +2299,7 @@ async function handleWorkout(positionals, options) {
 		if (!chosen.uuid) throw new Error("Selected workout is missing a uuid.");
 		const csrfToken$1 = resolveCsrfToken(options, config);
 		let responseProgram$1 = await fetchWorkoutProgram(await ensureToken(), baseUrl, chosen.uuid, csrfToken$1);
-		if (autoLogin && isTokenExpiredResponse(responseProgram$1.json)) {
+		if (isTokenExpiredResponse(responseProgram$1.json)) {
 			token = await loginAndPersist(options, config, "silent");
 			responseProgram$1 = await fetchWorkoutProgram(token, baseUrl, chosen.uuid, csrfToken$1);
 		}
@@ -2084,7 +2315,7 @@ async function handleWorkout(positionals, options) {
 		if (!chosen || !chosen.uuid) throw new Error("Latest workout is missing a uuid.");
 		const csrfToken$1 = resolveCsrfToken(options, config);
 		let responseProgram$1 = await fetchWorkoutProgram(await ensureToken(), baseUrl, chosen.uuid, csrfToken$1);
-		if (autoLogin && isTokenExpiredResponse(responseProgram$1.json)) {
+		if (isTokenExpiredResponse(responseProgram$1.json)) {
 			token = await loginAndPersist(options, config, "silent");
 			responseProgram$1 = await fetchWorkoutProgram(token, baseUrl, chosen.uuid, csrfToken$1);
 		}
@@ -2095,8 +2326,8 @@ async function handleWorkout(positionals, options) {
 	if (action === "events") {
 		const minimal = isFlagEnabled(options, "minimal");
 		const full = isFlagEnabled(options, "full");
-		const debugPreview = isFlagEnabled(options, "debug-preview");
-		const limit = isFlagEnabled(options, "latest") || isFlagEnabled(options, "last") ? 1 : parseNumber$1(options.limit, 0);
+		const debugPreview = isFlagEnabled(options, "debug-preview") || debug;
+		const limit = 1;
 		const { text, payload, timezone } = await fetchWorkoutEventsPayload();
 		if (rawOutput) {
 			console.log(text);
@@ -2106,7 +2337,7 @@ async function handleWorkout(positionals, options) {
 			console.log(text);
 			return;
 		}
-		const sorted = sortWorkoutEvents(filterWorkoutEvents(payload, options.program, options.workout));
+		const sorted = sortWorkoutEvents(filterWorkoutEvents(payload));
 		const limited = limit > 0 ? sorted.slice(-limit) : sorted;
 		if (minimal) {
 			console.log(JSON.stringify(limited, null, 2));
@@ -2121,7 +2352,7 @@ async function handleWorkout(positionals, options) {
 			const match = findWorkoutPreviewHtmlMatch(record) ?? (program ? findWorkoutPreviewHtmlMatch(program) : void 0);
 			const dayIndex = resolveWorkoutEventDayIndex(entry, program);
 			const source = match ? match.source : "not_found";
-			console.error(`debug-preview event=${eventId} program=${programUuid ?? "unknown"} day_index=${dayIndex ?? "none"} source=${source}`);
+			debugLog(true, `preview event=${eventId} program=${programUuid ?? "unknown"} day_index=${dayIndex ?? "none"} source=${source}`);
 		}
 		if (full) {
 			const enriched = enrichWorkoutEvents(limited, programDetails);
@@ -2130,27 +2361,27 @@ async function handleWorkout(positionals, options) {
 		}
 		const formatted = formatWorkoutEventsOutput(limited, programDetails, {
 			timezone,
-			program: options.program,
-			workout: options.workout
+			program: void 0,
+			workout: void 0
 		});
 		console.log(JSON.stringify(formatted, null, 2));
 		return;
 	}
 	if (action === "serve") {
-		const host = options.host ?? "127.0.0.1";
-		const port = parseNumber$1(options.port, 3e3);
-		const limit = parseNumber$1(options.limit, 1);
-		const cacheTtlMs = parseNumber$1(options["cache-ttl"], 3e4);
+		const host = "127.0.0.1";
+		const port = 3e3;
+		const limit = 1;
+		const cacheTtlMs = 3e4;
 		const loadSummary = async () => {
 			const { text, payload, timezone } = await fetchWorkoutEventsPayload();
 			if (!Array.isArray(payload)) throw new Error(`Unexpected calendar response: ${text.slice(0, 200)}`);
-			const sorted = sortWorkoutEvents(filterWorkoutEvents(payload, options.program, options.workout));
+			const sorted = sortWorkoutEvents(filterWorkoutEvents(payload));
 			const bounded = limit > 0 ? sorted.slice(-limit) : sorted;
 			const programDetails = await buildProgramDetails(sorted);
 			const formatted = formatWorkoutEventsOutput(bounded, programDetails, {
 				timezone,
-				program: options.program,
-				workout: options.workout
+				program: void 0,
+				workout: void 0
 			});
 			const summary = formatted.events[0];
 			const programUuid = summary?.program?.uuid ?? (bounded[0] && typeof bounded[0] === "object" ? bounded[0].program : void 0);
@@ -2221,15 +2452,47 @@ async function handleWorkout(positionals, options) {
 				res.end(error instanceof Error ? error.message : "Server error");
 			}
 		}).listen(port, host, () => {
-			console.log(`Local workout server running at http://${host}:${port}`);
-			console.log(`JSON endpoint at http://${host}:${port}/api/workout`);
+			const cache = readWorkoutCache();
+			const freshConfig = readConfig();
+			const lastSync = cache?.updatedAt ?? "none";
+			const tokenExpiry = freshConfig.tokenExpiresAt ?? "unknown";
+			const tokenUpdatedAt = freshConfig.tokenUpdatedAt ?? "unknown";
+			logInfo(`Local workout server running at http://${host}:${port}`);
+			logInfo(`JSON endpoint at http://${host}:${port}/api/workout`);
+			logInfo(`Config: ${CONFIG_PATH}`);
+			logInfo(`Last workout sync: ${lastSync}`);
+			logInfo(`Token expiry: ${tokenExpiry}`);
+			if (tokenExpiry === "unknown" && tokenUpdatedAt !== "unknown") logInfo(`Token updated at: ${tokenUpdatedAt}`);
 		});
 		return;
 	}
 	if (action === "sync") {
+		const authConfig = readAuthConfig();
+		const hasAuthConfig = !!authConfig && !!authConfig.password && (!!authConfig.email || !!authConfig.username);
+		const tokenUpdatedAt = config.tokenUpdatedAt ?? void 0;
+		const tokenExpiry = token && tokenUpdatedAt ? resolveTokenExpiry(token, tokenUpdatedAt) : null;
+		if (!(!!tokenExpiry && Date.now() < Date.parse(tokenExpiry)) && !hasAuthConfig) {
+			if (!process.stdin.isTTY) throw new Error("Missing auth credentials. Create ~/.config/kahunas/auth.json or run 'kahunas sync' in a terminal.");
+			const login = await askQuestion("Email or username: ", process.stderr);
+			if (!login) throw new Error("Missing email/username for login.");
+			const password = await askQuestion("Password: ", process.stderr);
+			if (!password) throw new Error("Missing password for login.");
+			const isEmail = login.includes("@");
+			writeAuthConfig({
+				email: isEmail ? login : void 0,
+				username: isEmail ? void 0 : login,
+				password
+			});
+			console.error(`Saved credentials to ${AUTH_PATH}`);
+		}
 		const captured = await captureWorkoutsFromBrowser(options, config);
 		const nextConfig = { ...config };
-		if (captured.token) nextConfig.token = captured.token;
+		if (captured.token) {
+			nextConfig.token = captured.token;
+			const tokenUpdatedAt$1 = (/* @__PURE__ */ new Date()).toISOString();
+			nextConfig.tokenUpdatedAt = tokenUpdatedAt$1;
+			nextConfig.tokenExpiresAt = resolveTokenExpiry(captured.token, tokenUpdatedAt$1) ?? null;
+		}
 		if (captured.csrfToken) nextConfig.csrfToken = captured.csrfToken;
 		if (captured.webBaseUrl) nextConfig.webBaseUrl = captured.webBaseUrl;
 		if (captured.cookieHeader) nextConfig.authCookie = captured.cookieHeader;
@@ -2244,6 +2507,9 @@ async function handleWorkout(positionals, options) {
 				path: WORKOUT_CACHE_PATH
 			}
 		}, null, 2));
+		if (process.stdin.isTTY) {
+			if ((await askQuestion("Start the preview server now? (y/N): ", process.stderr)).toLowerCase().startsWith("y")) await handleWorkout(["serve"], options);
+		}
 		return;
 	}
 	if (action !== "program") throw new Error(`Unknown workout action: ${action}`);
@@ -2252,7 +2518,7 @@ async function handleWorkout(positionals, options) {
 	const ensuredToken = await ensureToken();
 	const csrfToken = resolveCsrfToken(options, config);
 	let responseProgram = await fetchWorkoutProgram(ensuredToken, baseUrl, programId, csrfToken);
-	if (autoLogin && isTokenExpiredResponse(responseProgram.json)) {
+	if (isTokenExpiredResponse(responseProgram.json)) {
 		token = await loginAndPersist(options, config, "silent");
 		responseProgram = await fetchWorkoutProgram(token, baseUrl, programId, csrfToken);
 	}
@@ -2271,12 +2537,15 @@ async function main() {
 	const command = positionals[0];
 	const rest = positionals.slice(1);
 	switch (command) {
-		case "auth":
-			await handleAuth(rest, options);
-			return;
 		case "checkins":
 			await handleCheckins(rest, options);
 			return;
+		case "sync":
+			await handleWorkout(["sync", ...rest], options);
+			return;
+		case "serve":
+			await handleWorkout(["serve", ...rest], options);
+			return;
 		case "workout":
 			await handleWorkout(rest, options);
 			return;
@@ -2287,8 +2556,7 @@ async function main() {
 	}
 }
 main().catch((error) => {
-	const message = error instanceof Error ? error.message : String(error);
-	console.error(message);
+	logError(error instanceof Error ? error.message : String(error));
 	process.exit(1);
 });
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kahunas-cli",
-  "version": "1.0.6",
+  "version": "1.3.0",
   "description": "",
   "main": "dist/cli.js",
   "bin": {
@@ -19,6 +19,7 @@
     "ai-screenshot.png"
   ],
   "dependencies": {
+    "picocolors": "^1.1.1",
     "playwright": "^1.49.1"
   },
   "devDependencies": {