npm - latchkey - Versions diffs - 0.2.0 → 1.0.1 - Mend

latchkey 0.2.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (118) hide show

package/README.md +98 -57
package/dist/integrations/SKILL.md +25 -19
package/dist/package.json +2 -2
package/dist/scripts/codegen/codeGenerator.d.ts +27 -0
package/dist/scripts/codegen/codeGenerator.d.ts.map +1 -0
package/dist/scripts/codegen/codeGenerator.js +220 -0
package/dist/scripts/codegen/codeGenerator.js.map +1 -0
package/dist/scripts/codegen/index.d.ts +27 -0
package/dist/scripts/codegen/index.d.ts.map +1 -0
package/dist/scripts/codegen/index.js +189 -0
package/dist/scripts/codegen/index.js.map +1 -0
package/dist/scripts/codegen/injectedScript.d.ts +6 -0
package/dist/scripts/codegen/injectedScript.d.ts.map +1 -0
package/dist/scripts/codegen/injectedScript.js +657 -0
package/dist/scripts/codegen/injectedScript.js.map +1 -0
package/dist/scripts/codegen/requestMetadataCollector.d.ts +15 -0
package/dist/scripts/codegen/requestMetadataCollector.d.ts.map +1 -0
package/dist/scripts/codegen/requestMetadataCollector.js +48 -0
package/dist/scripts/codegen/requestMetadataCollector.js.map +1 -0
package/dist/scripts/codegen/types.d.ts +77 -0
package/dist/scripts/codegen/types.d.ts.map +1 -0
package/dist/scripts/codegen/types.js +10 -0
package/dist/scripts/codegen/types.js.map +1 -0
package/dist/scripts/codegen.d.ts +24 -0
package/dist/scripts/codegen.d.ts.map +1 -0
package/dist/scripts/codegen.js +95 -0
package/dist/scripts/codegen.js.map +1 -0
package/dist/scripts/cryptFile.js +7 -2
package/dist/scripts/cryptFile.js.map +1 -1
package/dist/src/apiCredentialStore.d.ts +1 -0
package/dist/src/apiCredentialStore.d.ts.map +1 -1
package/dist/src/apiCredentialStore.js +12 -0
package/dist/src/apiCredentialStore.js.map +1 -1
package/dist/src/apiCredentials.d.ts +33 -0
package/dist/src/apiCredentials.d.ts.map +1 -1
package/dist/src/apiCredentials.js +36 -0
package/dist/src/apiCredentials.js.map +1 -1
package/dist/src/cli.js +3 -2
package/dist/src/cli.js.map +1 -1
package/dist/src/cliCommands.d.ts.map +1 -1
package/dist/src/cliCommands.js +158 -126
package/dist/src/cliCommands.js.map +1 -1
package/dist/src/config.d.ts +13 -0
package/dist/src/config.d.ts.map +1 -1
package/dist/src/config.js +56 -16
package/dist/src/config.js.map +1 -1
package/dist/src/encryptedStorage.d.ts +1 -2
package/dist/src/encryptedStorage.d.ts.map +1 -1
package/dist/src/encryptedStorage.js +18 -38
package/dist/src/encryptedStorage.js.map +1 -1
package/dist/src/index.d.ts +2 -2
package/dist/src/index.d.ts.map +1 -1
package/dist/src/index.js +3 -3
package/dist/src/index.js.map +1 -1
package/dist/src/keychain.d.ts +0 -4
package/dist/src/keychain.d.ts.map +1 -1
package/dist/src/keychain.js +0 -13
package/dist/src/keychain.js.map +1 -1
package/dist/src/oauthUtils.d.ts +1 -1
package/dist/src/oauthUtils.d.ts.map +1 -1
package/dist/src/playwrightUtils.d.ts +6 -0
package/dist/src/playwrightUtils.d.ts.map +1 -1
package/dist/src/playwrightUtils.js +12 -0
package/dist/src/playwrightUtils.js.map +1 -1
package/dist/src/registry.d.ts.map +1 -1
package/dist/src/registry.js +20 -4
package/dist/src/registry.js.map +1 -1
package/dist/src/services/base.d.ts +20 -18
package/dist/src/services/base.d.ts.map +1 -1
package/dist/src/services/base.js +37 -1
package/dist/src/services/base.js.map +1 -1
package/dist/src/services/discord.d.ts +2 -3
package/dist/src/services/discord.d.ts.map +1 -1
package/dist/src/services/discord.js +3 -22
package/dist/src/services/discord.js.map +1 -1
package/dist/src/services/dropbox.d.ts +2 -3
package/dist/src/services/dropbox.d.ts.map +1 -1
package/dist/src/services/dropbox.js +3 -22
package/dist/src/services/dropbox.js.map +1 -1
package/dist/src/services/github.d.ts +2 -3
package/dist/src/services/github.d.ts.map +1 -1
package/dist/src/services/github.js +3 -22
package/dist/src/services/github.js.map +1 -1
package/dist/src/services/google.d.ts +3 -4
package/dist/src/services/google.d.ts.map +1 -1
package/dist/src/services/google.js +21 -43
package/dist/src/services/google.js.map +1 -1
package/dist/src/services/index.d.ts +2 -2
package/dist/src/services/index.d.ts.map +1 -1
package/dist/src/services/index.js +2 -1
package/dist/src/services/index.js.map +1 -1
package/dist/src/services/linear.d.ts +2 -3
package/dist/src/services/linear.d.ts.map +1 -1
package/dist/src/services/linear.js +3 -23
package/dist/src/services/linear.js.map +1 -1
package/dist/src/services/mailchimp.d.ts +11 -0
package/dist/src/services/mailchimp.d.ts.map +1 -0
package/dist/src/services/mailchimp.js +16 -0
package/dist/src/services/mailchimp.js.map +1 -0
package/dist/src/services/notion.d.ts +2 -3
package/dist/src/services/notion.d.ts.map +1 -1
package/dist/src/services/notion.js +3 -22
package/dist/src/services/notion.js.map +1 -1
package/dist/src/services/slack.d.ts +1 -1
package/dist/src/services/slack.d.ts.map +1 -1
package/dist/src/services/slack.js +2 -5
package/dist/src/services/slack.js.map +1 -1
package/dist/tests/apiCredentials.test.js +59 -1
package/dist/tests/apiCredentials.test.js.map +1 -1
package/dist/tests/cli.test.js +270 -128
package/dist/tests/cli.test.js.map +1 -1
package/dist/tests/playwrightDownload.test.js +2 -2
package/dist/tests/playwrightDownload.test.js.map +1 -1
package/dist/tests/registry.test.js +14 -2
package/dist/tests/registry.test.js.map +1 -1
package/dist/tests/servicesAgainstRecordings.test.js +3 -0
package/dist/tests/servicesAgainstRecordings.test.js.map +1 -1
package/package.json +2 -2

package/dist/tests/cli.test.js CHANGED Viewed

@@ -1,10 +1,11 @@
 import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
-import { mkdtempSync, rmSync, existsSync, writeFileSync } from 'node:fs';
+import { mkdtempSync, rmSync, existsSync } from 'node:fs';
 import { join } from 'node:path';
 import { tmpdir } from 'node:os';
 import { execSync } from 'node:child_process';
 import { Command } from 'commander';
 import { extractUrlFromCurlArguments, registerCommands, } from '../src/cliCommands.js';
+import { BrowserFlowsNotSupportedError } from '../src/playwrightUtils.js';
 import { EncryptedStorage } from '../src/encryptedStorage.js';
 import { Config } from '../src/config.js';
 import { Registry } from '../src/registry.js';
@@ -122,7 +123,9 @@ describe('CLI commands with dependency injection', () => {
             encryptionKeyOverride: overrides.encryptionKeyOverride ?? TEST_ENCRYPTION_KEY,
             serviceName: overrides.serviceName ?? defaultConfig.serviceName,
             accountName: overrides.accountName ?? defaultConfig.accountName,
+            browserDisabled: overrides.browserDisabled ?? false,
             checkSensitiveFilePermissions: () => undefined,
+            checkSystemPrerequisites: () => undefined,
         };
     }
     function createMockDependencies(overrides = {}) {
@@ -184,67 +187,60 @@ describe('CLI commands with dependency injection', () => {
     afterEach(() => {
         rmSync(tempDir, { recursive: true, force: true });
     });
-    describe('services command', () => {
-        it('should list all services as space-separated names', async () => {
+    describe('services list command', () => {
+        it('should list all services as JSON', async () => {
             const deps = createMockDependencies();
-            await runCommand(['services'], deps);
+            await runCommand(['services', 'list'], deps);
             expect(logs).toHaveLength(1);
-            const services = (logs[0] ?? '').split(' ');
+            const services = JSON.parse(logs[0] ?? '');
             expect(services).toContain('slack');
         });
     });
-    describe('info command', () => {
-        it('should show info for a known service', async () => {
-            const deps = createMockDependencies();
-            await runCommand(['info', 'slack'], deps);
-            expect(logs).toHaveLength(1);
-            expect(logs[0]).toBe('Test info for Slack service.');
-        });
-        it('should return error for unknown service', async () => {
-            const deps = createMockDependencies();
-            await runCommand(['info', 'unknown-service'], deps);
-            expect(exitCode).toBe(1);
-            expect(errorLogs.some((log) => log.includes('Unknown service'))).toBe(true);
-        });
-    });
-    describe('status command', () => {
-        it('should return missing when no credentials are stored', async () => {
+    describe('services info command', () => {
+        it('should show login options, credentials status, and developer notes', async () => {
             const storePath = join(tempDir, 'credentials.json');
             writeSecureFile(storePath, '{}');
             const deps = createMockDependencies({
                 config: createMockConfig({ credentialStorePath: storePath }),
             });
-            await runCommand(['status', 'slack'], deps);
-            expect(logs).toContain('missing');
+            await runCommand(['services', 'info', 'slack'], deps);
+            expect(logs).toHaveLength(1);
+            const info = JSON.parse(logs[0] ?? '');
+            expect(info.authOptions).toEqual(['browser', 'set']);
+            expect(info.credentialStatus).toBe('missing');
+            expect(info.developerNotes).toBe('Test info for Slack service.');
         });
-        it('should return valid when credentials are valid', async () => {
+        it('should show auth set only for services without browser login', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            writeSecureFile(storePath, JSON.stringify({
-                slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
-            }));
+            writeSecureFile(storePath, '{}');
+            const noLoginService = {
+                name: 'nologin',
+                displayName: 'No Login Service',
+                baseApiUrls: ['https://nologin.example.com/api/'],
+                loginUrl: 'https://nologin.example.com',
+                info: 'A service without browser login support.',
+                credentialCheckCurlArguments: [],
+                checkApiCredentials: vi.fn().mockReturnValue(ApiCredentialStatus.Missing),
+            };
             const deps = createMockDependencies({
+                registry: new Registry([noLoginService]),
                 config: createMockConfig({ credentialStorePath: storePath }),
             });
-            await runCommand(['status', 'slack'], deps);
-            expect(logs).toContain('valid');
-        });
-        it('should return error for unknown service', async () => {
-            const deps = createMockDependencies();
-            await runCommand(['status', 'unknown-service'], deps);
-            expect(exitCode).toBe(1);
-            expect(errorLogs.some((log) => log.includes('Unknown service'))).toBe(true);
+            await runCommand(['services', 'info', 'nologin'], deps);
+            const info = JSON.parse(logs[0] ?? '');
+            expect(info.authOptions).toEqual(['set']);
         });
-        it('should return status for all services when no service name provided', async () => {
+        it('should not list browser in authOptions when LATCHKEY_DISABLE_BROWSER is in effect', async () => {
             const storePath = join(tempDir, 'credentials.json');
             writeSecureFile(storePath, '{}');
             const deps = createMockDependencies({
-                config: createMockConfig({ credentialStorePath: storePath }),
+                config: createMockConfig({ credentialStorePath: storePath, browserDisabled: true }),
             });
-            await runCommand(['status'], deps);
-            expect(logs).toHaveLength(1);
-            expect(logs[0]).toBe('slack: missing');
+            await runCommand(['services', 'info', 'slack'], deps);
+            const info = JSON.parse(logs[0] ?? '');
+            expect(info.authOptions).toEqual(['set']);
         });
-        it('should return status for all services with mixed statuses', async () => {
+        it('should show valid credentials status when credentials are valid', async () => {
             const storePath = join(tempDir, 'credentials.json');
             writeSecureFile(storePath, JSON.stringify({
                 slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
@@ -252,9 +248,15 @@ describe('CLI commands with dependency injection', () => {
             const deps = createMockDependencies({
                 config: createMockConfig({ credentialStorePath: storePath }),
             });
-            await runCommand(['status'], deps);
-            expect(logs).toHaveLength(1);
-            expect(logs[0]).toBe('slack: valid');
+            await runCommand(['services', 'info', 'slack'], deps);
+            const info = JSON.parse(logs[0] ?? '');
+            expect(info.credentialStatus).toBe('valid');
+        });
+        it('should return error for unknown service', async () => {
+            const deps = createMockDependencies();
+            await runCommand(['services', 'info', 'unknown-service'], deps);
+            expect(exitCode).toBe(1);
+            expect(errorLogs.some((log) => log.includes('Unknown service'))).toBe(true);
         });
     });
     describe('clear command', () => {
@@ -266,7 +268,7 @@ describe('CLI commands with dependency injection', () => {
             const deps = createMockDependencies({
                 config: createMockConfig({ credentialStorePath: storePath }),
             });
-            await runCommand(['clear', 'slack'], deps);
+            await runCommand(['auth', 'clear', 'slack'], deps);
             expect(logs.some((log) => log.includes('have been cleared'))).toBe(true);
             const storedData = JSON.parse(readSecureFile(storePath) ?? '{}');
             expect(storedData.slack).toBeUndefined();
@@ -277,7 +279,7 @@ describe('CLI commands with dependency injection', () => {
             const deps = createMockDependencies({
                 config: createMockConfig({ credentialStorePath: storePath }),
             });
-            await runCommand(['clear', 'slack'], deps);
+            await runCommand(['auth', 'clear', 'slack'], deps);
             expect(logs.some((log) => log.includes('No API credentials found'))).toBe(true);
         });
         it('should return error for unknown service', async () => {
@@ -285,13 +287,13 @@ describe('CLI commands with dependency injection', () => {
             const deps = createMockDependencies({
                 config: createMockConfig({ credentialStorePath: storePath }),
             });
-            await runCommand(['clear', 'unknown-service'], deps);
+            await runCommand(['auth', 'clear', 'unknown-service'], deps);
             expect(exitCode).toBe(1);
             expect(errorLogs.some((log) => log.includes('Unknown service'))).toBe(true);
         });
         it('should use default config paths', async () => {
             const deps = createMockDependencies();
-            await runCommand(['clear', 'slack'], deps);
+            await runCommand(['auth', 'clear', 'slack'], deps);
             // With default paths, should report no credentials found (not error about missing env var)
             expect(logs.some((log) => log.includes('No API credentials found'))).toBe(true);
         });
@@ -304,7 +306,7 @@ describe('CLI commands with dependency injection', () => {
             const deps = createMockDependencies({
                 config: createMockConfig({ credentialStorePath: storePath }),
             });
-            await runCommand(['clear', 'slack'], deps);
+            await runCommand(['auth', 'clear', 'slack'], deps);
             const storedData = JSON.parse(readSecureFile(storePath) ?? '{}');
             expect(storedData.slack).toBeUndefined();
             expect(storedData.discord).toBeDefined();
@@ -318,7 +320,7 @@ describe('CLI commands with dependency injection', () => {
             const deps = createMockDependencies({
                 config: createMockConfig({ credentialStorePath: storePath, browserStatePath }),
             });
-            await runCommand(['clear', '-y'], deps);
+            await runCommand(['auth', 'clear', '-y'], deps);
             expect(existsSync(storePath)).toBe(false);
             expect(existsSync(browserStatePath)).toBe(false);
             expect(logs.some((log) => log.includes('Deleted credentials store'))).toBe(true);
@@ -330,10 +332,107 @@ describe('CLI commands with dependency injection', () => {
             const deps = createMockDependencies({
                 config: createMockConfig({ credentialStorePath: storePath, browserStatePath }),
             });
-            await runCommand(['clear', '-y'], deps);
+            await runCommand(['auth', 'clear', '-y'], deps);
             expect(logs.some((log) => log.includes('No files to delete'))).toBe(true);
         });
     });
+    describe('auth list command', () => {
+        it('should list stored credentials with their status', async () => {
+            const storePath = join(tempDir, 'credentials.json');
+            writeSecureFile(storePath, JSON.stringify({
+                slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
+            }));
+            const deps = createMockDependencies({
+                config: createMockConfig({ credentialStorePath: storePath }),
+            });
+            await runCommand(['auth', 'list'], deps);
+            expect(logs).toHaveLength(1);
+            const entries = JSON.parse(logs[0] ?? '');
+            expect(entries.slack).toEqual({
+                credentialType: 'slack',
+                credentialStatus: 'valid',
+            });
+        });
+        it('should output empty object when no credentials are stored', async () => {
+            const storePath = join(tempDir, 'credentials.json');
+            writeSecureFile(storePath, '{}');
+            const deps = createMockDependencies({
+                config: createMockConfig({ credentialStorePath: storePath }),
+            });
+            await runCommand(['auth', 'list'], deps);
+            expect(logs).toHaveLength(1);
+            const entries = JSON.parse(logs[0] ?? '');
+            expect(Object.keys(entries)).toHaveLength(0);
+        });
+        it('should treat unknown services as valid', async () => {
+            const storePath = join(tempDir, 'credentials.json');
+            writeSecureFile(storePath, JSON.stringify({
+                unknown: { objectType: 'rawCurl', curlArguments: ['-H', 'X-Token: secret'] },
+            }));
+            const deps = createMockDependencies({
+                config: createMockConfig({ credentialStorePath: storePath }),
+            });
+            await runCommand(['auth', 'list'], deps);
+            expect(logs).toHaveLength(1);
+            const entries = JSON.parse(logs[0] ?? '');
+            expect(entries.unknown).toEqual({
+                credentialType: 'rawCurl',
+                credentialStatus: 'valid',
+            });
+        });
+    });
+    describe('auth set command', () => {
+        it('should store raw curl credentials', async () => {
+            const storePath = join(tempDir, 'credentials.json');
+            writeSecureFile(storePath, '{}');
+            const deps = createMockDependencies({
+                config: createMockConfig({ credentialStorePath: storePath }),
+            });
+            await runCommand(['auth', 'set', 'slack', '-H', 'X-Token: secret', '-H', 'X-Other: value'], deps);
+            expect(logs).toContain('Credentials stored.');
+            const storedData = JSON.parse(readSecureFile(storePath) ?? '{}');
+            expect(storedData.slack).toEqual({
+                objectType: 'rawCurl',
+                curlArguments: ['-H', 'X-Token: secret', '-H', 'X-Other: value'],
+            });
+        });
+        it('should return error for empty curl arguments', async () => {
+            const deps = createMockDependencies();
+            await runCommand(['auth', 'set', 'slack'], deps);
+            expect(exitCode).toBe(1);
+            expect(errorLogs.some((log) => log.includes("don't look like valid curl options"))).toBe(true);
+            expect(errorLogs.some((log) => log.includes('Authorization: Bearer'))).toBe(true);
+        });
+        it('should return error when arguments lack curl switches', async () => {
+            const deps = createMockDependencies();
+            await runCommand(['auth', 'set', 'slack', 'my-raw-token-value'], deps);
+            expect(exitCode).toBe(1);
+            expect(errorLogs.some((log) => log.includes("don't look like valid curl options"))).toBe(true);
+            expect(errorLogs.some((log) => log.includes('Authorization: Bearer'))).toBe(true);
+        });
+        it('should return error for unknown service', async () => {
+            const deps = createMockDependencies();
+            await runCommand(['auth', 'set', 'unknown-service', '-H', 'X-Token: secret'], deps);
+            expect(exitCode).toBe(1);
+            expect(errorLogs.some((log) => log.includes('Unknown service'))).toBe(true);
+        });
+        it('should overwrite existing credentials', async () => {
+            const storePath = join(tempDir, 'credentials.json');
+            writeSecureFile(storePath, JSON.stringify({
+                slack: { objectType: 'slack', token: 'old-token', dCookie: 'old-cookie' },
+            }));
+            const deps = createMockDependencies({
+                config: createMockConfig({ credentialStorePath: storePath }),
+            });
+            await runCommand(['auth', 'set', 'slack', '-H', 'X-Token: new-secret'], deps);
+            expect(logs).toContain('Credentials stored.');
+            const storedData = JSON.parse(readSecureFile(storePath) ?? '{}');
+            expect(storedData.slack).toEqual({
+                objectType: 'rawCurl',
+                curlArguments: ['-H', 'X-Token: new-secret'],
+            });
+        });
+    });
     describe('curl command', () => {
         it('should pass arguments to subprocess', async () => {
             const storePath = join(tempDir, 'credentials.json');
@@ -353,6 +452,18 @@ describe('CLI commands with dependency injection', () => {
             ]);
             expect(exitCode).toBe(0);
         });
+        it('should pass raw curl credentials to subprocess', async () => {
+            const storePath = join(tempDir, 'credentials.json');
+            writeSecureFile(storePath, JSON.stringify({
+                slack: { objectType: 'rawCurl', curlArguments: ['-H', 'X-Custom: header'] },
+            }));
+            const deps = createMockDependencies({
+                config: createMockConfig({ credentialStorePath: storePath }),
+            });
+            await runCommand(['curl', 'https://slack.com/api/test'], deps);
+            expect(capturedArgs).toEqual(['-H', 'X-Custom: header', 'https://slack.com/api/test']);
+            expect(exitCode).toBe(0);
+        });
         it('should pass multiple arguments correctly', async () => {
             const storePath = join(tempDir, 'credentials.json');
             writeSecureFile(storePath, JSON.stringify({
@@ -438,42 +549,62 @@ describe('CLI commands with dependency injection', () => {
             expect(mockLogin).not.toHaveBeenCalled();
             expect(capturedArgs).toContain('Authorization: Bearer stored-token');
         });
-        it('should call login when no credentials in store', async () => {
+        it('should return error when no credentials in store', async () => {
             const storePath = join(tempDir, 'credentials.json');
-            const browserStatePath = join(tempDir, 'browser_state.json');
-            const configPath = join(tempDir, 'config.json');
-            const fakeBrowserPath = join(tempDir, 'fake-browser');
             writeSecureFile(storePath, '{}');
-            // Create a fake browser executable so loadBrowserConfig validation passes
-            writeFileSync(fakeBrowserPath, '#!/bin/sh\necho fake', { mode: 0o755 });
-            // Create a config file so the command doesn't fail
-            writeFileSync(configPath, JSON.stringify({
-                browser: {
-                    executablePath: fakeBrowserPath,
-                    source: 'system',
-                    discoveredAt: new Date().toISOString(),
-                },
-            }), { mode: 0o600 });
-            const mockLogin = vi
-                .fn()
-                .mockResolvedValue(new SlackApiCredentials('new-token', 'new-cookie'));
-            const mockSlackService = {
-                name: 'slack',
-                displayName: 'Slack',
-                baseApiUrls: ['https://slack.com/api/'],
-                loginUrl: 'https://slack.com/signin',
-                info: 'Test info for Slack service.',
+            const deps = createMockDependencies({
+                config: createMockConfig({ credentialStorePath: storePath }),
+            });
+            await runCommand(['curl', 'https://slack.com/api/test'], deps);
+            expect(exitCode).toBe(1);
+            expect(errorLogs.some((log) => log.includes('No credentials found for slack'))).toBe(true);
+            expect(errorLogs.some((log) => log.includes('auth browser'))).toBe(true);
+            expect(errorLogs.some((log) => log.includes('auth set'))).toBe(true);
+        });
+        it('should work when service does not have getSession but credentials exist', async () => {
+            const storePath = join(tempDir, 'credentials.json');
+            writeSecureFile(storePath, JSON.stringify({
+                nologin: { objectType: 'rawCurl', curlArguments: ['-H', 'X-API-Key: secret'] },
+            }));
+            const noLoginService = {
+                name: 'nologin',
+                displayName: 'No Login Service',
+                baseApiUrls: ['https://nologin.example.com/api/'],
+                loginUrl: 'https://nologin.example.com',
+                info: 'A service without browser login support.',
+                credentialCheckCurlArguments: [],
+                checkApiCredentials: vi.fn().mockReturnValue(ApiCredentialStatus.Valid),
+                // No getSession - service doesn't support browser login
+            };
+            const deps = createMockDependencies({
+                registry: new Registry([noLoginService]),
+                config: createMockConfig({ credentialStorePath: storePath }),
+            });
+            await runCommand(['curl', 'https://nologin.example.com/api/test'], deps);
+            expect(exitCode).toBe(0);
+            expect(capturedArgs).toContain('-H');
+            expect(capturedArgs).toContain('X-API-Key: secret');
+        });
+    });
+    describe('auth browser command', () => {
+        it('should return error when service does not support browser login', async () => {
+            const noLoginService = {
+                name: 'nologin',
+                displayName: 'No Login Service',
+                baseApiUrls: ['https://nologin.example.com/api/'],
+                loginUrl: 'https://nologin.example.com',
+                info: 'A service without browser login support.',
                 credentialCheckCurlArguments: [],
                 checkApiCredentials: vi.fn(),
-                getSession: vi.fn().mockReturnValue({ login: mockLogin }),
+                // No getSession - service doesn't support browser login
             };
             const deps = createMockDependencies({
-                registry: new Registry([mockSlackService]),
-                config: createMockConfig({ credentialStorePath: storePath, browserStatePath, configPath }),
+                registry: new Registry([noLoginService]),
             });
-            await runCommand(['curl', 'https://slack.com/api/test'], deps);
-            expect(mockLogin).toHaveBeenCalledWith(expect.any(EncryptedStorage), expect.any(Object), undefined);
-            expect(capturedArgs).toContain('Authorization: Bearer new-token');
+            await runCommand(['auth', 'browser', 'nologin'], deps);
+            expect(exitCode).toBe(1);
+            const expectedMessage = new BrowserFlowsNotSupportedError('nologin').message;
+            expect(errorLogs.some((log) => log.includes(expectedMessage))).toBe(true);
         });
     });
 });
@@ -508,38 +639,23 @@ describe.skipIf(!cliPath)('CLI integration tests (subprocess)', () => {
             expect(result.stderr).toContain('No service matches URL');
             expect(result.stderr).toContain('https://unknown-api.example.com');
         });
-    });
-    describe('status command', () => {
-        it('should return missing when no credentials are stored', () => {
+        it('should return error when no credentials exist', () => {
             writeSecureFile(testEnv.LATCHKEY_STORE, '{}');
-            const result = runCli(['status', 'slack'], testEnv);
-            expect(result.exitCode).toBe(0);
-            expect(result.stdout.trim()).toBe('missing');
-        });
-        it('should return error for unknown service', () => {
-            const result = runCli(['status', 'unknown-service'], testEnv);
+            const result = runCli(['curl', 'https://slack.com/api/test'], testEnv);
             expect(result.exitCode).toBe(1);
-            expect(result.stderr).toContain('Unknown service');
-        });
-        it('should return status for all services when no service name provided', () => {
-            writeSecureFile(testEnv.LATCHKEY_STORE, '{}');
-            const result = runCli(['status'], testEnv);
-            expect(result.exitCode).toBe(0);
-            const lines = result.stdout.trim().split('\n');
-            expect(lines.length).toBeGreaterThan(0);
-            expect(lines.some((line) => line.includes('slack: missing'))).toBe(true);
-            expect(lines.some((line) => line.includes('discord: missing'))).toBe(true);
-            expect(lines.some((line) => line.includes('github: missing'))).toBe(true);
+            expect(result.stderr).toContain('No credentials found for slack');
+            expect(result.stderr).toContain('auth browser');
+            expect(result.stderr).toContain('auth set');
         });
-        it('should return status for all services with mixed statuses', () => {
-            writeSecureFile(testEnv.LATCHKEY_STORE, JSON.stringify({
-                slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
-            }));
-            const result = runCli(['status'], testEnv);
-            expect(result.exitCode).toBe(0);
-            const lines = result.stdout.trim().split('\n');
-            expect(lines.some((line) => line.includes('slack: invalid'))).toBe(true);
-            expect(lines.some((line) => line.includes('discord: missing'))).toBe(true);
+    });
+    describe('auth browser command', () => {
+        it('should return error when browser is disabled via LATCHKEY_DISABLE_BROWSER', () => {
+            const result = runCli(['auth', 'browser', 'slack'], {
+                ...testEnv,
+                LATCHKEY_DISABLE_BROWSER: '1',
+            });
+            expect(result.exitCode).toBe(1);
+            expect(result.stderr).toContain('Browser is disabled');
         });
     });
     describe('clear command', () => {
@@ -547,7 +663,7 @@ describe.skipIf(!cliPath)('CLI integration tests (subprocess)', () => {
             writeSecureFile(testEnv.LATCHKEY_STORE, JSON.stringify({
                 slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
             }));
-            const result = runCli(['clear', 'slack'], testEnv);
+            const result = runCli(['auth', 'clear', 'slack'], testEnv);
             expect(result.exitCode).toBe(0);
             expect(result.stdout).toContain('API credentials for slack have been cleared');
             const storedData = JSON.parse(readSecureFile(testEnv.LATCHKEY_STORE) ?? '{}');
@@ -555,12 +671,12 @@ describe.skipIf(!cliPath)('CLI integration tests (subprocess)', () => {
         });
         it('should report no credentials found when service has no stored credentials', () => {
             writeSecureFile(testEnv.LATCHKEY_STORE, '{}');
-            const result = runCli(['clear', 'slack'], testEnv);
+            const result = runCli(['auth', 'clear', 'slack'], testEnv);
             expect(result.exitCode).toBe(0);
             expect(result.stdout).toContain('No API credentials found for slack');
         });
         it('should return error for unknown service', () => {
-            const result = runCli(['clear', 'unknown-service'], testEnv);
+            const result = runCli(['auth', 'clear', 'unknown-service'], testEnv);
             expect(result.exitCode).toBe(1);
             expect(result.stderr).toContain('Unknown service: unknown-service');
         });
@@ -569,7 +685,7 @@ describe.skipIf(!cliPath)('CLI integration tests (subprocess)', () => {
                 slack: { objectType: 'slack', token: 'slack-token', dCookie: 'slack-cookie' },
                 discord: { objectType: 'authorizationBare', token: 'discord-token' },
             }));
-            const result = runCli(['clear', 'slack'], testEnv);
+            const result = runCli(['auth', 'clear', 'slack'], testEnv);
             expect(result.exitCode).toBe(0);
             const storedData = JSON.parse(readSecureFile(testEnv.LATCHKEY_STORE) ?? '{}');
             expect(storedData.slack).toBeUndefined();
@@ -579,7 +695,7 @@ describe.skipIf(!cliPath)('CLI integration tests (subprocess)', () => {
         it('should delete both store and browser state with -y flag', () => {
             writeSecureFile(testEnv.LATCHKEY_STORE, JSON.stringify({ slack: { objectType: 'slack', token: 'test', dCookie: 'test' } }));
             writeSecureFile(testEnv.LATCHKEY_BROWSER_STATE, '{}');
-            const result = runCli(['clear', '-y'], testEnv);
+            const result = runCli(['auth', 'clear', '-y'], testEnv);
             expect(result.exitCode).toBe(0);
             expect(existsSync(testEnv.LATCHKEY_STORE)).toBe(false);
             expect(existsSync(testEnv.LATCHKEY_BROWSER_STATE)).toBe(false);
@@ -589,23 +705,43 @@ describe.skipIf(!cliPath)('CLI integration tests (subprocess)', () => {
         it('should delete only existing files with -y flag', () => {
             writeSecureFile(testEnv.LATCHKEY_STORE, '{}');
             // browser_state does not exist
-            const result = runCli(['clear', '-y'], testEnv);
+            const result = runCli(['auth', 'clear', '-y'], testEnv);
             expect(result.exitCode).toBe(0);
             expect(existsSync(testEnv.LATCHKEY_STORE)).toBe(false);
             expect(result.stdout).toContain(`Deleted credentials store: ${testEnv.LATCHKEY_STORE}`);
             expect(result.stdout).not.toContain('browser state');
         });
         it('should report no files to delete when none exist', () => {
-            const result = runCli(['clear', '-y'], testEnv);
+            const result = runCli(['auth', 'clear', '-y'], testEnv);
             expect(result.exitCode).toBe(0);
             expect(result.stdout).toContain('No files to delete');
         });
     });
-    describe('services command', () => {
-        it('should list all services as space-separated names', () => {
-            const result = runCli(['services'], testEnv);
+    describe('auth list command', () => {
+        it('should list stored credentials as beautified JSON', () => {
+            writeSecureFile(testEnv.LATCHKEY_STORE, JSON.stringify({
+                slack: { objectType: 'slack', token: 'test-token', dCookie: 'test-cookie' },
+            }));
+            const result = runCli(['auth', 'list'], testEnv);
+            expect(result.exitCode).toBe(0);
+            const entries = JSON.parse(result.stdout);
+            expect(entries.slack).toBeDefined();
+            expect(entries.slack?.credentialType).toBe('slack');
+            expect(entries.slack?.credentialStatus).toEqual(expect.any(String));
+        });
+        it('should output empty object when no credentials are stored', () => {
+            writeSecureFile(testEnv.LATCHKEY_STORE, '{}');
+            const result = runCli(['auth', 'list'], testEnv);
+            expect(result.exitCode).toBe(0);
+            const entries = JSON.parse(result.stdout);
+            expect(Object.keys(entries)).toHaveLength(0);
+        });
+    });
+    describe('services list command', () => {
+        it('should list all services as JSON', () => {
+            const result = runCli(['services', 'list'], testEnv);
             expect(result.exitCode).toBe(0);
-            const services = result.stdout.trim().split(' ');
+            const services = JSON.parse(result.stdout.trim());
             expect(services).toContain('slack');
             expect(services).toContain('discord');
             expect(services).toContain('github');
@@ -613,19 +749,25 @@ describe.skipIf(!cliPath)('CLI integration tests (subprocess)', () => {
             expect(services).toContain('linear');
         });
     });
-    describe('info command', () => {
-        it('should show info for a known service', () => {
-            const result = runCli(['info', 'slack'], testEnv);
+    describe('services info command', () => {
+        it('should show login options, credentials status, and developer notes as JSON', () => {
+            writeSecureFile(testEnv.LATCHKEY_STORE, '{}');
+            const result = runCli(['services', 'info', 'slack'], testEnv);
             expect(result.exitCode).toBe(0);
-            expect(result.stdout).toContain('Slack Web API');
+            const info = JSON.parse(result.stdout);
+            expect(info.authOptions).toEqual(['browser', 'set']);
+            expect(info.credentialStatus).toBe('missing');
+            expect(info.developerNotes).toEqual(expect.any(String));
         });
-        it('should show info for google service mentioning prepare', () => {
-            const result = runCli(['info', 'google'], testEnv);
+        it('should show auth set only for services without browser login', () => {
+            writeSecureFile(testEnv.LATCHKEY_STORE, '{}');
+            const result = runCli(['services', 'info', 'mailchimp'], testEnv);
             expect(result.exitCode).toBe(0);
-            expect(result.stdout).toContain('prepare');
+            const info = JSON.parse(result.stdout);
+            expect(info.authOptions).toEqual(['set']);
         });
         it('should return error for unknown service', () => {
-            const result = runCli(['info', 'unknown-service'], testEnv);
+            const result = runCli(['services', 'info', 'unknown-service'], testEnv);
             expect(result.exitCode).toBe(1);
             expect(result.stderr).toContain('Unknown service');
         });