ledgit-cli 0.4.2 → 0.4.3

package/dist/index.js

@@ -48242,16 +48242,6 @@ async function getValidAccessToken(cwd = process.cwd()) {
     return null;
   }
 }
-function deleteAuth0Token(cwd = process.cwd()) {
-  const localPath = getLocalTokenPath(cwd);
-  const globalPath = getGlobalTokenPath();
-  if (fs10.existsSync(localPath)) {
-    fs10.unlinkSync(localPath);
-  }
-  if (fs10.existsSync(globalPath)) {
-    fs10.unlinkSync(globalPath);
-  }
-}
 
 // src/lib/env.ts
 async function loadConfig(cwd = process.cwd()) {
@@ -48287,7 +48277,10 @@ async function loadConfig(cwd = process.cwd()) {
     if (!companyId) {
       throw new Error("BOKIO_COMPANY_ID environment variable not set");
     }
-    const inboxProvider = process.env.INBOX_PROVIDER;
+    let inboxProvider = process.env.INBOX_PROVIDER;
+    if (!inboxProvider && process.env.LEDGIT_API_TOKEN) {
+      inboxProvider = "ledgit";
+    }
     const result = {
       provider: "bokio",
       bokio: { token, companyId }
@@ -48296,6 +48289,10 @@ async function loadConfig(cwd = process.cwd()) {
       result.inboxProvider = "ledgit";
       result.ledgit = {
         getAccessToken: async () => {
+          const apiToken = process.env.LEDGIT_API_TOKEN;
+          if (apiToken) {
+            return apiToken;
+          }
           const accessToken = await getValidAccessToken(cwd);
           if (!accessToken) {
             throw new Error("Ledgit authentication required for inbox. Run 'ledgit login' to authenticate.");
@@ -48310,6 +48307,10 @@ async function loadConfig(cwd = process.cwd()) {
     provider: "ledgit",
     ledgit: {
       getAccessToken: async () => {
+        const apiToken = process.env.LEDGIT_API_TOKEN;
+        if (apiToken) {
+          return apiToken;
+        }
         const token = await getValidAccessToken(cwd);
         if (!token) {
           throw new Error("Ledgit authentication required. Run 'ledgit login' to authenticate.");
@@ -56393,80 +56394,131 @@ async function loginCommand(options) {
 }
 
 // src/commands/token.ts
-async function tokenCommand(action = "show", options = {}) {
+var API_BASE_URL = process.env.LEDGIT_API_URL || "https://api.ledgit.se";
+async function tokenCommand(action = "list", options = {}) {
   const cwd = process.cwd();
+  const accessToken = await getValidAccessToken(cwd);
+  if (!accessToken) {
+    console.error(`
+  Not logged in. Run 'ledgit login' first.
+`);
+    process.exit(1);
+  }
   switch (action) {
-    case "show": {
-      const token = loadAuth0Token(cwd);
-      if (!token) {
-        console.log(`
-  No Ledgit authentication token found.`);
-        console.log(`  Run 'ledgit login' to authenticate.
+    case "list": {
+      const response = await fetch(`${API_BASE_URL}/api/tokens`, {
+        headers: {
+          Authorization: `Bearer ${accessToken}`
+        }
+      });
+      if (!response.ok) {
+        const error = await response.json().catch(() => ({}));
+        console.error(`
+  Failed to fetch tokens: ${error.error || response.statusText} (${response.status})
 `);
         process.exit(1);
       }
-      const expired = isTokenExpired2(token);
-      const expiresAt = new Date(token.expires_at);
-      console.log(`
-  Ledgit Token Info:`);
-      console.log(`    Status: ${expired ? "Expired" : "Valid"}`);
-      console.log(`    Expires: ${expiresAt.toISOString()}`);
-      console.log(`    Has Refresh Token: ${token.refresh_token ? "Yes" : "No"}`);
-      console.log("");
-      if (expired) {
-        console.log(`  Token is expired. Run 'ledgit token refresh' or 'ledgit login' to get a new token.
+      const result = await response.json();
+      const tokens = result.data;
+      if (tokens.length === 0) {
+        console.log(`
+  No API tokens found.`);
+        console.log(`  Create one with: ledgit token create
 `);
+        return;
       }
-      break;
-    }
-    case "export": {
-      const accessToken = await getValidAccessToken(cwd);
-      if (!accessToken) {
-        console.error("No valid token available. Run 'ledgit login' first.");
-        process.exit(1);
+      console.log(`
+  API Tokens:
+`);
+      for (const token of tokens) {
+        const lastUsed = token.lastUsedAt ? new Date(token.lastUsedAt).toLocaleDateString() : "Never";
+        console.log(`    ${token.name}`);
+        console.log(`      Token:     ${token.tokenPrefix}...`);
+        console.log(`      Scopes:    ${token.scopes.join(", ")}`);
+        console.log(`      Last used: ${lastUsed}`);
+        console.log("");
       }
-      process.stdout.write(accessToken);
       break;
     }
-    case "refresh": {
-      const token = loadAuth0Token(cwd);
-      if (!token) {
-        console.log(`
-  No Ledgit authentication token found.`);
-        console.log(`  Run 'ledgit login' to authenticate.
+    case "create": {
+      const name = await dist_default4({
+        message: "Token name:",
+        default: "GitHub Actions"
+      });
+      const scopes = ["read", "write"];
+      console.log(`
+  Creating API token...`);
+      const response = await fetch(`${API_BASE_URL}/api/tokens`, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({ name, scopes })
+      });
+      if (!response.ok) {
+        const error = await response.json().catch(() => ({}));
+        console.error(`
+  Failed to create token: ${error.error || response.statusText}
 `);
         process.exit(1);
       }
-      if (!token.refresh_token) {
-        console.log(`
-  No refresh token available.`);
-        console.log(`  Run 'ledgit login' to get a new token.
+      const result = await response.json();
+      console.log(`
+  ✓ API token created successfully!
 `);
-        process.exit(1);
-      }
-      console.log("  Refreshing token...");
-      const accessToken = await getValidAccessToken(cwd);
-      if (accessToken) {
-        console.log(`  Token refreshed successfully!
+      console.log("  Token (copy now - it won't be shown again):");
+      console.log(`
+    ${result.data.token}
 `);
-      } else {
-        console.error(`  Failed to refresh token. Run 'ledgit login' to re-authenticate.
+      console.log("  To use in GitHub Actions, add as a secret:");
+      console.log(`    gh secret set LEDGIT_API_TOKEN
 `);
-        process.exit(1);
-      }
       break;
     }
     case "revoke": {
-      const token = loadAuth0Token(cwd);
-      if (!token) {
+      const listResponse = await fetch(`${API_BASE_URL}/api/tokens`, {
+        headers: {
+          Authorization: `Bearer ${accessToken}`
+        }
+      });
+      if (!listResponse.ok) {
+        const error = await listResponse.json().catch(() => ({}));
+        console.error(`
+  Failed to fetch tokens: ${error.error || listResponse.statusText} (${listResponse.status})
+`);
+        process.exit(1);
+      }
+      const listResult = await listResponse.json();
+      const tokens = listResult.data;
+      if (tokens.length === 0) {
         console.log(`
-  No Ledgit authentication token found.
+  No API tokens to revoke.
 `);
         return;
       }
-      deleteAuth0Token(cwd);
+      const tokenId = await dist_default8({
+        message: "Select token to revoke:",
+        choices: tokens.map((t) => ({
+          value: t.id,
+          name: `${t.name} (${t.tokenPrefix}...)`
+        }))
+      });
+      const response = await fetch(`${API_BASE_URL}/api/tokens/${tokenId}`, {
+        method: "DELETE",
+        headers: {
+          Authorization: `Bearer ${accessToken}`
+        }
+      });
+      if (!response.ok) {
+        const error = await response.json().catch(() => ({}));
+        console.error(`
+  Failed to revoke token: ${error.error || response.statusText} (${response.status})
+`);
+        process.exit(1);
+      }
       console.log(`
-  Ledgit token has been revoked/deleted.
+  ✓ Token revoked.
 `);
       break;
     }
@@ -56474,10 +56526,9 @@ async function tokenCommand(action = "show", options = {}) {
       console.error(`Unknown action: ${action}`);
       console.log(`
 Usage:`);
-      console.log("  ledgit token show     - Display current token info");
-      console.log("  ledgit token export   - Export token for CI/CD");
-      console.log("  ledgit token refresh  - Refresh expired token");
-      console.log("  ledgit token revoke   - Revoke/delete stored token");
+      console.log("  ledgit token list     - List all API tokens");
+      console.log("  ledgit token create   - Create a new API token");
+      console.log("  ledgit token revoke   - Revoke an API token");
       process.exit(1);
   }
 }
@@ -56516,6 +56567,7 @@ jobs:
       - name: Sync inbox
         run: npx ledgit-cli sync-inbox
         env:
+          LEDGIT_API_TOKEN: \${{ secrets.LEDGIT_API_TOKEN }}
           BOKIO_TOKEN: \${{ secrets.BOKIO_TOKEN }}
           BOKIO_COMPANY_ID: \${{ secrets.BOKIO_COMPANY_ID }}
 
@@ -56591,40 +56643,6 @@ jobs:
             --verbose \\
             --output-format stream-json \\
             2>&1 | tee /tmp/claude-output.json
-
-      - name: Write job summary
-        if: always() && steps.check.outputs.has_new == 'true'
-        run: |
-          echo "## \uD83E\uDD16 Claude Bookkeeping Report" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # Show model from init
-          jq -r 'select(.type == "system" and .subtype == "init") | "**Model:** \\(.model // "claude")"' /tmp/claude-output.json >> $GITHUB_STEP_SUMMARY 2>/dev/null || true
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # Count tool uses
-          TOOL_COUNT=$(jq -s '[.[] | select(.type == "tool_use")] | length' /tmp/claude-output.json 2>/dev/null || echo "0")
-          echo "**Tool calls:** $TOOL_COUNT" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # List unique tools used
-          echo "### Tools Used" >> $GITHUB_STEP_SUMMARY
-          jq -r 'select(.type == "tool_use") | .name' /tmp/claude-output.json 2>/dev/null | sort | uniq -c | while read count name; do
-            echo "- $name ($count calls)" >> $GITHUB_STEP_SUMMARY
-          done
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # Final result
-          echo "### Result" >> $GITHUB_STEP_SUMMARY
-          jq -r 'select(.type == "result") | "**Status:** \\(.subtype // "completed")\\n**Duration:** \\((.duration_ms // 0) / 1000 | floor)s\\n**Turns:** \\(.num_turns // "N/A")\\n**Cost:** $\\(.total_cost_usd // 0 | tostring | .[0:6])"' /tmp/claude-output.json >> $GITHUB_STEP_SUMMARY 2>/dev/null || true
-
-      - name: Upload Claude execution log
-        if: always() && steps.check.outputs.has_new == 'true'
-        uses: actions/upload-artifact@v4
-        with:
-          name: claude-execution-log
-          path: /tmp/claude-output.json
-          retention-days: 7
 `;
 var CLAUDE_BOOKKEEPING_WORKFLOW = `name: Claude Bookkeeping
 on:
@@ -56719,40 +56737,6 @@ jobs:
             --verbose \\
             --output-format stream-json \\
             2>&1 | tee /tmp/claude-output.json
-
-      - name: Write job summary
-        if: always()
-        run: |
-          echo "## \uD83E\uDD16 Claude Response Report" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # Show model from init
-          jq -r 'select(.type == "system" and .subtype == "init") | "**Model:** \\(.model // "claude")"' /tmp/claude-output.json >> $GITHUB_STEP_SUMMARY 2>/dev/null || true
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # Count tool uses
-          TOOL_COUNT=$(jq -s '[.[] | select(.type == "tool_use")] | length' /tmp/claude-output.json 2>/dev/null || echo "0")
-          echo "**Tool calls:** $TOOL_COUNT" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # List unique tools used
-          echo "### Tools Used" >> $GITHUB_STEP_SUMMARY
-          jq -r 'select(.type == "tool_use") | .name' /tmp/claude-output.json 2>/dev/null | sort | uniq -c | while read count name; do
-            echo "- $name ($count calls)" >> $GITHUB_STEP_SUMMARY
-          done
-          echo "" >> $GITHUB_STEP_SUMMARY
-
-          # Final result
-          echo "### Result" >> $GITHUB_STEP_SUMMARY
-          jq -r 'select(.type == "result") | "**Status:** \\(.subtype // "completed")\\n**Duration:** \\((.duration_ms // 0) / 1000 | floor)s\\n**Turns:** \\(.num_turns // "N/A")\\n**Cost:** $\\(.total_cost_usd // 0 | tostring | .[0:6])"' /tmp/claude-output.json >> $GITHUB_STEP_SUMMARY 2>/dev/null || true
-
-      - name: Upload Claude execution log
-        if: always()
-        uses: actions/upload-artifact@v4
-        with:
-          name: claude-execution-log-pr-\${{ github.event.issue.number }}
-          path: /tmp/claude-output.json
-          retention-days: 7
 `;
 var SYNC_JOURNAL_WORKFLOW = `name: Sync Journal
 on:
@@ -56778,6 +56762,7 @@ jobs:
       - name: Sync to Bokio
         run: npx ledgit-cli sync-journal
         env:
+          LEDGIT_API_TOKEN: \${{ secrets.LEDGIT_API_TOKEN }}
           BOKIO_TOKEN: \${{ secrets.BOKIO_TOKEN }}
           BOKIO_COMPANY_ID: \${{ secrets.BOKIO_COMPANY_ID }}
 `;
@@ -57216,6 +57201,23 @@ async function authenticateClaude(options = {}) {
 
 // src/lib/github.ts
 var execAsync3 = promisify7(exec7);
+async function saveToEnv(cwd, key, value) {
+  const envPath = path15.join(cwd, ".env");
+  let content = "";
+  try {
+    content = await fs19.readFile(envPath, "utf-8");
+  } catch {
+  }
+  const regex2 = new RegExp(`^${key}=.*$`, "m");
+  if (regex2.test(content)) {
+    content = content.replace(regex2, `${key}=${value}`);
+  } else {
+    content = content.trimEnd() + `
+${key}=${value}
+`;
+  }
+  await fs19.writeFile(envPath, content);
+}
 async function checkGhInstalled() {
   try {
     await execAsync3("which gh");
@@ -57241,6 +57243,22 @@ async function checkGhWorkflowScope() {
     return false;
   }
 }
+async function checkRepoAccess() {
+  try {
+    await execAsync3("gh repo view --json name");
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function checkRepoSecretsAccess() {
+  try {
+    await execAsync3("gh api repos/{owner}/{repo}/actions/secrets/public-key");
+    return true;
+  } catch {
+    return false;
+  }
+}
 async function hasGitRemote(cwd) {
   try {
     const cmd = cwd ? `git -C "${cwd}" remote -v` : "git remote -v";
@@ -57350,6 +57368,7 @@ needed to manage GitHub Actions and secrets.
 To fix this, run:
   gh auth refresh -h github.com -s repo,workflow`);
   }
+  const hasSecretsAccess = await checkRepoSecretsAccess();
   let config3;
   try {
     config3 = await loadConfig(cwd);
@@ -57385,6 +57404,17 @@ Fortnox support requires OAuth token handling in CI, coming soon.`);
   }
   const secretName = authMethod === "api_key" ? "ANTHROPIC_API_KEY" : "CLAUDE_CODE_OAUTH_TOKEN";
   let claudeToken = options.claudeToken;
+  if (!claudeToken && authMethod === "oauth") {
+    claudeToken = process.env.CLAUDE_CODE_OAUTH_TOKEN;
+    if (claudeToken) {
+      console.log("  Using existing CLAUDE_CODE_OAUTH_TOKEN from .env");
+    }
+  } else if (!claudeToken && authMethod === "api_key") {
+    claudeToken = process.env.ANTHROPIC_API_KEY;
+    if (claudeToken) {
+      console.log("  Using existing ANTHROPIC_API_KEY from .env");
+    }
+  }
   if (!claudeToken) {
     if (authMethod === "api_key") {
       claudeToken = await dist_default6({
@@ -57406,6 +57436,8 @@ Starting Claude OAuth authentication...`);
         });
         spinner.succeed("Claude authentication successful!");
         claudeToken = result.token;
+        await saveToEnv(cwd, "CLAUDE_CODE_OAUTH_TOKEN", claudeToken);
+        console.log("  Saved token to .env");
       } catch (error) {
         spinner.fail("Claude authentication failed");
         throw error;
@@ -57415,21 +57447,52 @@ Starting Claude OAuth authentication...`);
   if (!claudeToken) {
     throw new Error("Token is required.");
   }
-  console.log(`
+  if (hasSecretsAccess) {
+    console.log(`
 Setting up GitHub secrets...`);
-  await setGhSecret(secretName, claudeToken);
-  console.log(`  Set ${secretName}`);
-  await setGhSecret("BOKIO_TOKEN", config3.bokio.token);
-  console.log("  Set BOKIO_TOKEN");
-  await setGhSecret("BOKIO_COMPANY_ID", config3.bokio.companyId);
-  console.log("  Set BOKIO_COMPANY_ID");
-  try {
-    await enableActionsPrPermission();
-    console.log("  Enabled Actions to create pull requests");
-  } catch {
-    console.error(`
+    await setGhSecret(secretName, claudeToken);
+    console.log(`  Set ${secretName}`);
+    await setGhSecret("BOKIO_TOKEN", config3.bokio.token);
+    console.log("  Set BOKIO_TOKEN");
+    await setGhSecret("BOKIO_COMPANY_ID", config3.bokio.companyId);
+    console.log("  Set BOKIO_COMPANY_ID");
+    if (options.ledgitApiToken) {
+      await setGhSecret("LEDGIT_API_TOKEN", options.ledgitApiToken);
+      console.log("  Set LEDGIT_API_TOKEN");
+    }
+    try {
+      await enableActionsPrPermission();
+      console.log("  Enabled Actions to create pull requests");
+    } catch {
+      console.error(`
 Warning: Could not enable PR creation for Actions.`);
-    console.error("You may need to enable this manually in Settings > Actions > General");
+      console.error("You may need to enable this manually in Settings > Actions > General");
+    }
+  } else {
+    console.log(`
+⚠️  Unable to set secrets via GitHub CLI.`);
+    console.log(`   This can happen if you don't have admin access to this repository.
+`);
+    console.log("   To fix gh access and retry, run:");
+    console.log(`     gh auth refresh -h github.com -s repo,workflow
+`);
+    console.log("   Or add these secrets manually in GitHub:");
+    console.log(`   Go to: Settings > Secrets and variables > Actions > New repository secret
+`);
+    console.log(`   ${secretName}:`);
+    console.log(`   ${claudeToken}
+`);
+    console.log("   BOKIO_TOKEN:");
+    console.log(`   ${config3.bokio.token}
+`);
+    console.log("   BOKIO_COMPANY_ID:");
+    console.log(`   ${config3.bokio.companyId}
+`);
+    if (options.ledgitApiToken) {
+      console.log("   LEDGIT_API_TOKEN:");
+      console.log(`   ${options.ledgitApiToken}
+`);
+    }
   }
   console.log(`
 Creating workflow files...`);
@@ -57468,6 +57531,7 @@ Workflows created:`);
 
 // src/commands/setup-github.ts
 var execAsync4 = promisify8(exec8);
+var API_BASE_URL2 = process.env.LEDGIT_API_URL || "https://api.ledgit.se";
 async function setupGithubCommand() {
   const cwd = process.cwd();
   console.log(`Setting up GitHub Actions for automated bookkeeping...
@@ -57482,7 +57546,73 @@ async function setupGithubCommand() {
     console.log(`  Using existing remote: ${repoUrl}
 `);
   }
-  await setupClaudeWorkflow({ cwd, autoCommit: false });
+  let ghUser = "unknown";
+  try {
+    const { stdout } = await execAsync4("gh api user -q .login");
+    ghUser = stdout.trim();
+  } catch {
+  }
+  const hasRepoAccess = await checkRepoAccess();
+  if (!hasRepoAccess) {
+    throw new UserError(`Cannot access repository.
+
+` + `You are logged in as '${ghUser}' but this account doesn't have access to the repository.
+
+` + `To fix this:
+` + `  1. Check your gh accounts: gh auth status
+` + `  2. Switch account: gh auth switch -u <username>`);
+  }
+  const hasSecretsAccess = await checkRepoSecretsAccess();
+  if (!hasSecretsAccess) {
+    throw new UserError(`Cannot access repository secrets.
+
+` + `You are logged in as '${ghUser}' but don't have admin/write access to manage secrets.
+
+` + `To fix this:
+` + `  1. Ensure you have admin access to this repository
+` + `  2. Or refresh auth: gh auth refresh -h github.com -s repo,workflow`);
+  }
+  console.log(`  Repository access verified (${ghUser})
+`);
+  let ledgitApiToken;
+  let config3;
+  try {
+    config3 = await loadConfig(cwd);
+  } catch {
+  }
+  const needsLedgitToken = config3?.provider === "ledgit" || config3?.inboxProvider === "ledgit";
+  if (needsLedgitToken) {
+    const accessToken = await getValidAccessToken(cwd);
+    if (accessToken) {
+      console.log("  Creating Ledgit API token...");
+      const response = await fetch(`${API_BASE_URL2}/api/tokens`, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${accessToken}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          name: "GitHub Actions",
+          scopes: ["read", "write"]
+        })
+      });
+      if (response.ok) {
+        const result = await response.json();
+        console.log(`  ✓ Ledgit API token created
+`);
+        ledgitApiToken = result.data.token;
+      } else {
+        console.log("  Could not create API token. You can create one later with:");
+        console.log(`    ledgit token create
+`);
+      }
+    } else {
+      console.log("  Not logged in - skipping Ledgit API token creation.");
+      console.log(`  Run 'ledgit login' then 'ledgit token create' to create one.
+`);
+    }
+  }
+  await setupClaudeWorkflow({ cwd, autoCommit: false, ledgitApiToken });
   try {
     await execAsync4("git add .github/workflows");
     const { stdout: status } = await execAsync4("git status --porcelain .github/workflows");
@@ -58352,6 +58482,13 @@ initialize({
   appName: "ledgit"
 });
 setVersion(pkg.version);
+
+class UserError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "UserError";
+  }
+}
 function withTelemetry(command, action) {
   return async (...args) => {
     const start = Date.now();
@@ -58375,6 +58512,13 @@ function withTelemetry(command, action) {
       if (error instanceof Error) {
         trackError("cli_command", error, { command });
       }
+      if (error instanceof UserError) {
+        console.error(`
+Error: ${error.message}
+`);
+        await shutdown();
+        process.exit(1);
+      }
       throw error;
     } finally {
       await shutdown();
@@ -58393,19 +58537,16 @@ program.command("generate-lines").description("Append journal lines to an existi
 program.command("list-tax-codes").description("List all available Swedish tax codes").action(withTelemetry("list-tax-codes", listTaxCodesCommand));
 program.command("discard <inbox-directory>").description("Remove an inbox item and mark for deletion from provider").action(withTelemetry("discard", discardCommand));
 program.command("login").description("Authenticate with Ledgit").option("-f, --force", "Overwrite existing token without prompting").action(withTelemetry("login", loginCommand));
-program.command("token [action]").description("Manage Ledgit authentication tokens for CI/CD").addHelpText("after", `
+program.command("token [action]").description("Manage API tokens (PATs) for CI/CD").addHelpText("after", `
 Actions:
-  show      Display current token info (default)
-  export    Export token for CI/CD (outputs to stdout)
-  refresh   Refresh expired token
-  revoke    Revoke/delete stored token
+  list      List all API tokens (default)
+  create    Create a new API token
+  revoke    Revoke an API token
 
 Examples:
   $ ledgit token
-  $ ledgit token show
-  $ ledgit token export
-  $ LEDGIT_TOKEN=$(ledgit token export)
-  $ ledgit token refresh
+  $ ledgit token list
+  $ ledgit token create
   $ ledgit token revoke
 `).action(withTelemetry("token", tokenCommand));
 program.command("update").description("Update AGENTS.md to the latest version").option("-f, --force", "Overwrite without prompting if modified").action(withTelemetry("update", updateCommand));
@@ -58442,3 +58583,6 @@ Examples:
 `).action(withTelemetry("traktamente:create", traktamenteCommand));
 traktamente.command("list").description("List available countries and traktamente rates").option("-y, --year <year>", "Year for rates (default: current year)").action(withTelemetry("traktamente:list", listCountriesCommand));
 program.parse();
+export {
+  UserError
+};

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "ledgit-cli",
-	"version": "0.4.2",
+	"version": "0.4.3",
 	"description": "CLI for ledgit bookkeeping repositories",
 	"repository": {
 		"type": "git",