mod8-cli 0.2.0

package/CHANGELOG.md

@@ -0,0 +1,87 @@
+# Changelog
+
+All notable changes to mod8 are documented here.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.2.0] — 2026-05-10
+
+The proxy bridge. Optional — local providers.json still works exactly as it
+did in 0.1.0.
+
+### Added
+
+- `mod8 login` — connect this CLI to your mod8 account. Opens the browser
+  to https://mod8.ai/cli-login, prompts for the `sk-mod8-…` key you copy
+  from there, pings the proxy to confirm, and saves
+  `~/.config/mod8/auth.json` at mode 0600.
+- `mod8 logout` — drop those credentials, fall back to local providers.json.
+- `-d, --deepseek` flag for one-shot prompts.
+- Startup banner on the chat REPL: "Logged in as <email> — proxy mode" or
+  "Local mode — using providers.json".
+- `dev:auth-status` — print the resolved routing decision (auth.json
+  loaded, mode, which provider ids would proxy). Used by the new
+  `login-logout.yaml` behavioral spec.
+
+### Changed
+
+- When `auth.json` is present, requests for the four built-in providers
+  (`anthropic`, `openai`, `google`, `deepseek`) go through the hosted
+  proxy at `https://mod8-proxy-6jnzdar4rq-uc.a.run.app/v1/chat`. Cost
+  shown in the per-turn stats line is the **charged** amount (raw provider
+  cost + 15% mod8 markup), not the raw provider cost.
+- Custom OpenAI-compatible providers (mistral / groq / openrouter / xai /
+  custom) keep using `providers.json` even when logged in — the proxy
+  doesn't carry them yet.
+
+### Compatibility
+
+- `auth.json` is opt-in. Existing users see no behavior change until they
+  run `mod8 login`.
+
+## [0.1.0] — 2026-05-07
+
+First public release.
+
+### Added
+
+- One-shot prompts: `mod8 -c "…"` (Anthropic), `mod8 -o "…"` (OpenAI),
+  `mod8 -g "…"` (Gemini), or just `mod8 "…"` for the configured default.
+- Side-by-side comparison: `mod8 --all "…"` fans the prompt out to every
+  configured provider and renders one block per provider with its own color,
+  model name, token count, latency, and cost.
+- Interactive chat REPL: `mod8 new` (fresh session), `mod8 list` (recent
+  sessions), `mod8 resume <id>`. Two-mode flow:
+    - **host** = mod8 / Anthropic Sonnet, the planning side.
+    - **work** = any configured provider, the doing side.
+  Switching is by natural language ("go", "let's work", "use deepseek",
+  "ask grok", "switch to mistral") or slash commands (`/use <id>`,
+  `/ask <id>`, `/mod8`, `@mod8`, `/clear`, `/exit`, `/providers`,
+  `/compare <prompt>`).
+- Provider registry: nine built-in templates with key-prefix detection —
+  `anthropic`, `openai`, `google`, `deepseek`, `mistral`, `groq`, `openrouter`,
+  `xai`, `together`. Anything OpenAI-compatible plugs in.
+- Custom providers: `mod8 add-provider` accepts any OpenAI-compatible API by
+  pasting a key and confirming id, name, base URL, and default model.
+- Storage: keys live in `~/.config/mod8/providers.json` (mode 0600) with
+  automatic migration from the legacy `keys.json`. Sessions live in
+  `~/.config/mod8/sessions/` with auto-generated titles.
+- Pricing: per-model token costs with a `<$0.001` rounded summary.
+- Error UX: invalid key, rate limit, network, quota, model-not-found are all
+  classified into one-line friendly messages, both in single-provider runs
+  and per-block in `--all`.
+- Pipe + `@file` inputs: `cat file.go | mod8 "review this"`,
+  `mod8 "explain @path/to/file.py"`.
+- `mod8 verify`: built-in self-test suite — 57 tests across 8 spec files,
+  runs in ~35 seconds, sandbox-isolated, exercises mock and real-API paths.
+  Run before every ship.
+
+### Notes
+
+- `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, `GOOGLE_API_KEY`, `GEMINI_API_KEY`
+  environment variables override the stored key for the matching provider.
+- `--all` consent: first run pauses for explicit confirmation (only once);
+  set `MOD8_AUTO_CONFIRM=1` to skip non-interactively.
+- The chat REPL needs a real TTY (it's an Ink-based UI). Piped invocations
+  use the one-shot path.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Yonatan Zlit
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,239 @@
+# mod8
+
+**Talk to any LLM from your terminal — Claude, GPT, Gemini, DeepSeek, Mistral, Groq, anything OpenAI-compatible. BYOK.**
+
+No SaaS. No telemetry. Your keys stay in `~/.config/mod8/providers.json` (mode 0600). One CLI, every model.
+
+---
+
+## What it feels like
+
+Install once, then:
+
+```text
+$ mod8 keys set anthropic
+Enter API key for Anthropic (Claude): ************************************
+✓ Saved key for Anthropic (Claude)
+  Stored at /Users/you/.config/mod8/providers.json (file is 0600, only readable by you)
+
+$ mod8 "what's the difference between a tarball and a wheel"
+A tarball (.tar.gz) is the generic compressed-archive format used across
+many ecosystems — Python sdists, Ruby gems, npm packages all ship as
+tarballs. A wheel (.whl) is Python-specific, a built distribution that
+skips the build step on install. tl;dr: tarball = source, wheel = built.
+
+— claude-sonnet-4-6  324 tok · 1.21s · <$0.001
+```
+
+That was a one-shot. Now go interactive:
+
+```text
+$ mod8 new
+
+✻ mod8
+  switch to claude:  ask naturally — "go", "let's work", "let me talk to claude"
+  use any provider:  "use deepseek", "ask grok", "switch to mistral"
+  side-by-side:      "compare all" or /compare
+  list providers:    /providers      ·  back to mod8: /mod8 or @mod8
+  clear history:     /clear          ·  quit: /exit · cancel: esc
+
+›  i'm thinking about adding rate limiting to my api gateway. unsure where to put it.
+
+✻ mod8
+│ Are you protecting downstream services from a single misbehaving caller, or
+│ enforcing per-user quotas across many endpoints? Those usually live in
+│ different layers.
+│ 246 tok · 1.40s · <$0.001
+
+›  per-user quotas across the whole api
+
+✻ mod8
+│ Then sticking it at the gateway makes sense — you only count once instead
+│ of summing across services. Edge gateway with a Redis-backed token bucket
+│ is the standard pattern. Want claude to sketch the wiring?
+│ 312 tok · 1.62s · <$0.001
+
+›  yes go
+
+────────────────────────────────────────────────────────────
+  ◆  → switching to claude  (work mode)
+────────────────────────────────────────────────────────────
+
+›  yes go
+
+◆ claude
+│ Here's a minimal Express middleware that does it. Redis with a sliding
+│ window over 60s, 100 requests per user…
+│ 1.4k tok · 4.30s · $0.012
+```
+
+Add another provider, switch to it mid-conversation:
+
+```text
+$ mod8 add-provider
+paste key: gsk_***************************
+✓ Looks like Groq (groq, openai-compat).
+provider id [groq]:
+display name [Groq]:
+api type (anthropic | openai-compat | gemini) [openai-compat]:
+base URL [https://api.groq.com/openai/v1]:
+default model [llama-3.3-70b-versatile]:
+✓ Saved Groq (groq) — key gsk_***********6vQp, color ●
+```
+
+Back in chat:
+
+```text
+›  use groq, give me the same answer but shorter
+
+────────────────────────────────────────────────────────────
+  ◆  → switching to groq  (groq mode)
+────────────────────────────────────────────────────────────
+
+›  give me the same answer but shorter
+
+◆ groq
+│ const limiter = rateLimit({ windowMs: 60_000, max: 100, keyGenerator: r => r.user.id, store: new RedisStore({ client }) }); app.use(limiter);
+│ 184 tok · 0.42s · <$0.001
+```
+
+Side-by-side, all configured providers at once:
+
+```text
+›  compare all: write a haiku about cron jobs
+
+◆ claude
+│ Midnight tick repeats —
+│ silent worker in the dark,
+│ logs the only sound.
+│ 28 tok · 1.10s · <$0.001
+
+◆ groq
+│ Cron jobs run unseen,
+│ scheduled tasks in shadow,
+│ servers hum at night.
+│ 24 tok · 0.31s · <$0.001
+
+◆ deepseek
+│ Five stars then asterisk,
+│ time slices marching forward,
+│ work without applause.
+│ 26 tok · 0.88s · <$0.001
+```
+
+Out of chat, you can also do this from one shell line:
+
+```text
+$ mod8 --all "summarize this commit message in 5 words" < commit.txt
+```
+
+That's the whole product.
+
+---
+
+## Install
+
+```bash
+npm install -g mod8-cli
+```
+
+(The npm package is `mod8-cli`; the terminal command is `mod8`.)
+
+Requires Node 20+.
+
+You have two ways to bring keys to mod8.
+
+### Option A — `mod8 login` (recommended)
+
+One mod8 account, one bill, every provider.
+
+```bash
+mod8 login                  # opens https://mod8.ai/cli-login,
+                            # paste the sk-mod8-… key it shows you
+```
+
+After that, `mod8 -c/-o/-g/-d "…"` all route through the mod8 proxy. The
+per-turn stats line shows what mod8 charged your balance.
+
+```bash
+mod8 logout                 # drop credentials, fall back to local providers.json
+```
+
+### Option B — BYOK (bring your own keys)
+
+```bash
+mod8 keys set anthropic     # or: openai, google, deepseek, mistral,
+                            #     groq, openrouter, xai, together
+```
+
+For any OpenAI-compatible API mod8 doesn't already know:
+
+```bash
+mod8 add-provider           # interactive: paste key, confirm name/baseUrl/model
+```
+
+Or skip on-disk storage and use an env var:
+
+```bash
+export ANTHROPIC_API_KEY=sk-ant-...
+```
+
+### Day-to-day
+
+```bash
+mod8 "say hi"               # one-shot to your default
+mod8 -c "say hi"            # → anthropic
+mod8 -o "say hi"            # → openai
+mod8 -g "say hi"            # → google
+mod8 -d "say hi"            # → deepseek
+mod8 --all "say hi"         # fan-out, side-by-side
+mod8 new                    # start a chat session
+mod8 list                   # see recent sessions
+mod8 resume <id>            # pick up where you left off
+mod8 keys list              # who's configured
+mod8 providers              # detailed provider config
+mod8 verify                 # run the built-in self-test suite
+```
+
+---
+
+## What's in the box
+
+| Category | Detail |
+| --- | --- |
+| Built-in providers | anthropic, openai, google, deepseek, mistral, groq, openrouter, xai, together |
+| Custom providers | any OpenAI-compatible API via `mod8 add-provider` |
+| Storage | `~/.config/mod8/providers.json` (keys, mode 0600) and `~/.config/mod8/sessions/*.json` (chat history) |
+| Pricing | per-model token costs in every footer |
+| Streaming | yes, all providers; cancel with `esc` mid-stream |
+| Pipe / `@file` | `cat x | mod8 "…"` and `mod8 "review @path/to/file"` both work |
+| Self-test | `mod8 verify` runs 50+ sandboxed tests against mocked + real API paths |
+
+---
+
+## Configuration
+
+| File or env var | What it holds |
+| --- | --- |
+| `~/.config/mod8/providers.json` | API keys + per-provider config (api type, base URL, default model, color). Mode `0600`. |
+| `~/.config/mod8/config.json` | `default` (which provider answers a bare `mod8 "..."`), `allConsent` (first-run gate). |
+| `~/.config/mod8/sessions/*.json` | Saved chat sessions, auto-titled after the second turn. Mode `0600`. |
+| `MOD8_CONFIG_DIR` | Override the config root entirely (used by `mod8 verify`'s sandbox). |
+| `MOD8_HOST_MODEL`, `MOD8_WORK_MODEL` | Override the default chat models. |
+| `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, `GOOGLE_API_KEY`, `GEMINI_API_KEY` | Override the stored key for that provider. |
+
+---
+
+## Privacy
+
+Everything is local. mod8 is a thin client that talks directly to provider APIs.
+There is no mod8 server. No analytics, no telemetry, no key escrow.
+
+If you want to verify, the verify suite has a test that asserts `providers.json`
+is created with mode `0600`, and the source is short enough to read in an hour.
+
+---
+
+## License
+
+MIT — see [LICENSE](./LICENSE).

package/bin/mod8.js

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+import '../dist/cli.js';

package/dist/cli.js

@@ -0,0 +1,302 @@
+import { Command } from 'commander';
+import chalk from 'chalk';
+import { keysSet, keysList, keysRemove } from './commands/keys.js';
+import { loginCommand } from './commands/login.js';
+import { logoutCommand } from './commands/logout.js';
+import { readAuth } from './storage/auth.js';
+import { runPrompt, resolveProvider } from './commands/prompt.js';
+import { runAll, ensureAllConsent } from './commands/all.js';
+import { configGet, configSet } from './commands/config.js';
+import { runChat } from './commands/chat.js';
+import { listCommand } from './commands/list.js';
+import { verifyCommand } from './commands/verify.js';
+import { getMostRecentSession } from './storage/sessions.js';
+import { addProviderCommand } from './commands/addProvider.js';
+import { listProvidersCommand } from './commands/providers.js';
+import { devHostAsk } from './commands/devHostAsk.js';
+import { devResolve } from './commands/devResolve.js';
+import { devWorkAsk } from './commands/devWorkAsk.js';
+import { devSimulate } from './commands/devSimulate.js';
+import { devHostSystem } from './commands/devHostSystem.js';
+import { readStdin } from './input/stdin.js';
+import { composePrompt } from './input/compose.js';
+const program = new Command();
+program
+    .name('mod8')
+    .description('Talk to any LLM from your terminal — Claude, GPT, Gemini, DeepSeek, Mistral, Groq, anything OpenAI-compatible. BYOK.')
+    .version('0.2.0');
+program
+    .argument('[prompt]', 'prompt to send (uses default provider unless a flag is set)')
+    .option('-c, --claude', 'use Claude (Anthropic)')
+    .option('-o, --openai', 'use OpenAI (GPT)')
+    .option('-g, --gemini', 'use Gemini (Google)')
+    .option('-d, --deepseek', 'use DeepSeek')
+    .option('--all', 'run on every configured provider in parallel and show side-by-side')
+    .action(async (prompt, opts) => {
+    if (!prompt) {
+        // Bare `mod8` (no flags, no prompt) → enter chat REPL with a FRESH
+        // session.  Mirrors how chat products work elsewhere: opening = new
+        // conversation; history is one click (or one `mod8 resume`) away.
+        // With any flag set but no prompt, fall through to help.
+        if (!opts.claude && !opts.openai && !opts.gemini && !opts.deepseek && !opts.all) {
+            await printStartupBanner();
+            await runChat({ fresh: true });
+            return;
+        }
+        program.help();
+        return;
+    }
+    // Order matters: consent must be gathered BEFORE stdin is consumed.
+    const stdinPiped = !process.stdin.isTTY;
+    if (opts.all) {
+        await ensureAllConsent({ stdinPiped });
+    }
+    const stdinContent = await readStdin();
+    const { finalPrompt, warnings } = await composePrompt(prompt, stdinContent);
+    for (const w of warnings) {
+        console.error(chalk.yellow(`warning: ${w}`));
+    }
+    if (opts.all) {
+        await runAll(finalPrompt);
+        return;
+    }
+    const provider = await resolveProvider(opts);
+    await runPrompt({ provider, prompt: finalPrompt });
+});
+const keys = program.command('keys').description('Manage API keys (stored locally, never sent anywhere)');
+keys
+    .command('set <provider>')
+    .description('Save an API key for a built-in provider (anthropic | openai | google | deepseek | groq | mistral | xai | openrouter | together)')
+    .action(async (provider) => {
+    await keysSet(provider);
+});
+keys
+    .command('list')
+    .description('List configured providers (keys masked)')
+    .action(async () => {
+    await keysList();
+});
+keys
+    .command('remove <provider>')
+    .description('Remove a stored API key')
+    .action(async (provider) => {
+    await keysRemove(provider);
+});
+program
+    .command('new')
+    .description('Start a fresh chat session')
+    .action(async () => {
+    await runChat({ fresh: true });
+});
+program
+    .command('list')
+    .description('Show recent chat sessions')
+    .action(async () => {
+    await listCommand();
+});
+program
+    .command('resume [id]')
+    .description('Resume the most recent session, or a specific session by id')
+    .action(async (id) => {
+    if (id) {
+        await runChat({ sessionId: id });
+        return;
+    }
+    const recent = await getMostRecentSession();
+    if (!recent) {
+        console.error(chalk.red('mod8: ') +
+            'no sessions to resume yet. Try `mod8` to start fresh, or `mod8 list` to see saved sessions.');
+        process.exit(1);
+    }
+    await runChat({ sessionId: recent.id });
+});
+program
+    .command('add-provider')
+    .description('Register a provider (built-in or custom OpenAI-compatible) by pasting its key')
+    .action(async () => {
+    await addProviderCommand();
+});
+program
+    .command('providers')
+    .description('List configured providers (id, name, model, base URL)')
+    .action(async () => {
+    await listProvidersCommand();
+});
+program
+    .command('verify')
+    .description("Run mod8's self-verification spec suite (specs/*.yaml)")
+    .action(async () => {
+    await verifyCommand();
+});
+// Dev endpoint: print the resolved auth status + the proxy-routing decision
+// for a few canonical provider ids.  Pure (no network).  Used by the login
+// behavioral spec.
+program
+    .command('dev:auth-status')
+    .description('print resolved auth.json + proxy routing decision (no network)')
+    .action(async () => {
+    const { devAuthStatus } = await import('./commands/devAuthStatus.js');
+    await devAuthStatus();
+});
+program
+    .command('login')
+    .description('Connect this CLI to your mod8 account — routes calls through the hosted proxy')
+    .action(async () => {
+    await loginCommand();
+});
+program
+    .command('logout')
+    .description('Drop mod8 credentials — falls back to your local providers.json')
+    .action(async () => {
+    await logoutCommand();
+});
+// Dev endpoint: one-shot through the host (mod8) system prompt — used by
+// the chat-meta verify spec to confirm mod8 can answer questions about
+// itself. Also useful from the shell for quick meta queries.
+program
+    .command('dev:host-ask <prompt>')
+    .description('one-shot through the host (mod8) system prompt')
+    .action(async (prompt) => {
+    await devHostAsk(prompt);
+});
+// Dev endpoint: print how the chat REPL would route a given input string
+// (provider switch, compare, or none) — used to test synonym handling.
+program
+    .command('dev:resolve <input>')
+    .description('show how the chat REPL would route an input (debug only)')
+    .action(async (input) => {
+    await devResolve(input);
+});
+// Dev endpoint: one-shot through WORK-mode system prompt for the given
+// provider.  Used to test that work-mode models stay in character and
+// don't impersonate the host.
+program
+    .command('dev:work-ask <providerId> <prompt>')
+    .description('one-shot through the work-mode system prompt for a provider')
+    .action(async (providerId, prompt) => {
+    await devWorkAsk(providerId, prompt);
+});
+// Dev endpoint: simulate a chat session by reading inputs from stdin and
+// applying the same routing state machine the chat REPL uses (no LLM, no
+// Ink).  Used by stress-test specs to verify long sequences of switches.
+program
+    .command('dev:simulate')
+    .description('simulate a chat session from stdin (one input per line)')
+    .action(async () => {
+    await devSimulate();
+});
+// Dev endpoint: print the host system prompt as it would be assembled right
+// now from current providers.json state.  Used by behavioral specs to
+// verify the host-self-knowledge refresh (Bug 1) — rebuilding the prompt
+// always reflects the latest providers, not a stale startup snapshot.
+program
+    .command('dev:host-system')
+    .description('print the host system prompt with current provider state')
+    .action(async () => {
+    await devHostSystem();
+});
+// Dev endpoint: test the auto-fallback decision logic for a given count of
+// consecutive work-mode errors.  Pure, no API calls.
+program
+    .command('dev:check-fallback <count>')
+    .description('print the auto-fallback decision for N consecutive work errors')
+    .action(async (count) => {
+    const { fallbackDecision, AUTO_FALLBACK_THRESHOLD } = await import('./commands/intentRouting.js');
+    const n = Number.parseInt(count, 10);
+    if (!Number.isFinite(n) || n < 0) {
+        console.error(`mod8: count must be a non-negative integer, got ${JSON.stringify(count)}`);
+        process.exit(1);
+    }
+    const decision = fallbackDecision(n);
+    console.log(`consecutive=${n} threshold=${AUTO_FALLBACK_THRESHOLD} decision=${decision}`);
+});
+// Dev endpoint: print which model would be sent to the provider, with the
+// resolution source (opts > env > providers.json).  No allowlist, no
+// substitution — whatever the user wrote (or set in MOD8_<ID>_MODEL) is
+// what the SDK will receive.  Behavioral specs use this to verify
+// passthrough without making real network calls.
+program
+    .command('dev:resolve-model <providerId>')
+    .description('print the model + resolution source for a provider id')
+    .action(async (providerId) => {
+    const { resolveConfigured } = await import('./storage/providers.js');
+    const { resolveModel } = await import('./providers/modelResolution.js');
+    const entry = await resolveConfigured(providerId);
+    const r = resolveModel(providerId, undefined, entry?.defaultModel);
+    console.log(`providerId=${providerId} model=${JSON.stringify(r.model)} source=${r.source} envVar=${r.envVar}`);
+});
+// Dev endpoint: print the EXACT debug line that would be emitted on a
+// provider call — including the URL the SDK is about to hit, the resolved
+// model, the masked key.  No network call, no SDK invocation, just the
+// resolution logic.  Behavioral specs use this to verify model-name
+// passthrough into the provider URL without depending on real network.
+program
+    .command('dev:debug-call <providerId>')
+    .description('print the would-be debug-call line for a provider (no network)')
+    .action(async (providerId) => {
+    const { resolveConfigured } = await import('./storage/providers.js');
+    const { resolveModel } = await import('./providers/modelResolution.js');
+    const { approximateProviderUrl } = await import('./util/debug.js');
+    const { maskApiKey } = await import('./util/secrets.js');
+    const entry = await resolveConfigured(providerId);
+    if (!entry) {
+        console.error(`mod8: ${providerId} not configured`);
+        process.exit(1);
+    }
+    const r = resolveModel(providerId, undefined, entry.defaultModel);
+    const url = approximateProviderUrl(entry.apiType, r.model, entry.baseUrl);
+    console.log(`providerId=${providerId} apiType=${entry.apiType} model=${JSON.stringify(r.model)} modelSource=${r.source} key=${maskApiKey(entry.apiKey)} url=${JSON.stringify(url)}`);
+});
+// Dev endpoint: feed a synthetic error message + provider id through the
+// per-kind explainer.  Pure (no API calls).  Behavioral specs use this to
+// verify that the diagnoser extracts HTTP code, retry-after, raw message,
+// and produces the right kind-specific short / long / suggestion text.
+//
+// Usage: mod8 dev:explain-error <providerId> "<error message>"
+//   e.g. mod8 dev:explain-error google "[403 Forbidden] Your project has been denied access."
+program
+    .command('dev:explain-error <providerId> <message>')
+    .description('print the structured diagnosis for a synthetic provider error')
+    .action(async (providerId, message) => {
+    const { explainError } = await import('./providers/errorHints.js');
+    const e = explainError(new Error(message), providerId);
+    console.log(`kind=${e.kind}`);
+    console.log(`short=${e.short}`);
+    console.log('long=');
+    if (e.long)
+        console.log(e.long);
+    console.log(`suggestion=${e.suggestion}`);
+});
+const config = program.command('config').description('Manage configuration');
+config
+    .command('get')
+    .description('Show current configuration')
+    .action(async () => {
+    await configGet();
+});
+config
+    .command('set <key> <value>')
+    .description('Set a config value (e.g. "default anthropic")')
+    .action(async (key, value) => {
+    await configSet(key, value);
+});
+/**
+ * Banner printed before the REPL boots — one line so it never gets in the
+ * way.  Quiet on every other entry point (one-shot prompts, dev:* commands,
+ * keys/config) so the output stays predictable for scripting.
+ */
+async function printStartupBanner() {
+    const auth = await readAuth();
+    if (auth) {
+        const who = auth.email ? chalk.bold(auth.email) : 'mod8 account';
+        process.stderr.write(chalk.dim(`Logged in as ${who} — proxy mode (mod8 logout to switch off)\n`));
+    }
+    else {
+        process.stderr.write(chalk.dim(`Local mode — using providers.json (mod8 login to use the hosted proxy)\n`));
+    }
+}
+program.parseAsync().catch((err) => {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(chalk.red('mod8: ') + msg);
+    process.exit(1);
+});