npm - nbound - Versions diffs - 1.0.3 → 1.0.4 - Mend

nbound 1.0.3 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/bin/nbound.js CHANGED Viewed

@@ -5223,7 +5223,7 @@ var require_websocket = __commonJS((exports, module) => {
   var http = __require("http");
   var net = __require("net");
   var tls = __require("tls");
-  var { randomBytes, createHash } = __require("crypto");
+  var { randomBytes: randomBytes2, createHash } = __require("crypto");
   var { Duplex, Readable } = __require("stream");
   var { URL: URL2 } = __require("url");
   var PerMessageDeflate = require_permessage_deflate();
@@ -5632,7 +5632,7 @@ var require_websocket = __commonJS((exports, module) => {
       }
     }
     const defaultPort = isSecure ? 443 : 80;
-    const key = randomBytes(16).toString("base64");
+    const key = randomBytes2(16).toString("base64");
     const request2 = isSecure ? https.request : http.request;
     const protocolSet = new Set;
     let perMessageDeflate;
@@ -6971,17 +6971,45 @@ function nanoid(size = 21) {
 }
 // src/lib/config.ts
-import { existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync } from "node:fs";
+import { existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync, renameSync, chmodSync } from "node:fs";
 import { homedir } from "node:os";
 import { join } from "node:path";
+import { randomBytes } from "node:crypto";
 var CONFIG_DIR = ".nbound";
 var CONFIG_FILE = "config.json";
+var EXPIRY_WARNING_MS = 7 * 24 * 60 * 60 * 1000;
 function getConfigDir() {
   return join(homedir(), CONFIG_DIR);
 }
 function getConfigPath() {
   return join(getConfigDir(), CONFIG_FILE);
 }
+function checkTokenExpiry(config) {
+  if (!config.expiresAt) {
+    return "valid";
+  }
+  const expiresAt = new Date(config.expiresAt).getTime();
+  const now = Date.now();
+  if (now >= expiresAt) {
+    return "expired";
+  }
+  if (expiresAt - now <= EXPIRY_WARNING_MS) {
+    return "expiring_soon";
+  }
+  return "valid";
+}
+function getDaysUntilExpiry(config) {
+  if (!config.expiresAt) {
+    return null;
+  }
+  const expiresAt = new Date(config.expiresAt).getTime();
+  const now = Date.now();
+  const msRemaining = expiresAt - now;
+  if (msRemaining <= 0) {
+    return 0;
+  }
+  return Math.ceil(msRemaining / (24 * 60 * 60 * 1000));
+}
 function loadConfig() {
   const envToken = process.env.NBOUND_TOKEN;
   if (envToken) {
@@ -6999,7 +7027,12 @@ function loadConfig() {
   }
   try {
     const content = readFileSync(configPath, "utf-8");
-    return JSON.parse(content);
+    const config = JSON.parse(content);
+    const expiry = checkTokenExpiry(config);
+    if (expiry === "expired") {
+      return null;
+    }
+    return config;
   } catch {
     return null;
   }
@@ -7007,10 +7040,30 @@ function loadConfig() {
 function saveConfig(config) {
   const configDir = getConfigDir();
   const configPath = getConfigPath();
-  if (!existsSync(configDir)) {
-    mkdirSync(configDir, { recursive: true, mode: 448 });
+  try {
+    if (!existsSync(configDir)) {
+      mkdirSync(configDir, { recursive: true, mode: 448 });
+    } else {
+      chmodSync(configDir, 448);
+    }
+  } catch (err) {
+    if (!existsSync(configDir)) {
+      throw err;
+    }
+  }
+  const tempPath = join(configDir, `.config.${randomBytes(8).toString("hex")}.tmp`);
+  try {
+    writeFileSync(tempPath, JSON.stringify(config, null, 2), { mode: 384 });
+    chmodSync(tempPath, 384);
+    renameSync(tempPath, configPath);
+  } catch (err) {
+    try {
+      if (existsSync(tempPath)) {
+        unlinkSync(tempPath);
+      }
+    } catch {}
+    throw err;
   }
-  writeFileSync(configPath, JSON.stringify(config, null, 2), { mode: 384 });
 }
 function deleteConfig() {
   const configPath = getConfigPath();
@@ -7032,6 +7085,10 @@ function getWsUrl() {
 }
 // src/lib/api.ts
+var REQUEST_TIMEOUT_MS = 1e4;
+var MAX_RETRIES = 3;
+var RETRY_DELAYS = [1000, 2000, 4000];
 class ApiError extends Error {
   status;
   code;
@@ -7042,22 +7099,57 @@ class ApiError extends Error {
     this.name = "ApiError";
   }
 }
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function isRetryable(status) {
+  return status >= 500 && status < 600;
+}
 async function request(path2, token, options = {}) {
   const apiUrl = getApiUrl();
   const url = `${apiUrl}${path2}`;
-  const response = await fetch(url, {
-    ...options,
-    headers: {
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${token}`,
-      ...options.headers
+  let lastError = null;
+  for (let attempt = 0;attempt <= MAX_RETRIES; attempt++) {
+    try {
+      const response = await fetch(url, {
+        ...options,
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${token}`,
+          ...options.headers
+        },
+        signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
+      });
+      const json = await response.json();
+      if (!response.ok || !json.success) {
+        const error = new ApiError(response.status, json.error?.code ?? "UNKNOWN_ERROR", json.error?.message ?? "An unknown error occurred");
+        if (isRetryable(response.status) && attempt < MAX_RETRIES) {
+          lastError = error;
+          await sleep(RETRY_DELAYS[attempt]);
+          continue;
+        }
+        throw error;
+      }
+      return json.data;
+    } catch (error) {
+      if (error instanceof ApiError && !isRetryable(error.status)) {
+        throw error;
+      }
+      if (attempt < MAX_RETRIES) {
+        lastError = error instanceof Error ? error : new Error(String(error));
+        await sleep(RETRY_DELAYS[attempt]);
+        continue;
+      }
+      if (error instanceof Error) {
+        if (error.name === "TimeoutError" || error.name === "AbortError") {
+          throw new ApiError(0, "TIMEOUT", `Request timed out after ${REQUEST_TIMEOUT_MS}ms`);
+        }
+        throw new ApiError(0, "NETWORK_ERROR", error.message);
+      }
+      throw error;
     }
-  });
-  const json = await response.json();
-  if (!response.ok || !json.success) {
-    throw new ApiError(response.status, json.error?.code ?? "UNKNOWN_ERROR", json.error?.message ?? "An unknown error occurred");
   }
-  return json.data;
+  throw lastError ?? new ApiError(0, "UNKNOWN_ERROR", "Request failed");
 }
 async function getUser(token) {
   const result = await request("/api/auth/me", token);
@@ -7067,12 +7159,20 @@ async function listEndpoints(token) {
   const result = await request("/api/endpoints", token);
   return result;
 }
+async function createEndpoint(token, input) {
+  const result = await request("/api/endpoints", token, {
+    method: "POST",
+    body: JSON.stringify(input)
+  });
+  return result;
+}
 async function exchangeCliCode(sessionId, code) {
   const apiUrl = getApiUrl();
   const response = await fetch(`${apiUrl}/api/auth/cli-exchange`, {
     method: "POST",
     headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ sessionId, code })
+    body: JSON.stringify({ sessionId, code }),
+    signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
   });
   const json = await response.json();
   if (!response.ok || !json.success) {
@@ -7080,6 +7180,22 @@ async function exchangeCliCode(sessionId, code) {
   }
   return json.data;
 }
+async function revokeCliToken(token) {
+  const apiUrl = getApiUrl();
+  try {
+    const response = await fetch(`${apiUrl}/api/cli/revoke`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${token}`
+      },
+      signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
+    });
+    if (!response.ok) {
+      return;
+    }
+  } catch {}
+}
 // src/ui/logger.ts
 var import_picocolors = __toESM(require_picocolors(), 1);
@@ -8457,6 +8573,11 @@ async function loginCommand(options) {
     try {
       const user = await getUser(existingConfig.token);
       log.info(`Already logged in as ${user.email}`);
+      const expiry = checkTokenExpiry(existingConfig);
+      if (expiry === "expiring_soon") {
+        const daysLeft = getDaysUntilExpiry(existingConfig);
+        log.warning(`Your token expires in ${daysLeft} day${daysLeft === 1 ? "" : "s"}. Run: nbound login to refresh.`);
+      }
       log.dim("Run: nbound logout to switch accounts");
       return;
     } catch {}
@@ -8507,12 +8628,13 @@ async function loginCommand(options) {
   const spinner = createSpinner("Verifying code...");
   spinner.start();
   try {
-    const { token, user } = await exchangeCliCode(sessionId, code);
+    const { token, user, expiresAt } = await exchangeCliCode(sessionId, code);
     saveConfig({
       token,
       user: { id: user.id, email: user.email },
       apiUrl,
-      wsUrl: apiUrl.replace("https://", "wss://").replace("http://", "ws://") + "/ws"
+      wsUrl: apiUrl.replace("https://", "wss://").replace("http://", "ws://") + "/ws",
+      expiresAt
     });
     spinner.succeed(`Logged in as ${user.email}`);
     log.blank();
@@ -8533,6 +8655,12 @@ async function logoutCommand() {
     log.info("Not logged in");
     return;
   }
+  const config = loadConfig();
+  if (config?.token) {
+    try {
+      await revokeCliToken(config.token);
+    } catch {}
+  }
   deleteConfig();
   log.success("Logged out");
   log.dim(`Removed ${configPath}`);
@@ -12667,17 +12795,19 @@ function getBackoffDelay(attempt, baseMs = 1000, maxMs = 30000, jitter = true) {
 }
 // src/lib/ws-client.ts
 var PING_INTERVAL_MS = 30000;
+var PONG_TIMEOUT_MS = 1e4;
 var AUTH_TIMEOUT_MS = 1e4;
 class WebSocketClient {
   ws = null;
   options;
   pingInterval = null;
+  pongTimeout = null;
   authTimeout = null;
+  reconnectTimeout = null;
   reconnectAttempt = 0;
-  isConnected = false;
+  state = "disconnected";
   shouldReconnect = true;
-  authenticated = false;
   userId = null;
   plan = null;
   constructor(options) {
@@ -12691,11 +12821,13 @@ class WebSocketClient {
     if (this.ws) {
       this.ws.removeAllListeners();
       this.ws.close();
+      this.ws = null;
     }
-    this.authenticated = false;
+    this.state = "connecting";
     this.ws = new wrapper_default(this.options.wsUrl);
     this.ws.on("open", () => {
       this.reconnectAttempt = 0;
+      this.state = "authenticating";
       this.sendAuth();
       this.startAuthTimeout();
     });
@@ -12703,20 +12835,26 @@ class WebSocketClient {
       try {
         const message = JSON.parse(data.toString());
         this.handleMessage(message);
-      } catch {}
+      } catch (err) {
+        this.options.onError(new Error(`Failed to parse WebSocket message: ${err instanceof Error ? err.message : "Unknown error"}`));
+      }
     });
     this.ws.on("close", (code, reason) => {
+      const prevState = this.state;
       this.cleanup();
       const reasonStr = reason?.toString() || `Code ${code}`;
-      if (this.shouldReconnect && this.authenticated) {
+      if (this.shouldReconnect && prevState === "subscribed") {
         this.scheduleReconnect();
         this.options.onDisconnected(reasonStr);
-      } else if (!this.authenticated && this.shouldReconnect) {
-        this.options.onError(new Error(`Connection closed: ${reasonStr}`));
+      } else if (prevState === "authenticating" && this.shouldReconnect) {
+        this.shouldReconnect = false;
+        this.options.onError(new Error(`Connection closed during auth: ${reasonStr}`));
+      } else if (this.shouldReconnect && prevState === "connecting") {
+        this.scheduleReconnect();
       }
     });
     this.ws.on("error", (error) => {
-      if (!this.isConnected && this.shouldReconnect) {
+      if (this.state !== "subscribed" && this.shouldReconnect) {
         this.scheduleReconnect();
       } else {
         this.options.onError(error);
@@ -12727,7 +12865,7 @@ class WebSocketClient {
     switch (message.type) {
       case "auth_success": {
         const payload = message.payload;
-        this.authenticated = true;
+        this.state = "authenticated";
         this.userId = payload.user?.id ?? payload.userId ?? null;
         this.plan = payload.plan;
         this.clearAuthTimeout();
@@ -12744,7 +12882,7 @@ class WebSocketClient {
       }
       case "subscribed": {
         const payload = message.payload;
-        this.isConnected = true;
+        this.state = "subscribed";
         this.options.onConnected(payload.endpointIds, payload.webhookUrls ?? {});
         break;
       }
@@ -12757,32 +12895,59 @@ class WebSocketClient {
         break;
       }
       case "pong":
+        this.clearPongTimeout();
         break;
       case "error": {
         const payload = message.payload;
         this.options.onError(new Error(`Server error: ${payload.message}`));
         break;
       }
+      case "token_revoked":
+      case "session_revoked": {
+        this.shouldReconnect = false;
+        this.options.onError(new Error("Your CLI token has been revoked. Please run `nbound login` again."));
+        this.disconnect();
+        break;
+      }
+      case "plan_changed": {
+        const payload = message.payload;
+        this.plan = payload.plan;
+        break;
+      }
+      case "endpoint_deleted": {
+        this.shouldReconnect = false;
+        this.options.onError(new Error("This endpoint has been deleted."));
+        this.disconnect();
+        break;
+      }
+      default: {
+        const unknownType2 = message.type;
+        if (unknownType2) {}
+      }
     }
   }
   sendAuth() {
-    this.send({
+    if (!this.send({
       type: "auth",
       payload: { token: this.options.token }
-    });
+    })) {
+      this.options.onError(new Error("Failed to send auth message"));
+    }
   }
   sendForwardSubscribe() {
-    this.send({
+    if (!this.send({
       type: "forward_subscribe",
       payload: {
         endpointIds: [this.options.endpointId],
         port: this.options.port,
         host: this.options.host
       }
-    });
+    })) {
+      this.options.onError(new Error("Failed to send subscribe message"));
+    }
   }
   sendForwardResponse(requestId, response) {
-    this.send({
+    return this.send({
       type: "forward_response",
       payload: {
         requestId,
@@ -12796,7 +12961,7 @@ class WebSocketClient {
     });
   }
   sendForwardError(requestId, error) {
-    this.send({
+    return this.send({
       type: "forward_error",
       payload: {
         requestId,
@@ -12809,17 +12974,42 @@ class WebSocketClient {
   }
   send(message) {
     if (this.ws && this.ws.readyState === wrapper_default.OPEN) {
-      this.ws.send(JSON.stringify(message));
+      try {
+        this.ws.send(JSON.stringify(message));
+        return true;
+      } catch {
+        return false;
+      }
     }
+    return false;
   }
   startPingInterval() {
     this.pingInterval = setInterval(() => {
-      this.send({ type: "ping" });
+      if (this.send({ type: "ping" })) {
+        this.startPongTimeout();
+      }
     }, PING_INTERVAL_MS);
   }
+  startPongTimeout() {
+    this.clearPongTimeout();
+    this.pongTimeout = setTimeout(() => {
+      if (this.state === "subscribed" && this.shouldReconnect) {
+        this.options.onError(new Error("Connection timeout - no pong received"));
+        this.cleanup();
+        this.scheduleReconnect();
+        this.options.onDisconnected("Ping timeout");
+      }
+    }, PONG_TIMEOUT_MS);
+  }
+  clearPongTimeout() {
+    if (this.pongTimeout) {
+      clearTimeout(this.pongTimeout);
+      this.pongTimeout = null;
+    }
+  }
   startAuthTimeout() {
     this.authTimeout = setTimeout(() => {
-      if (!this.authenticated) {
+      if (this.state === "authenticating") {
         this.shouldReconnect = false;
         this.options.onError(new Error("Authentication timed out"));
         this.disconnect();
@@ -12833,18 +13023,28 @@ class WebSocketClient {
     }
   }
   cleanup() {
-    this.isConnected = false;
+    this.state = "disconnected";
     this.clearAuthTimeout();
+    this.clearPongTimeout();
+    this.clearReconnectTimeout();
     if (this.pingInterval) {
       clearInterval(this.pingInterval);
       this.pingInterval = null;
     }
   }
+  clearReconnectTimeout() {
+    if (this.reconnectTimeout) {
+      clearTimeout(this.reconnectTimeout);
+      this.reconnectTimeout = null;
+    }
+  }
   scheduleReconnect() {
+    this.clearReconnectTimeout();
     this.reconnectAttempt++;
     const delay = getBackoffDelay(this.reconnectAttempt, 1000, 30000, true);
     this.options.onReconnecting(this.reconnectAttempt);
-    setTimeout(() => {
+    this.reconnectTimeout = setTimeout(() => {
+      this.reconnectTimeout = null;
       if (this.shouldReconnect) {
         this.doConnect();
       }
@@ -12860,7 +13060,7 @@ class WebSocketClient {
     }
   }
   get connected() {
-    return this.isConnected;
+    return this.state === "subscribed";
   }
 }
@@ -12907,7 +13107,6 @@ class MultiEndpointClient {
     const url = new URL(baseUrl);
     url.searchParams.set("endpointId", endpointId);
     url.searchParams.set("type", "cli");
-    url.searchParams.set("token", this.options.token);
     return url.toString();
   }
   handleEndpointConnected(endpointId, subscribedIds, urls) {
@@ -12967,6 +13166,7 @@ class MultiEndpointClient {
 }
 // src/lib/forwarder.ts
+import { posix } from "node:path";
 var HOP_BY_HOP_HEADERS = new Set([
   "connection",
   "keep-alive",
@@ -12978,10 +13178,39 @@ var HOP_BY_HOP_HEADERS = new Set([
   "upgrade",
   "host"
 ]);
+var ALLOWED_HOSTS = new Set(["localhost", "127.0.0.1", "::1"]);
+var MAX_RESPONSE_SIZE = 1024 * 1024;
+function normalizePath(pathPrefix, requestPath) {
+  const prefix = pathPrefix.startsWith("/") ? pathPrefix : "/" + pathPrefix;
+  const normalizedPrefix = prefix.endsWith("/") ? prefix.slice(0, -1) : prefix;
+  const path2 = requestPath.startsWith("/") ? requestPath : "/" + requestPath;
+  const combined = normalizedPrefix + path2;
+  const normalized = posix.normalize(combined);
+  const expectedRoot = normalizedPrefix || "/";
+  if (!normalized.startsWith(expectedRoot) && normalized !== expectedRoot.slice(0, -1)) {
+    if (!normalized.startsWith("/")) {
+      return null;
+    }
+  }
+  return normalized;
+}
 async function forwardRequest(request2, options) {
   const startTime = Date.now();
+  if (!ALLOWED_HOSTS.has(options.host.toLowerCase())) {
+    throw {
+      code: "INVALID_HOST",
+      message: `Host '${options.host}' is not allowed. Only localhost, 127.0.0.1, and ::1 are permitted.`
+    };
+  }
+  const normalizedPath = normalizePath(options.pathPrefix, request2.path);
+  if (normalizedPath === null) {
+    throw {
+      code: "INVALID_PATH",
+      message: `Path traversal attempt detected in '${request2.path}'`
+    };
+  }
   const url = new URL(`http://${options.host}:${options.port}`);
-  url.pathname = options.pathPrefix + request2.path;
+  url.pathname = normalizedPath;
   for (const [key, value] of Object.entries(request2.query)) {
     url.searchParams.set(key, value);
   }
@@ -12997,15 +13226,48 @@ async function forwardRequest(request2, options) {
       method: request2.method,
       headers,
       body: request2.body,
-      signal: AbortSignal.timeout(30000)
+      signal: AbortSignal.timeout(30000),
+      redirect: "manual"
     });
+    const contentLength = response.headers.get("content-length");
+    if (contentLength && parseInt(contentLength, 10) > MAX_RESPONSE_SIZE) {
+      throw {
+        code: "RESPONSE_TOO_LARGE",
+        message: `Response size ${contentLength} bytes exceeds limit of ${MAX_RESPONSE_SIZE} bytes`
+      };
+    }
     const responseHeaders = {};
     response.headers.forEach((value, key) => {
       if (!HOP_BY_HOP_HEADERS.has(key.toLowerCase())) {
         responseHeaders[key] = value;
       }
     });
-    const body = await response.text();
+    const reader = response.body?.getReader();
+    if (!reader) {
+      return {
+        status: response.status,
+        headers: responseHeaders,
+        body: null,
+        timeMs: Date.now() - startTime
+      };
+    }
+    const chunks = [];
+    let totalSize = 0;
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done)
+        break;
+      totalSize += value.length;
+      if (totalSize > MAX_RESPONSE_SIZE) {
+        reader.cancel();
+        throw {
+          code: "RESPONSE_TOO_LARGE",
+          message: `Response size exceeds limit of ${MAX_RESPONSE_SIZE} bytes`
+        };
+      }
+      chunks.push(value);
+    }
+    const body = new TextDecoder().decode(chunks.length === 1 ? chunks[0] : concatUint8Arrays(chunks));
     return {
       status: response.status,
       headers: responseHeaders,
@@ -13013,7 +13275,9 @@ async function forwardRequest(request2, options) {
       timeMs: Date.now() - startTime
     };
   } catch (error) {
-    const timeMs = Date.now() - startTime;
+    if (error && typeof error === "object" && "code" in error) {
+      throw error;
+    }
     if (error instanceof Error) {
       if (error.cause && typeof error.cause === "object" && "code" in error.cause) {
         const code = error.cause.code;
@@ -13037,6 +13301,16 @@ async function forwardRequest(request2, options) {
     };
   }
 }
+function concatUint8Arrays(arrays) {
+  const totalLength = arrays.reduce((sum, arr) => sum + arr.length, 0);
+  const result = new Uint8Array(totalLength);
+  let offset = 0;
+  for (const arr of arrays) {
+    result.set(arr, offset);
+    offset += arr.length;
+  }
+  return result;
+}
 // src/commands/connect.ts
 async function connectCommand(port, options) {
@@ -13254,6 +13528,57 @@ async function endpointsCommand(options) {
   }
 }
+// src/commands/create.ts
+async function createCommand2(nameArg, options) {
+  const config = loadConfig();
+  if (!config) {
+    log.error("Not logged in");
+    log.info("Run: nbound login");
+    process.exit(2);
+  }
+  const name = nameArg || options.name;
+  if (!name) {
+    log.error("Endpoint name is required");
+    log.info("Usage: nbound create <name>");
+    log.info("   or: nbound create --name <name>");
+    process.exit(4);
+  }
+  const spinner = createSpinner("Creating endpoint...");
+  spinner.start();
+  try {
+    const endpoint = await createEndpoint(config.token, {
+      name,
+      description: options.description
+    });
+    spinner.succeed("Endpoint created");
+    log.blank();
+    log.bold(endpoint.name);
+    log.blank();
+    log.info(`  URL:   ${endpoint.url}`);
+    log.info(`  Slug:  ${endpoint.slug}`);
+    log.info(`  ID:    ${endpoint.id}`);
+    log.blank();
+    log.dim("Run 'nbound connect <port>' to start forwarding");
+    log.blank();
+  } catch (error) {
+    if (error instanceof ApiError) {
+      if (error.status === 401) {
+        spinner.fail("Session expired");
+        log.info("Run: nbound login");
+        process.exit(2);
+      }
+      if (error.code === "PLAN_LIMIT") {
+        spinner.fail("Endpoint limit reached");
+        log.info("Upgrade at https://app.nbound.dev/settings/billing");
+        process.exit(2);
+      }
+      spinner.fail(error.message);
+      process.exit(1);
+    }
+    throw error;
+  }
+}
 // src/index.ts
 program.name("nbound").description("Forward webhooks to localhost for development").version("1.0.0");
 program.command("login").description("Authenticate with nbound").option("--token <token>", "Use an existing API token").action(loginCommand);
@@ -13261,4 +13586,5 @@ program.command("logout").description("Clear stored credentials").action(logoutC
 program.command("whoami").description("Show current authenticated user").action(whoamiCommand);
 program.command("connect <port>").description("Forward webhooks to localhost").option("-e, --endpoint <id>", "Specific endpoint ID or slug").option("-p, --path <path>", "Path prefix for localhost").option("-h, --host <host>", "Local hostname", "localhost").option("--no-color", "Disable colored output").option("--json", "Output as JSON lines for scripting").option("-q, --quiet", "Minimal output").action(connectCommand);
 program.command("endpoints").description("List your endpoints").option("--json", "Output as JSON").action(endpointsCommand);
+program.command("create [name]").description("Create a new endpoint").option("-n, --name <name>", "Endpoint name").option("-d, --description <description>", "Endpoint description").action(createCommand2);
 program.parse();