npm - nexusapp-cli - Versions diffs - 3.0.0 → 3.1.1 - Mend

nexusapp-cli 3.0.0 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (81) hide show

package/dist/client.d.ts +6 -0
package/dist/client.d.ts.map +1 -0
package/dist/client.js +63 -0
package/dist/client.js.map +1 -0
package/dist/commands/auth.d.ts +3 -0
package/dist/commands/auth.d.ts.map +1 -0
package/dist/commands/auth.js +178 -0
package/dist/commands/auth.js.map +1 -0
package/dist/commands/bucket.d.ts +3 -0
package/dist/commands/bucket.d.ts.map +1 -0
package/dist/commands/bucket.js +354 -0
package/dist/commands/bucket.js.map +1 -0
package/dist/commands/database.d.ts +3 -0
package/dist/commands/database.d.ts.map +1 -0
package/dist/commands/database.js +350 -0
package/dist/commands/database.js.map +1 -0
package/dist/commands/deploy.d.ts +3 -0
package/dist/commands/deploy.d.ts.map +1 -0
package/dist/commands/deploy.js +1009 -0
package/dist/commands/deploy.js.map +1 -0
package/dist/commands/domain.d.ts +3 -0
package/dist/commands/domain.d.ts.map +1 -0
package/dist/commands/domain.js +174 -0
package/dist/commands/domain.js.map +1 -0
package/dist/commands/exec.d.ts +3 -0
package/dist/commands/exec.d.ts.map +1 -0
package/dist/commands/exec.js +176 -0
package/dist/commands/exec.js.map +1 -0
package/dist/commands/managedDb.d.ts +3 -0
package/dist/commands/managedDb.d.ts.map +1 -0
package/dist/commands/managedDb.js +227 -0
package/dist/commands/managedDb.js.map +1 -0
package/dist/commands/member.d.ts +3 -0
package/dist/commands/member.d.ts.map +1 -0
package/dist/commands/member.js +175 -0
package/dist/commands/member.js.map +1 -0
package/dist/commands/project.d.ts +3 -0
package/dist/commands/project.d.ts.map +1 -0
package/dist/commands/project.js +92 -0
package/dist/commands/project.js.map +1 -0
package/dist/commands/secret.d.ts +3 -0
package/dist/commands/secret.d.ts.map +1 -0
package/dist/commands/secret.js +121 -0
package/dist/commands/secret.js.map +1 -0
package/dist/commands/token.d.ts +3 -0
package/dist/commands/token.d.ts.map +1 -0
package/dist/commands/token.js +179 -0
package/dist/commands/token.js.map +1 -0
package/dist/commands/volume.d.ts +3 -0
package/dist/commands/volume.d.ts.map +1 -0
package/dist/commands/volume.js +149 -0
package/dist/commands/volume.js.map +1 -0
package/dist/config.d.ts +10 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +53 -0
package/dist/config.js.map +1 -0
package/dist/index.d.ts +3 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js.map +1 -0
package/dist/output.d.ts +9 -0
package/dist/output.d.ts.map +1 -0
package/dist/output.js +71 -0
package/dist/output.js.map +1 -0
package/package.json +6 -2
package/src/client.ts +0 -68
package/src/commands/auth.ts +0 -186
package/src/commands/bucket.ts +0 -261
package/src/commands/database.ts +0 -305
package/src/commands/deploy.ts +0 -904
package/src/commands/domain.ts +0 -167
package/src/commands/exec.ts +0 -154
package/src/commands/managedDb.ts +0 -170
package/src/commands/member.ts +0 -168
package/src/commands/project.ts +0 -81
package/src/commands/secret.ts +0 -117
package/src/commands/token.ts +0 -173
package/src/commands/volume.ts +0 -113
package/src/config.ts +0 -56
package/src/index.ts +0 -39
package/src/output.ts +0 -65
package/tsconfig.json +0 -19

package/dist/output.js ADDED Viewed

@@ -0,0 +1,71 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.statusBadge = statusBadge;
+exports.printTable = printTable;
+exports.printJson = printJson;
+exports.spinner = spinner;
+exports.timeAgo = timeAgo;
+exports.success = success;
+exports.errorMsg = errorMsg;
+const chalk_1 = __importDefault(require("chalk"));
+const cli_table3_1 = __importDefault(require("cli-table3"));
+const ora_1 = __importDefault(require("ora"));
+const STATUS_COLORS = {
+    RUNNING: chalk_1.default.green,
+    BUILDING: chalk_1.default.yellow,
+    DEPLOYING: chalk_1.default.yellow,
+    FAILED: chalk_1.default.red,
+    STOPPED: chalk_1.default.gray,
+    PENDING: chalk_1.default.blue,
+    QUEUED: chalk_1.default.blue,
+    TERMINATED: chalk_1.default.gray,
+};
+function statusBadge(status) {
+    const colorFn = STATUS_COLORS[status?.toUpperCase()] || chalk_1.default.white;
+    return colorFn(status || 'UNKNOWN');
+}
+function printTable(headers, rows) {
+    const table = new cli_table3_1.default({
+        head: headers.map((h) => chalk_1.default.bold(h)),
+        style: { head: [], border: [] },
+        chars: {
+            top: '', 'top-mid': '', 'top-left': '', 'top-right': '',
+            bottom: '', 'bottom-mid': '', 'bottom-left': '', 'bottom-right': '',
+            left: '', 'left-mid': '', mid: '', 'mid-mid': '',
+            right: '', 'right-mid': '', middle: '  ',
+        },
+    });
+    for (const row of rows) {
+        table.push(row.map((cell) => cell ?? chalk_1.default.gray('—')));
+    }
+    console.log(table.toString());
+}
+function printJson(obj) {
+    console.log(JSON.stringify(obj, null, 2));
+}
+function spinner(text) {
+    return (0, ora_1.default)(text).start();
+}
+function timeAgo(dateStr) {
+    const diff = Date.now() - new Date(dateStr).getTime();
+    const s = Math.floor(diff / 1000);
+    if (s < 60)
+        return `${s}s ago`;
+    const m = Math.floor(s / 60);
+    if (m < 60)
+        return `${m}m ago`;
+    const h = Math.floor(m / 60);
+    if (h < 24)
+        return `${h}h ago`;
+    return `${Math.floor(h / 24)}d ago`;
+}
+function success(msg) {
+    console.log(chalk_1.default.green('✓') + ' ' + msg);
+}
+function errorMsg(msg) {
+    console.error(chalk_1.default.red('✗') + ' ' + msg);
+}
+//# sourceMappingURL=output.js.map

package/dist/output.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"output.js","sourceRoot":"","sources":["../src/output.ts"],"names":[],"mappings":";;;;;AAeA,kCAGC;AAED,gCAiBC;AAED,8BAEC;AAED,0BAEC;AAED,0BASC;AAED,0BAEC;AAED,4BAEC;AAhED,kDAA0B;AAC1B,4DAA+B;AAC/B,8CAA+B;AAE/B,MAAM,aAAa,GAA0C;IAC3D,OAAO,EAAE,eAAK,CAAC,KAAK;IACpB,QAAQ,EAAE,eAAK,CAAC,MAAM;IACtB,SAAS,EAAE,eAAK,CAAC,MAAM;IACvB,MAAM,EAAE,eAAK,CAAC,GAAG;IACjB,OAAO,EAAE,eAAK,CAAC,IAAI;IACnB,OAAO,EAAE,eAAK,CAAC,IAAI;IACnB,MAAM,EAAE,eAAK,CAAC,IAAI;IAClB,UAAU,EAAE,eAAK,CAAC,IAAI;CACvB,CAAC;AAEF,SAAgB,WAAW,CAAC,MAAc;IACxC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,IAAI,eAAK,CAAC,KAAK,CAAC;IACpE,OAAO,OAAO,CAAC,MAAM,IAAI,SAAS,CAAC,CAAC;AACtC,CAAC;AAED,SAAgB,UAAU,CAAC,OAAiB,EAAE,IAAqC;IACjF,MAAM,KAAK,GAAG,IAAI,oBAAK,CAAC;QACtB,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACvC,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;QAC/B,KAAK,EAAE;YACL,GAAG,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE;YACvD,MAAM,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,cAAc,EAAE,EAAE;YACnE,IAAI,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE;YAChD,KAAK,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI;SACzC;KACF,CAAC,CAAC;IAEH,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,IAAI,eAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACzD,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;AAChC,CAAC;AAED,SAAgB,SAAS,CAAC,GAAY;IACpC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,SAAgB,OAAO,CAAC,IAAY;IAClC,OAAO,IAAA,aAAG,EAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;AAC3B,CAAC;AAED,SAAgB,OAAO,CAAC,OAAe;IACrC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC;IACtD,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;IAClC,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,GAAG,CAAC,OAAO,CAAC;IAC/B,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,GAAG,CAAC,OAAO,CAAC;IAC/B,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,GAAG,CAAC,OAAO,CAAC;IAC/B,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC;AACtC,CAAC;AAED,SAAgB,OAAO,CAAC,GAAW;IACjC,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC,CAAC;AAC5C,CAAC;AAED,SAAgB,QAAQ,CAAC,GAAW;IAClC,OAAO,CAAC,KAAK,CAAC,eAAK,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC,CAAC;AAC5C,CAAC"}

package/package.json CHANGED Viewed

@@ -1,11 +1,16 @@
 {
   "name": "nexusapp-cli",
-  "version": "3.0.0",
+  "version": "3.1.1",
   "description": "NEXUS AI command-line interface",
   "main": "dist/index.js",
   "bin": {
     "nexus": "./bin/nexus"
   },
+  "files": [
+    "bin/",
+    "dist/",
+    "README.md"
+  ],
   "scripts": {
     "build": "tsc",
     "dev": "ts-node src/index.ts",
@@ -24,7 +29,6 @@
     "cli-table3": "^0.6.3",
     "commander": "^12.0.0",
     "inquirer": "^9.2.0",
-    "nexusapp-cli": "^2.1.1",
     "ora": "^8.0.0"
   },
   "devDependencies": {

package/src/client.ts DELETED Viewed

@@ -1,68 +0,0 @@
-import axios, { AxiosInstance, AxiosError } from 'axios';
-import { getConfig } from './config.js';
-function createClient(): AxiosInstance {
-  const config = getConfig();
-  const baseURL = config.apiUrl || 'https://nexusai.run';
-  const instance = axios.create({
-    baseURL,
-    timeout: 30000,
-  });
-  instance.interceptors.request.use((req) => {
-    const cfg = getConfig();
-    if (cfg.token) {
-      req.headers = req.headers || {};
-      req.headers['Authorization'] = `Bearer ${cfg.token}`;
-    }
-    return req;
-  });
-  instance.interceptors.response.use(
-    (res) => res,
-    (error: AxiosError) => {
-      if (!error.response) {
-        const url = baseURL;
-        console.error(`Cannot reach NEXUS AI API at ${url}.`);
-        process.exit(1);
-      }
-      const status = error.response.status;
-      const data = error.response.data as any;
-      if (status === 401) {
-        console.error("Session expired. Run 'nexus auth login'");
-        process.exit(1);
-      }
-      if (status === 403) {
-        console.error(data?.message || data?.error || 'Access denied.');
-        process.exit(1);
-      }
-      return Promise.reject(error);
-    }
-  );
-  return instance;
-}
-export const client = createClient();
-/** Unwrap { success, data } envelope if present, otherwise return as-is. */
-export function unwrap(responseData: any): any {
-  if (responseData && typeof responseData === 'object' && 'data' in responseData) {
-    return responseData.data;
-  }
-  return responseData;
-}
-export function apiError(error: unknown): string {
-  if (axios.isAxiosError(error)) {
-    const data = error.response?.data as any;
-    return data?.message || data?.error || error.message;
-  }
-  if (error instanceof Error) return error.message;
-  return String(error);
-}

package/src/commands/auth.ts DELETED Viewed

@@ -1,186 +0,0 @@
-import { Command } from 'commander';
-import http from 'http';
-import { execFile } from 'child_process';
-import { AddressInfo } from 'net';
-import axios from 'axios';
-import { getConfig, saveConfig, clearConfig } from '../config.js';
-import { client, apiError, unwrap } from '../client.js';
-import { success, errorMsg, printJson, printTable, spinner } from '../output.js';
-function openBrowser(url: string): void {
-  const platform = process.platform;
-  if (platform === 'darwin') {
-    execFile('open', [url], () => {});
-  } else if (platform === 'win32') {
-    execFile('cmd', ['/c', 'start', '', url], () => {});
-  } else {
-    execFile('xdg-open', [url], () => {});
-  }
-}
-function successHtml(webUrl: string): string {
-  return `<!DOCTYPE html><html><head><meta charset="utf-8"><title>NEXUS AI CLI</title>
-<style>
-*{box-sizing:border-box;margin:0;padding:0}
-body{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',sans-serif;display:flex;align-items:center;justify-content:center;height:100vh;background:#0b0c12;color:#e5e7eb}
-.box{text-align:center;padding:2.5rem 3rem;background:#ffffff08;border:1px solid #ffffff14;border-radius:1.25rem;max-width:360px;width:90%}
-.logo{display:flex;align-items:center;justify-content:center;gap:.65rem;margin-bottom:2rem}
-.logo img{height:2.25rem;width:2.25rem}
-.logo-name{font-size:1rem;font-weight:600;color:#fff;letter-spacing:-.01em}
-.check{width:2.75rem;height:2.75rem;background:#0ea5e920;border-radius:50%;display:flex;align-items:center;justify-content:center;margin:0 auto 1.25rem}
-.check svg{width:1.25rem;height:1.25rem;stroke:#38bdf8;fill:none;stroke-width:2.5;stroke-linecap:round;stroke-linejoin:round}
-.title{font-size:1.2rem;font-weight:700;color:#fff;margin-bottom:.4rem}
-.sub{color:#6b7280;font-size:.85rem;line-height:1.5}
-</style></head>
-<body><div class="box">
-  <div class="logo">
-    <img src="${webUrl}/logo.svg" alt="NEXUS AI" onerror="this.style.display='none'">
-    <span class="logo-name">NEXUS AI</span>
-  </div>
-  <div class="check"><svg viewBox="0 0 24 24"><polyline points="20 6 9 17 4 12"/></svg></div>
-  <div class="title">Authorization successful</div>
-  <div class="sub">You can close this tab and return to your terminal.</div>
-</div></body></html>`;
-}
-function waitForCallback(server: http.Server, webUrl: string): Promise<{ token: string; tokenId: string; email: string }> {
-  return new Promise((resolve, reject) => {
-    const timeout = setTimeout(() => {
-      server.close();
-      reject(new Error('Timed out waiting for browser authorization (2 minutes).'));
-    }, 120_000);
-    server.on('request', (req, res) => {
-      const url = new URL(req.url!, `http://localhost`);
-      const token = url.searchParams.get('token');
-      const tokenId = url.searchParams.get('tokenId') || '';
-      const email = url.searchParams.get('email') || '';
-      res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
-      res.end(successHtml(webUrl));
-      clearTimeout(timeout);
-      server.close();
-      if (!token) {
-        reject(new Error('No token received from browser.'));
-      } else {
-        resolve({ token, tokenId, email });
-      }
-    });
-  });
-}
-export function registerAuth(program: Command): void {
-  const auth = program.command('auth').description('Authentication commands');
-  // login
-  auth
-    .command('login')
-    .description('Log in to NEXUS AI via browser')
-    .option('--api-url <url>', 'Backend API base URL (e.g. http://localhost:3001)')
-    .option('--web-url <url>', 'Frontend URL (e.g. http://localhost:3002)')
-    .option('--token <token>', 'Use an existing nxk_* access token directly')
-    .action(async (opts) => {
-      const apiUrl = opts.apiUrl || process.env.NEXUSAI_API_URL || 'https://nexusai.run';
-      const webUrl = opts.webUrl || process.env.NEXUSAI_WEB_URL
-        || apiUrl.replace(':3001', ':3002').replace('api.nexusai.run', 'nexusai.run');
-      // --token shortcut: skip browser
-      if (opts.token) {
-        try {
-          const res = await axios.get(`${apiUrl}/api/auth/verify`, {
-            headers: { Authorization: `Bearer ${opts.token}` },
-          });
-          const user = res.data;
-          saveConfig({ apiUrl, token: opts.token, tokenId: '' });
-          success(`Logged in as ${user.email || user.user?.email}`);
-        } catch (err) {
-          errorMsg('Token verification failed: ' + apiError(err));
-          process.exit(1);
-        }
-        return;
-      }
-      // Start local callback server on a random port
-      const server = http.createServer();
-      await new Promise<void>((resolve) => server.listen(0, '127.0.0.1', resolve));
-      const port = (server.address() as AddressInfo).port;
-      const callbackUrl = `http://localhost:${port}`;
-      const authUrl = `${webUrl}/cli-auth?callback=${encodeURIComponent(callbackUrl)}`;
-      console.log('');
-      console.log('Opening your browser to complete login...');
-      console.log('');
-      console.log(`  ${authUrl}`);
-      console.log('');
-      console.log('If the browser did not open, copy the URL above into your browser.');
-      console.log('');
-      openBrowser(authUrl);
-      const spin = spinner('Waiting for browser authorization...');
-      try {
-        const { token, tokenId, email } = await waitForCallback(server, webUrl);
-        saveConfig({ apiUrl, token, tokenId });
-        spin.stop();
-        success(`Logged in as ${email}`);
-      } catch (err) {
-        spin.fail(err instanceof Error ? err.message : String(err));
-        process.exit(1);
-      }
-    });
-  // logout
-  auth
-    .command('logout')
-    .description('Log out and revoke access token')
-    .action(async () => {
-      const config = getConfig();
-      if (!config.token) {
-        console.log('Not logged in.');
-        return;
-      }
-      if (config.tokenId) {
-        try {
-          await client.post(`/api/tokens/${config.tokenId}/revoke`);
-        } catch {
-          // best-effort revocation
-        }
-      }
-      clearConfig();
-      success('Logged out.');
-    });
-  // whoami
-  auth
-    .command('whoami')
-    .description('Show current authenticated user')
-    .option('--json', 'Output raw JSON')
-    .action(async (opts) => {
-      try {
-        const res = await client.get('/api/auth/verify');
-        const user = unwrap(res.data);
-        if (opts.json) {
-          printJson(user);
-          return;
-        }
-        const u = user.user || user;
-        const email = u.email || 'unknown';
-        const org = u.organization?.name || u.organizationId || '—';
-        const role = u.role || '—';
-        printTable(['Field', 'Value'], [
-          ['Email', email],
-          ['Organization', org],
-          ['Role', role],
-        ]);
-      } catch (err) {
-        errorMsg(apiError(err));
-        process.exit(1);
-      }
-    });
-}

package/src/commands/bucket.ts DELETED Viewed

@@ -1,261 +0,0 @@
-import { Command } from 'commander';
-import inquirer from 'inquirer';
-import * as fs from 'fs';
-import * as path from 'path';
-import { client, apiError, unwrap } from '../client.js';
-import { printTable, printJson, success, errorMsg, timeAgo } from '../output.js';
-function formatBytes(bytes: number | bigint): string {
-  const n = typeof bytes === 'bigint' ? Number(bytes) : bytes;
-  if (n < 1024) return `${n} B`;
-  if (n < 1024 * 1024) return `${(n / 1024).toFixed(1)} KB`;
-  if (n < 1024 * 1024 * 1024) return `${(n / (1024 * 1024)).toFixed(1)} MB`;
-  return `${(n / (1024 * 1024 * 1024)).toFixed(2)} GB`;
-}
-export function registerBucket(program: Command): void {
-  const bk = program
-    .command('bucket')
-    .description('Object storage buckets (S3-compatible MinIO buckets)');
-  bk
-    .command('list')
-    .description('List buckets')
-    .option('--json', 'Output raw JSON')
-    .action(async (opts) => {
-      try {
-        const res = await client.get('/api/buckets');
-        const buckets: any[] = unwrap(res.data) || [];
-        if (opts.json) { printJson(buckets); return; }
-        if (!buckets.length) { console.log('No buckets found.'); return; }
-        printTable(
-          ['ID', 'NAME', 'SIZE', 'OBJECTS', 'ATTACHED TO', 'CREATED'],
-          buckets.map((b: any) => [
-            b.id,
-            b.displayName ? `${b.name} (${b.displayName})` : b.name,
-            formatBytes(b.sizeBytes),
-            String(b.objectCount),
-            b.attachments?.length ? b.attachments.map((a: any) => a.deploymentName).join(', ') : '—',
-            b.createdAt ? timeAgo(b.createdAt) : '—',
-          ])
-        );
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-  bk
-    .command('create <name>')
-    .description('Create a new bucket (org-scoped)')
-    .option('--display-name <name>', 'Friendly display name')
-    .option('--region <region>', 'Region', 'us-east-1')
-    .option('--json', 'Output raw JSON')
-    .action(async (name, opts) => {
-      try {
-        const res = await client.post('/api/buckets', {
-          name,
-          displayName: opts.displayName,
-          region: opts.region,
-        });
-        const b = unwrap(res.data);
-        if (opts.json) { printJson(b); return; }
-        success(`Bucket created: ${b.id}  (${b.name})`);
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-  bk
-    .command('delete <id>')
-    .description('Delete a bucket (must be detached first; deletes all objects)')
-    .option('--yes', 'Skip confirmation prompt')
-    .action(async (id, opts) => {
-      if (!opts.yes) {
-        const { confirm } = await inquirer.prompt([
-          { type: 'confirm', name: 'confirm', message: `Delete bucket "${id}" and ALL its objects?`, default: false },
-        ]);
-        if (!confirm) { console.log('Cancelled.'); return; }
-      }
-      try {
-        await client.delete(`/api/buckets/${id}`);
-        success(`Bucket ${id} deleted.`);
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-  bk
-    .command('attach <id> <deployment-id>')
-    .description('Attach a bucket to a deployment (injects S3_* env vars on next deploy)')
-    .action(async (id, deploymentId) => {
-      try {
-        await client.post(`/api/buckets/${id}/attach`, { deploymentId });
-        success(`Attached bucket ${id} to deployment ${deploymentId}.`);
-        console.log("  Run 'nexus deploy redeploy <id>' for env vars to take effect.");
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-  bk
-    .command('detach <id> <deployment-id>')
-    .description('Detach a bucket from a deployment')
-    .action(async (id, deploymentId) => {
-      try {
-        await client.post(`/api/buckets/${id}/detach`, { deploymentId });
-        success(`Bucket ${id} detached from ${deploymentId}.`);
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-  bk
-    .command('credentials <id>')
-    .description('Reveal the S3-compatible credentials for an external client (audit-logged)')
-    .option('--json', 'Output raw JSON')
-    .action(async (id, opts) => {
-      try {
-        const res = await client.get(`/api/buckets/${id}/credentials`);
-        const c = unwrap(res.data);
-        if (opts.json) { printJson(c); return; }
-        console.log(`Endpoint:    ${c.endpoint}`);
-        console.log(`Region:      ${c.region}`);
-        console.log(`Bucket:      ${c.bucket}`);
-        console.log(`Access key:  ${c.accessKey}`);
-        console.log(`Secret key:  ${c.secretKey}`);
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-  bk
-    .command('rotate-credentials <id>')
-    .description('Rotate the per-bucket S3 access key (use to migrate legacy buckets to scoped IAM)')
-    .option('--yes', 'Skip confirmation prompt')
-    .action(async (id, opts) => {
-      if (!opts.yes) {
-        const { confirm } = await inquirer.prompt([
-          {
-            type: 'confirm',
-            name: 'confirm',
-            message: 'Rotate credentials? Attached deployments must be redeployed to pick up new S3_* env vars.',
-            default: false,
-          },
-        ]);
-        if (!confirm) { console.log('Cancelled.'); return; }
-      }
-      try {
-        await client.post(`/api/buckets/${id}/rotate-credentials`);
-        success(`Credentials rotated. Redeploy any attached deployments.`);
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-  bk
-    .command('refresh-usage <id>')
-    .description('Refresh size and object count for a bucket')
-    .option('--json', 'Output raw JSON')
-    .action(async (id, opts) => {
-      try {
-        const res = await client.post(`/api/buckets/${id}/refresh-usage`);
-        const b = unwrap(res.data);
-        if (opts.json) { printJson(b); return; }
-        success(`${b.name}: ${formatBytes(b.sizeBytes)} across ${b.objectCount} object(s)`);
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-  // ---- file ops ------------------------------------------------------------
-  bk
-    .command('files <id>')
-    .description('List files in a bucket')
-    .option('--prefix <prefix>', 'Filter by key prefix')
-    .option('--limit <n>', 'Max keys to return (default 1000)', '1000')
-    .option('--json', 'Output raw JSON')
-    .action(async (id, opts) => {
-      try {
-        const params: Record<string, string> = { limit: opts.limit };
-        if (opts.prefix) params.prefix = opts.prefix;
-        const res = await client.get(`/api/buckets/${id}/files`, { params });
-        const data = unwrap(res.data);
-        if (opts.json) { printJson(data); return; }
-        if (!data.objects?.length) { console.log('Empty.'); return; }
-        printTable(
-          ['KEY', 'SIZE', 'MODIFIED'],
-          data.objects.map((o: any) => [
-            o.key,
-            formatBytes(o.sizeBytes),
-            o.lastModified ? timeAgo(o.lastModified) : '—',
-          ])
-        );
-        if (data.truncated) console.log(`(truncated — pass --limit to see more)`);
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-  bk
-    .command('upload <id> <local-file>')
-    .description('Upload a local file into the bucket')
-    .option('--key <key>', 'Object key (default: filename of local file)')
-    .action(async (id, localFile, opts) => {
-      try {
-        if (!fs.existsSync(localFile)) {
-          errorMsg(`File not found: ${localFile}`);
-          process.exit(1);
-        }
-        const key = opts.key || path.basename(localFile);
-        const stat = fs.statSync(localFile);
-        const stream = fs.createReadStream(localFile);
-        await client.put(
-          `/api/buckets/${id}/files/${encodeURIComponent(key)}`,
-          stream,
-          { headers: { 'Content-Type': 'application/octet-stream', 'Content-Length': String(stat.size) } }
-        );
-        success(`Uploaded ${formatBytes(stat.size)} → ${key}`);
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-  bk
-    .command('download <id> <key>')
-    .description('Download a file from the bucket')
-    .option('--out <path>', 'Local output path (default: key basename)')
-    .option('--share', 'Print a short-lived signed URL instead of downloading')
-    .option('--ttl <seconds>', 'Lifetime for --share URL in seconds (30-3600, default 300)', '300')
-    .option('--json', 'Output raw JSON (only with --share)')
-    .action(async (id, key, opts) => {
-      try {
-        if (opts.share) {
-          const res = await client.post(
-            `/api/buckets/${id}/files/${encodeURIComponent(key)}/download-url`,
-            { ttlSeconds: parseInt(opts.ttl, 10) || 300 }
-          );
-          const data = unwrap(res.data);
-          if (opts.json) { printJson(data); return; }
-          console.log(`URL:        ${data.url}`);
-          console.log(`Key:        ${data.key}`);
-          console.log(`Expires at: ${data.expiresAt}`);
-          return;
-        }
-        const res = await client.get(
-          `/api/buckets/${id}/files/${encodeURIComponent(key)}/download`,
-          { responseType: 'stream' }
-        );
-        const outPath = path.resolve(opts.out || path.basename(key));
-        const dir = path.dirname(outPath);
-        if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
-        await new Promise<void>((resolve, reject) => {
-          const writer = fs.createWriteStream(outPath);
-          res.data.pipe(writer);
-          writer.on('finish', () => resolve());
-          writer.on('error', reject);
-          res.data.on('error', reject);
-        });
-        success(`Downloaded → ${outPath}`);
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-  bk
-    .command('rm <id> <key>')
-    .description('Delete a file from the bucket')
-    .option('--yes', 'Skip confirmation prompt')
-    .action(async (id, key, opts) => {
-      if (!opts.yes) {
-        const { confirm } = await inquirer.prompt([
-          { type: 'confirm', name: 'confirm', message: `Delete "${key}"?`, default: false },
-        ]);
-        if (!confirm) { console.log('Cancelled.'); return; }
-      }
-      try {
-        await client.delete(`/api/buckets/${id}/files/${encodeURIComponent(key)}`);
-        success(`Deleted ${key}`);
-      } catch (err) { errorMsg(apiError(err)); process.exit(1); }
-    });
-}