numo-cli 1.3.0 → 1.5.0

package/dist/cli.cjs

@@ -3217,6 +3217,336 @@ var init_http = __esm({
   }
 });
 
+// src/cli/lib/dirs.ts
+function getConfigDir() {
+  if (process.env.NUMO_CONFIG_DIR) {
+    return process.env.NUMO_CONFIG_DIR;
+  }
+  const xdgHome = process.env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config");
+  const xdgDir = path.join(xdgHome, "numo");
+  if (fs.existsSync(xdgDir)) return xdgDir;
+  if (fs.existsSync(LEGACY_DIR)) return LEGACY_DIR;
+  return xdgDir;
+}
+function ensureConfigDir() {
+  const dir = getConfigDir();
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true, mode: 448 });
+  }
+  return dir;
+}
+function getCredentialsPath() {
+  return path.join(getConfigDir(), "credentials.json");
+}
+function migrateIfNeeded() {
+  const xdgHome = process.env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config");
+  const xdgDir = path.join(xdgHome, "numo");
+  if (process.env.NUMO_CONFIG_DIR) return;
+  const legacyCreds = path.join(LEGACY_DIR, "credentials.json");
+  if (!fs.existsSync(legacyCreds) || fs.existsSync(xdgDir)) return;
+  try {
+    fs.mkdirSync(xdgDir, { recursive: true, mode: 448 });
+    const data = fs.readFileSync(legacyCreds, "utf8");
+    fs.writeFileSync(path.join(xdgDir, "credentials.json"), data, { mode: 384 });
+    const legacyStreaks = path.join(LEGACY_DIR, "streaks.json");
+    if (fs.existsSync(legacyStreaks)) {
+      const streaksData = fs.readFileSync(legacyStreaks, "utf8");
+      fs.writeFileSync(path.join(xdgDir, "streaks.json"), streaksData, { mode: 384 });
+    }
+    process.stderr.write(`Migrated config from ${LEGACY_DIR} to ${xdgDir}
+`);
+  } catch {
+  }
+}
+var fs, path, os, LEGACY_DIR;
+var init_dirs = __esm({
+  "src/cli/lib/dirs.ts"() {
+    "use strict";
+    fs = __toESM(require("fs"), 1);
+    path = __toESM(require("path"), 1);
+    os = __toESM(require("os"), 1);
+    LEGACY_DIR = path.join(os.homedir(), ".numo");
+  }
+});
+
+// src/cli/lib/errors.ts
+function classifyError(err) {
+  if (err instanceof CliError) return err;
+  const axiosErr = err;
+  if (axiosErr.code === "ECONNABORTED" || axiosErr.code === "ETIMEDOUT") return Errors.timeout();
+  if (axiosErr.code === "ENOTFOUND" || axiosErr.code === "EAI_AGAIN") return Errors.networkError();
+  if (axiosErr.code === "ECONNREFUSED" || axiosErr.code === "ECONNRESET") {
+    return Errors.networkError("Service may be temporarily down. Try again in a moment.");
+  }
+  const status = axiosErr.response?.status;
+  if (status === 401) return Errors.authRequired();
+  if (status === 403) {
+    return new CliError("AUTH_FORBIDDEN" /* AUTH_FORBIDDEN */, "Access denied", ExitCode.NO_PERM, {
+      hint: "You don't have permission for this action."
+    });
+  }
+  if (status === 404) return Errors.notFound("Resource");
+  if (status === 429) {
+    const retryAfter = parseInt(axiosErr.response?.headers?.["retry-after"] ?? "");
+    return Errors.rateLimited(isNaN(retryAfter) ? void 0 : retryAfter);
+  }
+  if (status && status >= 500) {
+    return new CliError("SERVICE_UNAVAILABLE" /* SERVICE_UNAVAILABLE */, "Server error", ExitCode.UNAVAILABLE, {
+      hint: "This is on our end. Try again in a moment.",
+      retryable: true
+    });
+  }
+  const body = axiosErr.response?.data;
+  const raw = body?.error?.message ?? axiosErr.message ?? "Unknown error";
+  const message = sanitizeErrorMessage(raw);
+  return new CliError("UNKNOWN" /* UNKNOWN */, message, ExitCode.GENERAL, { cause: err });
+}
+function sanitizeErrorMessage(msg) {
+  return msg.replace(/https?:\/\/\S+/g, "<url>").replace(/\/(?:Users|home|var|tmp)\/\S+/g, "<path>").replace(/[A-Za-z0-9_-]{40,}/g, "<token>");
+}
+var ExitCode, CliError, Errors;
+var init_errors = __esm({
+  "src/cli/lib/errors.ts"() {
+    "use strict";
+    ExitCode = {
+      OK: 0,
+      GENERAL: 1,
+      USAGE: 2,
+      UNAVAILABLE: 69,
+      TEMP_FAIL: 75,
+      NO_PERM: 77,
+      CONFIG: 78,
+      NOT_FOUND: 100,
+      CONFLICT: 101
+    };
+    CliError = class extends Error {
+      constructor(kind, message, exitCode = ExitCode.GENERAL, options = {}) {
+        super(message);
+        this.kind = kind;
+        this.exitCode = exitCode;
+        this.options = options;
+        this.name = "CliError";
+      }
+      toJSON() {
+        return {
+          error: {
+            kind: this.kind,
+            code: this.exitCode,
+            message: this.message,
+            ...this.options.suggestion && { suggestion: this.options.suggestion },
+            ...this.options.hint && { hint: this.options.hint },
+            retryable: this.options.retryable ?? false,
+            ...this.options.retryAfter != null && { retryAfter: this.options.retryAfter }
+          }
+        };
+      }
+    };
+    Errors = {
+      authRequired: () => new CliError("AUTH_REQUIRED" /* AUTH_REQUIRED */, "Not logged in", ExitCode.NO_PERM, {
+        suggestion: "numo login"
+      }),
+      notFound: (resource, id) => new CliError("NOT_FOUND" /* NOT_FOUND */, `${resource} not found${id ? `: ${id}` : ""}`, ExitCode.NOT_FOUND, {
+        suggestion: `numo ${resource.toLowerCase()}s list`
+      }),
+      missingArg: (name, flag) => new CliError("MISSING_ARGUMENT" /* MISSING_ARGUMENT */, `${name} is required`, ExitCode.USAGE, {
+        suggestion: `Use --${flag}`,
+        hint: "Run with --help for all options."
+      }),
+      invalidInput: (message, hint) => new CliError("INVALID_INPUT" /* INVALID_INPUT */, message, ExitCode.USAGE, { hint }),
+      configMissing: (key) => new CliError("CONFIG_ERROR" /* CONFIG_ERROR */, `${key} not set`, ExitCode.CONFIG, {
+        suggestion: `export ${key}=<value>`
+      }),
+      networkError: (hint) => new CliError("NETWORK_ERROR" /* NETWORK_ERROR */, "Can't reach Numo servers", ExitCode.UNAVAILABLE, {
+        hint: hint ?? "Check your internet connection.",
+        retryable: true
+      }),
+      timeout: () => new CliError("TIMEOUT" /* TIMEOUT */, "Request timed out", ExitCode.TEMP_FAIL, {
+        hint: "The server took too long to respond. Try again.",
+        retryable: true
+      }),
+      rateLimited: (retryAfter) => new CliError("RATE_LIMITED" /* RATE_LIMITED */, "Too many requests", ExitCode.TEMP_FAIL, {
+        hint: retryAfter ? `Wait ${retryAfter} seconds and try again.` : "Wait a moment and try again.",
+        retryable: true,
+        retryAfter
+      })
+    };
+  }
+});
+
+// src/cli/lib/api-client.ts
+var api_client_exports = {};
+__export(api_client_exports, {
+  API_BASE: () => API_BASE,
+  api: () => api
+});
+function toCliError(err) {
+  if (err instanceof CliError) return err;
+  const httpErr = err;
+  if (httpErr.code === "ECONNABORTED" || httpErr.code === "ETIMEDOUT") {
+    return new CliError("TIMEOUT" /* TIMEOUT */, "Request timed out", ExitCode.TEMP_FAIL, {
+      hint: "The API server took too long to respond.",
+      retryable: true
+    });
+  }
+  if (httpErr.code === "ECONNREFUSED" || httpErr.code === "ECONNRESET" || httpErr.code === "ENOTFOUND") {
+    return new CliError("NETWORK_ERROR" /* NETWORK_ERROR */, "Can't reach Numo API", ExitCode.UNAVAILABLE, {
+      hint: "Is the API server running? Check NUMO_API_URL.",
+      retryable: true
+    });
+  }
+  const body = httpErr.response?.data;
+  if (body?.error) {
+    const e = body.error;
+    const kind = e.kind ?? "UNKNOWN" /* UNKNOWN */;
+    const exitCode = KIND_EXIT[kind] ?? ExitCode.GENERAL;
+    return new CliError(kind, e.message ?? "Unknown error", exitCode, {
+      retryable: e.retryable,
+      retryAfter: e.retryAfter
+    });
+  }
+  return new CliError("UNKNOWN" /* UNKNOWN */, httpErr.message ?? "Unknown error", ExitCode.GENERAL);
+}
+async function apiHeaders() {
+  const token = await getIdToken();
+  return {
+    Authorization: `Bearer ${token}`,
+    "Content-Type": "application/json"
+  };
+}
+function url(path3, params) {
+  const u2 = `${API_BASE}${path3}`;
+  if (!params) return u2;
+  const sp = new URLSearchParams();
+  for (const [k2, v] of Object.entries(params)) {
+    if (v !== void 0) sp.set(k2, v);
+  }
+  const qs = sp.toString();
+  return qs ? `${u2}?${qs}` : u2;
+}
+var API_BASE, KIND_EXIT, api;
+var init_api_client = __esm({
+  "src/cli/lib/api-client.ts"() {
+    "use strict";
+    init_credentials();
+    init_http();
+    init_errors();
+    API_BASE = process.env.NUMO_API_URL ?? (true ? "https://api.numo.ai" : "http://localhost:3000");
+    if (API_BASE !== "http://localhost:3000" && API_BASE.startsWith("http://")) {
+      process.stderr.write("[warn] NUMO_API_URL uses HTTP \u2014 tokens sent unencrypted. Use HTTPS in production.\n");
+    }
+    KIND_EXIT = {
+      AUTH_REQUIRED: ExitCode.NO_PERM,
+      AUTH_EXPIRED: ExitCode.NO_PERM,
+      AUTH_FORBIDDEN: ExitCode.NO_PERM,
+      INVALID_INPUT: ExitCode.USAGE,
+      MISSING_ARGUMENT: ExitCode.USAGE,
+      NOT_FOUND: ExitCode.NOT_FOUND,
+      CONFLICT: ExitCode.CONFLICT,
+      RATE_LIMITED: ExitCode.TEMP_FAIL,
+      NETWORK_ERROR: ExitCode.UNAVAILABLE,
+      TIMEOUT: ExitCode.TEMP_FAIL,
+      SERVICE_UNAVAILABLE: ExitCode.UNAVAILABLE
+    };
+    api = {
+      async get(path3, params) {
+        try {
+          const resp = await http.get(url(path3, params), { headers: await apiHeaders() });
+          return resp.data;
+        } catch (err) {
+          throw toCliError(err);
+        }
+      },
+      async post(path3, body) {
+        try {
+          const resp = await http.post(url(path3), body, { headers: await apiHeaders() });
+          return resp.data;
+        } catch (err) {
+          throw toCliError(err);
+        }
+      },
+      async patch(path3, body) {
+        try {
+          const resp = await http.patch(url(path3), body, { headers: await apiHeaders() });
+          return resp.data;
+        } catch (err) {
+          throw toCliError(err);
+        }
+      },
+      async del(path3) {
+        try {
+          const resp = await http.delete(url(path3), { headers: await apiHeaders() });
+          return resp.data;
+        } catch (err) {
+          throw toCliError(err);
+        }
+      }
+    };
+  }
+});
+
+// src/cli/auth/credentials.ts
+function loadCredentials() {
+  try {
+    const data = JSON.parse(fs2.readFileSync(getCredentialsPath(), "utf8"));
+    if (typeof data?.refreshToken !== "string" || typeof data?.uid !== "string" || typeof data?.email !== "string") {
+      return null;
+    }
+    return data;
+  } catch {
+    return null;
+  }
+}
+function saveCredentials(creds) {
+  ensureConfigDir();
+  fs2.writeFileSync(getCredentialsPath(), JSON.stringify(creds, null, 2), { mode: 384 });
+}
+function clearCredentials() {
+  try {
+    const credPath = getCredentialsPath();
+    const stat = fs2.statSync(credPath);
+    fs2.writeFileSync(credPath, crypto.randomBytes(stat.size));
+    fs2.unlinkSync(credPath);
+  } catch {
+  }
+}
+async function getIdToken() {
+  const envToken = process.env.NUMO_TOKEN;
+  if (envToken) return envToken;
+  const creds = loadCredentials();
+  if (!creds) throw new Error("Not logged in. Run: numo login");
+  if (creds.idToken && creds.idTokenExpiry && Date.now() < creds.idTokenExpiry - 6e4) {
+    return creds.idToken;
+  }
+  if (refreshInFlight) return refreshInFlight;
+  refreshInFlight = performRefresh(creds).finally(() => {
+    refreshInFlight = null;
+  });
+  return refreshInFlight;
+}
+async function performRefresh(creds) {
+  const { API_BASE: apiBase } = await Promise.resolve().then(() => (init_api_client(), api_client_exports));
+  const { http: http2 } = await Promise.resolve().then(() => (init_http(), http_exports));
+  const resp = await http2.post(
+    `${apiBase}/api/auth/refresh`,
+    { refreshToken: creds.refreshToken }
+  );
+  creds.idToken = resp.data.idToken;
+  creds.refreshToken = resp.data.refreshToken ?? creds.refreshToken;
+  creds.idTokenExpiry = Date.now() + (resp.data.expiresIn || 3600) * 1e3;
+  saveCredentials(creds);
+  return creds.idToken;
+}
+var fs2, crypto, refreshInFlight;
+var init_credentials = __esm({
+  "src/cli/auth/credentials.ts"() {
+    "use strict";
+    fs2 = __toESM(require("fs"), 1);
+    crypto = __toESM(require("crypto"), 1);
+    init_dirs();
+    refreshInFlight = null;
+  }
+});
+
 // src/cli/lib/tty.ts
 function isInteractive() {
   if (!process.stdin.isTTY || !process.stdout.isTTY) return false;
@@ -4993,132 +5323,28 @@ async function promptMultiSelect(opts) {
   const p = await loadClack();
   const value = await p.multiselect({
     message: opts.message,
-    options: opts.options,
-    required: opts.required ?? false
-  });
-  if (p.isCancel(value)) {
-    process.exit(130);
-  }
-  return value;
-}
-async function promptForMissing(opts) {
-  if (opts.value !== void 0 && opts.value !== "") {
-    return opts.value;
-  }
-  return promptText({
-    message: opts.message,
-    placeholder: opts.placeholder,
-    required: opts.required ?? true
-  });
-}
-var init_prompts = __esm({
-  "src/cli/lib/prompts.ts"() {
-    "use strict";
-    init_tty();
-  }
-});
-
-// src/cli/lib/errors.ts
-function classifyError(err) {
-  if (err instanceof CliError) return err;
-  const axiosErr = err;
-  if (axiosErr.code === "ECONNABORTED" || axiosErr.code === "ETIMEDOUT") return Errors.timeout();
-  if (axiosErr.code === "ENOTFOUND" || axiosErr.code === "EAI_AGAIN") return Errors.networkError();
-  if (axiosErr.code === "ECONNREFUSED" || axiosErr.code === "ECONNRESET") {
-    return Errors.networkError("Service may be temporarily down. Try again in a moment.");
-  }
-  const status = axiosErr.response?.status;
-  if (status === 401) return Errors.authRequired();
-  if (status === 403) {
-    return new CliError("AUTH_FORBIDDEN" /* AUTH_FORBIDDEN */, "Access denied", ExitCode.NO_PERM, {
-      hint: "You don't have permission for this action."
-    });
-  }
-  if (status === 404) return Errors.notFound("Resource");
-  if (status === 429) {
-    const retryAfter = parseInt(axiosErr.response?.headers?.["retry-after"] ?? "");
-    return Errors.rateLimited(isNaN(retryAfter) ? void 0 : retryAfter);
-  }
-  if (status && status >= 500) {
-    return new CliError("SERVICE_UNAVAILABLE" /* SERVICE_UNAVAILABLE */, "Server error", ExitCode.UNAVAILABLE, {
-      hint: "This is on our end. Try again in a moment.",
-      retryable: true
-    });
+    options: opts.options,
+    required: opts.required ?? false
+  });
+  if (p.isCancel(value)) {
+    process.exit(130);
   }
-  const body = axiosErr.response?.data;
-  const raw = body?.error?.message ?? axiosErr.message ?? "Unknown error";
-  const message = sanitizeErrorMessage(raw);
-  return new CliError("UNKNOWN" /* UNKNOWN */, message, ExitCode.GENERAL, { cause: err });
+  return value;
 }
-function sanitizeErrorMessage(msg) {
-  return msg.replace(/https?:\/\/\S+/g, "<url>").replace(/\/(?:Users|home|var|tmp)\/\S+/g, "<path>").replace(/[A-Za-z0-9_-]{40,}/g, "<token>");
+async function promptForMissing(opts) {
+  if (opts.value !== void 0 && opts.value !== "") {
+    return opts.value;
+  }
+  return promptText({
+    message: opts.message,
+    placeholder: opts.placeholder,
+    required: opts.required ?? true
+  });
 }
-var ExitCode, CliError, Errors;
-var init_errors = __esm({
-  "src/cli/lib/errors.ts"() {
+var init_prompts = __esm({
+  "src/cli/lib/prompts.ts"() {
     "use strict";
-    ExitCode = {
-      OK: 0,
-      GENERAL: 1,
-      USAGE: 2,
-      UNAVAILABLE: 69,
-      TEMP_FAIL: 75,
-      NO_PERM: 77,
-      CONFIG: 78,
-      NOT_FOUND: 100,
-      CONFLICT: 101
-    };
-    CliError = class extends Error {
-      constructor(kind, message, exitCode = ExitCode.GENERAL, options = {}) {
-        super(message);
-        this.kind = kind;
-        this.exitCode = exitCode;
-        this.options = options;
-        this.name = "CliError";
-      }
-      toJSON() {
-        return {
-          error: {
-            kind: this.kind,
-            code: this.exitCode,
-            message: this.message,
-            ...this.options.suggestion && { suggestion: this.options.suggestion },
-            ...this.options.hint && { hint: this.options.hint },
-            retryable: this.options.retryable ?? false,
-            ...this.options.retryAfter != null && { retryAfter: this.options.retryAfter }
-          }
-        };
-      }
-    };
-    Errors = {
-      authRequired: () => new CliError("AUTH_REQUIRED" /* AUTH_REQUIRED */, "Not logged in", ExitCode.NO_PERM, {
-        suggestion: "numo login"
-      }),
-      notFound: (resource, id) => new CliError("NOT_FOUND" /* NOT_FOUND */, `${resource} not found${id ? `: ${id}` : ""}`, ExitCode.NOT_FOUND, {
-        suggestion: `numo ${resource.toLowerCase()}s list`
-      }),
-      missingArg: (name, flag) => new CliError("MISSING_ARGUMENT" /* MISSING_ARGUMENT */, `${name} is required`, ExitCode.USAGE, {
-        suggestion: `Use --${flag}`,
-        hint: "Run with --help for all options."
-      }),
-      invalidInput: (message, hint) => new CliError("INVALID_INPUT" /* INVALID_INPUT */, message, ExitCode.USAGE, { hint }),
-      configMissing: (key) => new CliError("CONFIG_ERROR" /* CONFIG_ERROR */, `${key} not set`, ExitCode.CONFIG, {
-        suggestion: `export ${key}=<value>`
-      }),
-      networkError: (hint) => new CliError("NETWORK_ERROR" /* NETWORK_ERROR */, "Can't reach Numo servers", ExitCode.UNAVAILABLE, {
-        hint: hint ?? "Check your internet connection.",
-        retryable: true
-      }),
-      timeout: () => new CliError("TIMEOUT" /* TIMEOUT */, "Request timed out", ExitCode.TEMP_FAIL, {
-        hint: "The server took too long to respond. Try again.",
-        retryable: true
-      }),
-      rateLimited: (retryAfter) => new CliError("RATE_LIMITED" /* RATE_LIMITED */, "Too many requests", ExitCode.TEMP_FAIL, {
-        hint: retryAfter ? `Wait ${retryAfter} seconds and try again.` : "Wait a moment and try again.",
-        retryable: true,
-        retryAfter
-      })
-    };
+    init_tty();
   }
 });
 
@@ -5171,7 +5397,7 @@ async function authenticateWithPhone(spinner) {
   }
   throw Errors.networkError("Phone verification timed out. Try again.");
 }
-var import_picocolors, API_BASE, POLL_INTERVAL, POLL_TIMEOUT;
+var import_picocolors, POLL_INTERVAL, POLL_TIMEOUT;
 var init_phone_login = __esm({
   "src/cli/auth/phone-login.ts"() {
     "use strict";
@@ -5179,7 +5405,7 @@ var init_phone_login = __esm({
     import_picocolors = __toESM(require_picocolors(), 1);
     init_errors();
     init_prompts();
-    API_BASE = process.env.NUMO_API_URL ?? "http://localhost:3000";
+    init_api_client();
     POLL_INTERVAL = 2e3;
     POLL_TIMEOUT = 5 * 60 * 1e3;
   }
@@ -5208,121 +5434,16 @@ var import_picocolors13 = __toESM(require_picocolors(), 1);
 // src/cli/auth/login.ts
 init_http();
 var import_picocolors2 = __toESM(require_picocolors(), 1);
-
-// src/cli/auth/credentials.ts
-var fs2 = __toESM(require("fs"), 1);
-var crypto = __toESM(require("crypto"), 1);
-
-// src/cli/lib/dirs.ts
-var fs = __toESM(require("fs"), 1);
-var path = __toESM(require("path"), 1);
-var os = __toESM(require("os"), 1);
-var LEGACY_DIR = path.join(os.homedir(), ".numo");
-function getConfigDir() {
-  if (process.env.NUMO_CONFIG_DIR) {
-    return process.env.NUMO_CONFIG_DIR;
-  }
-  const xdgHome = process.env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config");
-  const xdgDir = path.join(xdgHome, "numo");
-  if (fs.existsSync(xdgDir)) return xdgDir;
-  if (fs.existsSync(LEGACY_DIR)) return LEGACY_DIR;
-  return xdgDir;
-}
-function ensureConfigDir() {
-  const dir = getConfigDir();
-  if (!fs.existsSync(dir)) {
-    fs.mkdirSync(dir, { recursive: true, mode: 448 });
-  }
-  return dir;
-}
-function getCredentialsPath() {
-  return path.join(getConfigDir(), "credentials.json");
-}
-function migrateIfNeeded() {
-  const xdgHome = process.env.XDG_CONFIG_HOME || path.join(os.homedir(), ".config");
-  const xdgDir = path.join(xdgHome, "numo");
-  if (process.env.NUMO_CONFIG_DIR) return;
-  const legacyCreds = path.join(LEGACY_DIR, "credentials.json");
-  if (!fs.existsSync(legacyCreds) || fs.existsSync(xdgDir)) return;
-  try {
-    fs.mkdirSync(xdgDir, { recursive: true, mode: 448 });
-    const data = fs.readFileSync(legacyCreds, "utf8");
-    fs.writeFileSync(path.join(xdgDir, "credentials.json"), data, { mode: 384 });
-    const legacyStreaks = path.join(LEGACY_DIR, "streaks.json");
-    if (fs.existsSync(legacyStreaks)) {
-      const streaksData = fs.readFileSync(legacyStreaks, "utf8");
-      fs.writeFileSync(path.join(xdgDir, "streaks.json"), streaksData, { mode: 384 });
-    }
-    process.stderr.write(`Migrated config from ${LEGACY_DIR} to ${xdgDir}
-`);
-  } catch {
-  }
-}
-
-// src/cli/auth/credentials.ts
-function loadCredentials() {
-  try {
-    const data = JSON.parse(fs2.readFileSync(getCredentialsPath(), "utf8"));
-    if (typeof data?.refreshToken !== "string" || typeof data?.uid !== "string" || typeof data?.email !== "string") {
-      return null;
-    }
-    return data;
-  } catch {
-    return null;
-  }
-}
-function saveCredentials(creds) {
-  ensureConfigDir();
-  fs2.writeFileSync(getCredentialsPath(), JSON.stringify(creds, null, 2), { mode: 384 });
-}
-function clearCredentials() {
-  try {
-    const credPath = getCredentialsPath();
-    const stat = fs2.statSync(credPath);
-    fs2.writeFileSync(credPath, crypto.randomBytes(stat.size));
-    fs2.unlinkSync(credPath);
-  } catch {
-  }
-}
-var refreshInFlight = null;
-async function getIdToken() {
-  const envToken = process.env.NUMO_TOKEN;
-  if (envToken) return envToken;
-  const creds = loadCredentials();
-  if (!creds) throw new Error("Not logged in. Run: numo login");
-  if (creds.idToken && creds.idTokenExpiry && Date.now() < creds.idTokenExpiry - 6e4) {
-    return creds.idToken;
-  }
-  if (refreshInFlight) return refreshInFlight;
-  refreshInFlight = performRefresh(creds).finally(() => {
-    refreshInFlight = null;
-  });
-  return refreshInFlight;
-}
-async function performRefresh(creds) {
-  const apiBase = process.env.NUMO_API_URL ?? "http://localhost:3000";
-  const { http: http2 } = await Promise.resolve().then(() => (init_http(), http_exports));
-  const resp = await http2.post(
-    `${apiBase}/api/auth/refresh`,
-    { refreshToken: creds.refreshToken }
-  );
-  creds.idToken = resp.data.idToken;
-  creds.refreshToken = resp.data.refreshToken ?? creds.refreshToken;
-  creds.idTokenExpiry = Date.now() + (resp.data.expiresIn || 3600) * 1e3;
-  saveCredentials(creds);
-  return creds.idToken;
-}
-
-// src/cli/auth/login.ts
+init_credentials();
 init_prompts();
 init_errors();
-var API_BASE2 = process.env.NUMO_API_URL ?? "http://localhost:3000";
+init_api_client();
 async function authenticateWithEmail(spinner) {
   const email = await promptText({ message: "Email", required: true });
   const password = await promptPassword({ message: "Password" });
   spinner.start("Signing in...");
   const resp = await http.post(
-    `${API_BASE2}/api/auth/login`,
+    `${API_BASE}/api/auth/login`,
     { email, password }
   );
   return {
@@ -5388,10 +5509,11 @@ async function login(options = {}) {
 // src/cli/auth/register.ts
 init_http();
 var import_picocolors3 = __toESM(require_picocolors(), 1);
+init_credentials();
 init_prompts();
 init_errors();
 init_tty();
-var API_BASE3 = process.env.NUMO_API_URL ?? "http://localhost:3000";
+init_api_client();
 function validateEmail(email) {
   const trimmed = email.trim();
   if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(trimmed)) {
@@ -5426,7 +5548,7 @@ function classifySignUpError(err) {
 }
 async function signUp(email, password) {
   try {
-    const resp = await http.post(`${API_BASE3}/api/auth/register`, {
+    const resp = await http.post(`${API_BASE}/api/auth/register`, {
       email,
       password,
       tz: Intl.DateTimeFormat().resolvedOptions().timeZone,
@@ -5482,6 +5604,9 @@ async function register(options = {}) {
   }
 }
 
+// src/cli/cli.ts
+init_credentials();
+
 // src/cli/commands/tasks.ts
 var import_picocolors8 = __toESM(require_picocolors(), 1);
 
@@ -5864,6 +5989,7 @@ async function runDelete(opts) {
 }
 
 // src/cli/lib/uid.ts
+init_credentials();
 init_errors();
 function requireUid() {
   const creds = loadCredentials();
@@ -5871,106 +5997,8 @@ function requireUid() {
   return creds.uid;
 }
 
-// src/cli/lib/api-client.ts
-init_http();
-init_errors();
-var API_BASE4 = process.env.NUMO_API_URL ?? "http://localhost:3000";
-if (API_BASE4 !== "http://localhost:3000" && API_BASE4.startsWith("http://")) {
-  process.stderr.write("[warn] NUMO_API_URL uses HTTP \u2014 tokens sent unencrypted. Use HTTPS in production.\n");
-}
-var KIND_EXIT = {
-  AUTH_REQUIRED: ExitCode.NO_PERM,
-  AUTH_EXPIRED: ExitCode.NO_PERM,
-  AUTH_FORBIDDEN: ExitCode.NO_PERM,
-  INVALID_INPUT: ExitCode.USAGE,
-  MISSING_ARGUMENT: ExitCode.USAGE,
-  NOT_FOUND: ExitCode.NOT_FOUND,
-  CONFLICT: ExitCode.CONFLICT,
-  RATE_LIMITED: ExitCode.TEMP_FAIL,
-  NETWORK_ERROR: ExitCode.UNAVAILABLE,
-  TIMEOUT: ExitCode.TEMP_FAIL,
-  SERVICE_UNAVAILABLE: ExitCode.UNAVAILABLE
-};
-function toCliError(err) {
-  if (err instanceof CliError) return err;
-  const httpErr = err;
-  if (httpErr.code === "ECONNABORTED" || httpErr.code === "ETIMEDOUT") {
-    return new CliError("TIMEOUT" /* TIMEOUT */, "Request timed out", ExitCode.TEMP_FAIL, {
-      hint: "The API server took too long to respond.",
-      retryable: true
-    });
-  }
-  if (httpErr.code === "ECONNREFUSED" || httpErr.code === "ECONNRESET" || httpErr.code === "ENOTFOUND") {
-    return new CliError("NETWORK_ERROR" /* NETWORK_ERROR */, "Can't reach Numo API", ExitCode.UNAVAILABLE, {
-      hint: "Is the API server running? Check NUMO_API_URL.",
-      retryable: true
-    });
-  }
-  const body = httpErr.response?.data;
-  if (body?.error) {
-    const e = body.error;
-    const kind = e.kind ?? "UNKNOWN" /* UNKNOWN */;
-    const exitCode = KIND_EXIT[kind] ?? ExitCode.GENERAL;
-    return new CliError(kind, e.message ?? "Unknown error", exitCode, {
-      retryable: e.retryable,
-      retryAfter: e.retryAfter
-    });
-  }
-  return new CliError("UNKNOWN" /* UNKNOWN */, httpErr.message ?? "Unknown error", ExitCode.GENERAL);
-}
-async function apiHeaders() {
-  const token = await getIdToken();
-  return {
-    Authorization: `Bearer ${token}`,
-    "Content-Type": "application/json"
-  };
-}
-function url(path3, params) {
-  const u2 = `${API_BASE4}${path3}`;
-  if (!params) return u2;
-  const sp = new URLSearchParams();
-  for (const [k2, v] of Object.entries(params)) {
-    if (v !== void 0) sp.set(k2, v);
-  }
-  const qs = sp.toString();
-  return qs ? `${u2}?${qs}` : u2;
-}
-var api = {
-  async get(path3, params) {
-    try {
-      const resp = await http.get(url(path3, params), { headers: await apiHeaders() });
-      return resp.data;
-    } catch (err) {
-      throw toCliError(err);
-    }
-  },
-  async post(path3, body) {
-    try {
-      const resp = await http.post(url(path3), body, { headers: await apiHeaders() });
-      return resp.data;
-    } catch (err) {
-      throw toCliError(err);
-    }
-  },
-  async patch(path3, body) {
-    try {
-      const resp = await http.patch(url(path3), body, { headers: await apiHeaders() });
-      return resp.data;
-    } catch (err) {
-      throw toCliError(err);
-    }
-  },
-  async del(path3) {
-    try {
-      const resp = await http.delete(url(path3), { headers: await apiHeaders() });
-      return resp.data;
-    } catch (err) {
-      throw toCliError(err);
-    }
-  }
-};
-
 // src/cli/services/tasks.ts
+init_api_client();
 async function listTasks(uid, opts) {
   return api.get("/api/tasks", {
     date: opts.date,
@@ -9505,6 +9533,7 @@ ${import_picocolors9.default.dim("Next page:")} ${import_picocolors9.default.dim
 }
 
 // src/cli/services/posts.ts
+init_api_client();
 async function listPosts(opts) {
   return api.get("/api/posts", {
     cursor: opts.cursor,
@@ -9525,6 +9554,7 @@ async function deletePost(uid, id) {
 }
 
 // src/cli/services/comments.ts
+init_api_client();
 async function listComments(postId, opts) {
   return api.get(`/api/posts/${encodeURIComponent(postId)}/comments`, {
     cursor: opts.cursor,
@@ -9539,6 +9569,7 @@ async function deleteComment(uid, postId, commentId) {
 }
 
 // src/cli/services/replies.ts
+init_api_client();
 async function listReplies(postId, commentId, opts) {
   return api.get(`/api/posts/${encodeURIComponent(postId)}/comments/${encodeURIComponent(commentId)}/replies`, {
     cursor: opts.cursor,
@@ -9854,6 +9885,7 @@ Examples:
 }
 
 // src/cli/services/profile.ts
+init_api_client();
 async function getProfile() {
   return api.get("/api/profile");
 }
@@ -9880,8 +9912,9 @@ function registerProfileCommands(program3) {
 
 // src/cli/commands/doctor.ts
 var import_picocolors11 = __toESM(require_picocolors(), 1);
+init_credentials();
+init_api_client();
 init_tty();
-var API_BASE5 = process.env.NUMO_API_URL ?? "http://localhost:3000";
 async function runChecks() {
   const checks = [];
   const nodeVersion = process.version;
@@ -9894,7 +9927,7 @@ async function runChecks() {
   checks.push({
     name: "api_url",
     status: process.env.NUMO_API_URL ? "ok" : "warn",
-    message: process.env.NUMO_API_URL ? `API URL: ${API_BASE5}` : `NUMO_API_URL not set (using default: ${API_BASE5})`
+    message: process.env.NUMO_API_URL ? `API URL: ${API_BASE}` : `NUMO_API_URL not set (using default: ${API_BASE})`
   });
   const creds = loadCredentials();
   checks.push({
@@ -9913,7 +9946,7 @@ async function runChecks() {
     checks.push({ name: "token", status: "fail", message: "Skipped (no credentials)" });
   }
   try {
-    const resp = await fetch(`${API_BASE5}/api/health`, { signal: AbortSignal.timeout(5e3) });
+    const resp = await fetch(`${API_BASE}/api/health`, { signal: AbortSignal.timeout(5e3) });
     checks.push({ name: "api_reachable", status: "ok", message: `API server reachable (HTTP ${resp.status})` });
   } catch (err) {
     checks.push({ name: "api_reachable", status: "fail", message: `API server unreachable: ${err.message}` });
@@ -9946,10 +9979,14 @@ function registerDoctorCommand(program3) {
   });
 }
 
+// src/cli/cli.ts
+init_dirs();
+
 // src/cli/lib/update-check.ts
 var fs4 = __toESM(require("fs"), 1);
 var path2 = __toESM(require("path"), 1);
 var import_picocolors12 = __toESM(require_picocolors(), 1);
+init_dirs();
 init_tty();
 var CHECK_INTERVAL = 24 * 60 * 60 * 1e3;
 var PACKAGE_NAME = "numo-cli";
@@ -10015,7 +10052,7 @@ function fetchLatestVersion(state) {
 // src/cli/cli.ts
 init_tty();
 init_errors();
-var CLI_VERSION = true ? "1.3.0" : "0.0.0-dev";
+var CLI_VERSION = true ? "1.5.0" : "0.0.0-dev";
 var program2 = new Command();
 program2.name("numo").description("CLI for Numo \u2014 programmatic access for humans and AI agents").version(CLI_VERSION).option("--json [fields]", "Output as JSON (optionally: comma-separated field names)").option("-q, --quiet", "Suppress interactive output, implies --json").hook("preAction", (thisCommand) => {
   const opts = thisCommand.optsWithGlobals();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "numo-cli",
-  "version": "1.3.0",
+  "version": "1.5.0",
   "description": "CLI and programmatic API for Numo ADHD planner — create, complete, and manage tasks from the terminal or AI agents",
   "type": "module",
   "bin": {