ogment 0.1.0

package/README.md

@@ -0,0 +1,94 @@
+# Ogment CLI
+
+**Secure your AI agents' SaaS credentials.**
+
+Ogment sits between your AI agent and your SaaS tools. Your agent gets a scoped, short-lived token. Your real API credentials never leave Ogment.
+
+## Quick Start
+
+```bash
+# 1. Log in (opens browser for OAuth)
+npx ogment login
+
+# 2. Get config snippets for your MCP client
+npx ogment connect acme/main
+
+# 3. Paste the snippet into Claude Desktop, Cursor, or ChatGPT
+# → Your agent is connected. Done.
+```
+
+## Commands
+
+### `ogment login`
+
+Authenticate with the Ogment platform via OAuth2 in the browser.
+
+```bash
+npx ogment login
+```
+
+Opens your browser to sign in. After authentication, a token is stored locally at `~/.config/ogment/credentials.json`.
+
+### `ogment connect <org>/<server>`
+
+Print ready-to-paste config snippets for every major MCP client.
+
+```bash
+# Interactive
+npx ogment connect acme/main
+
+# JSON output (for CI/CD)
+npx ogment connect acme/main --json
+```
+
+The `<org>/<server>` is your organization slug and MCP server path, visible in the Ogment dashboard.
+
+### `ogment logout`
+
+Revoke your token server-side and delete local credentials. All agents using this token lose access immediately.
+
+```bash
+npx ogment logout
+```
+
+### `ogment whoami`
+
+Check if your stored token is still valid.
+
+```bash
+npx ogment whoami
+```
+
+## How It Works
+
+```
+AI Agent (Claude, Cursor, ChatGPT)
+    │
+    │  Ogment token (short-lived, revocable)
+    ▼
+┌─────────────────────────────────┐
+│       Ogment Vault Gateway      │
+│  ✓ Validate token               │
+│  ✓ Inject real credentials      │
+│  ✓ Log every tool call          │
+└──────────────┬──────────────────┘
+               │
+    ┌──────────┼──────────┐
+    ▼          ▼          ▼
+Salesforce   Linear    Snowflake
+```
+
+1. **`ogment login`** — OAuth2 flow, stores a bearer token locally
+2. **`ogment connect`** — Prints config snippet with token + MCP endpoint
+3. **Agent calls tools** — Through Ogment's MCP proxy, real credentials injected server-side
+4. **`ogment logout`** — Kill switch: revoke token, agent loses access instantly
+
+## Environment Variables
+
+| Variable | Default | Description |
+|---|---|---|
+| `OGMENT_BASE_URL` | `https://app.ogment.ai` | Ogment platform URL (for development) |
+
+## License
+
+MIT

package/dist/auth.d.ts

@@ -0,0 +1,45 @@
+/**
+ * OAuth2 Authorization Code flow with PKCE for the Ogment CLI.
+ *
+ * Flow:
+ *   1. Register as dynamic OAuth client (RFC 7591)
+ *   2. Generate PKCE code_verifier / code_challenge (S256)
+ *   3. Start a local HTTP server on a random port
+ *   4. Open browser → /authorize (user signs in via Clerk on the Ogment web app)
+ *   5. Capture redirect to localhost with ?code=xxx
+ *   6. Exchange code for access token at /token
+ *   7. Store credentials locally
+ */
+export interface StoredCredentials {
+    accessToken: string;
+    clientId: string;
+    clientSecret: string | null;
+    orgSlug: string;
+    servers: string[];
+}
+export declare function loadCredentials(): StoredCredentials | null;
+export declare function deleteCredentials(): void;
+/**
+ * Returns the stored credentials or throws if not logged in.
+ */
+export declare function requireCredentials(): StoredCredentials;
+export declare function revokeToken(token: string, clientId: string, clientSecret: string | null): Promise<void>;
+/**
+ * Runs the full OAuth2 Authorization Code + PKCE login flow.
+ *
+ * The `resourceUrl` tells the backend which MCP server the user wants to
+ * connect to. This is required — the backend rejects auth requests without
+ * an associated server.
+ *
+ * Returns the access token.
+ */
+export declare function loginFlow(resourceUrl: string): Promise<{
+    accessToken: string;
+    clientId: string;
+    clientSecret: string | null;
+}>;
+/**
+ * Run the login flow and store credentials with org + servers.
+ */
+export declare function login(orgSlug: string, servers: string[], resourceUrl: string): Promise<StoredCredentials>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAsBH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAiCD,wBAAgB,eAAe,IAAI,iBAAiB,GAAG,IAAI,CAI1D;AASD,wBAAgB,iBAAiB,SAIhC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,sBAMjC;AAoED,wBAAsB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,iBAoB7F;AAmGD;;;;;;;;GAQG;AACH,wBAAsB,SAAS,CAAC,WAAW,EAAE,MAAM;;;;GA+ClD;AAED;;GAEG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,MAAM,8BAiBlF"}

package/dist/auth.js

@@ -0,0 +1,275 @@
+/**
+ * OAuth2 Authorization Code flow with PKCE for the Ogment CLI.
+ *
+ * Flow:
+ *   1. Register as dynamic OAuth client (RFC 7591)
+ *   2. Generate PKCE code_verifier / code_challenge (S256)
+ *   3. Start a local HTTP server on a random port
+ *   4. Open browser → /authorize (user signs in via Clerk on the Ogment web app)
+ *   5. Capture redirect to localhost with ?code=xxx
+ *   6. Exchange code for access token at /token
+ *   7. Store credentials locally
+ */
+import { createHash, randomBytes } from 'node:crypto';
+import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs';
+import { createServer } from 'node:http';
+import open from 'open';
+import { CLI_CLIENT_NAME, CLI_REDIRECT_HOST, CONFIG_DIR, CREDENTIALS_PATH, OAUTH_AUTHORIZE_URL, OAUTH_REGISTER_URL, OAUTH_REVOKE_URL, OAUTH_TOKEN_URL, } from './config.js';
+// ---------------------------------------------------------------------------
+// PKCE helpers (RFC 7636)
+// ---------------------------------------------------------------------------
+function generateCodeVerifier() {
+    return randomBytes(32).toString('base64url');
+}
+function generateCodeChallenge(verifier) {
+    return createHash('sha256').update(verifier).digest('base64url');
+}
+// ---------------------------------------------------------------------------
+// Credential storage
+// ---------------------------------------------------------------------------
+export function loadCredentials() {
+    if (!existsSync(CREDENTIALS_PATH))
+        return null;
+    const raw = readFileSync(CREDENTIALS_PATH, 'utf-8');
+    return JSON.parse(raw);
+}
+function saveCredentials(creds) {
+    mkdirSync(CONFIG_DIR, { recursive: true });
+    writeFileSync(CREDENTIALS_PATH, JSON.stringify(creds, null, 2), {
+        mode: 0o600, // owner read/write only
+    });
+}
+export function deleteCredentials() {
+    if (existsSync(CREDENTIALS_PATH)) {
+        unlinkSync(CREDENTIALS_PATH);
+    }
+}
+/**
+ * Returns the stored credentials or throws if not logged in.
+ */
+export function requireCredentials() {
+    const creds = loadCredentials();
+    if (!creds?.accessToken) {
+        throw new Error('Not logged in. Run `ogment login <org>/<server>` first.');
+    }
+    return creds;
+}
+// ---------------------------------------------------------------------------
+// Step 1 — Dynamic client registration (RFC 7591)
+// ---------------------------------------------------------------------------
+async function registerClient(redirectUri) {
+    const res = await fetch(OAUTH_REGISTER_URL, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            client_name: CLI_CLIENT_NAME,
+            redirect_uris: [redirectUri],
+            grant_types: ['authorization_code'],
+            response_types: ['code'],
+            token_endpoint_auth_method: 'client_secret_post',
+        }),
+    });
+    if (!res.ok) {
+        const body = await res.text();
+        throw new Error(`Client registration failed (${res.status}): ${body}`);
+    }
+    return (await res.json());
+}
+// ---------------------------------------------------------------------------
+// Step 2 — Token exchange
+// ---------------------------------------------------------------------------
+async function exchangeCodeForToken(opts) {
+    const body = new URLSearchParams({
+        grant_type: 'authorization_code',
+        code: opts.code,
+        client_id: opts.clientId,
+        redirect_uri: opts.redirectUri,
+        code_verifier: opts.codeVerifier,
+    });
+    if (opts.clientSecret) {
+        body.set('client_secret', opts.clientSecret);
+    }
+    const res = await fetch(OAUTH_TOKEN_URL, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: body.toString(),
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw new Error(`Token exchange failed (${res.status}): ${text}`);
+    }
+    return (await res.json());
+}
+// ---------------------------------------------------------------------------
+// Token revocation
+// ---------------------------------------------------------------------------
+export async function revokeToken(token, clientId, clientSecret) {
+    const body = new URLSearchParams({
+        token,
+        client_id: clientId,
+    });
+    if (clientSecret) {
+        body.set('client_secret', clientSecret);
+    }
+    const res = await fetch(OAUTH_REVOKE_URL, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: body.toString(),
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw new Error(`Token revocation failed (${res.status}): ${text}`);
+    }
+}
+// ---------------------------------------------------------------------------
+// Local callback server
+// ---------------------------------------------------------------------------
+/**
+ * Starts a temporary HTTP server on a random port, waits for the OAuth
+ * callback, and returns the authorization code.
+ */
+function waitForAuthCallback(port) {
+    return new Promise((resolve, reject) => {
+        const server = createServer((req, res) => {
+            const url = new URL(req.url ?? '/', `http://${CLI_REDIRECT_HOST}:${port}`);
+            if (url.pathname !== '/callback') {
+                res.writeHead(404);
+                res.end('Not found');
+                return;
+            }
+            const code = url.searchParams.get('code');
+            const error = url.searchParams.get('error');
+            const state = url.searchParams.get('state') ?? '';
+            if (error) {
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(errorPage(error, url.searchParams.get('error_description')));
+                server.close();
+                reject(new Error(`OAuth error: ${error}`));
+                return;
+            }
+            if (!code) {
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(errorPage('missing_code', 'No authorization code received.'));
+                server.close();
+                reject(new Error('No authorization code in callback'));
+                return;
+            }
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(successPage());
+            server.close();
+            resolve({ code, state });
+        });
+        server.listen(port, CLI_REDIRECT_HOST, () => {
+            // Server is ready
+        });
+        // Timeout after 5 minutes
+        setTimeout(() => {
+            server.close();
+            reject(new Error('Login timed out. No callback received within 5 minutes.'));
+        }, 5 * 60 * 1000);
+    });
+}
+function getRandomPort() {
+    // Use port 0 to let OS assign, but we need to know the port before starting.
+    // Instead, pick from ephemeral range.
+    return 49152 + Math.floor(Math.random() * 16384);
+}
+// ---------------------------------------------------------------------------
+// HTML pages for the callback
+// ---------------------------------------------------------------------------
+function successPage() {
+    return `<!DOCTYPE html>
+<html>
+<head><title>Ogment CLI</title></head>
+<body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; display:flex; justify-content:center; align-items:center; height:100vh; margin:0; background:#f8f8fc;">
+  <div style="text-align:center;">
+    <h1 style="color:#6C5CE7;">✓ Logged in</h1>
+    <p style="color:#666;">You can close this window and return to your terminal.</p>
+  </div>
+</body>
+</html>`;
+}
+function errorPage(error, description) {
+    return `<!DOCTYPE html>
+<html>
+<head><title>Ogment CLI — Error</title></head>
+<body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; display:flex; justify-content:center; align-items:center; height:100vh; margin:0; background:#f8f8fc;">
+  <div style="text-align:center;">
+    <h1 style="color:#e74c3c;">✗ Login failed</h1>
+    <p style="color:#666;">${description ?? error}</p>
+  </div>
+</body>
+</html>`;
+}
+// ---------------------------------------------------------------------------
+// Main login flow
+// ---------------------------------------------------------------------------
+/**
+ * Runs the full OAuth2 Authorization Code + PKCE login flow.
+ *
+ * The `resourceUrl` tells the backend which MCP server the user wants to
+ * connect to. This is required — the backend rejects auth requests without
+ * an associated server.
+ *
+ * Returns the access token.
+ */
+export async function loginFlow(resourceUrl) {
+    const port = getRandomPort();
+    const redirectUri = `http://${CLI_REDIRECT_HOST}:${port}/callback`;
+    // Step 1 — Register as OAuth client
+    const client = await registerClient(redirectUri);
+    // Step 2 — Generate PKCE pair
+    const codeVerifier = generateCodeVerifier();
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    // Step 3 — Build authorization URL (including resource for server resolution)
+    const state = randomBytes(16).toString('hex');
+    const authorizeUrl = new URL(OAUTH_AUTHORIZE_URL);
+    authorizeUrl.searchParams.set('client_id', client.client_id);
+    authorizeUrl.searchParams.set('redirect_uri', redirectUri);
+    authorizeUrl.searchParams.set('response_type', 'code');
+    authorizeUrl.searchParams.set('code_challenge', codeChallenge);
+    authorizeUrl.searchParams.set('code_challenge_method', 'S256');
+    authorizeUrl.searchParams.set('state', state);
+    authorizeUrl.searchParams.set('resource', resourceUrl);
+    // Step 4 — Start callback server, then open browser
+    const callbackPromise = waitForAuthCallback(port);
+    await open(authorizeUrl.toString());
+    // Step 5 — Wait for callback
+    const { code, state: returnedState } = await callbackPromise;
+    if (returnedState !== state) {
+        throw new Error('OAuth state mismatch — possible CSRF attack.');
+    }
+    // Step 6 — Exchange code for token
+    const tokenResponse = await exchangeCodeForToken({
+        code,
+        clientId: client.client_id,
+        clientSecret: client.client_secret ?? null,
+        codeVerifier,
+        redirectUri,
+    });
+    return {
+        accessToken: tokenResponse.access_token,
+        clientId: client.client_id,
+        clientSecret: client.client_secret ?? null,
+    };
+}
+/**
+ * Run the login flow and store credentials with org + servers.
+ */
+export async function login(orgSlug, servers, resourceUrl) {
+    const existing = loadCredentials();
+    if (existing?.accessToken) {
+        // Already logged in — just update the server list
+        const merged = [...new Set([...existing.servers, ...servers])];
+        saveCredentials({ ...existing, servers: merged });
+        return existing;
+    }
+    const result = await loginFlow(resourceUrl);
+    const creds = {
+        ...result,
+        orgSlug,
+        servers,
+    };
+    saveCredentials(creds);
+    return creds;
+}

package/dist/cli.d.ts

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+/**
+ * Ogment CLI — Secure your AI agents' SaaS credentials.
+ *
+ *   ogment login <org/server>       Authenticate and configure servers
+ *   ogment servers [path]           List servers / inspect tools
+ *   ogment call <server> <tool>     Call a tool (returns JSON)
+ *   ogment logout                   Revoke token and delete credentials
+ */
+export {};
+//# sourceMappingURL=cli.d.ts.map

package/dist/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AAEA;;;;;;;GAOG"}

package/dist/cli.js

@@ -0,0 +1,81 @@
+#!/usr/bin/env node
+/**
+ * Ogment CLI — Secure your AI agents' SaaS credentials.
+ *
+ *   ogment login <org/server>       Authenticate and configure servers
+ *   ogment servers [path]           List servers / inspect tools
+ *   ogment call <server> <tool>     Call a tool (returns JSON)
+ *   ogment logout                   Revoke token and delete credentials
+ */
+import { Command } from 'commander';
+import { callCommand } from './commands/call.js';
+import { loginCommand } from './commands/login.js';
+import { logoutCommand } from './commands/logout.js';
+import { serversCommand } from './commands/servers.js';
+import { VERSION } from './config.js';
+import { BOLD, BRAND, DIM, SYM } from './ui.js';
+const program = new Command();
+program
+    .name('ogment')
+    .description('Ogment CLI — secure your AI agents\' SaaS credentials')
+    .version(VERSION);
+// ── login ──────────────────────────────────────────────────────────────────
+program
+    .command('login')
+    .description('Authenticate with Ogment and configure servers')
+    .argument('[targets...]', 'org/server targets (e.g. ogment/main)')
+    .action(async (targets) => {
+    await loginCommand(targets);
+});
+// ── servers ────────────────────────────────────────────────────────────────
+program
+    .command('servers [path]')
+    .description('List configured servers or inspect a server\'s tools')
+    .option('--json', 'Machine-readable JSON output')
+    .action(async (path, opts) => {
+    await serversCommand(path, opts);
+});
+// ── call ───────────────────────────────────────────────────────────────────
+program
+    .command('call <server> <tool> [args]')
+    .description('Call a tool on an Ogment server (returns JSON)')
+    .action(async (server, tool, args) => {
+    await callCommand(server, tool, args);
+});
+// ── logout ─────────────────────────────────────────────────────────────────
+program
+    .command('logout')
+    .description('Revoke token and delete local credentials')
+    .action(async () => {
+    await logoutCommand();
+});
+// ── default (no command) ───────────────────────────────────────────────────
+program.action(() => {
+    console.log();
+    console.log(`  ${BRAND} ${DIM(`v${VERSION}`)}`);
+    console.log(`  ${DIM('Secure your AI agents\' SaaS credentials.')}`);
+    console.log();
+    console.log(`  ${BOLD('Commands:')}`);
+    console.log();
+    console.log(`    ${BOLD('login')}     ${DIM('Authenticate and configure servers')}`);
+    console.log(`    ${BOLD('servers')}   ${DIM('List servers or inspect tools')}`);
+    console.log(`    ${BOLD('call')}      ${DIM('Call a tool on a server (returns JSON)')}`);
+    console.log(`    ${BOLD('logout')}    ${DIM('Revoke token and delete credentials')}`);
+    console.log();
+    console.log(`  ${BOLD('Quick start:')}`);
+    console.log();
+    console.log(`    ${DIM('$')} ogment login ${DIM('<org>/<server>')}`);
+    console.log(`    ${DIM('$')} ogment servers`);
+    console.log(`    ${DIM('$')} ogment call ${DIM('<server> <tool> [args-json]')}`);
+    console.log();
+    console.log(`  ${SYM.lock} Your real API credentials ${BOLD('never leave Ogment')}.`);
+    console.log(`     Agents get scoped, revocable tokens. Revoke anytime.`);
+    console.log();
+});
+// ---------------------------------------------------------------------------
+// Global error handler
+// ---------------------------------------------------------------------------
+program.parseAsync().catch((err) => {
+    process.stderr.write(`\n  ${SYM.cross}  ${err.message}\n\n`);
+    process.exitCode = 1;
+});

package/dist/commands/call.d.ts

@@ -0,0 +1,12 @@
+/**
+ * `ogment call <server> <tool> [args]` — Invoke a tool on an Ogment server.
+ *
+ * Usage:
+ *   ogment call ecommerce-api get__health
+ *   ogment call ecommerce-api get__api_products_ '{"limit":2}'
+ *   ogment call ecommerce-api post__api_products_ '{"name":"Widget","price":9.99,"stock":100,"category":"gadgets"}'
+ *
+ * Always outputs JSON (designed for agent consumption via exec).
+ */
+export declare function callCommand(serverPath: string | undefined, toolName: string | undefined, argsJson: string | undefined): Promise<void>;
+//# sourceMappingURL=call.d.ts.map

package/dist/commands/call.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"call.d.ts","sourceRoot":"","sources":["../../src/commands/call.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,QAAQ,EAAE,MAAM,GAAG,SAAS,iBA6B7B"}

package/dist/commands/call.js

@@ -0,0 +1,26 @@
+/**
+ * `ogment call <server> <tool> [args]` — Invoke a tool on an Ogment server.
+ *
+ * Usage:
+ *   ogment call ecommerce-api get__health
+ *   ogment call ecommerce-api get__api_products_ '{"limit":2}'
+ *   ogment call ecommerce-api post__api_products_ '{"name":"Widget","price":9.99,"stock":100,"category":"gadgets"}'
+ *
+ * Always outputs JSON (designed for agent consumption via exec).
+ */
+import { requireCredentials } from '../auth.js';
+import { callTool } from '../mcp-client.js';
+export async function callCommand(serverPath, toolName, argsJson) {
+    if (!serverPath || !toolName) {
+        throw new Error('Usage: ogment call <server> <tool> [args-json]\n' +
+            'Example: ogment call ecommerce-api get__api_products_ \'{"limit":2}\'');
+    }
+    const creds = requireCredentials();
+    if (!creds.servers.includes(serverPath)) {
+        throw new Error(`Server "${serverPath}" is not configured. Available: ${creds.servers.join(', ')}`);
+    }
+    const args = argsJson ? JSON.parse(argsJson) : {};
+    const result = await callTool(creds.orgSlug, serverPath, creds.accessToken, toolName, args);
+    // Output the result as JSON — this is what the agent reads via exec
+    console.log(JSON.stringify(result, null, 2));
+}

package/dist/commands/login.d.ts

@@ -0,0 +1,9 @@
+/**
+ * `ogment login <org/server> [more-servers...]` — Authenticate and configure servers.
+ *
+ * The first argument must be org/server format (used as OAuth resource).
+ * Additional arguments are extra server paths in the same org.
+ * If already logged in, just adds new servers to the config.
+ */
+export declare function loginCommand(targets: string[]): Promise<void>;
+//# sourceMappingURL=login.d.ts.map

package/dist/commands/login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkBH,wBAAsB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,iBAqDnD"}

package/dist/commands/login.js

@@ -0,0 +1,64 @@
+/**
+ * `ogment login <org/server> [more-servers...]` — Authenticate and configure servers.
+ *
+ * The first argument must be org/server format (used as OAuth resource).
+ * Additional arguments are extra server paths in the same org.
+ * If already logged in, just adds new servers to the config.
+ */
+import ora from 'ora';
+import { loadCredentials, login } from '../auth.js';
+import { MCP_RESOURCE_URL } from '../config.js';
+import { blank, BOLD, DIM, heading, line, SYM, YELLOW } from '../ui.js';
+function parseTarget(target) {
+    const parts = target.split('/');
+    if (parts.length !== 2 || !parts[0] || !parts[1]) {
+        throw new Error(`Invalid target "${target}". Expected format: <org-slug>/<server-path> (e.g. ogment/main)`);
+    }
+    return { orgSlug: parts[0], serverPath: parts[1] };
+}
+export async function loginCommand(targets) {
+    if (targets.length === 0) {
+        heading('Log in to Ogment');
+        line(`${SYM.warn}  ${YELLOW('Provide at least one target:')} ${BOLD('ogment login <org>/<server>')}`);
+        blank();
+        line(`${DIM('Examples:')}`);
+        line(`  ${BOLD('ogment login ogment/ama-master-mcp')}`);
+        line(`  ${BOLD('ogment login ogment/ama-master-mcp ogment/sales')}`);
+        blank();
+        return;
+    }
+    // Parse the first target to get orgSlug
+    const first = parseTarget(targets[0]);
+    const orgSlug = first.orgSlug;
+    // Collect all server paths (first + any extras)
+    const servers = [first.serverPath];
+    for (let i = 1; i < targets.length; i++) {
+        const t = targets[i];
+        // Allow both "org/server" and just "server" for extra args
+        const path = t.includes('/') ? parseTarget(t).serverPath : t;
+        servers.push(path);
+    }
+    const existing = loadCredentials();
+    if (existing?.accessToken) {
+        // Already logged in — merge new servers
+        heading('Already logged in');
+        const creds = await login(orgSlug, servers, '');
+        line(`${SYM.check}  Servers configured: ${BOLD(creds.servers.join(', '))}`);
+        blank();
+        line(`${DIM('Start the bridge:')} ${BOLD('ogment serve')}`);
+        blank();
+        return;
+    }
+    heading('Log in to Ogment');
+    const resourceUrl = MCP_RESOURCE_URL(orgSlug, first.serverPath);
+    const spinner = ora({ text: 'Opening browser…', color: 'magenta' }).start();
+    const creds = await login(orgSlug, servers, resourceUrl);
+    spinner.succeed('Logged in');
+    blank();
+    line(`${SYM.check}  Token stored in ${DIM('~/.config/ogment/credentials.json')}`);
+    line(`${SYM.bullet}  Org: ${BOLD(creds.orgSlug)}`);
+    line(`${SYM.bullet}  Servers: ${BOLD(creds.servers.join(', '))}`);
+    blank();
+    line(`${DIM('Start the bridge:')} ${BOLD('ogment serve')}`);
+    blank();
+}

package/dist/commands/logout.d.ts

@@ -0,0 +1,5 @@
+/**
+ * `ogment logout` — Revoke the token server-side and delete local credentials.
+ */
+export declare function logoutCommand(): Promise<void>;
+//# sourceMappingURL=logout.d.ts.map

package/dist/commands/logout.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../../src/commands/logout.ts"],"names":[],"mappings":"AAAA;;GAEG;AAOH,wBAAsB,aAAa,kBAqClC"}

package/dist/commands/logout.js

@@ -0,0 +1,39 @@
+/**
+ * `ogment logout` — Revoke the token server-side and delete local credentials.
+ */
+import ora from 'ora';
+import { deleteCredentials, loadCredentials, revokeToken } from '../auth.js';
+import { blank, BOLD, DIM, heading, line, SYM } from '../ui.js';
+export async function logoutCommand() {
+    const creds = loadCredentials();
+    if (!creds?.accessToken) {
+        heading('Not logged in');
+        line(`${DIM('Nothing to do. Log in with')} ${BOLD('ogment login')}`);
+        blank();
+        return;
+    }
+    heading('Logging out');
+    const spinner = ora({ text: 'Revoking token…', color: 'magenta' }).start();
+    // Try to revoke server-side, but always delete locally
+    let serverRevoked = false;
+    try {
+        await revokeToken(creds.accessToken, creds.clientId, creds.clientSecret);
+        serverRevoked = true;
+    }
+    catch {
+        // Server revocation failed (token may already be expired/revoked) — continue with local cleanup
+    }
+    deleteCredentials();
+    if (serverRevoked) {
+        spinner.succeed('Token revoked');
+    }
+    else {
+        spinner.warn('Could not reach server — token may already be revoked');
+    }
+    blank();
+    line(`${SYM.check}  Local credentials deleted from ${DIM('~/.config/ogment/')}`);
+    if (serverRevoked) {
+        line(`${SYM.bullet}  Token revoked on the server. Agent access terminated.`);
+    }
+    blank();
+}

package/dist/commands/servers.d.ts

@@ -0,0 +1,13 @@
+/**
+ * `ogment servers [path]` — List configured servers and inspect their tools.
+ *
+ * Usage:
+ *   ogment servers                     List all configured servers
+ *   ogment servers <path>              Show server details + tool list
+ *   ogment servers --json              Machine-readable output
+ *   ogment servers <path> --json       Machine-readable tool list
+ */
+export declare function serversCommand(serverPath: string | undefined, opts: {
+    json?: boolean;
+}): Promise<void>;
+//# sourceMappingURL=servers.d.ts.map

package/dist/commands/servers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"servers.d.ts","sourceRoot":"","sources":["../../src/commands/servers.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,wBAAsB,cAAc,CAClC,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,iBAsEzB"}

package/dist/commands/servers.js

@@ -0,0 +1,61 @@
+/**
+ * `ogment servers [path]` — List configured servers and inspect their tools.
+ *
+ * Usage:
+ *   ogment servers                     List all configured servers
+ *   ogment servers <path>              Show server details + tool list
+ *   ogment servers --json              Machine-readable output
+ *   ogment servers <path> --json       Machine-readable tool list
+ */
+import { requireCredentials } from '../auth.js';
+import { fetchTools } from '../mcp-client.js';
+import { blank, BOLD, DIM, GREEN, heading, line, SYM } from '../ui.js';
+export async function serversCommand(serverPath, opts) {
+    const creds = requireCredentials();
+    // ── List all servers ───────────────────────────────────────────────────
+    if (!serverPath) {
+        if (opts.json) {
+            console.log(JSON.stringify(creds.servers.map((path) => ({ path, orgSlug: creds.orgSlug })), null, 2));
+            return;
+        }
+        heading('Your servers');
+        if (creds.servers.length === 0) {
+            line(`${DIM('No servers configured. Add one:')}`);
+            line(`  ${BOLD('ogment login <org>/<server>')}`);
+            blank();
+            return;
+        }
+        for (const path of creds.servers) {
+            line(`${SYM.bullet}  ${BOLD(path)}`);
+        }
+        blank();
+        line(`${DIM('Inspect a server:')} ${BOLD('ogment servers <path>')}`);
+        line(`${DIM('Call a tool:')}      ${BOLD('ogment call <server> <tool> [args]')}`);
+        blank();
+        return;
+    }
+    // ── Server detail + tools ──────────────────────────────────────────────
+    if (!creds.servers.includes(serverPath)) {
+        throw new Error(`Server "${serverPath}" is not configured. Available: ${creds.servers.join(', ')}`);
+    }
+    const tools = await fetchTools(creds.orgSlug, serverPath, creds.accessToken);
+    if (opts.json) {
+        console.log(JSON.stringify({
+            path: serverPath,
+            orgSlug: creds.orgSlug,
+            toolCount: tools.length,
+            tools: tools.map((t) => ({ name: t.name, description: t.description })),
+        }, null, 2));
+        return;
+    }
+    heading(`Server: ${serverPath}`);
+    line(`${BOLD('Tools:')} ${tools.length}`);
+    blank();
+    for (const tool of tools) {
+        const desc = tool.description ? DIM(` — ${tool.description}`) : '';
+        line(`  ${GREEN(tool.name)}${desc}`);
+    }
+    blank();
+    line(`${DIM('Call a tool:')} ${BOLD(`ogment call ${serverPath} <tool> [args]`)}`);
+    blank();
+}

package/dist/config.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Configuration constants for the Ogment CLI.
+ */
+/** Base URL of the Ogment platform (frontend). */
+export declare const OGMENT_BASE_URL: string;
+/** OAuth metadata endpoint. */
+export declare const OAUTH_METADATA_URL: string;
+/** OAuth endpoints (derived from base). */
+export declare const OAUTH_AUTHORIZE_URL: string;
+export declare const OAUTH_TOKEN_URL: string;
+export declare const OAUTH_REGISTER_URL: string;
+export declare const OAUTH_REVOKE_URL: string;
+/**
+ * MCP proxy endpoint.
+ * Uses path format: {BASE_URL}/api/v1/mcp/{orgSlug}/{serverPath}
+ */
+export declare const MCP_ENDPOINT: (orgSlug: string, serverPath: string) => string;
+/**
+ * Resource URL sent to the OAuth authorize endpoint.
+ * The backend parses this to resolve the MCP server.
+ * Uses subdomain format for resource identification (required by backend parser).
+ */
+export declare const MCP_RESOURCE_URL: (orgSlug: string, serverPath: string) => string;
+/** Directory for CLI config & credentials. */
+export declare const CONFIG_DIR: string;
+/** Path to stored credentials file. */
+export declare const CREDENTIALS_PATH: string;
+export declare const CLI_CLIENT_NAME = "Ogment CLI";
+export declare const CLI_REDIRECT_HOST = "127.0.0.1";
+export declare const VERSION = "0.1.0";
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AASH,kDAAkD;AAClD,eAAO,MAAM,eAAe,QACkC,CAAC;AAE/D,+BAA+B;AAC/B,eAAO,MAAM,kBAAkB,QAA8D,CAAC;AAE9F,2CAA2C;AAC3C,eAAO,MAAM,mBAAmB,QAAiD,CAAC;AAClF,eAAO,MAAM,eAAe,QAA6C,CAAC;AAC1E,eAAO,MAAM,kBAAkB,QAAgD,CAAC;AAChF,eAAO,MAAM,gBAAgB,QAA8C,CAAC;AAE5E;;;GAGG;AACH,eAAO,MAAM,YAAY,GAAI,SAAS,MAAM,EAAE,YAAY,MAAM,WACN,CAAC;AAE3D;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,MAAM,EAAE,YAAY,MAAM,WAGnE,CAAC;AAMF,8CAA8C;AAC9C,eAAO,MAAM,UAAU,QAAuC,CAAC;AAE/D,uCAAuC;AACvC,eAAO,MAAM,gBAAgB,QAAuC,CAAC;AAMrE,eAAO,MAAM,eAAe,eAAe,CAAC;AAC5C,eAAO,MAAM,iBAAiB,cAAc,CAAC;AAM7C,eAAO,MAAM,OAAO,UAAU,CAAC"}

package/dist/config.js

@@ -0,0 +1,47 @@
+/**
+ * Configuration constants for the Ogment CLI.
+ */
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+// ---------------------------------------------------------------------------
+// API URLs
+// ---------------------------------------------------------------------------
+/** Base URL of the Ogment platform (frontend). */
+export const OGMENT_BASE_URL = process.env.OGMENT_BASE_URL ?? 'https://dashboard.ogment.ai';
+/** OAuth metadata endpoint. */
+export const OAUTH_METADATA_URL = `${OGMENT_BASE_URL}/.well-known/oauth-authorization-server`;
+/** OAuth endpoints (derived from base). */
+export const OAUTH_AUTHORIZE_URL = `${OGMENT_BASE_URL}/api/v1/mcp-auth/authorize`;
+export const OAUTH_TOKEN_URL = `${OGMENT_BASE_URL}/api/v1/mcp-auth/token`;
+export const OAUTH_REGISTER_URL = `${OGMENT_BASE_URL}/api/v1/mcp-auth/register`;
+export const OAUTH_REVOKE_URL = `${OGMENT_BASE_URL}/api/v1/mcp-auth/revoke`;
+/**
+ * MCP proxy endpoint.
+ * Uses path format: {BASE_URL}/api/v1/mcp/{orgSlug}/{serverPath}
+ */
+export const MCP_ENDPOINT = (orgSlug, serverPath) => `${OGMENT_BASE_URL}/api/v1/mcp/${orgSlug}/${serverPath}`;
+/**
+ * Resource URL sent to the OAuth authorize endpoint.
+ * The backend parses this to resolve the MCP server.
+ * Uses subdomain format for resource identification (required by backend parser).
+ */
+export const MCP_RESOURCE_URL = (orgSlug, serverPath) => {
+    const mcpDomain = process.env.OGMENT_MCP_DOMAIN ?? 'mcp.ogment.ai';
+    return `https://${orgSlug}.${mcpDomain}/${serverPath}`;
+};
+// ---------------------------------------------------------------------------
+// Local storage
+// ---------------------------------------------------------------------------
+/** Directory for CLI config & credentials. */
+export const CONFIG_DIR = join(homedir(), '.config', 'ogment');
+/** Path to stored credentials file. */
+export const CREDENTIALS_PATH = join(CONFIG_DIR, 'credentials.json');
+// ---------------------------------------------------------------------------
+// OAuth client metadata
+// ---------------------------------------------------------------------------
+export const CLI_CLIENT_NAME = 'Ogment CLI';
+export const CLI_REDIRECT_HOST = '127.0.0.1';
+// ---------------------------------------------------------------------------
+// Version
+// ---------------------------------------------------------------------------
+export const VERSION = '0.1.0';

package/dist/mcp-client.d.ts

@@ -0,0 +1,24 @@
+/**
+ * MCP HTTP client — sends JSON-RPC requests to Ogment's MCP proxy.
+ *
+ * Shared by both the stdio bridge (serve.ts) and CLI commands (servers, call).
+ */
+export interface McpTool {
+    name: string;
+    description: string;
+    inputSchema: Record<string, unknown>;
+}
+export interface McpToolCallResult {
+    content: {
+        type: string;
+        text: string;
+    }[];
+    structuredContent?: unknown;
+    isError?: boolean;
+}
+export declare function mcpRequest(orgSlug: string, serverPath: string, token: string, method: string, params?: Record<string, unknown>): Promise<unknown>;
+/** Fetch the list of tools available on a server. */
+export declare function fetchTools(orgSlug: string, serverPath: string, token: string): Promise<McpTool[]>;
+/** Call a tool on a server and return the result. */
+export declare function callTool(orgSlug: string, serverPath: string, token: string, toolName: string, args: Record<string, unknown>): Promise<McpToolCallResult>;
+//# sourceMappingURL=mcp-client.d.ts.map

package/dist/mcp-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-client.d.ts","sourceRoot":"","sources":["../src/mcp-client.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAC1C,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAMD,wBAAsB,UAAU,CAC9B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,oBAgCjC;AAMD,qDAAqD;AACrD,wBAAsB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,sBAKlF;AAED,qDAAqD;AACrD,wBAAsB,QAAQ,CAC5B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,8BAM9B"}

package/dist/mcp-client.js

@@ -0,0 +1,52 @@
+/**
+ * MCP HTTP client — sends JSON-RPC requests to Ogment's MCP proxy.
+ *
+ * Shared by both the stdio bridge (serve.ts) and CLI commands (servers, call).
+ */
+import { MCP_ENDPOINT } from './config.js';
+// ---------------------------------------------------------------------------
+// Core JSON-RPC request
+// ---------------------------------------------------------------------------
+export async function mcpRequest(orgSlug, serverPath, token, method, params) {
+    const endpoint = MCP_ENDPOINT(orgSlug, serverPath);
+    const body = {
+        jsonrpc: '2.0',
+        method,
+        id: Date.now(),
+    };
+    if (params)
+        body.params = params;
+    const res = await fetch(endpoint, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${token}`,
+        },
+        body: JSON.stringify(body),
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw new Error(`MCP request failed (${res.status}): ${text}`);
+    }
+    const json = (await res.json());
+    if ('error' in json && json.error) {
+        const err = json.error;
+        throw new Error(`MCP error: ${err.message ?? JSON.stringify(json.error)}`);
+    }
+    return json.result;
+}
+// ---------------------------------------------------------------------------
+// Convenience helpers
+// ---------------------------------------------------------------------------
+/** Fetch the list of tools available on a server. */
+export async function fetchTools(orgSlug, serverPath, token) {
+    const result = (await mcpRequest(orgSlug, serverPath, token, 'tools/list'));
+    return result?.tools ?? [];
+}
+/** Call a tool on a server and return the result. */
+export async function callTool(orgSlug, serverPath, token, toolName, args) {
+    return (await mcpRequest(orgSlug, serverPath, token, 'tools/call', {
+        name: toolName,
+        arguments: args,
+    }));
+}

package/dist/ui.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Shared UI helpers — colors, symbols, formatting.
+ */
+export declare const BRAND: string;
+export declare const DIM: import("chalk").ChalkInstance;
+export declare const BOLD: import("chalk").ChalkInstance;
+export declare const GREEN: import("chalk").ChalkInstance;
+export declare const RED: import("chalk").ChalkInstance;
+export declare const YELLOW: import("chalk").ChalkInstance;
+export declare const CYAN: import("chalk").ChalkInstance;
+export declare const SYM: {
+    readonly arrow: string;
+    readonly bullet: string;
+    readonly check: string;
+    readonly cross: string;
+    readonly lock: "🔒";
+    readonly warn: string;
+};
+export declare function heading(text: string): void;
+export declare function line(text: string, indent?: number): void;
+export declare function blank(): void;
+export declare function section(title: string): void;
+export declare function configSnippet(title: string, filename: string, json: Record<string, unknown>): void;
+//# sourceMappingURL=ui.d.ts.map

package/dist/ui.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ui.d.ts","sourceRoot":"","sources":["../src/ui.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,eAAO,MAAM,KAAK,QAAsC,CAAC;AACzD,eAAO,MAAM,GAAG,+BAAY,CAAC;AAC7B,eAAO,MAAM,IAAI,+BAAa,CAAC;AAC/B,eAAO,MAAM,KAAK,+BAAc,CAAC;AACjC,eAAO,MAAM,GAAG,+BAAY,CAAC;AAC7B,eAAO,MAAM,MAAM,+BAAe,CAAC;AACnC,eAAO,MAAM,IAAI,+BAAa,CAAC;AAM/B,eAAO,MAAM,GAAG;;;;;;;CAON,CAAC;AAMX,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,QAInC;AAED,wBAAgB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,SAAI,QAE5C;AAED,wBAAgB,KAAK,SAEpB;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,QAMpC;AAMD,wBAAgB,aAAa,CAC3B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,QAQ9B"}

package/dist/ui.js

@@ -0,0 +1,55 @@
+/**
+ * Shared UI helpers — colors, symbols, formatting.
+ */
+import chalk from 'chalk';
+// ---------------------------------------------------------------------------
+// Brand colors
+// ---------------------------------------------------------------------------
+export const BRAND = chalk.hex('#6C5CE7').bold('ogment');
+export const DIM = chalk.dim;
+export const BOLD = chalk.bold;
+export const GREEN = chalk.green;
+export const RED = chalk.red;
+export const YELLOW = chalk.yellow;
+export const CYAN = chalk.cyan;
+// ---------------------------------------------------------------------------
+// Symbols
+// ---------------------------------------------------------------------------
+export const SYM = {
+    arrow: chalk.hex('#6C5CE7')('→'),
+    bullet: DIM('•'),
+    check: GREEN('✓'),
+    cross: RED('✗'),
+    lock: '🔒',
+    warn: YELLOW('⚠'),
+};
+// ---------------------------------------------------------------------------
+// Output helpers
+// ---------------------------------------------------------------------------
+export function heading(text) {
+    console.log();
+    console.log(`  ${BRAND} — ${text}`);
+    console.log();
+}
+export function line(text, indent = 2) {
+    console.log(`${' '.repeat(indent)}${text}`);
+}
+export function blank() {
+    console.log();
+}
+export function section(title) {
+    console.log();
+    console.log(`  ${DIM('──')} ${BOLD(title)} ${DIM('─'.repeat(Math.max(0, 48 - title.length)))}`);
+    console.log();
+}
+// ---------------------------------------------------------------------------
+// Config snippet formatter
+// ---------------------------------------------------------------------------
+export function configSnippet(title, filename, json) {
+    line(`${BOLD(title)} ${DIM(`(${filename}):`)}`, 4);
+    const jsonStr = JSON.stringify(json, null, 2);
+    for (const jsonLine of jsonStr.split('\n')) {
+        line(DIM(jsonLine), 6);
+    }
+    blank();
+}

package/package.json

@@ -0,0 +1,59 @@
+{
+  "name": "ogment",
+  "version": "0.1.0",
+  "description": "Ogment Vault CLI — secure your AI agents' SaaS credentials",
+  "type": "module",
+  "bin": {
+    "ogment": "./dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/cli.ts",
+    "start": "node dist/cli.js",
+    "check-types": "tsc --noEmit",
+    "prepublishOnly": "npm run build"
+  },
+  "exports": {
+    ".": {
+      "default": "./dist/cli.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "keywords": [
+    "ogment",
+    "mcp",
+    "ai",
+    "vault",
+    "oauth",
+    "cli",
+    "model-context-protocol",
+    "agent",
+    "security"
+  ],
+  "author": "Ogment <hello@ogment.com>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/ogment-ai/ogment-cli.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ogment-ai/ogment-cli/issues"
+  },
+  "homepage": "https://ogment.com",
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "chalk": "^5.4.1",
+    "commander": "^13.1.0",
+    "open": "^10.2.0",
+    "ora": "^8.2.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.18.12",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3"
+  }
+}