ogment 0.1.0 → 0.2.0

package/README.md

@@ -1,93 +1,122 @@
-# Ogment CLI
+# Ogment CLI - Portable Enterprise Context For Agents
 
-**Secure your AI agents' SaaS credentials.**
+Ogment is the layer between all your AI agents and your business systems. Connect your integrations. Centralize your workflows, skills, and MCP servers. Govern with the right level of access control and security. Define once, connect from any AI client.
 
-Ogment sits between your AI agent and your SaaS tools. Your agent gets a scoped, short-lived token. Your real API credentials never leave Ogment.
+![Ogment — Portable Business Context](ogment.png)
 
-## Quick Start
+## New AI Era
 
-```bash
-# 1. Log in (opens browser for OAuth)
-npx ogment login
+AI agents are becoming proactive — platforms like OpenClaw run agents that act independently, not just when you send a message. At the same time, teams use multiple AI providers: Cursor for code, OpenClaw for automation, Claude for analysis, LangChain for custom backends. Each one needs access to your business systems.
 
-# 2. Get config snippets for your MCP client
-npx ogment connect acme/main
+Without a control plane, you're either giving every AI client raw API keys (insecure) or rebuilding integrations and permissions for each one (unscalable). You need a single place to plug your enterprise into all these AI systems — safely, with the right controls, without vendor lock-in.
 
-# 3. Paste the snippet into Claude Desktop, Cursor, or ChatGPT
-# → Your agent is connected. Done.
-```
+**Ogment is that control plane.** Connect your integrations once. Set permissions once. Every AI agent — current and future — gets access through Ogment, with full governance and audit.
 
-## Commands
+## What Ogment Enables
 
-### `ogment login`
+- **Multi-format workflows** — Skills, MCP servers, Claude Plugins — author once, deploy anywhere
+- **Connect anything** — SaaS tools (Salesforce, Slack, Notion), internal APIs, databases, data warehouses
+- **Enterprise SSO** — Okta, Azure AD, Google Workspace — federated auth across your organization
+- **Integration marketplace** — 300+ pre-built connectors, community-contributed, security-scanned
+- **Agent approval flows** — human-in-the-loop for sensitive operations, per-tool granular permissions
+- **Full audit trail** — every tool call logged, searchable, and exportable
+- **Works for agents and humans** — CLI for agents via exec, dashboard for humans, API for custom backends
+- **Portable across AI clients** — Cursor, OpenClaw, Claude Desktop, ChatGPT, or your own agents — same config, same permissions
 
-Authenticate with the Ogment platform via OAuth2 in the browser.
+## How It Works
 
-```bash
-npx ogment login
+```
+Any AI Client
+(OpenClaw, Cursor, Claude, ChatGPT, custom agents)
+    │
+    │  ogment call <server> <tool> <args>
+    ▼
+┌─────────────────────────────────────────┐
+│            Ogment Platform              │
+│                                         │
+│  ✓ Authenticate (OAuth, SSO, tokens)    │
+│  ✓ Portable workflows (MCP, Skills,     │
+│    Claude Plugins) — author once,       │
+│    deploy to any AI client              │
+│  ✓ Enforce permissions per tool         │
+│  ✓ Human approval for sensitive ops     │
+│  ✓ Inject real credentials server-side  │
+│  ✓ Log every call for audit             │
+└──────────────┬──────────────────────────┘
+               │
+    ┌──────────┼──────────┐
+    ▼          ▼          ▼
+Salesforce  Internal   Snowflake
+  SaaS       APIs        Data
 ```
 
-Opens your browser to sign in. After authentication, a token is stored locally at `~/.config/ogment/credentials.json`.
+## Quick Start
 
-### `ogment connect <org>/<server>`
+```bash
+npm install -g ogment
+```
 
-Print ready-to-paste config snippets for every major MCP client.
+**`ogment login`** — Authenticate via browser OAuth. Auto-discovers your orgs and servers.
 
-```bash
-# Interactive
-npx ogment connect acme/main
+**`ogment servers [path]`** — List all servers, or inspect a specific server's tools:
+```
+ogment servers · ogment servers salesforce · ogment servers --json
+```
 
-# JSON output (for CI/CD)
-npx ogment connect acme/main --json
+**`ogment call <server> <tool> [args]`** — Call any tool. Returns JSON:
+```
+ogment call salesforce query_accounts '{"limit":5}'
+ogment call my-api get_customers '{"status":"active"}'
 ```
 
-The `<org>/<server>` is your organization slug and MCP server path, visible in the Ogment dashboard.
+**`ogment logout`** — Revoke token. All agent access stops immediately.
 
-### `ogment logout`
+## For Agent Developers
 
-Revoke your token server-side and delete local credentials. All agents using this token lose access immediately.
+The CLI is designed for AI agents calling via shell exec. Every command supports `--json`. A typical agent workflow:
 
 ```bash
-npx ogment logout
+ogment servers --json                                          # discover
+ogment servers salesforce --json                               # inspect tools
+ogment call salesforce query_accounts '{"status":"open"}'      # call
 ```
 
-### `ogment whoami`
+Publish a skill on [ClawHub](https://clawhub.ai) that teaches the agent these three commands — and it has access to every integration on Ogment.
 
-Check if your stored token is still valid.
+## Why Not Just Call APIs Directly?
 
-```bash
-npx ogment whoami
-```
+| | **Direct API + CLI** | **Through Ogment** |
+|---|---|---|
+| **Credentials** | API keys in env vars and config files. Every agent has a copy. | Credentials never leave Ogment. Agents get scoped, revocable tokens. |
+| **Permissions** | All-or-nothing. Agent has the key, agent can do anything. | Per-tool. Read-only, write with approval, or blocked. |
+| **Human approval** | Not possible. | Built-in. Sensitive tools require human sign-off. |
+| **Team sharing** | Each person sets up their own keys. Onboarding = sharing secrets. | One workspace. Invite a teammate, same servers, same rules, no secrets shared. |
+| **Multi-agent** | Each AI client needs its own keys and config. Switch tools? Redo everything. | Define once. Every AI client connects to the same setup. |
+| **Workflows** | Rebuild skills, prompts, and tool chains for each AI client. | Author once as MCP servers, Skills, or Claude Plugins — works across every client. |
+| **Audit** | Hope you added logging. | Every call logged — user, agent, timestamp, args, result. |
+| **Revocation** | Rotate the API key, break everything that uses it. | Revoke one agent's token. Everything else keeps working. |
 
-## How It Works
+**The CLI and MCP are the interface. Ogment is the infrastructure.**
 
-```
-AI Agent (Claude, Cursor, ChatGPT)
-    │
-    │  Ogment token (short-lived, revocable)
-    ▼
-┌─────────────────────────────────┐
-│       Ogment Vault Gateway      │
-│  ✓ Validate token               │
-│  ✓ Inject real credentials      │
-│  ✓ Log every tool call          │
-└──────────────┬──────────────────┘
-               │
-    ┌──────────┼──────────┐
-    ▼          ▼          ▼
-Salesforce   Linear    Snowflake
-```
+## Portability
+
+Define your integrations, permissions, and workflows once — connect from any AI client:
+
+| Client | How |
+|---|---|
+| **OpenClaw** | Agent calls `ogment` via `exec` tool |
+| **Cursor** | MCP config with Ogment endpoint |
+| **Claude Desktop** | MCP config with Ogment endpoint |
+| **ChatGPT** | MCP config with Ogment endpoint |
+| **Custom agents** | HTTP calls to Ogment's MCP proxy, or `ogment call` via subprocess |
 
-1. **`ogment login`** — OAuth2 flow, stores a bearer token locally
-2. **`ogment connect`** — Prints config snippet with token + MCP endpoint
-3. **Agent calls tools** — Through Ogment's MCP proxy, real credentials injected server-side
-4. **`ogment logout`** — Kill switch: revoke token, agent loses access instantly
+Same servers, same tools, same permissions — regardless of which AI client your team uses.
 
 ## Environment Variables
 
 | Variable | Default | Description |
 |---|---|---|
-| `OGMENT_BASE_URL` | `https://app.ogment.ai` | Ogment platform URL (for development) |
+| `OGMENT_BASE_URL` | `https://dashboard.ogment.ai` | Ogment platform URL |
 
 ## License
 

package/dist/api.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Ogment API client — calls the backend REST endpoints.
+ */
+export interface OgmentOrg {
+    orgSlug: string;
+    servers: {
+        name: string;
+        path: string;
+        enabled: boolean;
+    }[];
+}
+export interface OgmentMe {
+    email: string | null;
+    name: string | null;
+    orgs: OgmentOrg[];
+}
+export declare function fetchMe(token: string): Promise<OgmentMe>;
+//# sourceMappingURL=api.d.ts.map

package/dist/api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.d.ts","sourceRoot":"","sources":["../src/api.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,OAAO,CAAA;KAAE,EAAE,CAAC;CAC7D;AAED,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,IAAI,EAAE,SAAS,EAAE,CAAC;CACnB;AAMD,wBAAsB,OAAO,CAAC,KAAK,EAAE,MAAM,qBAW1C"}

package/dist/api.js

@@ -0,0 +1,17 @@
+/**
+ * Ogment API client — calls the backend REST endpoints.
+ */
+import { OGMENT_BASE_URL } from './config.js';
+// ---------------------------------------------------------------------------
+// /me — user identity + server list across all orgs
+// ---------------------------------------------------------------------------
+export async function fetchMe(token) {
+    const res = await fetch(`${OGMENT_BASE_URL}/api/v1/mcp-auth/me`, {
+        headers: { Authorization: `Bearer ${token}` },
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw new Error(`Failed to fetch account info (${res.status}): ${text}`);
+    }
+    return (await res.json());
+}

package/dist/auth.d.ts

@@ -10,12 +10,15 @@
  *   6. Exchange code for access token at /token
  *   7. Store credentials locally
  */
+export interface StoredOrg {
+    orgSlug: string;
+    servers: string[];
+}
 export interface StoredCredentials {
     accessToken: string;
     clientId: string;
     clientSecret: string | null;
-    orgSlug: string;
-    servers: string[];
+    orgs: StoredOrg[];
 }
 export declare function loadCredentials(): StoredCredentials | null;
 export declare function deleteCredentials(): void;
@@ -27,19 +30,11 @@ export declare function revokeToken(token: string, clientId: string, clientSecre
 /**
  * Runs the full OAuth2 Authorization Code + PKCE login flow.
  *
- * The `resourceUrl` tells the backend which MCP server the user wants to
- * connect to. This is required — the backend rejects auth requests without
- * an associated server.
+ * No resource URL needed — the backend now supports server-less OAuth
+ * for CLI login. After getting the token, we call /me to discover
+ * the user's org and servers.
  *
- * Returns the access token.
- */
-export declare function loginFlow(resourceUrl: string): Promise<{
-    accessToken: string;
-    clientId: string;
-    clientSecret: string | null;
-}>;
-/**
- * Run the login flow and store credentials with org + servers.
+ * Returns the stored credentials.
  */
-export declare function login(orgSlug: string, servers: string[], resourceUrl: string): Promise<StoredCredentials>;
+export declare function login(): Promise<StoredCredentials>;
 //# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAsBH,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAiCD,wBAAgB,eAAe,IAAI,iBAAiB,GAAG,IAAI,CAI1D;AASD,wBAAgB,iBAAiB,SAIhC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,sBAMjC;AAoED,wBAAsB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,iBAoB7F;AAmGD;;;;;;;;GAQG;AACH,wBAAsB,SAAS,CAAC,WAAW,EAAE,MAAM;;;;GA+ClD;AAED;;GAEG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,WAAW,EAAE,MAAM,8BAiBlF"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAsBH,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,EAAE,SAAS,EAAE,CAAC;CACnB;AAiCD,wBAAgB,eAAe,IAAI,iBAAiB,GAAG,IAAI,CAI1D;AASD,wBAAgB,iBAAiB,SAIhC;AAED;;GAEG;AACH,wBAAgB,kBAAkB,sBAMjC;AAoED,wBAAsB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,IAAI,iBAoB7F;AAgID;;;;;;;;GAQG;AACH,wBAAsB,KAAK,+BA8D1B"}

package/dist/auth.js

@@ -162,11 +162,12 @@ function waitForAuthCallback(port) {
         server.listen(port, CLI_REDIRECT_HOST, () => {
             // Server is ready
         });
-        // Timeout after 5 minutes
-        setTimeout(() => {
+        // Timeout after 5 minutes (unref so it doesn't block process exit)
+        const timeout = setTimeout(() => {
             server.close();
             reject(new Error('Login timed out. No callback received within 5 minutes.'));
         }, 5 * 60 * 1000);
+        timeout.unref();
     });
 }
 function getRandomPort() {
@@ -179,24 +180,52 @@ function getRandomPort() {
 // ---------------------------------------------------------------------------
 function successPage() {
     return `<!DOCTYPE html>
-<html>
-<head><title>Ogment CLI</title></head>
-<body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; display:flex; justify-content:center; align-items:center; height:100vh; margin:0; background:#f8f8fc;">
-  <div style="text-align:center;">
-    <h1 style="color:#6C5CE7;">✓ Logged in</h1>
-    <p style="color:#666;">You can close this window and return to your terminal.</p>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Ogment — Logged in</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; background: #f8f8fc; color: #333; }
+    .card { text-align: center; padding: 48px; border-radius: 16px; background: white; box-shadow: 0 2px 16px rgba(108, 92, 231, 0.08); max-width: 420px; }
+    .icon { font-size: 48px; margin-bottom: 16px; }
+    h1 { font-size: 24px; font-weight: 600; color: #6C5CE7; margin-bottom: 8px; }
+    p { font-size: 15px; color: #888; line-height: 1.5; }
+    .brand { font-size: 13px; color: #bbb; margin-top: 24px; }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <div class="icon">&#x1F99E;</div>
+    <h1>Ogment <3 Openclaw </h1>
+    <p>Authentication successful.<br>You can close this tab and return to your terminal.</p>
+    <p class="brand">ogment.ai</p>
   </div>
 </body>
 </html>`;
 }
 function errorPage(error, description) {
     return `<!DOCTYPE html>
-<html>
-<head><title>Ogment CLI — Error</title></head>
-<body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; display:flex; justify-content:center; align-items:center; height:100vh; margin:0; background:#f8f8fc;">
-  <div style="text-align:center;">
-    <h1 style="color:#e74c3c;">✗ Login failed</h1>
-    <p style="color:#666;">${description ?? error}</p>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <title>Ogment — Login failed</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; background: #f8f8fc; color: #333; }
+    .card { text-align: center; padding: 48px; border-radius: 16px; background: white; box-shadow: 0 2px 16px rgba(231, 76, 60, 0.08); max-width: 420px; }
+    .icon { font-size: 48px; margin-bottom: 16px; }
+    h1 { font-size: 24px; font-weight: 600; color: #e74c3c; margin-bottom: 8px; }
+    p { font-size: 15px; color: #888; line-height: 1.5; }
+    .error { font-size: 13px; color: #bbb; margin-top: 16px; font-family: monospace; }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <div class="icon">&#x26A0;&#xFE0F;</div>
+    <h1>Login failed</h1>
+    <p>${description ?? 'Something went wrong during authentication.'}</p>
+    <p class="error">${error}</p>
   </div>
 </body>
 </html>`;
@@ -207,13 +236,17 @@ function errorPage(error, description) {
 /**
  * Runs the full OAuth2 Authorization Code + PKCE login flow.
  *
- * The `resourceUrl` tells the backend which MCP server the user wants to
- * connect to. This is required — the backend rejects auth requests without
- * an associated server.
+ * No resource URL needed — the backend now supports server-less OAuth
+ * for CLI login. After getting the token, we call /me to discover
+ * the user's org and servers.
  *
- * Returns the access token.
+ * Returns the stored credentials.
  */
-export async function loginFlow(resourceUrl) {
+export async function login() {
+    const existing = loadCredentials();
+    if (existing?.accessToken) {
+        return existing;
+    }
     const port = getRandomPort();
     const redirectUri = `http://${CLI_REDIRECT_HOST}:${port}/callback`;
     // Step 1 — Register as OAuth client
@@ -221,7 +254,7 @@ export async function loginFlow(resourceUrl) {
     // Step 2 — Generate PKCE pair
     const codeVerifier = generateCodeVerifier();
     const codeChallenge = generateCodeChallenge(codeVerifier);
-    // Step 3 — Build authorization URL (including resource for server resolution)
+    // Step 3 — Build authorization URL (no resource — server-less login)
     const state = randomBytes(16).toString('hex');
     const authorizeUrl = new URL(OAUTH_AUTHORIZE_URL);
     authorizeUrl.searchParams.set('client_id', client.client_id);
@@ -230,7 +263,6 @@ export async function loginFlow(resourceUrl) {
     authorizeUrl.searchParams.set('code_challenge', codeChallenge);
     authorizeUrl.searchParams.set('code_challenge_method', 'S256');
     authorizeUrl.searchParams.set('state', state);
-    authorizeUrl.searchParams.set('resource', resourceUrl);
     // Step 4 — Start callback server, then open browser
     const callbackPromise = waitForAuthCallback(port);
     await open(authorizeUrl.toString());
@@ -247,28 +279,18 @@ export async function loginFlow(resourceUrl) {
         codeVerifier,
         redirectUri,
     });
-    return {
+    // Step 7 — Fetch user identity + servers from /me
+    const { fetchMe } = await import('./api.js');
+    const me = await fetchMe(tokenResponse.access_token);
+    // Step 8 — Store credentials
+    const creds = {
         accessToken: tokenResponse.access_token,
         clientId: client.client_id,
         clientSecret: client.client_secret ?? null,
-    };
-}
-/**
- * Run the login flow and store credentials with org + servers.
- */
-export async function login(orgSlug, servers, resourceUrl) {
-    const existing = loadCredentials();
-    if (existing?.accessToken) {
-        // Already logged in — just update the server list
-        const merged = [...new Set([...existing.servers, ...servers])];
-        saveCredentials({ ...existing, servers: merged });
-        return existing;
-    }
-    const result = await loginFlow(resourceUrl);
-    const creds = {
-        ...result,
-        orgSlug,
-        servers,
+        orgs: me.orgs.map((org) => ({
+            orgSlug: org.orgSlug,
+            servers: org.servers.map((s) => s.path),
+        })),
     };
     saveCredentials(creds);
     return creds;

package/dist/cli.js

@@ -22,10 +22,9 @@ program
 // ── login ──────────────────────────────────────────────────────────────────
 program
     .command('login')
-    .description('Authenticate with Ogment and configure servers')
-    .argument('[targets...]', 'org/server targets (e.g. ogment/main)')
-    .action(async (targets) => {
-    await loginCommand(targets);
+    .description('Authenticate with Ogment')
+    .action(async () => {
+    await loginCommand();
 });
 // ── servers ────────────────────────────────────────────────────────────────
 program
@@ -57,14 +56,14 @@ program.action(() => {
     console.log();
     console.log(`  ${BOLD('Commands:')}`);
     console.log();
-    console.log(`    ${BOLD('login')}     ${DIM('Authenticate and configure servers')}`);
+    console.log(`    ${BOLD('login')}     ${DIM('Authenticate with Ogment')}`);
     console.log(`    ${BOLD('servers')}   ${DIM('List servers or inspect tools')}`);
     console.log(`    ${BOLD('call')}      ${DIM('Call a tool on a server (returns JSON)')}`);
     console.log(`    ${BOLD('logout')}    ${DIM('Revoke token and delete credentials')}`);
     console.log();
     console.log(`  ${BOLD('Quick start:')}`);
     console.log();
-    console.log(`    ${DIM('$')} ogment login ${DIM('<org>/<server>')}`);
+    console.log(`    ${DIM('$')} ogment login`);
     console.log(`    ${DIM('$')} ogment servers`);
     console.log(`    ${DIM('$')} ogment call ${DIM('<server> <tool> [args-json]')}`);
     console.log();

package/dist/commands/call.d.ts

@@ -4,9 +4,8 @@
  * Usage:
  *   ogment call ecommerce-api get__health
  *   ogment call ecommerce-api get__api_products_ '{"limit":2}'
- *   ogment call ecommerce-api post__api_products_ '{"name":"Widget","price":9.99,"stock":100,"category":"gadgets"}'
  *
  * Always outputs JSON (designed for agent consumption via exec).
  */
-export declare function callCommand(serverPath: string | undefined, toolName: string | undefined, argsJson: string | undefined): Promise<void>;
+export declare function callCommand(serverPath: string, toolName: string, argsJson: string | undefined): Promise<void>;
 //# sourceMappingURL=call.d.ts.map

package/dist/commands/call.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"call.d.ts","sourceRoot":"","sources":["../../src/commands/call.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,QAAQ,EAAE,MAAM,GAAG,SAAS,iBA6B7B"}
+{"version":3,"file":"call.d.ts","sourceRoot":"","sources":["../../src/commands/call.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GAAG,SAAS,iBA6B7B"}

package/dist/commands/call.js

@@ -4,23 +4,23 @@
  * Usage:
  *   ogment call ecommerce-api get__health
  *   ogment call ecommerce-api get__api_products_ '{"limit":2}'
- *   ogment call ecommerce-api post__api_products_ '{"name":"Widget","price":9.99,"stock":100,"category":"gadgets"}'
  *
  * Always outputs JSON (designed for agent consumption via exec).
  */
 import { requireCredentials } from '../auth.js';
+import { fetchMe } from '../api.js';
 import { callTool } from '../mcp-client.js';
 export async function callCommand(serverPath, toolName, argsJson) {
-    if (!serverPath || !toolName) {
-        throw new Error('Usage: ogment call <server> <tool> [args-json]\n' +
-            'Example: ogment call ecommerce-api get__api_products_ \'{"limit":2}\'');
-    }
     const creds = requireCredentials();
-    if (!creds.servers.includes(serverPath)) {
-        throw new Error(`Server "${serverPath}" is not configured. Available: ${creds.servers.join(', ')}`);
+    const me = await fetchMe(creds.accessToken);
+    // Find the server across all orgs
+    const allServers = me.orgs.flatMap((org) => org.servers.map((s) => ({ ...s, orgSlug: org.orgSlug })));
+    const server = allServers.find((s) => s.path === serverPath);
+    if (!server) {
+        const available = allServers.map((s) => s.path).join(', ');
+        throw new Error(`Server "${serverPath}" not found. Available: ${available || 'none'}`);
     }
     const args = argsJson ? JSON.parse(argsJson) : {};
-    const result = await callTool(creds.orgSlug, serverPath, creds.accessToken, toolName, args);
-    // Output the result as JSON — this is what the agent reads via exec
+    const result = await callTool(server.orgSlug, serverPath, creds.accessToken, toolName, args);
     console.log(JSON.stringify(result, null, 2));
 }

package/dist/commands/login.d.ts

@@ -1,9 +1,8 @@
 /**
- * `ogment login <org/server> [more-servers...]` — Authenticate and configure servers.
+ * `ogment login` — Authenticate with the Ogment platform.
  *
- * The first argument must be org/server format (used as OAuth resource).
- * Additional arguments are extra server paths in the same org.
- * If already logged in, just adds new servers to the config.
+ * Zero arguments. Opens browser for OAuth, then auto-discovers
+ * orgs and servers via /me endpoint.
  */
-export declare function loginCommand(targets: string[]): Promise<void>;
+export declare function loginCommand(): Promise<void>;
 //# sourceMappingURL=login.d.ts.map

package/dist/commands/login.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAkBH,wBAAsB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,iBAqDnD"}
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,wBAAsB,YAAY,kBA2BjC"}

package/dist/commands/login.js

@@ -1,64 +1,34 @@
 /**
- * `ogment login <org/server> [more-servers...]` — Authenticate and configure servers.
+ * `ogment login` — Authenticate with the Ogment platform.
  *
- * The first argument must be org/server format (used as OAuth resource).
- * Additional arguments are extra server paths in the same org.
- * If already logged in, just adds new servers to the config.
+ * Zero arguments. Opens browser for OAuth, then auto-discovers
+ * orgs and servers via /me endpoint.
  */
 import ora from 'ora';
 import { loadCredentials, login } from '../auth.js';
-import { MCP_RESOURCE_URL } from '../config.js';
-import { blank, BOLD, DIM, heading, line, SYM, YELLOW } from '../ui.js';
-function parseTarget(target) {
-    const parts = target.split('/');
-    if (parts.length !== 2 || !parts[0] || !parts[1]) {
-        throw new Error(`Invalid target "${target}". Expected format: <org-slug>/<server-path> (e.g. ogment/main)`);
-    }
-    return { orgSlug: parts[0], serverPath: parts[1] };
-}
-export async function loginCommand(targets) {
-    if (targets.length === 0) {
-        heading('Log in to Ogment');
-        line(`${SYM.warn}  ${YELLOW('Provide at least one target:')} ${BOLD('ogment login <org>/<server>')}`);
-        blank();
-        line(`${DIM('Examples:')}`);
-        line(`  ${BOLD('ogment login ogment/ama-master-mcp')}`);
-        line(`  ${BOLD('ogment login ogment/ama-master-mcp ogment/sales')}`);
-        blank();
-        return;
-    }
-    // Parse the first target to get orgSlug
-    const first = parseTarget(targets[0]);
-    const orgSlug = first.orgSlug;
-    // Collect all server paths (first + any extras)
-    const servers = [first.serverPath];
-    for (let i = 1; i < targets.length; i++) {
-        const t = targets[i];
-        // Allow both "org/server" and just "server" for extra args
-        const path = t.includes('/') ? parseTarget(t).serverPath : t;
-        servers.push(path);
-    }
+import { blank, BOLD, DIM, heading, line, SYM } from '../ui.js';
+export async function loginCommand() {
     const existing = loadCredentials();
     if (existing?.accessToken) {
-        // Already logged in — merge new servers
         heading('Already logged in');
-        const creds = await login(orgSlug, servers, '');
-        line(`${SYM.check}  Servers configured: ${BOLD(creds.servers.join(', '))}`);
+        for (const org of existing.orgs) {
+            line(`${SYM.check}  ${BOLD(org.orgSlug)}: ${org.servers.join(', ') || DIM('no servers')}`);
+        }
         blank();
-        line(`${DIM('Start the bridge:')} ${BOLD('ogment serve')}`);
+        line(`${DIM('To re-authenticate, run')} ${BOLD('ogment logout')} ${DIM('first.')}`);
         blank();
         return;
     }
     heading('Log in to Ogment');
-    const resourceUrl = MCP_RESOURCE_URL(orgSlug, first.serverPath);
     const spinner = ora({ text: 'Opening browser…', color: 'magenta' }).start();
-    const creds = await login(orgSlug, servers, resourceUrl);
+    const creds = await login();
     spinner.succeed('Logged in');
     blank();
-    line(`${SYM.check}  Token stored in ${DIM('~/.config/ogment/credentials.json')}`);
-    line(`${SYM.bullet}  Org: ${BOLD(creds.orgSlug)}`);
-    line(`${SYM.bullet}  Servers: ${BOLD(creds.servers.join(', '))}`);
+    for (const org of creds.orgs) {
+        const serverList = org.servers.length > 0 ? org.servers.join(', ') : DIM('no servers');
+        line(`${SYM.check}  ${BOLD(org.orgSlug)}: ${serverList}`);
+    }
     blank();
-    line(`${DIM('Start the bridge:')} ${BOLD('ogment serve')}`);
+    line(`${DIM('Next:')} ${BOLD('ogment servers')} ${DIM('to see your tools')}`);
     blank();
 }

package/dist/commands/servers.d.ts

@@ -1,8 +1,10 @@
 /**
- * `ogment servers [path]` — List configured servers and inspect their tools.
+ * `ogment servers [path]` — List servers and inspect their tools.
+ *
+ * Fetches the live server list from /me (auto-refreshes on every call).
  *
  * Usage:
- *   ogment servers                     List all configured servers
+ *   ogment servers                     List all servers across all orgs
  *   ogment servers <path>              Show server details + tool list
  *   ogment servers --json              Machine-readable output
  *   ogment servers <path> --json       Machine-readable tool list

package/dist/commands/servers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"servers.d.ts","sourceRoot":"","sources":["../../src/commands/servers.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,wBAAsB,cAAc,CAClC,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,iBAsEzB"}
+{"version":3,"file":"servers.d.ts","sourceRoot":"","sources":["../../src/commands/servers.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAOH,wBAAsB,cAAc,CAClC,UAAU,EAAE,MAAM,GAAG,SAAS,EAC9B,IAAI,EAAE;IAAE,IAAI,CAAC,EAAE,OAAO,CAAA;CAAE,iBA6EzB"}

package/dist/commands/servers.js

@@ -1,32 +1,38 @@
 /**
- * `ogment servers [path]` — List configured servers and inspect their tools.
+ * `ogment servers [path]` — List servers and inspect their tools.
+ *
+ * Fetches the live server list from /me (auto-refreshes on every call).
  *
  * Usage:
- *   ogment servers                     List all configured servers
+ *   ogment servers                     List all servers across all orgs
  *   ogment servers <path>              Show server details + tool list
  *   ogment servers --json              Machine-readable output
  *   ogment servers <path> --json       Machine-readable tool list
  */
 import { requireCredentials } from '../auth.js';
+import { fetchMe } from '../api.js';
 import { fetchTools } from '../mcp-client.js';
 import { blank, BOLD, DIM, GREEN, heading, line, SYM } from '../ui.js';
 export async function serversCommand(serverPath, opts) {
     const creds = requireCredentials();
+    const me = await fetchMe(creds.accessToken);
+    // Flatten all servers with their org slug
+    const allServers = me.orgs.flatMap((org) => org.servers.map((s) => ({ ...s, orgSlug: org.orgSlug })));
     // ── List all servers ───────────────────────────────────────────────────
     if (!serverPath) {
         if (opts.json) {
-            console.log(JSON.stringify(creds.servers.map((path) => ({ path, orgSlug: creds.orgSlug })), null, 2));
+            console.log(JSON.stringify(allServers, null, 2));
             return;
         }
         heading('Your servers');
-        if (creds.servers.length === 0) {
-            line(`${DIM('No servers configured. Add one:')}`);
-            line(`  ${BOLD('ogment login <org>/<server>')}`);
+        if (allServers.length === 0) {
+            line(`${DIM('No servers found. Create one in the Ogment dashboard.')}`);
             blank();
             return;
         }
-        for (const path of creds.servers) {
-            line(`${SYM.bullet}  ${BOLD(path)}`);
+        for (const server of allServers) {
+            const status = server.enabled ? GREEN('enabled') : DIM('disabled');
+            line(`${SYM.bullet}  ${BOLD(server.path.padEnd(24))} ${server.name.padEnd(24)} ${DIM(server.orgSlug.padEnd(16))} ${status}`);
         }
         blank();
         line(`${DIM('Inspect a server:')} ${BOLD('ogment servers <path>')}`);
@@ -35,20 +41,25 @@ export async function serversCommand(serverPath, opts) {
         return;
     }
     // ── Server detail + tools ──────────────────────────────────────────────
-    if (!creds.servers.includes(serverPath)) {
-        throw new Error(`Server "${serverPath}" is not configured. Available: ${creds.servers.join(', ')}`);
+    const server = allServers.find((s) => s.path === serverPath);
+    if (!server) {
+        const available = allServers.map((s) => s.path).join(', ');
+        throw new Error(`Server "${serverPath}" not found. Available: ${available || 'none'}`);
     }
-    const tools = await fetchTools(creds.orgSlug, serverPath, creds.accessToken);
+    const tools = await fetchTools(server.orgSlug, serverPath, creds.accessToken);
     if (opts.json) {
         console.log(JSON.stringify({
-            path: serverPath,
-            orgSlug: creds.orgSlug,
+            name: server.name,
+            path: server.path,
+            enabled: server.enabled,
+            orgSlug: server.orgSlug,
             toolCount: tools.length,
             tools: tools.map((t) => ({ name: t.name, description: t.description })),
         }, null, 2));
         return;
     }
-    heading(`Server: ${serverPath}`);
+    heading(`${server.name} (${server.path})`);
+    line(`${BOLD('Org:')} ${server.orgSlug}`);
     line(`${BOLD('Tools:')} ${tools.length}`);
     blank();
     for (const tool of tools) {

package/dist/config.d.ts

@@ -3,8 +3,6 @@
  */
 /** Base URL of the Ogment platform (frontend). */
 export declare const OGMENT_BASE_URL: string;
-/** OAuth metadata endpoint. */
-export declare const OAUTH_METADATA_URL: string;
 /** OAuth endpoints (derived from base). */
 export declare const OAUTH_AUTHORIZE_URL: string;
 export declare const OAUTH_TOKEN_URL: string;
@@ -15,12 +13,6 @@ export declare const OAUTH_REVOKE_URL: string;
  * Uses path format: {BASE_URL}/api/v1/mcp/{orgSlug}/{serverPath}
  */
 export declare const MCP_ENDPOINT: (orgSlug: string, serverPath: string) => string;
-/**
- * Resource URL sent to the OAuth authorize endpoint.
- * The backend parses this to resolve the MCP server.
- * Uses subdomain format for resource identification (required by backend parser).
- */
-export declare const MCP_RESOURCE_URL: (orgSlug: string, serverPath: string) => string;
 /** Directory for CLI config & credentials. */
 export declare const CONFIG_DIR: string;
 /** Path to stored credentials file. */

package/dist/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AASH,kDAAkD;AAClD,eAAO,MAAM,eAAe,QACkC,CAAC;AAE/D,+BAA+B;AAC/B,eAAO,MAAM,kBAAkB,QAA8D,CAAC;AAE9F,2CAA2C;AAC3C,eAAO,MAAM,mBAAmB,QAAiD,CAAC;AAClF,eAAO,MAAM,eAAe,QAA6C,CAAC;AAC1E,eAAO,MAAM,kBAAkB,QAAgD,CAAC;AAChF,eAAO,MAAM,gBAAgB,QAA8C,CAAC;AAE5E;;;GAGG;AACH,eAAO,MAAM,YAAY,GAAI,SAAS,MAAM,EAAE,YAAY,MAAM,WACN,CAAC;AAE3D;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,MAAM,EAAE,YAAY,MAAM,WAGnE,CAAC;AAMF,8CAA8C;AAC9C,eAAO,MAAM,UAAU,QAAuC,CAAC;AAE/D,uCAAuC;AACvC,eAAO,MAAM,gBAAgB,QAAuC,CAAC;AAMrE,eAAO,MAAM,eAAe,eAAe,CAAC;AAC5C,eAAO,MAAM,iBAAiB,cAAc,CAAC;AAM7C,eAAO,MAAM,OAAO,UAAU,CAAC"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AASH,kDAAkD;AAClD,eAAO,MAAM,eAAe,QACkC,CAAC;AAE/D,2CAA2C;AAC3C,eAAO,MAAM,mBAAmB,QAAiD,CAAC;AAClF,eAAO,MAAM,eAAe,QAA6C,CAAC;AAC1E,eAAO,MAAM,kBAAkB,QAAgD,CAAC;AAChF,eAAO,MAAM,gBAAgB,QAA8C,CAAC;AAE5E;;;GAGG;AACH,eAAO,MAAM,YAAY,GAAI,SAAS,MAAM,EAAE,YAAY,MAAM,WACN,CAAC;AAO3D,8CAA8C;AAC9C,eAAO,MAAM,UAAU,QAAuC,CAAC;AAE/D,uCAAuC;AACvC,eAAO,MAAM,gBAAgB,QAAuC,CAAC;AAMrE,eAAO,MAAM,eAAe,eAAe,CAAC;AAC5C,eAAO,MAAM,iBAAiB,cAAc,CAAC;AAM7C,eAAO,MAAM,OAAO,UAAU,CAAC"}

package/dist/config.js

@@ -8,8 +8,6 @@ import { join } from 'node:path';
 // ---------------------------------------------------------------------------
 /** Base URL of the Ogment platform (frontend). */
 export const OGMENT_BASE_URL = process.env.OGMENT_BASE_URL ?? 'https://dashboard.ogment.ai';
-/** OAuth metadata endpoint. */
-export const OAUTH_METADATA_URL = `${OGMENT_BASE_URL}/.well-known/oauth-authorization-server`;
 /** OAuth endpoints (derived from base). */
 export const OAUTH_AUTHORIZE_URL = `${OGMENT_BASE_URL}/api/v1/mcp-auth/authorize`;
 export const OAUTH_TOKEN_URL = `${OGMENT_BASE_URL}/api/v1/mcp-auth/token`;
@@ -20,15 +18,6 @@ export const OAUTH_REVOKE_URL = `${OGMENT_BASE_URL}/api/v1/mcp-auth/revoke`;
  * Uses path format: {BASE_URL}/api/v1/mcp/{orgSlug}/{serverPath}
  */
 export const MCP_ENDPOINT = (orgSlug, serverPath) => `${OGMENT_BASE_URL}/api/v1/mcp/${orgSlug}/${serverPath}`;
-/**
- * Resource URL sent to the OAuth authorize endpoint.
- * The backend parses this to resolve the MCP server.
- * Uses subdomain format for resource identification (required by backend parser).
- */
-export const MCP_RESOURCE_URL = (orgSlug, serverPath) => {
-    const mcpDomain = process.env.OGMENT_MCP_DOMAIN ?? 'mcp.ogment.ai';
-    return `https://${orgSlug}.${mcpDomain}/${serverPath}`;
-};
 // ---------------------------------------------------------------------------
 // Local storage
 // ---------------------------------------------------------------------------

package/dist/mcp-client.d.ts

@@ -8,7 +8,7 @@ export interface McpTool {
     description: string;
     inputSchema: Record<string, unknown>;
 }
-export interface McpToolCallResult {
+interface McpToolCallResult {
     content: {
         type: string;
         text: string;
@@ -16,9 +16,9 @@ export interface McpToolCallResult {
     structuredContent?: unknown;
     isError?: boolean;
 }
-export declare function mcpRequest(orgSlug: string, serverPath: string, token: string, method: string, params?: Record<string, unknown>): Promise<unknown>;
 /** Fetch the list of tools available on a server. */
 export declare function fetchTools(orgSlug: string, serverPath: string, token: string): Promise<McpTool[]>;
 /** Call a tool on a server and return the result. */
 export declare function callTool(orgSlug: string, serverPath: string, token: string, toolName: string, args: Record<string, unknown>): Promise<McpToolCallResult>;
+export {};
 //# sourceMappingURL=mcp-client.d.ts.map

package/dist/mcp-client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mcp-client.d.ts","sourceRoot":"","sources":["../src/mcp-client.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAC1C,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAMD,wBAAsB,UAAU,CAC9B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,oBAgCjC;AAMD,qDAAqD;AACrD,wBAAsB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,sBAKlF;AAED,qDAAqD;AACrD,wBAAsB,QAAQ,CAC5B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,8BAM9B"}
+{"version":3,"file":"mcp-client.d.ts","sourceRoot":"","sources":["../src/mcp-client.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAED,UAAU,iBAAiB;IACzB,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAC1C,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAiDD,qDAAqD;AACrD,wBAAsB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,sBAKlF;AAED,qDAAqD;AACrD,wBAAsB,QAAQ,CAC5B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,8BAM9B"}

package/dist/mcp-client.js

@@ -7,7 +7,7 @@ import { MCP_ENDPOINT } from './config.js';
 // ---------------------------------------------------------------------------
 // Core JSON-RPC request
 // ---------------------------------------------------------------------------
-export async function mcpRequest(orgSlug, serverPath, token, method, params) {
+async function mcpRequest(orgSlug, serverPath, token, method, params) {
     const endpoint = MCP_ENDPOINT(orgSlug, serverPath);
     const body = {
         jsonrpc: '2.0',

package/dist/ui.d.ts

@@ -7,7 +7,6 @@ export declare const BOLD: import("chalk").ChalkInstance;
 export declare const GREEN: import("chalk").ChalkInstance;
 export declare const RED: import("chalk").ChalkInstance;
 export declare const YELLOW: import("chalk").ChalkInstance;
-export declare const CYAN: import("chalk").ChalkInstance;
 export declare const SYM: {
     readonly arrow: string;
     readonly bullet: string;
@@ -19,6 +18,4 @@ export declare const SYM: {
 export declare function heading(text: string): void;
 export declare function line(text: string, indent?: number): void;
 export declare function blank(): void;
-export declare function section(title: string): void;
-export declare function configSnippet(title: string, filename: string, json: Record<string, unknown>): void;
 //# sourceMappingURL=ui.d.ts.map

package/dist/ui.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ui.d.ts","sourceRoot":"","sources":["../src/ui.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,eAAO,MAAM,KAAK,QAAsC,CAAC;AACzD,eAAO,MAAM,GAAG,+BAAY,CAAC;AAC7B,eAAO,MAAM,IAAI,+BAAa,CAAC;AAC/B,eAAO,MAAM,KAAK,+BAAc,CAAC;AACjC,eAAO,MAAM,GAAG,+BAAY,CAAC;AAC7B,eAAO,MAAM,MAAM,+BAAe,CAAC;AACnC,eAAO,MAAM,IAAI,+BAAa,CAAC;AAM/B,eAAO,MAAM,GAAG;;;;;;;CAON,CAAC;AAMX,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,QAInC;AAED,wBAAgB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,SAAI,QAE5C;AAED,wBAAgB,KAAK,SAEpB;AAED,wBAAgB,OAAO,CAAC,KAAK,EAAE,MAAM,QAMpC;AAMD,wBAAgB,aAAa,CAC3B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,QAQ9B"}
+{"version":3,"file":"ui.d.ts","sourceRoot":"","sources":["../src/ui.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,eAAO,MAAM,KAAK,QAAsC,CAAC;AACzD,eAAO,MAAM,GAAG,+BAAY,CAAC;AAC7B,eAAO,MAAM,IAAI,+BAAa,CAAC;AAC/B,eAAO,MAAM,KAAK,+BAAc,CAAC;AACjC,eAAO,MAAM,GAAG,+BAAY,CAAC;AAC7B,eAAO,MAAM,MAAM,+BAAe,CAAC;AAMnC,eAAO,MAAM,GAAG;;;;;;;CAON,CAAC;AAMX,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,QAInC;AAED,wBAAgB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,SAAI,QAE5C;AAED,wBAAgB,KAAK,SAEpB"}

package/dist/ui.js

@@ -11,7 +11,6 @@ export const BOLD = chalk.bold;
 export const GREEN = chalk.green;
 export const RED = chalk.red;
 export const YELLOW = chalk.yellow;
-export const CYAN = chalk.cyan;
 // ---------------------------------------------------------------------------
 // Symbols
 // ---------------------------------------------------------------------------
@@ -37,19 +36,3 @@ export function line(text, indent = 2) {
 export function blank() {
     console.log();
 }
-export function section(title) {
-    console.log();
-    console.log(`  ${DIM('──')} ${BOLD(title)} ${DIM('─'.repeat(Math.max(0, 48 - title.length)))}`);
-    console.log();
-}
-// ---------------------------------------------------------------------------
-// Config snippet formatter
-// ---------------------------------------------------------------------------
-export function configSnippet(title, filename, json) {
-    line(`${BOLD(title)} ${DIM(`(${filename}):`)}`, 4);
-    const jsonStr = JSON.stringify(json, null, 2);
-    for (const jsonLine of jsonStr.split('\n')) {
-        line(DIM(jsonLine), 6);
-    }
-    blank();
-}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ogment",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Ogment Vault CLI — secure your AI agents' SaaS credentials",
   "type": "module",
   "bin": {