postgresai 0.11.0-alpha.9 → 0.12.0-alpha.14

package/bin/postgres-ai.ts

@@ -12,6 +12,9 @@ import { promisify } from "util";
 import * as readline from "readline";
 import * as http from "https";
 import { URL } from "url";
+import { startMcpServer } from "../lib/mcp-server";
+import { fetchIssues } from "../lib/issues";
+import { resolveBaseUrls } from "../lib/util";
 
 const execPromise = promisify(exec);
 const execFilePromise = promisify(execFile);
@@ -116,10 +119,24 @@ const stub = (name: string) => async (): Promise<void> => {
  * Resolve project paths
  */
 function resolvePaths(): PathResolution {
-  const projectDir = process.cwd();
-  const composeFile = path.resolve(projectDir, "docker-compose.yml");
-  const instancesFile = path.resolve(projectDir, "instances.yml");
-  return { fs, path, projectDir, composeFile, instancesFile };
+  const startDir = process.cwd();
+  let currentDir = startDir;
+
+  while (true) {
+    const composeFile = path.resolve(currentDir, "docker-compose.yml");
+    if (fs.existsSync(composeFile)) {
+      const instancesFile = path.resolve(currentDir, "instances.yml");
+      return { fs, path, projectDir: currentDir, composeFile, instancesFile };
+    }
+
+    const parentDir = path.dirname(currentDir);
+    if (parentDir === currentDir) break;
+    currentDir = parentDir;
+  }
+
+  throw new Error(
+    `docker-compose.yml not found. Run monitoring commands from the PostgresAI project directory or one of its subdirectories (starting search from ${startDir}).`
+  );
 }
 
 /**
@@ -137,7 +154,15 @@ function getComposeCmd(): string[] | null {
  * Run docker compose command
  */
 async function runCompose(args: string[]): Promise<number> {
-  const { composeFile } = resolvePaths();
+  let composeFile: string;
+  try {
+    ({ composeFile } = resolvePaths());
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error);
+    console.error(message);
+    process.exitCode = 1;
+    return 1;
+  }
   const cmd = getComposeCmd();
   if (!cmd) {
     console.error("docker compose not found (need docker-compose or docker compose)");
@@ -154,10 +179,12 @@ program.command("help", { isDefault: true }).description("show help").action(()
   program.outputHelp();
 });
 
-// Service lifecycle
-program
+// Monitoring services management
+const mon = program.command("mon").description("monitoring services management");
+
+mon
   .command("quickstart")
-  .description("complete setup (generate config, start services)")
+  .description("complete setup (generate config, start monitoring services)")
   .option("--demo", "demo mode", false)
   .action(async () => {
     const code1 = await runCompose(["run", "--rm", "sources-generator"]);
@@ -168,47 +195,46 @@ program
     const code2 = await runCompose(["up", "-d"]);
     if (code2 !== 0) process.exitCode = code2;
   });
-program
-  .command("install")
-  .description("prepare project (no-op in repo checkout)")
-  .action(async () => {
-    console.log("Project files present; nothing to install.");
-  });
-program
+
+mon
   .command("start")
-  .description("start services")
+  .description("start monitoring services")
   .action(async () => {
     const code = await runCompose(["up", "-d"]);
     if (code !== 0) process.exitCode = code;
   });
-program
+
+mon
   .command("stop")
-  .description("stop services")
+  .description("stop monitoring services")
   .action(async () => {
     const code = await runCompose(["down"]);
     if (code !== 0) process.exitCode = code;
   });
-program
+
+mon
   .command("restart [service]")
-  .description("restart all services or specific service")
+  .description("restart all monitoring services or specific service")
   .action(async (service?: string) => {
     const args = ["restart"];
     if (service) args.push(service);
     const code = await runCompose(args);
     if (code !== 0) process.exitCode = code;
   });
-program
+
+mon
   .command("status")
-  .description("show service status")
+  .description("show monitoring services status")
   .action(async () => {
     const code = await runCompose(["ps"]);
     if (code !== 0) process.exitCode = code;
   });
-program
+
+mon
   .command("logs [service]")
   .option("-f, --follow", "follow logs", false)
   .option("--tail <lines>", "number of lines to show from the end of logs", "all")
-  .description("show logs for all or specific service")
+  .description("show logs for all or specific monitoring service")
   .action(async (service: string | undefined, opts: { follow: boolean; tail: string }) => {
     const args: string[] = ["logs"];
     if (opts.follow) args.push("-f");
@@ -217,9 +243,9 @@ program
     const code = await runCompose(args);
     if (code !== 0) process.exitCode = code;
   });
-program
+mon
   .command("health")
-  .description("health check")
+  .description("health check for monitoring services")
   .option("--wait <seconds>", "wait time in seconds for services to become healthy", parseInt, 0)
   .action(async (opts: { wait: number }) => {
     const services: HealthService[] = [
@@ -244,15 +270,20 @@ program
       allHealthy = true;
       for (const service of services) {
         try {
-          const { stdout } = await execPromise(
-            `curl -sf -o /dev/null -w "%{http_code}" ${service.url}`,
-            { timeout: 5000 }
-          );
-          const code = stdout.trim();
-          if (code === "200") {
+          // Use native fetch instead of requiring curl to be installed
+          const controller = new AbortController();
+          const timeoutId = setTimeout(() => controller.abort(), 5000);
+          
+          const response = await fetch(service.url, {
+            signal: controller.signal,
+            method: 'GET',
+          });
+          clearTimeout(timeoutId);
+          
+          if (response.status === 200) {
             console.log(`✓ ${service.name}: healthy`);
           } else {
-            console.log(`✗ ${service.name}: unhealthy (HTTP ${code})`);
+            console.log(`✗ ${service.name}: unhealthy (HTTP ${response.status})`);
             allHealthy = false;
           }
         } catch (error) {
@@ -274,11 +305,21 @@ program
       process.exitCode = 1;
     }
   });
-program
+mon
   .command("config")
-  .description("show configuration")
+  .description("show monitoring services configuration")
   .action(async () => {
-    const { fs, projectDir, composeFile, instancesFile } = resolvePaths();
+    let projectDir: string;
+    let composeFile: string;
+    let instancesFile: string;
+    try {
+      ({ projectDir, composeFile, instancesFile } = resolvePaths());
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      console.error(message);
+      process.exitCode = 1;
+      return;
+    }
     console.log(`Project Directory: ${projectDir}`);
     console.log(`Docker Compose File: ${composeFile}`);
     console.log(`Instances File: ${instancesFile}`);
@@ -289,16 +330,16 @@ program
       if (!/\n$/.test(text)) console.log();
     }
   });
-program
+mon
   .command("update-config")
-  .description("apply configuration (generate sources)")
+  .description("apply monitoring services configuration (generate sources)")
   .action(async () => {
     const code = await runCompose(["run", "--rm", "sources-generator"]);
     if (code !== 0) process.exitCode = code;
   });
-program
+mon
   .command("update")
-  .description("update project")
+  .description("update monitoring stack")
   .action(async () => {
     console.log("Updating PostgresAI monitoring stack...\n");
     
@@ -331,8 +372,8 @@ program
       
       if (code === 0) {
         console.log("\n✓ Update completed successfully");
-        console.log("\nTo apply updates, restart services:");
-        console.log("  postgres-ai restart");
+        console.log("\nTo apply updates, restart monitoring services:");
+        console.log("  postgres-ai mon restart");
       } else {
         console.error("\n✗ Docker image update failed");
         process.exitCode = 1;
@@ -343,9 +384,9 @@ program
       process.exitCode = 1;
     }
   });
-program
+mon
   .command("reset [service]")
-  .description("reset all or specific service")
+  .description("reset all or specific monitoring service")
   .action(async (service?: string) => {
     const rl = readline.createInterface({
       input: process.stdin,
@@ -414,9 +455,9 @@ program
       process.exitCode = 1;
     }
   });
-program
+mon
   .command("clean")
-  .description("cleanup artifacts")
+  .description("cleanup monitoring services artifacts")
   .action(async () => {
     console.log("Cleaning up Docker resources...\n");
     
@@ -450,25 +491,27 @@ program
       process.exitCode = 1;
     }
   });
-program
+mon
   .command("shell <service>")
-  .description("open service shell")
+  .description("open shell to monitoring service")
   .action(async (service: string) => {
     const code = await runCompose(["exec", service, "/bin/sh"]);
     if (code !== 0) process.exitCode = code;
   });
-program
+mon
   .command("check")
-  .description("system readiness check")
+  .description("monitoring services system readiness check")
   .action(async () => {
     const code = await runCompose(["ps"]);
     if (code !== 0) process.exitCode = code;
   });
 
-// Instance management
-program
-  .command("list-instances")
-  .description("list instances")
+// Monitoring targets (databases to monitor)
+const targets = mon.command("targets").description("manage databases to monitor");
+
+targets
+  .command("list")
+  .description("list monitoring target databases")
   .action(async () => {
     const instancesPath = path.resolve(process.cwd(), "instances.yml");
     if (!fs.existsSync(instancesPath)) {
@@ -482,32 +525,32 @@ program
       const instances = yaml.load(content) as Instance[] | null;
       
       if (!instances || !Array.isArray(instances) || instances.length === 0) {
-        console.log("No instances configured");
+        console.log("No monitoring targets configured");
         console.log("");
-        console.log("To add an instance:");
-        console.log("  postgres-ai add-instance <connection-string> <name>");
+        console.log("To add a monitoring target:");
+        console.log("  postgres-ai mon targets add <connection-string> <name>");
         console.log("");
         console.log("Example:");
-        console.log("  postgres-ai add-instance 'postgresql://user:pass@host:5432/db' my-db");
+        console.log("  postgres-ai mon targets add 'postgresql://user:pass@host:5432/db' my-db");
         return;
       }
       
-      // Filter out demo placeholder
-      const filtered = instances.filter((inst) => inst.name && inst.name !== "target-database");
+      // Filter out disabled instances (e.g., demo placeholders)
+      const filtered = instances.filter((inst) => inst.name && inst.is_enabled !== false);
       
       if (filtered.length === 0) {
-        console.log("No instances configured");
+        console.log("No monitoring targets configured");
         console.log("");
-        console.log("To add an instance:");
-        console.log("  postgres-ai add-instance <connection-string> <name>");
+        console.log("To add a monitoring target:");
+        console.log("  postgres-ai mon targets add <connection-string> <name>");
         console.log("");
         console.log("Example:");
-        console.log("  postgres-ai add-instance 'postgresql://user:pass@host:5432/db' my-db");
+        console.log("  postgres-ai mon targets add 'postgresql://user:pass@host:5432/db' my-db");
         return;
       }
       
       for (const inst of filtered) {
-        console.log(`Instance: ${inst.name}`);
+        console.log(`Target: ${inst.name}`);
       }
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
@@ -515,9 +558,9 @@ program
       process.exitCode = 1;
     }
   });
-program
-  .command("add-instance [connStr] [name]")
-  .description("add instance")
+targets
+  .command("add [connStr] [name]")
+  .description("add monitoring target database")
   .action(async (connStr?: string, name?: string) => {
     const file = path.resolve(process.cwd(), "instances.yml");
     if (!connStr) {
@@ -543,7 +586,7 @@ program
         if (Array.isArray(instances)) {
           const exists = instances.some((inst) => inst.name === instanceName);
           if (exists) {
-            console.error(`Instance '${instanceName}' already exists`);
+            console.error(`Monitoring target '${instanceName}' already exists`);
             process.exitCode = 1;
             return;
           }
@@ -553,7 +596,7 @@ program
       // If YAML parsing fails, fall back to simple check
       const content = fs.existsSync(file) ? fs.readFileSync(file, "utf8") : "";
       if (new RegExp(`^- name: ${instanceName}$`, "m").test(content)) {
-        console.error(`Instance '${instanceName}' already exists`);
+        console.error(`Monitoring target '${instanceName}' already exists`);
         process.exitCode = 1;
         return;
       }
@@ -563,11 +606,11 @@ program
     const body = `- name: ${instanceName}\n  conn_str: ${connStr}\n  preset_metrics: full\n  custom_metrics:\n  is_enabled: true\n  group: default\n  custom_tags:\n    env: production\n    cluster: default\n    node_name: ${instanceName}\n    sink_type: ~sink_type~\n`;
     const content = fs.existsSync(file) ? fs.readFileSync(file, "utf8") : "";
     fs.appendFileSync(file, (content && !/\n$/.test(content) ? "\n" : "") + body, "utf8");
-    console.log(`Instance '${instanceName}' added`);
+    console.log(`Monitoring target '${instanceName}' added`);
   });
-program
-  .command("remove-instance <name>")
-  .description("remove instance")
+targets
+  .command("remove <name>")
+  .description("remove monitoring target database")
   .action(async (name: string) => {
     const file = path.resolve(process.cwd(), "instances.yml");
     if (!fs.existsSync(file)) {
@@ -589,22 +632,22 @@ program
       const filtered = instances.filter((inst) => inst.name !== name);
       
       if (filtered.length === instances.length) {
-        console.error(`Instance '${name}' not found`);
+        console.error(`Monitoring target '${name}' not found`);
         process.exitCode = 1;
         return;
       }
       
       fs.writeFileSync(file, yaml.dump(filtered), "utf8");
-      console.log(`Instance '${name}' removed`);
+      console.log(`Monitoring target '${name}' removed`);
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
       console.error(`Error processing instances.yml: ${message}`);
       process.exitCode = 1;
     }
   });
-program
-  .command("test-instance <name>")
-  .description("test instance connectivity")
+targets
+  .command("test <name>")
+  .description("test monitoring target database connectivity")
   .action(async (name: string) => {
     const instancesPath = path.resolve(process.cwd(), "instances.yml");
     if (!fs.existsSync(instancesPath)) {
@@ -626,26 +669,31 @@ program
       const instance = instances.find((inst) => inst.name === name);
       
       if (!instance) {
-        console.error(`Instance '${name}' not found`);
+        console.error(`Monitoring target '${name}' not found`);
         process.exitCode = 1;
         return;
       }
       
       if (!instance.conn_str) {
-        console.error(`Connection string not found for instance '${name}'`);
+        console.error(`Connection string not found for monitoring target '${name}'`);
         process.exitCode = 1;
         return;
       }
       
-      console.log(`Testing connection to '${name}'...`);
+      console.log(`Testing connection to monitoring target '${name}'...`);
       
-      const { stdout, stderr } = await execFilePromise(
-        "psql",
-        [instance.conn_str, "-c", "SELECT version();", "--no-psqlrc"],
-        { timeout: 10000, env: { ...process.env, PAGER: 'cat' } }
-      );
-      console.log(`✓ Connection successful`);
-      console.log(stdout.trim());
+      // Use native pg client instead of requiring psql to be installed
+      const { Client } = require('pg');
+      const client = new Client({ connectionString: instance.conn_str });
+      
+      try {
+        await client.connect();
+        const result = await client.query('select version();');
+        console.log(`✓ Connection successful`);
+        console.log(result.rows[0].version);
+      } finally {
+        await client.end();
+      }
     } catch (error) {
       const message = error instanceof Error ? error.message : String(error);
       console.error(`✗ Connection failed: ${message}`);
@@ -669,9 +717,8 @@ program
     const params = pkce.generatePKCEParams();
 
     const rootOpts = program.opts<CliOptions>();
-
-    const apiBaseUrl = (rootOpts.apiBaseUrl || process.env.PGAI_API_BASE_URL || "https://postgres.ai/api/general/").replace(/\/$/, "");
-    const uiBaseUrl = (rootOpts.uiBaseUrl || process.env.PGAI_UI_BASE_URL || "https://console.postgres.ai").replace(/\/$/, "");
+    const cfg = config.readConfig();
+    const { apiBaseUrl, uiBaseUrl } = resolveBaseUrls(rootOpts, cfg);
     
     if (opts.debug) {
       console.log(`Debug: Resolved API base URL: ${apiBaseUrl}`);
@@ -682,7 +729,7 @@ program
       // Step 1: Start local callback server FIRST to get actual port
       console.log("Starting local callback server...");
       const requestedPort = opts.port || 0; // 0 = OS assigns available port
-      const callbackServer = authServer.createCallbackServer(requestedPort, params.state, 300000);
+      const callbackServer = authServer.createCallbackServer(requestedPort, params.state, 120000); // 2 minute timeout
       
       // Wait a bit for server to start and get port
       await new Promise(resolve => setTimeout(resolve, 100));
@@ -724,10 +771,20 @@ program
           res.on("end", async () => {
             if (res.statusCode !== 200) {
               console.error(`Failed to initialize auth session: ${res.statusCode}`);
-              console.error(data);
+              
+              // Check if response is HTML (common for 404 pages)
+              if (data.trim().startsWith("<!") || data.trim().startsWith("<html")) {
+                console.error("Error: Received HTML response instead of JSON. This usually means:");
+                console.error("  1. The API endpoint URL is incorrect");
+                console.error("  2. The endpoint does not exist (404)");
+                console.error(`\nAPI URL attempted: ${initUrl.toString()}`);
+                console.error("\nPlease verify the --api-base-url parameter.");
+              } else {
+                console.error(data);
+              }
+              
               callbackServer.server.close();
-              process.exitCode = 1;
-              return;
+              process.exit(1);
             }
             
             // Step 3: Open browser
@@ -748,9 +805,22 @@ program
             
             // Step 4: Wait for callback
             console.log("Waiting for authorization...");
+            console.log("(Press Ctrl+C to cancel)\n");
+            
+            // Handle Ctrl+C gracefully
+            const cancelHandler = () => {
+              console.log("\n\nAuthentication cancelled by user.");
+              callbackServer.server.close();
+              process.exit(130); // Standard exit code for SIGINT
+            };
+            process.on("SIGINT", cancelHandler);
+            
             try {
               const { code } = await callbackServer.promise;
               
+              // Remove the cancel handler after successful auth
+              process.off("SIGINT", cancelHandler);
+              
               // Step 5: Exchange code for token
               console.log("\nExchanging authorization code for API token...");
               const exchangeData = JSON.stringify({
@@ -758,7 +828,6 @@ program
                 code_verifier: params.codeVerifier,
                 state: params.state,
               });
-              
               const exchangeUrl = new URL(`${apiBaseUrl}/rpc/oauth_token_exchange`);
               const exchangeReq = http.request(
                 exchangeUrl,
@@ -770,20 +839,31 @@ program
                   },
                 },
                 (exchangeRes) => {
-                  let exchangeData = "";
-                  exchangeRes.on("data", (chunk) => (exchangeData += chunk));
+                  let exchangeBody = "";
+                  exchangeRes.on("data", (chunk) => (exchangeBody += chunk));
                   exchangeRes.on("end", () => {
                     if (exchangeRes.statusCode !== 200) {
                       console.error(`Failed to exchange code for token: ${exchangeRes.statusCode}`);
-                      console.error(exchangeData);
-                      process.exitCode = 1;
+                      
+                      // Check if response is HTML (common for 404 pages)
+                      if (exchangeBody.trim().startsWith("<!") || exchangeBody.trim().startsWith("<html")) {
+                        console.error("Error: Received HTML response instead of JSON. This usually means:");
+                        console.error("  1. The API endpoint URL is incorrect");
+                        console.error("  2. The endpoint does not exist (404)");
+                        console.error(`\nAPI URL attempted: ${exchangeUrl.toString()}`);
+                        console.error("\nPlease verify the --api-base-url parameter.");
+                      } else {
+                        console.error(exchangeBody);
+                      }
+                      
+                      process.exit(1);
                       return;
                     }
                     
                     try {
-                      const result = JSON.parse(exchangeData);
-                      const apiToken = result.api_token;
-                      const orgId = result.org_id;
+                      const result = JSON.parse(exchangeBody);
+                      const apiToken = result.api_token || result?.[0]?.result?.api_token; // There is a bug with PostgREST Caching that may return an array, not single object, it's a workaround to support both cases.
+                      const orgId = result.org_id || result?.[0]?.result?.org_id; // There is a bug with PostgREST Caching that may return an array, not single object, it's a workaround to support both cases.
                       
                       // Step 6: Save token to config
                       config.writeConfig({
@@ -796,10 +876,11 @@ program
                       console.log(`API key saved to: ${config.getConfigPath()}`);
                       console.log(`Organization ID: ${orgId}`);
                       console.log(`\nYou can now use the CLI without specifying an API key.`);
+                      process.exit(0);
                     } catch (err) {
                       const message = err instanceof Error ? err.message : String(err);
                       console.error(`Failed to parse response: ${message}`);
-                      process.exitCode = 1;
+                      process.exit(1);
                     }
                   });
                 }
@@ -807,16 +888,28 @@ program
               
               exchangeReq.on("error", (err: Error) => {
                 console.error(`Exchange request failed: ${err.message}`);
-                process.exitCode = 1;
+                process.exit(1);
               });
               
               exchangeReq.write(exchangeData);
               exchangeReq.end();
               
             } catch (err) {
+              // Remove the cancel handler in error case too
+              process.off("SIGINT", cancelHandler);
+              
               const message = err instanceof Error ? err.message : String(err);
-              console.error(`\nAuthentication failed: ${message}`);
-              process.exitCode = 1;
+              
+              // Provide more helpful error messages
+              if (message.includes("timeout")) {
+                console.error(`\nAuthentication timed out.`);
+                console.error(`This usually means you closed the browser window without completing authentication.`);
+                console.error(`Please try again and complete the authentication flow.`);
+              } else {
+                console.error(`\nAuthentication failed: ${message}`);
+              }
+              
+              process.exit(1);
             }
           });
         }
@@ -825,7 +918,7 @@ program
       initReq.on("error", (err: Error) => {
         console.error(`Failed to connect to API: ${err.message}`);
         callbackServer.server.close();
-        process.exitCode = 1;
+        process.exit(1);
       });
       
       initReq.write(initData);
@@ -834,7 +927,7 @@ program
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
       console.error(`Authentication error: ${message}`);
-      process.exitCode = 1;
+      process.exit(1);
     }
   });
 
@@ -856,13 +949,8 @@ program
       console.log(`\nTo authenticate, run: pgai auth`);
       return;
     }
-    const mask = (k: string): string => {
-      if (k.length <= 8) return "****";
-      if (k.length <= 16) return `${k.slice(0, 4)}${"*".repeat(k.length - 8)}${k.slice(-4)}`;
-      // For longer keys, show more of the beginning to help identify them
-      return `${k.slice(0, Math.min(12, k.length - 8))}${"*".repeat(Math.max(4, k.length - 16))}${k.slice(-4)}`;
-    };
-    console.log(`Current API key: ${mask(cfg.apiKey)}`);
+    const { maskSecret } = require("../lib/util");
+    console.log(`Current API key: ${maskSecret(cfg.apiKey)}`);
     if (cfg.orgId) {
       console.log(`Organization ID: ${cfg.orgId}`);
     }
@@ -908,9 +996,9 @@ program
     console.log("API key removed");
     console.log(`\nTo authenticate again, run: pgai auth`);
   });
-program
+mon
   .command("generate-grafana-password")
-  .description("generate Grafana password")
+  .description("generate Grafana password for monitoring services")
   .action(async () => {
     const cfgPath = path.resolve(process.cwd(), ".pgwatch-config");
     
@@ -950,8 +1038,8 @@ program
       console.log("  URL:      http://localhost:3000");
       console.log("  Username: monitor");
       console.log(`  Password: ${newPassword}`);
-      console.log("\nRestart Grafana to apply:");
-      console.log("  postgres-ai restart grafana");
+      console.log("\nReset Grafana to apply new password:");
+      console.log("  postgres-ai mon reset grafana");
     } catch (error) {
       const message = error instanceof Error ? error.message : String(error);
       console.error(`Failed to generate password: ${message}`);
@@ -959,13 +1047,13 @@ program
       process.exitCode = 1;
     }
   });
-program
+mon
   .command("show-grafana-credentials")
-  .description("show Grafana credentials")
+  .description("show Grafana credentials for monitoring services")
   .action(async () => {
     const cfgPath = path.resolve(process.cwd(), ".pgwatch-config");
     if (!fs.existsSync(cfgPath)) {
-      console.error("Configuration file not found. Run 'quickstart' first.");
+      console.error("Configuration file not found. Run 'postgres-ai mon quickstart' first.");
       process.exitCode = 1;
       return;
     }
@@ -999,5 +1087,51 @@ program
     console.log("");
   });
 
+// Issues management
+const issues = program.command("issues").description("issues management");
+
+issues
+  .command("list")
+  .description("list issues")
+  .option("--debug", "enable debug output")
+  .action(async (opts: { debug?: boolean }) => {
+    try {
+      const rootOpts = program.opts<CliOptions>();
+      const cfg = config.readConfig();
+      const { apiKey } = getConfig(rootOpts);
+      if (!apiKey) {
+        console.error("API key is required. Run 'pgai auth' first or set --api-key.");
+        process.exitCode = 1;
+        return;
+      }
+
+      const { apiBaseUrl } = resolveBaseUrls(rootOpts, cfg);
+
+      const result = await fetchIssues({ apiKey, apiBaseUrl, debug: !!opts.debug });
+      if (typeof result === "string") {
+        process.stdout.write(result);
+        if (!/\n$/.test(result)) console.log();
+      } else {
+        console.log(JSON.stringify(result, null, 2));
+      }
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.error(message);
+      process.exitCode = 1;
+    }
+  });
+
+// MCP server
+const mcp = program.command("mcp").description("MCP server integration");
+
+mcp
+  .command("start")
+  .description("start MCP stdio server")
+  .option("--debug", "enable debug output")
+  .action(async (opts: { debug?: boolean }) => {
+    const rootOpts = program.opts<CliOptions>();
+    await startMcpServer(rootOpts, { debug: !!opts.debug });
+  });
+
 program.parseAsync(process.argv);