npm - reallink-cli - Versions diffs - 0.1.11 → 0.1.13 - Mend

reallink-cli 0.1.11 → 0.1.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +149 -0
package/package.json +4 -3
package/prebuilt/win32-x64/reallink-cli.exe +0 -0
package/rust/Cargo.lock +121 -1
package/rust/Cargo.toml +3 -1
package/rust/src/generated/contract.rs +52 -0
package/rust/src/generated/mod.rs +1 -0
package/rust/src/logs.rs +277 -0
package/rust/src/main.rs +3927 -357
package/rust/src/unreal.rs +266 -0

package/rust/src/main.rs CHANGED Viewed

@@ -1,9 +1,10 @@
 use anyhow::{anyhow, Context, Result};
-use clap::{ArgAction, Args, Parser, Subcommand};
+use clap::{ArgAction, Args, Parser, Subcommand, ValueEnum};
 use reqwest::{Method, StatusCode};
 use serde::{Deserialize, Serialize};
+use sha2::Digest;
 use std::fs;
-use std::io::{self, Write};
+use std::io::{self, Read, Write};
 use std::path::{Path, PathBuf};
 use std::process::Command;
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
@@ -11,10 +12,20 @@ use tokio::fs as tokio_fs;
 use tokio::io::AsyncWriteExt;
 use tokio::time::sleep;
+mod unreal;
+mod generated;
+mod logs;
+use unreal::{
+    LinkDoctorArgs, LinkOpenArgs, LinkPathsArgs, LinkPluginInstallArgs, LinkPluginListArgs,
+    LinkRemoveArgs, LinkRunArgs, LinkUnrealArgs, LinkUseArgs, PluginIndexFile, UnrealLinkRecord,
+    UnrealLinksConfig,
+};
 const DEFAULT_BASE_URL: &str = "https://api.real-agent.link";
 const CONFIG_DIR_ENV: &str = "REALLINK_CONFIG_DIR";
 const SESSION_DIR_NAME: &str = "reallink";
 const SESSION_FILE_NAME: &str = "session.json";
+const UNREAL_LINKS_FILE_NAME: &str = "unreal-links.json";
 const UPDATE_CACHE_FILE_NAME: &str = "update-check.json";
 const VERSION_CHECK_INTERVAL_MS: u128 = 24 * 60 * 60 * 1000;
 const DEFAULT_VERSION_FETCH_TIMEOUT_MS: u64 = 800;
@@ -27,16 +38,38 @@ const DEFAULT_VERSION_FETCH_TIMEOUT_MS: u64 = 800;
     about = "Reallink CLI"
 )]
 struct Cli {
+    #[arg(
+        long = "format",
+        global = true,
+        value_enum,
+        default_value_t = OutputFormat::Json,
+        help = "CLI output format (json is agent-friendly)"
+    )]
+    output: OutputFormat,
     #[command(subcommand)]
     command: Commands,
 }
+#[derive(Clone, Copy, Debug, Eq, PartialEq, ValueEnum)]
+enum OutputFormat {
+    Json,
+    Text,
+}
 #[derive(Subcommand)]
 enum Commands {
     Login(LoginArgs),
     Whoami(BaseArgs),
     Logout,
     SelfUpdate(SelfUpdateArgs),
+    Org {
+        #[command(subcommand)]
+        command: OrgCommands,
+    },
+    Link {
+        #[command(subcommand)]
+        command: unreal::LinkCommands,
+    },
     Project {
         #[command(subcommand)]
         command: ProjectCommands,
@@ -53,6 +86,10 @@ enum Commands {
         #[command(subcommand)]
         command: ToolCommands,
     },
+    Logs {
+        #[command(subcommand)]
+        command: LogsCommands,
+    },
 }
 #[derive(Args)]
@@ -93,29 +130,91 @@ enum ProjectCommands {
     Get(ProjectGetArgs),
     Update(ProjectUpdateArgs),
     Delete(ProjectDeleteArgs),
+    Members(ProjectMembersArgs),
+    AddMember(ProjectAddMemberArgs),
+    UpdateMember(ProjectUpdateMemberArgs),
+    RemoveMember(ProjectRemoveMemberArgs),
+}
+#[derive(Subcommand)]
+enum OrgCommands {
+    List(BaseArgs),
+    Create(OrgCreateArgs),
+    Get(OrgGetArgs),
+    Update(OrgUpdateArgs),
+    Delete(OrgDeleteArgs),
+    Invites(OrgInvitesArgs),
+    Invite(OrgInviteArgs),
+    Members(OrgMembersArgs),
+    AddMember(OrgAddMemberArgs),
+    UpdateMember(OrgUpdateMemberArgs),
+    RemoveMember(OrgRemoveMemberArgs),
 }
 #[derive(Subcommand)]
 enum FileCommands {
     List(FileListArgs),
+    Tree(FileTreeArgs),
     Get(FileGetArgs),
     Stat(FileStatArgs),
+    Thumbnail(FileThumbnailArgs),
     Download(FileDownloadArgs),
     Upload(FileUploadArgs),
     Mkdir(FileMkdirArgs),
     Move(FileMoveArgs),
+    Set(FileSetArgs),
+    MoveFolder(FileMoveFolderArgs),
+    Rmdir(FileRemoveFolderArgs),
     Remove(FileRemoveArgs),
 }
+#[derive(Clone, Copy, Debug, Eq, PartialEq, ValueEnum)]
+enum FileThumbnailSize {
+    Small,
+    Medium,
+    Large,
+}
+impl FileThumbnailSize {
+    fn as_str(self) -> &'static str {
+        match self {
+            FileThumbnailSize::Small => "small",
+            FileThumbnailSize::Medium => "medium",
+            FileThumbnailSize::Large => "large",
+        }
+    }
+}
 #[derive(Subcommand)]
 enum ToolCommands {
     List(ToolListArgs),
     Register(ToolRegisterArgs),
+    Publish(ToolPublishArgs),
     Enable(ToolEnableArgs),
     Disable(ToolDisableArgs),
     Run(ToolRunArgs),
     Runs(ToolRunsArgs),
     GetRun(ToolGetRunArgs),
+    RunEvents(ToolRunEventsArgs),
+    Local {
+        #[command(subcommand)]
+        command: ToolLocalCommands,
+    },
+}
+#[derive(Subcommand)]
+enum ToolLocalCommands {
+    Catalog(ToolLocalCatalogArgs),
+    Install(ToolLocalInstallArgs),
+    CompleteRun(ToolLocalCompleteRunArgs),
+}
+#[derive(Subcommand)]
+enum LogsCommands {
+    Status,
+    Consent(LogsConsentArgs),
+    Tail(LogsTailArgs),
+    Upload(LogsUploadArgs),
 }
 #[derive(Args)]
@@ -149,6 +248,12 @@ struct FileListArgs {
     #[arg(long)]
     path: Option<String>,
     #[arg(long)]
+    offset: Option<u32>,
+    #[arg(long)]
+    limit: Option<u32>,
+    #[arg(long)]
+    include_folder_markers: Option<bool>,
+    #[arg(long)]
     base_url: Option<String>,
 }
@@ -160,6 +265,14 @@ struct FileGetArgs {
     base_url: Option<String>,
 }
+#[derive(Args)]
+struct FileTreeArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long)]
+    base_url: Option<String>,
+}
 #[derive(Args)]
 struct FileStatArgs {
     #[arg(long)]
@@ -169,11 +282,23 @@ struct FileStatArgs {
 }
 #[derive(Args)]
-struct FileDownloadArgs {
+struct FileThumbnailArgs {
     #[arg(long)]
     asset_id: String,
+    #[arg(long, value_enum, default_value_t = FileThumbnailSize::Medium)]
+    size: FileThumbnailSize,
+    #[arg(long = "output")]
+    output_path: Option<PathBuf>,
     #[arg(long)]
-    output: Option<PathBuf>,
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct FileDownloadArgs {
+    #[arg(long)]
+    asset_id: String,
+    #[arg(long = "output")]
+    output_path: Option<PathBuf>,
     #[arg(
         long,
         help = "Resume download from existing output file size using HTTP Range"
@@ -205,6 +330,8 @@ struct FileMkdirArgs {
     project_id: String,
     #[arg(long)]
     path: String,
+    #[arg(long, default_value = "private")]
+    visibility: String,
     #[arg(long)]
     base_url: Option<String>,
 }
@@ -219,6 +346,48 @@ struct FileMoveArgs {
     base_url: Option<String>,
 }
+#[derive(Args)]
+struct FileSetArgs {
+    #[arg(long)]
+    asset_id: String,
+    #[arg(long)]
+    file_name: Option<String>,
+    #[arg(long)]
+    asset_type: Option<String>,
+    #[arg(long)]
+    visibility: Option<String>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct FileMoveFolderArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long)]
+    source_path: String,
+    #[arg(long, default_value = "")]
+    target_path: String,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct FileRemoveFolderArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long)]
+    path: String,
+    #[arg(long, default_value_t = false)]
+    recursive: bool,
+    #[arg(long, default_value_t = false)]
+    dry_run: bool,
+    #[arg(long, default_value_t = true)]
+    include_folder_markers: bool,
+    #[arg(long)]
+    base_url: Option<String>,
+}
 #[derive(Args)]
 struct FileRemoveArgs {
     #[arg(long)]
@@ -263,6 +432,20 @@ struct ToolEnableArgs {
     base_url: Option<String>,
 }
+#[derive(Args)]
+struct ToolPublishArgs {
+    #[arg(long)]
+    tool_id: String,
+    #[arg(long)]
+    channel: Option<String>,
+    #[arg(long)]
+    visibility: Option<String>,
+    #[arg(long)]
+    notes: Option<String>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
 #[derive(Args)]
 struct ToolDisableArgs {
     #[arg(long)]
@@ -321,6 +504,114 @@ struct ToolGetRunArgs {
     base_url: Option<String>,
 }
+#[derive(Args)]
+struct ToolRunEventsArgs {
+    #[arg(long)]
+    run_id: String,
+    #[arg(long)]
+    limit: Option<u32>,
+    #[arg(long)]
+    status: Option<String>,
+    #[arg(long)]
+    stage_prefix: Option<String>,
+    #[arg(long, help = "Only include events created after this ISO-8601 timestamp")]
+    since: Option<String>,
+    #[arg(long, help = "Only include events created at/before this ISO-8601 timestamp")]
+    until: Option<String>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ToolLocalCatalogArgs {
+    #[arg(long)]
+    org_id: Option<String>,
+    #[arg(long)]
+    project_id: Option<String>,
+    #[arg(long)]
+    platform: Option<String>,
+    #[arg(long)]
+    arch: Option<String>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ToolLocalInstallArgs {
+    #[arg(long)]
+    tool_id: String,
+    #[arg(long)]
+    org_id: Option<String>,
+    #[arg(long)]
+    project_id: Option<String>,
+    #[arg(long)]
+    platform: Option<String>,
+    #[arg(long)]
+    arch: Option<String>,
+    #[arg(long)]
+    version: Option<String>,
+    #[arg(long = "output")]
+    output_path: Option<PathBuf>,
+    #[arg(long, help = "Resume download from existing output file size using HTTP Range")]
+    resume: bool,
+    #[arg(long, help = "Only print install intent, do not download")]
+    no_download: bool,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ToolLocalCompleteRunArgs {
+    #[arg(long)]
+    run_id: String,
+    #[arg(long, default_value = "succeeded")]
+    status: String,
+    #[arg(long, help = "Path to JSON/JSONC file for run output")]
+    output_file: Option<PathBuf>,
+    #[arg(long, help = "Inline JSON object for run output")]
+    output_json: Option<String>,
+    #[arg(long)]
+    error_message: Option<String>,
+    #[arg(long, help = "Path to JSON/JSONC metadata file")]
+    metadata_file: Option<PathBuf>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct LogsConsentArgs {
+    #[arg(long, default_value_t = false, conflicts_with = "disable")]
+    enable: bool,
+    #[arg(long, default_value_t = false, conflicts_with = "enable")]
+    disable: bool,
+}
+#[derive(Args)]
+struct LogsTailArgs {
+    #[arg(long, default_value_t = 80)]
+    lines: usize,
+}
+#[derive(Args)]
+struct LogsUploadArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long, action = ArgAction::Set, default_value_t = true)]
+    include_runtime: bool,
+    #[arg(long, action = ArgAction::Set, default_value_t = true)]
+    include_crash: bool,
+    #[arg(long)]
+    clear_on_success: bool,
+    #[arg(long, default_value = "other")]
+    asset_type: String,
+    #[arg(long, default_value = "private")]
+    visibility: String,
+    #[arg(long)]
+    dry_run: bool,
+    #[arg(long)]
+    base_url: Option<String>,
+}
 #[derive(Args)]
 struct ProjectListArgs {
     #[arg(long)]
@@ -371,77 +662,217 @@ struct ProjectDeleteArgs {
     base_url: Option<String>,
 }
-#[derive(Debug, Serialize, Deserialize, Clone)]
-struct SessionConfig {
-    base_url: String,
-    access_token: String,
-    refresh_token: String,
-    session_id: String,
-    updated_at_epoch_ms: u128,
-}
-#[derive(Debug, Serialize, Deserialize, Clone)]
-struct UpdateCheckCache {
-    last_checked_epoch_ms: u128,
-    latest_version: Option<String>,
+#[derive(Args)]
+struct OrgCreateArgs {
+    #[arg(long)]
+    name: String,
+    #[arg(long)]
+    base_url: Option<String>,
 }
-#[derive(Debug, Serialize, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct DeviceCodeRequest {
-    client_id: String,
-    scope: Vec<String>,
+#[derive(Args)]
+struct OrgGetArgs {
+    #[arg(long)]
+    org_id: String,
+    #[arg(long)]
+    base_url: Option<String>,
 }
-#[derive(Debug, Serialize, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct DeviceCodeResponse {
-    device_code: String,
-    user_code: String,
-    verification_uri: String,
-    verification_uri_complete: String,
-    expires_in: u64,
-    interval: u64,
+#[derive(Args)]
+struct OrgUpdateArgs {
+    #[arg(long)]
+    org_id: String,
+    #[arg(long)]
+    name: String,
+    #[arg(long)]
+    base_url: Option<String>,
 }
-#[derive(Debug, Serialize, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct DeviceTokenRequest {
-    grant_type: String,
-    device_code: String,
-    client_id: String,
+#[derive(Args)]
+struct OrgDeleteArgs {
+    #[arg(long)]
+    org_id: String,
+    #[arg(long)]
+    base_url: Option<String>,
 }
-#[derive(Debug, Serialize, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct TokenPairResponse {
-    access_token: String,
-    refresh_token: String,
-    session_id: String,
+#[derive(Args)]
+struct OrgMembersArgs {
+    #[arg(long)]
+    org_id: String,
+    #[arg(long)]
+    base_url: Option<String>,
 }
-#[derive(Debug, Serialize, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct RefreshRequest {
-    refresh_token: String,
-    session_id: String,
+#[derive(Args)]
+struct OrgAddMemberArgs {
+    #[arg(long)]
+    org_id: String,
+    #[arg(long)]
+    email: String,
+    #[arg(long, default_value = "member")]
+    role: String,
+    #[arg(long)]
+    base_url: Option<String>,
 }
-#[derive(Debug, Serialize, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct RefreshResponse {
-    tokens: TokenPairResponse,
+#[derive(Args)]
+struct OrgUpdateMemberArgs {
+    #[arg(long)]
+    org_id: String,
+    #[arg(long)]
+    user_id: String,
+    #[arg(long)]
+    role: String,
+    #[arg(long)]
+    base_url: Option<String>,
 }
-#[derive(Debug, Serialize, Deserialize)]
-#[serde(rename_all = "camelCase")]
-struct DeviceTokenSuccess {
-    access_token: String,
-    refresh_token: String,
-    session_id: String,
+#[derive(Args)]
+struct OrgRemoveMemberArgs {
+    #[arg(long)]
+    org_id: String,
+    #[arg(long)]
+    user_id: String,
+    #[arg(long)]
+    base_url: Option<String>,
 }
-#[derive(Debug, Serialize, Deserialize)]
+#[derive(Args)]
+struct OrgInvitesArgs {
+    #[arg(long)]
+    org_id: String,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct OrgInviteArgs {
+    #[arg(long)]
+    org_id: String,
+    #[arg(long)]
+    email: String,
+    #[arg(long, default_value = "member")]
+    role: String,
+    #[arg(long, default_value_t = 7)]
+    expires_in_days: u32,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ProjectMembersArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ProjectAddMemberArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long)]
+    email: String,
+    #[arg(long, default_value = "viewer")]
+    role: String,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ProjectUpdateMemberArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long)]
+    user_id: String,
+    #[arg(long)]
+    role: String,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ProjectRemoveMemberArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long)]
+    user_id: String,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Debug, Serialize, Deserialize, Clone)]
+struct SessionConfig {
+    base_url: String,
+    access_token: String,
+    refresh_token: String,
+    session_id: String,
+    updated_at_epoch_ms: u128,
+}
+#[derive(Debug, Serialize, Deserialize, Clone)]
+struct UpdateCheckCache {
+    last_checked_epoch_ms: u128,
+    latest_version: Option<String>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct DeviceCodeRequest {
+    client_id: String,
+    scope: Vec<String>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct DeviceCodeResponse {
+    device_code: String,
+    user_code: String,
+    verification_uri: String,
+    verification_uri_complete: String,
+    expires_in: u64,
+    interval: u64,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct DeviceTokenRequest {
+    grant_type: String,
+    device_code: String,
+    client_id: String,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct TokenPairResponse {
+    access_token: String,
+    refresh_token: String,
+    session_id: String,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct RefreshRequest {
+    refresh_token: String,
+    session_id: String,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct RefreshResponse {
+    tokens: TokenPairResponse,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct DeviceTokenSuccess {
+    access_token: String,
+    refresh_token: String,
+    session_id: String,
+}
+#[derive(Debug, Serialize, Deserialize)]
 struct DeviceTokenError {
     error: String,
     error_description: Option<String>,
@@ -513,6 +944,95 @@ struct ProjectResponse {
     access_level: Option<String>,
 }
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct OrgRecord {
+    id: String,
+    slug: String,
+    name: String,
+    owner_user_id: Option<String>,
+    created_at: Option<String>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+struct ListOrgsResponse {
+    orgs: Vec<OrgRecord>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct OrgResponse {
+    org: OrgRecord,
+    role: Option<String>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct OrgMemberRecord {
+    org_id: String,
+    user_id: String,
+    role: String,
+    created_at: Option<String>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+struct ListOrgMembersResponse {
+    members: Vec<OrgMemberRecord>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+struct OrgMemberResponse {
+    member: OrgMemberRecord,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct OrgInviteRecordApi {
+    id: String,
+    org_id: String,
+    email: String,
+    role: String,
+    invited_by_user_id: Option<String>,
+    status: String,
+    expires_at: String,
+    accepted_by_user_id: Option<String>,
+    accepted_at: Option<String>,
+    created_at: Option<String>,
+    updated_at: Option<String>,
+    url: Option<String>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+struct ListOrgInvitesResponse {
+    invites: Vec<OrgInviteRecordApi>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+struct OrgInviteResponse {
+    invite: OrgInviteRecordApi,
+}
+#[derive(Debug, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct ProjectMemberRecordApi {
+    project_id: String,
+    user_id: String,
+    role: String,
+    invited_by_user_id: Option<String>,
+    created_at: Option<String>,
+    updated_at: Option<String>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+struct ListProjectMembersResponse {
+    members: Vec<ProjectMemberRecordApi>,
+}
+#[derive(Debug, Serialize, Deserialize)]
+struct ProjectMemberResponse {
+    member: ProjectMemberRecordApi,
+}
 #[derive(Debug, Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
 struct AssetRecord {
@@ -533,6 +1053,12 @@ struct AssetRecord {
 #[derive(Debug, Serialize, Deserialize)]
 struct ListAssetsResponse {
     assets: Vec<AssetRecord>,
+    #[serde(default)]
+    total: Option<usize>,
+    #[serde(default)]
+    offset: Option<usize>,
+    #[serde(default)]
+    limit: Option<usize>,
 }
 #[derive(Debug, Serialize, Deserialize)]
@@ -654,6 +1180,19 @@ fn parse_object_from_value(
     }
 }
+fn print_json(value: &serde_json::Value) -> Result<()> {
+    println!("{}", serde_json::to_string_pretty(value)?);
+    Ok(())
+}
+fn emit_text_or_json(output: OutputFormat, text: &str, value: serde_json::Value) -> Result<()> {
+    match output {
+        OutputFormat::Text => println!("{}", text),
+        OutputFormat::Json => print_json(&value)?,
+    }
+    Ok(())
+}
 fn now_epoch_ms() -> u128 {
     SystemTime::now()
         .duration_since(UNIX_EPOCH)
@@ -673,13 +1212,20 @@ fn resolve_config_root() -> Result<PathBuf> {
 }
 fn config_path() -> Result<PathBuf> {
-    let base = resolve_config_root()?;
-    Ok(base.join(SESSION_DIR_NAME).join(SESSION_FILE_NAME))
+    Ok(state_root_path()?.join(SESSION_FILE_NAME))
 }
 fn update_cache_path() -> Result<PathBuf> {
+    Ok(state_root_path()?.join(UPDATE_CACHE_FILE_NAME))
+}
+fn unreal_links_path() -> Result<PathBuf> {
+    Ok(state_root_path()?.join(UNREAL_LINKS_FILE_NAME))
+}
+fn state_root_path() -> Result<PathBuf> {
     let base = resolve_config_root()?;
-    Ok(base.join(SESSION_DIR_NAME).join(UPDATE_CACHE_FILE_NAME))
+    Ok(base.join(SESSION_DIR_NAME))
 }
 fn session_path_display() -> String {
@@ -716,82 +1262,347 @@ fn save_session(session: &SessionConfig) -> Result<()> {
     Ok(())
 }
-fn load_session() -> Result<SessionConfig> {
-    let path = config_path()?;
-    let raw = fs::read(&path).with_context(|| {
-        format!(
-            "No active session at {}. Run `reallink login` first.",
-            path.display()
-        )
-    })?;
-    let session: SessionConfig = serde_json::from_slice(&raw)
-        .with_context(|| format!("Invalid session format in {}", path.display()))?;
-    Ok(session)
-}
-fn clear_session() -> Result<bool> {
-    let path = config_path()?;
-    if path.exists() {
-        fs::remove_file(&path).with_context(|| format!("Failed to remove {}", path.display()))?;
-        return Ok(true);
+fn load_unreal_links() -> Result<UnrealLinksConfig> {
+    let path = unreal_links_path()?;
+    if !path.exists() {
+        return Ok(UnrealLinksConfig::default());
     }
-    Ok(false)
-}
-fn load_update_cache() -> Option<UpdateCheckCache> {
-    let path = update_cache_path().ok()?;
-    let raw = fs::read(path).ok()?;
-    serde_json::from_slice(&raw).ok()
+    let raw = fs::read(&path)
+        .with_context(|| format!("Failed to read unreal links {}", path.display()))?;
+    let mut config: UnrealLinksConfig = serde_json::from_slice(&raw)
+        .with_context(|| format!("Invalid unreal links format in {}", path.display()))?;
+    if config.version == 0 {
+        config.version = 1;
+    }
+    Ok(config)
 }
-fn save_update_cache(cache: &UpdateCheckCache) -> Result<()> {
-    let path = update_cache_path()?;
+fn save_unreal_links(config: &UnrealLinksConfig) -> Result<()> {
+    let path = unreal_links_path()?;
     if let Some(parent) = path.parent() {
         fs::create_dir_all(parent)
             .with_context(|| format!("Failed to create {}", parent.display()))?;
     }
-    let payload = serde_json::to_vec_pretty(cache)?;
+    let payload = serde_json::to_vec_pretty(config)?;
     write_atomic(&path, &payload)?;
     Ok(())
 }
-async fn read_error_body(response: reqwest::Response) -> String {
-    match response.text().await {
-        Ok(text) if !text.trim().is_empty() => text,
-        _ => "No response body".to_string(),
+fn normalize_path_for_compare(path: &Path) -> String {
+    let normalized = path.to_string_lossy().replace('\\', "/");
+    if cfg!(windows) {
+        normalized.to_ascii_lowercase()
+    } else {
+        normalized
     }
 }
-fn with_cli_headers(request: reqwest::RequestBuilder) -> reqwest::RequestBuilder {
-    request
-        .header("x-reallink-client", "cli")
-        .header("x-reallink-cli-version", env!("CARGO_PKG_VERSION"))
+fn normalize_path_string_for_compare(path: &str) -> String {
+    let normalized = path.replace('\\', "/");
+    if cfg!(windows) {
+        normalized.to_ascii_lowercase()
+    } else {
+        normalized
+    }
 }
-fn parse_semver_triplet(version: &str) -> Option<(u64, u64, u64)> {
-    let core = version.trim().split('-').next()?;
-    let mut parts = core.split('.');
-    let major = parts.next()?.parse::<u64>().ok()?;
-    let minor = parts.next().unwrap_or("0").parse::<u64>().ok()?;
-    let patch = parts.next().unwrap_or("0").parse::<u64>().ok()?;
-    Some((major, minor, patch))
+fn canonicalize_existing_path(path: &Path, label: &str) -> Result<PathBuf> {
+    let absolute = if path.is_absolute() {
+        path.to_path_buf()
+    } else {
+        std::env::current_dir()
+            .with_context(|| "Failed to resolve current working directory")?
+            .join(path)
+    };
+    fs::canonicalize(&absolute)
+        .with_context(|| format!("Failed to resolve {} path {}", label, absolute.display()))
 }
-fn is_newer_version(current: &str, latest: &str) -> bool {
-    match (parse_semver_triplet(current), parse_semver_triplet(latest)) {
-        (Some(current_parts), Some(latest_parts)) => latest_parts > current_parts,
-        _ => false,
+fn resolve_uproject_path(path: &Path) -> Result<PathBuf> {
+    let canonical = canonicalize_existing_path(path, "uproject")?;
+    if canonical.is_file() {
+        let is_uproject = canonical
+            .extension()
+            .and_then(|value| value.to_str())
+            .map(|value| value.eq_ignore_ascii_case("uproject"))
+            .unwrap_or(false);
+        if !is_uproject {
+            return Err(anyhow!(
+                "Expected a .uproject file, got {}",
+                canonical.display()
+            ));
+        }
+        return Ok(canonical);
     }
+    if canonical.is_dir() {
+        let mut entries: Vec<PathBuf> = fs::read_dir(&canonical)
+            .with_context(|| format!("Failed to read directory {}", canonical.display()))?
+            .filter_map(|entry| entry.ok().map(|item| item.path()))
+            .filter(|entry| {
+                entry
+                    .extension()
+                    .and_then(|value| value.to_str())
+                    .map(|value| value.eq_ignore_ascii_case("uproject"))
+                    .unwrap_or(false)
+            })
+            .collect();
+        entries.sort();
+        if entries.len() == 1 {
+            return Ok(entries.remove(0));
+        }
+        if entries.is_empty() {
+            return Err(anyhow!(
+                "No .uproject file found in {}",
+                canonical.display()
+            ));
+        }
+        return Err(anyhow!(
+            "Multiple .uproject files found in {}; pass --uproject with explicit file path",
+            canonical.display()
+        ));
+    }
+    Err(anyhow!(
+        "Path {} is neither a file nor directory",
+        canonical.display()
+    ))
 }
-async fn fetch_latest_cli_version(client: &reqwest::Client) -> Option<String> {
-    let timeout_ms = std::env::var("REALLINK_UPDATE_CHECK_TIMEOUT_MS")
-        .ok()
-        .and_then(|value| value.parse::<u64>().ok())
-        .filter(|value| *value > 0)
-        .unwrap_or(DEFAULT_VERSION_FETCH_TIMEOUT_MS);
-    let response = with_cli_headers(client.get("https://registry.npmjs.org/reallink-cli/latest"))
-        .timeout(Duration::from_millis(timeout_ms))
+fn candidate_editor_paths_from_engine_root(engine_root: &Path) -> Vec<PathBuf> {
+    vec![
+        engine_root
+            .join("Engine")
+            .join("Binaries")
+            .join("Win64")
+            .join("UnrealEditor.exe"),
+        engine_root
+            .join("Engine")
+            .join("Binaries")
+            .join("Win64")
+            .join("UE4Editor.exe"),
+        engine_root
+            .join("Engine")
+            .join("Binaries")
+            .join("Linux")
+            .join("UnrealEditor"),
+        engine_root
+            .join("Engine")
+            .join("Binaries")
+            .join("Linux")
+            .join("UE4Editor"),
+        engine_root
+            .join("Engine")
+            .join("Binaries")
+            .join("Mac")
+            .join("UnrealEditor.app")
+            .join("Contents")
+            .join("MacOS")
+            .join("UnrealEditor"),
+        engine_root
+            .join("Engine")
+            .join("Binaries")
+            .join("Mac")
+            .join("UE4Editor.app")
+            .join("Contents")
+            .join("MacOS")
+            .join("UE4Editor"),
+    ]
+}
+fn resolve_editor_from_engine_root(engine_root: &Path) -> Result<PathBuf> {
+    let root = canonicalize_existing_path(engine_root, "engine root")?;
+    if !root.is_dir() {
+        return Err(anyhow!(
+            "Engine root must be a directory: {}",
+            root.display()
+        ));
+    }
+    for candidate in candidate_editor_paths_from_engine_root(&root) {
+        if candidate.exists() {
+            return Ok(candidate);
+        }
+    }
+    Err(anyhow!(
+        "Could not find Unreal editor binary under {}. Pass --editor explicitly.",
+        root.display()
+    ))
+}
+fn detect_engine_root_from_editor(editor_path: &Path) -> Option<PathBuf> {
+    let parts: Vec<String> = editor_path
+        .components()
+        .map(|component| component.as_os_str().to_string_lossy().to_string())
+        .collect();
+    let mut engine_index = None;
+    for (index, value) in parts.iter().enumerate() {
+        if value.eq_ignore_ascii_case("Engine") {
+            engine_index = Some(index);
+            break;
+        }
+    }
+    let index = engine_index?;
+    let mut root = PathBuf::new();
+    for segment in &parts[..index] {
+        root.push(segment);
+    }
+    if root.as_os_str().is_empty() {
+        None
+    } else {
+        Some(root)
+    }
+}
+fn resolve_editor_and_engine(
+    explicit_editor: Option<PathBuf>,
+    explicit_engine_root: Option<PathBuf>,
+) -> Result<(PathBuf, Option<PathBuf>)> {
+    if let Some(editor) = explicit_editor {
+        let editor_path = canonicalize_existing_path(&editor, "editor")?;
+        if !editor_path.is_file() {
+            return Err(anyhow!(
+                "Editor path must be a file: {}",
+                editor_path.display()
+            ));
+        }
+        let engine_root = if let Some(root) = explicit_engine_root {
+            Some(canonicalize_existing_path(&root, "engine root")?)
+        } else {
+            detect_engine_root_from_editor(&editor_path)
+        };
+        return Ok((editor_path, engine_root));
+    }
+    if let Some(engine_root) = explicit_engine_root {
+        let root = canonicalize_existing_path(&engine_root, "engine root")?;
+        let editor_path = resolve_editor_from_engine_root(&root)?;
+        return Ok((editor_path, Some(root)));
+    }
+    if let Ok(editor_env) = std::env::var("REALLINK_UNREAL_EDITOR") {
+        let trimmed = editor_env.trim();
+        if !trimmed.is_empty() {
+            let editor_path = canonicalize_existing_path(Path::new(trimmed), "editor")?;
+            let engine_root = detect_engine_root_from_editor(&editor_path);
+            return Ok((editor_path, engine_root));
+        }
+    }
+    if let Ok(editor_env) = std::env::var("UE_EDITOR_PATH") {
+        let trimmed = editor_env.trim();
+        if !trimmed.is_empty() {
+            let editor_path = canonicalize_existing_path(Path::new(trimmed), "editor")?;
+            let engine_root = detect_engine_root_from_editor(&editor_path);
+            return Ok((editor_path, engine_root));
+        }
+    }
+    if let Ok(engine_env) = std::env::var("REALLINK_UNREAL_ENGINE_ROOT") {
+        let trimmed = engine_env.trim();
+        if !trimmed.is_empty() {
+            let root = canonicalize_existing_path(Path::new(trimmed), "engine root")?;
+            let editor_path = resolve_editor_from_engine_root(&root)?;
+            return Ok((editor_path, Some(root)));
+        }
+    }
+    if let Ok(engine_env) = std::env::var("UE_ENGINE_ROOT") {
+        let trimmed = engine_env.trim();
+        if !trimmed.is_empty() {
+            let root = canonicalize_existing_path(Path::new(trimmed), "engine root")?;
+            let editor_path = resolve_editor_from_engine_root(&root)?;
+            return Ok((editor_path, Some(root)));
+        }
+    }
+    Err(anyhow!(
+        "Unable to resolve Unreal editor. Pass --editor or --engine-root, or set REALLINK_UNREAL_EDITOR/REALLINK_UNREAL_ENGINE_ROOT."
+    ))
+}
+fn load_session() -> Result<SessionConfig> {
+    let path = config_path()?;
+    let raw = fs::read(&path).with_context(|| {
+        format!(
+            "No active session at {}. Run `reallink login` first.",
+            path.display()
+        )
+    })?;
+    let session: SessionConfig = serde_json::from_slice(&raw)
+        .with_context(|| format!("Invalid session format in {}", path.display()))?;
+    Ok(session)
+}
+fn clear_session() -> Result<bool> {
+    let path = config_path()?;
+    if path.exists() {
+        fs::remove_file(&path).with_context(|| format!("Failed to remove {}", path.display()))?;
+        return Ok(true);
+    }
+    Ok(false)
+}
+fn load_update_cache() -> Option<UpdateCheckCache> {
+    let path = update_cache_path().ok()?;
+    let raw = fs::read(path).ok()?;
+    serde_json::from_slice(&raw).ok()
+}
+fn save_update_cache(cache: &UpdateCheckCache) -> Result<()> {
+    let path = update_cache_path()?;
+    if let Some(parent) = path.parent() {
+        fs::create_dir_all(parent)
+            .with_context(|| format!("Failed to create {}", parent.display()))?;
+    }
+    let payload = serde_json::to_vec_pretty(cache)?;
+    write_atomic(&path, &payload)?;
+    Ok(())
+}
+async fn read_error_body(response: reqwest::Response) -> String {
+    match response.text().await {
+        Ok(text) if !text.trim().is_empty() => text,
+        _ => "No response body".to_string(),
+    }
+}
+#[derive(Deserialize)]
+struct ApiErrorEnvelope {
+    code: Option<String>,
+    message: Option<String>,
+}
+fn parse_api_error(body: &str) -> Option<ApiErrorEnvelope> {
+    serde_json::from_str::<ApiErrorEnvelope>(body).ok()
+}
+fn with_cli_headers(request: reqwest::RequestBuilder) -> reqwest::RequestBuilder {
+    request
+        .header("x-reallink-client", "cli")
+        .header("x-reallink-cli-version", env!("CARGO_PKG_VERSION"))
+}
+fn parse_semver_triplet(version: &str) -> Option<(u64, u64, u64)> {
+    let core = version.trim().split('-').next()?;
+    let mut parts = core.split('.');
+    let major = parts.next()?.parse::<u64>().ok()?;
+    let minor = parts.next().unwrap_or("0").parse::<u64>().ok()?;
+    let patch = parts.next().unwrap_or("0").parse::<u64>().ok()?;
+    Some((major, minor, patch))
+}
+fn is_newer_version(current: &str, latest: &str) -> bool {
+    match (parse_semver_triplet(current), parse_semver_triplet(latest)) {
+        (Some(current_parts), Some(latest_parts)) => latest_parts > current_parts,
+        _ => false,
+    }
+}
+async fn fetch_latest_cli_version(client: &reqwest::Client) -> Option<String> {
+    let timeout_ms = std::env::var("REALLINK_UPDATE_CHECK_TIMEOUT_MS")
+        .ok()
+        .and_then(|value| value.parse::<u64>().ok())
+        .filter(|value| *value > 0)
+        .unwrap_or(DEFAULT_VERSION_FETCH_TIMEOUT_MS);
+    let response = with_cli_headers(client.get("https://registry.npmjs.org/reallink-cli/latest"))
+        .timeout(Duration::from_millis(timeout_ms))
         .send()
         .await
         .ok()?;
@@ -810,6 +1621,7 @@ async fn maybe_notify_update(
     client: &reqwest::Client,
     force_refresh: bool,
     allow_network_fetch: bool,
+    output: OutputFormat,
 ) {
     if std::env::var("REALLINK_DISABLE_AUTO_UPDATE_CHECK")
         .map(|value| value == "1")
@@ -844,10 +1656,12 @@ async fn maybe_notify_update(
     let current = env!("CARGO_PKG_VERSION");
     if let Some(latest) = latest_version {
         if is_newer_version(current, &latest) {
-            eprintln!(
-                "Update available: {} -> {}. Run `reallink self-update`.",
-                current, latest
-            );
+            if output == OutputFormat::Text {
+                eprintln!(
+                    "Update available: {} -> {}. Run `reallink self-update`.",
+                    current, latest
+                );
+            }
         }
     }
 }
@@ -987,65 +1801,130 @@ async fn existing_session_identity_for_base_url(
         .map(|email| email.to_string())
 }
-async fn login_command(client: &reqwest::Client, args: LoginArgs) -> Result<()> {
+fn default_login_scopes() -> Vec<String> {
+    generated::contract::CLI_DEFAULT_LOGIN_SCOPES
+        .iter()
+        .map(|value| (*value).to_string())
+        .collect()
+}
+fn default_login_scopes_with_tools() -> Vec<String> {
+    generated::contract::CLI_DEFAULT_LOGIN_SCOPES_WITH_TOOLS
+        .iter()
+        .map(|value| (*value).to_string())
+        .collect()
+}
+async fn login_command(
+    client: &reqwest::Client,
+    args: LoginArgs,
+    output: OutputFormat,
+) -> Result<()> {
     let base_url = normalize_base_url(&args.base_url);
     if !args.force {
         if let Some(email) = existing_session_identity_for_base_url(client, &base_url).await {
-            println!("Already logged in as {} on {}.", email, base_url);
-            println!("Use `reallink logout` to sign out or `reallink login --force` to replace this session.");
+            let payload = serde_json::json!({
+                "ok": true,
+                "alreadyLoggedIn": true,
+                "baseUrl": base_url,
+                "email": email,
+                "message": "Use `reallink logout` to sign out or `reallink login --force` to replace this session."
+            });
+            emit_text_or_json(
+                output,
+                &format!(
+                    "Already logged in. Use `reallink logout` to sign out or `reallink login --force` to replace this session."
+                ),
+                payload,
+            )?;
             return Ok(());
         }
     }
-    let scope = if args.scope.is_empty() {
-        vec![
-            "core:read".to_string(),
-            "core:write".to_string(),
-            "assets:read".to_string(),
-            "assets:write".to_string(),
-            "trace:read".to_string(),
-            "trace:write".to_string(),
-            "tools:read".to_string(),
-            "tools:write".to_string(),
-            "tools:run".to_string(),
-            "org:admin".to_string(),
-            "project:admin".to_string(),
-        ]
+    let (initial_scope, fallback_scope) = if args.scope.is_empty() {
+        (
+            default_login_scopes_with_tools(),
+            Some(default_login_scopes()),
+        )
     } else {
-        args.scope
+        (args.scope, None)
     };
-    let device_code_response =
+    let mut selected_scope = initial_scope;
+    let mut device_code_response =
         with_cli_headers(client.post(format!("{}/auth/device/code", base_url)))
             .json(&DeviceCodeRequest {
                 client_id: args.client_id.clone(),
-                scope,
+                scope: selected_scope.clone(),
             })
             .send()
             .await?;
     if !device_code_response.status().is_success() {
         let body = read_error_body(device_code_response).await;
-        return Err(anyhow!("Failed to start device flow: {}", body));
+        let can_fallback = fallback_scope.is_some()
+            && body.contains("VALIDATION_ERROR")
+            && body.contains("tools:");
+        if can_fallback {
+            if output == OutputFormat::Text {
+                eprintln!(
+                    "Server rejected tool scopes for device-flow bootstrap; retrying with compatibility scopes."
+                );
+            }
+            selected_scope = fallback_scope.unwrap_or_default();
+            device_code_response =
+                with_cli_headers(client.post(format!("{}/auth/device/code", base_url)))
+                    .json(&DeviceCodeRequest {
+                        client_id: args.client_id.clone(),
+                        scope: selected_scope.clone(),
+                    })
+                    .send()
+                    .await?;
+            if !device_code_response.status().is_success() {
+                let retry_body = read_error_body(device_code_response).await;
+                return Err(anyhow!("Failed to start device flow: {}", retry_body));
+            }
+        } else {
+            return Err(anyhow!("Failed to start device flow: {}", body));
+        }
     }
     let device_code: DeviceCodeResponse = device_code_response.json().await?;
-    println!("Open this URL in your browser and approve the login:");
-    println!("{}", device_code.verification_uri_complete);
-    println!("User code: {}", device_code.user_code);
-    match webbrowser::open(&device_code.verification_uri_complete) {
-        Ok(_) => println!("Browser opened for device approval."),
-        Err(_) => println!("Could not open browser automatically. Open the URL manually."),
+    let browser_opened = webbrowser::open(&device_code.verification_uri_complete).is_ok();
+    if output == OutputFormat::Text {
+        println!("Open this URL in your browser and approve the login:");
+        println!("{}", device_code.verification_uri_complete);
+        println!("User code: {}", device_code.user_code);
+        if browser_opened {
+            println!("Browser opened for device approval.");
+        } else {
+            println!("Could not open browser automatically. Open the URL manually.");
+        }
+    } else {
+        print_json(&serde_json::json!({
+            "ok": true,
+            "phase": "authorization_pending",
+            "baseUrl": base_url,
+            "verificationUri": device_code.verification_uri,
+            "verificationUriComplete": device_code.verification_uri_complete,
+            "userCode": device_code.user_code,
+            "browserOpened": browser_opened,
+            "expiresInSeconds": device_code.expires_in,
+            "pollIntervalSeconds": device_code.interval,
+            "scope": selected_scope
+        }))?;
     }
     let expires_at = std::time::Instant::now() + Duration::from_secs(device_code.expires_in);
     let mut poll_interval = Duration::from_secs(device_code.interval.max(1));
     let mut pending_polls = 0u32;
-    println!("Waiting for approval (press Ctrl+C to cancel)");
+    if output == OutputFormat::Text {
+        println!("Waiting for approval (press Ctrl+C to cancel)");
+    }
     loop {
         if std::time::Instant::now() >= expires_at {
-            if pending_polls > 0 {
+            if output == OutputFormat::Text && pending_polls > 0 {
                 println!();
             }
             return Err(anyhow!("Device code expired before approval"));
@@ -1065,7 +1944,7 @@ async fn login_command(client: &reqwest::Client, args: LoginArgs) -> Result<()>
         if token_response.status().is_success() {
             let tokens: DeviceTokenSuccess = token_response.json().await?;
-            if pending_polls > 0 {
+            if output == OutputFormat::Text && pending_polls > 0 {
                 println!();
             }
             let session = SessionConfig {
@@ -1076,8 +1955,20 @@ async fn login_command(client: &reqwest::Client, args: LoginArgs) -> Result<()>
                 updated_at_epoch_ms: now_epoch_ms(),
             };
             save_session(&session)?;
-            println!("Login successful.");
-            println!("Session stored at {}", session_path_display());
+            let path = session_path_display();
+            let payload = serde_json::json!({
+                "ok": true,
+                "phase": "authenticated",
+                "baseUrl": base_url,
+                "sessionPath": path,
+                "sessionId": session.session_id
+            });
+            if output == OutputFormat::Text {
+                println!("Login successful.");
+                println!("Session stored at {}", session_path_display());
+            } else {
+                print_json(&payload)?;
+            }
             return Ok(());
         }
@@ -1090,19 +1981,23 @@ async fn login_command(client: &reqwest::Client, args: LoginArgs) -> Result<()>
         match error_payload.error.as_str() {
             "authorization_pending" => {
                 pending_polls = pending_polls.saturating_add(1);
-                print!(".");
-                let _ = io::stdout().flush();
+                if output == OutputFormat::Text {
+                    print!(".");
+                    let _ = io::stdout().flush();
+                }
                 continue;
             }
             "slow_down" => {
                 poll_interval += Duration::from_secs(1);
                 pending_polls = pending_polls.saturating_add(1);
-                print!("+");
-                let _ = io::stdout().flush();
+                if output == OutputFormat::Text {
+                    print!("+");
+                    let _ = io::stdout().flush();
+                }
                 continue;
             }
             _ => {
-                if pending_polls > 0 {
+                if output == OutputFormat::Text && pending_polls > 0 {
                     println!();
                 }
                 return Err(anyhow!(
@@ -1115,13 +2010,17 @@ async fn login_command(client: &reqwest::Client, args: LoginArgs) -> Result<()>
     }
 }
-async fn logout_command(client: &reqwest::Client) -> Result<()> {
+async fn logout_command(client: &reqwest::Client, output: OutputFormat) -> Result<()> {
     let path_display = session_path_display();
     let mut session = match load_session() {
         Ok(session) => session,
         Err(_) => {
-            println!("No local session found at {}.", path_display);
-            println!("You are already logged out.");
+            let payload = serde_json::json!({
+                "ok": true,
+                "alreadyLoggedOut": true,
+                "sessionPath": path_display
+            });
+            emit_text_or_json(output, "You are already logged out.", payload)?;
             return Ok(());
         }
     };
@@ -1137,31 +2036,296 @@ async fn logout_command(client: &reqwest::Client) -> Result<()> {
         }
         Ok(response) => {
             let body = read_error_body(response).await;
-            eprintln!("Warning: remote logout request failed: {}", body);
+            if output == OutputFormat::Text {
+                eprintln!("Warning: remote logout request failed: {}", body);
+            }
         }
         Err(error) => {
-            eprintln!("Warning: remote logout request failed: {}", error);
+            if output == OutputFormat::Text {
+                eprintln!("Warning: remote logout request failed: {}", error);
+            }
         }
     }
     let removed = clear_session()?;
     if !removed {
-        println!("Local session was already cleared.");
+        let payload = serde_json::json!({
+            "ok": true,
+            "alreadyLoggedOut": true,
+            "sessionPath": path_display
+        });
+        emit_text_or_json(output, "Local session was already cleared.", payload)?;
         return Ok(());
     }
-    if remote_revoked {
+    let payload = serde_json::json!({
+        "ok": true,
+        "sessionPath": path_display,
+        "remoteRevoked": remote_revoked,
+        "remoteUnavailable": remote_unavailable
+    });
+    if output == OutputFormat::Text {
+        if remote_revoked {
+            println!(
+                "Logged out. Server session revoked and local session removed from {}.",
+                session_path_display()
+            );
+        } else if remote_unavailable {
+            println!(
+                "Logged out locally. Removed session from {}.",
+                session_path_display()
+            );
+            println!("Server logout endpoint is not available on this API deployment yet.");
+        } else {
+            println!(
+                "Logged out locally. Removed session from {}.",
+                session_path_display()
+            );
+        }
+    } else {
+        print_json(&payload)?;
+    }
+    Ok(())
+}
+fn sanitize_cli_args(raw: &[String]) -> Vec<String> {
+    let sensitive_flags = [
+        "--input-json",
+        "--input-file",
+        "--metadata-file",
+        "--token",
+        "--refresh-token",
+        "--password",
+        "--secret",
+    ];
+    let mut sanitized = Vec::with_capacity(raw.len());
+    let mut redact_next = false;
+    for value in raw {
+        if redact_next {
+            sanitized.push("<redacted>".to_string());
+            redact_next = false;
+            continue;
+        }
+        if let Some((flag, _rest)) = value.split_once('=') {
+            if sensitive_flags.iter().any(|candidate| candidate == &flag) {
+                sanitized.push(format!("{}=<redacted>", flag));
+                continue;
+            }
+        }
+        if sensitive_flags.iter().any(|candidate| candidate == value) {
+            sanitized.push(value.clone());
+            redact_next = true;
+            continue;
+        }
+        sanitized.push(value.clone());
+    }
+    sanitized
+}
+fn command_summary_for_logs() -> String {
+    let args: Vec<String> = std::env::args().skip(1).collect();
+    let sanitized = sanitize_cli_args(&args);
+    if sanitized.is_empty() {
+        "reallink".to_string()
+    } else {
+        format!("reallink {}", sanitized.join(" "))
+    }
+}
+fn append_runtime_log_event(
+    command: &str,
+    message: &str,
+    level: &str,
+    duration_ms: Option<u128>,
+    exit_code: Option<i32>,
+) {
+    let state_root = match state_root_path() {
+        Ok(path) => path,
+        Err(_) => return,
+    };
+    let event = logs::RuntimeLogEvent {
+        ts_epoch_ms: now_epoch_ms(),
+        level: level.to_string(),
+        command: command.to_string(),
+        message: message.to_string(),
+        duration_ms,
+        exit_code,
+    };
+    let _ = logs::append_runtime_event(&state_root, &event);
+}
+fn record_cli_crash_report(command: &str, error: &anyhow::Error) {
+    let state_root = match state_root_path() {
+        Ok(path) => path,
+        Err(_) => return,
+    };
+    let report = logs::CrashReport {
+        ts_epoch_ms: now_epoch_ms(),
+        command: command.to_string(),
+        message: error.to_string(),
+        detail: Some(format!("{:#}", error)),
+    };
+    let _ = logs::write_crash_report(&state_root, &report);
+}
+async fn logs_status_command(output: OutputFormat) -> Result<()> {
+    let status = logs::status(&state_root_path()?)?;
+    let payload = serde_json::to_value(&status)?;
+    if output == OutputFormat::Text {
+        println!(
+            "Logs root: {}\nRuntime log: {}\nCrash dir: {}\nUpload consent: {}\nCrash reports: {}",
+            status.logs_root,
+            status.runtime_log_path,
+            status.crash_dir,
+            if status.consent.upload_enabled {
+                "enabled"
+            } else {
+                "disabled"
+            },
+            status.crash_report_count
+        );
+    } else {
+        print_json(&payload)?;
+    }
+    Ok(())
+}
+async fn logs_consent_command(args: LogsConsentArgs, output: OutputFormat) -> Result<()> {
+    let state_root = state_root_path()?;
+    let consent = if args.enable {
+        logs::set_upload_consent(&state_root, true)?
+    } else if args.disable {
+        logs::set_upload_consent(&state_root, false)?
+    } else {
+        logs::load_consent(&state_root)?
+    };
+    let payload = serde_json::json!({
+        "ok": true,
+        "consent": consent
+    });
+    if output == OutputFormat::Text {
         println!(
-            "Logged out. Server session revoked and local session removed from {}.",
-            path_display
+            "Log upload consent is {}.",
+            if consent.upload_enabled {
+                "enabled"
+            } else {
+                "disabled"
+            }
         );
-    } else if remote_unavailable {
-        println!("Logged out locally. Removed session from {}.", path_display);
-        println!("Server logout endpoint is not available on this API deployment yet.");
     } else {
-        println!("Logged out locally. Removed session from {}.", path_display);
+        print_json(&payload)?;
+    }
+    Ok(())
+}
+async fn logs_tail_command(args: LogsTailArgs, output: OutputFormat) -> Result<()> {
+    let lines = logs::read_runtime_tail(&state_root_path()?, args.lines)?;
+    if output == OutputFormat::Text {
+        for line in lines {
+            println!("{}", line);
+        }
+    } else {
+        print_json(&serde_json::json!({
+            "ok": true,
+            "lines": lines
+        }))?;
+    }
+    Ok(())
+}
+async fn logs_upload_command(
+    client: &reqwest::Client,
+    args: LogsUploadArgs,
+    output: OutputFormat,
+) -> Result<()> {
+    let state_root = state_root_path()?;
+    let consent = logs::load_consent(&state_root)?;
+    if !consent.upload_enabled {
+        return Err(anyhow!(
+            "Log upload consent is disabled. Run `reallink logs consent --enable` first."
+        ));
+    }
+    let candidates =
+        logs::list_upload_candidates(&state_root, args.include_runtime, args.include_crash)?;
+    if args.dry_run {
+        let payload = serde_json::json!({
+            "ok": true,
+            "dryRun": true,
+            "count": candidates.len(),
+            "candidates": candidates
+        });
+        emit_text_or_json(
+            output,
+            &format!("Dry run complete. {} log files are ready to upload.", payload["count"]),
+            payload,
+        )?;
+        return Ok(());
+    }
+    if candidates.is_empty() {
+        let payload = serde_json::json!({
+            "ok": true,
+            "uploaded": [],
+            "count": 0
+        });
+        emit_text_or_json(output, "No local log files to upload.", payload)?;
+        return Ok(());
+    }
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let mut uploaded = Vec::new();
+    for candidate in candidates {
+        let bytes = fs::read(&candidate.local_path).with_context(|| {
+            format!("Failed to read log file {}", candidate.local_path.display())
+        })?;
+        let asset = upload_asset_via_intent(
+            client,
+            &mut session,
+            &args.project_id,
+            &candidate.remote_path,
+            bytes,
+            &candidate.content_type,
+            &args.asset_type,
+            &args.visibility,
+        )
+        .await?;
+        if args.clear_on_success {
+            let file_name = candidate
+                .local_path
+                .file_name()
+                .and_then(|value| value.to_str())
+                .unwrap_or_default();
+            if file_name.eq_ignore_ascii_case("runtime.jsonl") {
+                fs::write(&candidate.local_path, b"").with_context(|| {
+                    format!("Failed to clear runtime log {}", candidate.local_path.display())
+                })?;
+            } else {
+                let _ = fs::remove_file(&candidate.local_path);
+            }
+        }
+        uploaded.push(serde_json::json!({
+            "localPath": candidate.local_path.display().to_string(),
+            "remotePath": candidate.remote_path,
+            "asset": asset
+        }));
     }
+    save_session(&session)?;
+    let payload = serde_json::json!({
+        "ok": true,
+        "count": uploaded.len(),
+        "uploaded": uploaded
+    });
+    emit_text_or_json(
+        output,
+        &format!("Uploaded {} log files.", payload["count"]),
+        payload,
+    )?;
     Ok(())
 }
@@ -1247,29 +2411,22 @@ async fn token_revoke_command(client: &reqwest::Client, args: TokenRevokeArgs) -
     Ok(())
 }
-async fn project_list_command(client: &reqwest::Client, args: ProjectListArgs) -> Result<()> {
+async fn org_list_command(client: &reqwest::Client, args: BaseArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
-    let path = match args.org_id {
-        Some(org_id) if !org_id.trim().is_empty() => {
-            format!("/core/projects?orgId={}", org_id.trim())
-        }
-        _ => "/core/projects".to_string(),
-    };
-    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    let response = authed_request(client, &mut session, Method::GET, "/core/orgs", None).await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
-        return Err(anyhow!("project list failed: {}", body));
+        return Err(anyhow!("org list failed: {}", body));
     }
-    let payload: ListProjectsResponse = response.json().await?;
-    println!("{}", serde_json::to_string_pretty(&payload.projects)?);
+    let payload: ListOrgsResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.orgs)?);
     save_session(&session)?;
     Ok(())
 }
-async fn project_create_command(client: &reqwest::Client, args: ProjectCreateArgs) -> Result<()> {
+async fn org_create_command(client: &reqwest::Client, args: OrgCreateArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
@@ -1277,48 +2434,341 @@ async fn project_create_command(client: &reqwest::Client, args: ProjectCreateArg
         client,
         &mut session,
         Method::POST,
-        "/core/projects",
+        "/core/orgs",
         Some(serde_json::json!({
-            "orgId": args.org_id,
-            "name": args.name,
-            "description": args.description
+            "name": args.name
         })),
     )
     .await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
-        return Err(anyhow!("project create failed: {}", body));
+        return Err(anyhow!("org create failed: {}", body));
     }
-    let payload: ProjectResponse = response.json().await?;
-    println!("{}", serde_json::to_string_pretty(&payload.project)?);
+    let payload: OrgResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.org)?);
     save_session(&session)?;
     Ok(())
 }
-async fn project_get_command(client: &reqwest::Client, args: ProjectGetArgs) -> Result<()> {
+async fn org_get_command(client: &reqwest::Client, args: OrgGetArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
-    let path = format!("/core/projects/{}", args.project_id);
+    let path = format!("/core/orgs/{}", args.org_id);
     let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
-        return Err(anyhow!("project get failed: {}", body));
+        return Err(anyhow!("org get failed: {}", body));
     }
-    let payload: ProjectResponse = response.json().await?;
-    println!("{}", serde_json::to_string_pretty(&payload.project)?);
+    let payload: OrgResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
     save_session(&session)?;
     Ok(())
 }
-async fn project_update_command(client: &reqwest::Client, args: ProjectUpdateArgs) -> Result<()> {
+async fn org_update_command(client: &reqwest::Client, args: OrgUpdateArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
-    let mut body = serde_json::Map::new();
-    if let Some(name) = args.name {
-        body.insert("name".to_string(), serde_json::Value::String(name));
-    }
+    let path = format!("/core/orgs/{}", args.org_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::PATCH,
+        &path,
+        Some(serde_json::json!({
+            "name": args.name
+        })),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("org update failed: {}", body));
+    }
+    let payload: OrgResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.org)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn org_delete_command(client: &reqwest::Client, args: OrgDeleteArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/orgs/{}", args.org_id);
+    let response = authed_request(client, &mut session, Method::DELETE, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("org delete failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn org_invites_command(client: &reqwest::Client, args: OrgInvitesArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/orgs/{}/invites", args.org_id);
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        if let Some(api_error) = parse_api_error(&body) {
+            match api_error.code.as_deref() {
+                Some("CLERK_ORG_NOT_LINKED") => {
+                    return Err(anyhow!(
+                        "org invites unavailable: {}. Action: create this organization from a Clerk-authenticated session, then retry.",
+                        api_error
+                            .message
+                            .unwrap_or_else(|| "organization is not linked to Clerk".to_string())
+                    ));
+                }
+                Some("CLERK_NOT_CONFIGURED") => {
+                    return Err(anyhow!(
+                        "org invites unavailable: {}. Action: configure CLERK_SECRET_KEY on the API deployment.",
+                        api_error
+                            .message
+                            .unwrap_or_else(|| "Clerk is not configured".to_string())
+                    ));
+                }
+                _ => {}
+            }
+        }
+        return Err(anyhow!("org invites failed: {}", body));
+    }
+    let payload: ListOrgInvitesResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.invites)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn org_invite_command(client: &reqwest::Client, args: OrgInviteArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let role = args.role.trim().to_lowercase();
+    if role != "member" && role != "admin" {
+        return Err(anyhow!("org invite role must be either 'member' or 'admin'"));
+    }
+    if args.expires_in_days == 0 || args.expires_in_days > 30 {
+        return Err(anyhow!("org invite expires_in_days must be between 1 and 30"));
+    }
+    let path = format!("/core/orgs/{}/invites", args.org_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        &path,
+        Some(serde_json::json!({
+            "email": args.email.trim(),
+            "role": role,
+            "expiresInDays": args.expires_in_days
+        })),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        if let Some(api_error) = parse_api_error(&body) {
+            match api_error.code.as_deref() {
+                Some("CLERK_USER_NOT_LINKED") => {
+                    return Err(anyhow!(
+                        "org invite unavailable: {}. Action: login via Clerk on the web once, then rerun this command.",
+                        api_error
+                            .message
+                            .unwrap_or_else(|| "current user is not linked to Clerk".to_string())
+                    ));
+                }
+                Some("CLERK_ORG_NOT_LINKED") => {
+                    return Err(anyhow!(
+                        "org invite unavailable: {}. Action: create this organization from a Clerk-authenticated session, then retry.",
+                        api_error
+                            .message
+                            .unwrap_or_else(|| "organization is not linked to Clerk".to_string())
+                    ));
+                }
+                Some("CLERK_NOT_CONFIGURED") => {
+                    return Err(anyhow!(
+                        "org invite unavailable: {}. Action: configure CLERK_SECRET_KEY on the API deployment.",
+                        api_error
+                            .message
+                            .unwrap_or_else(|| "Clerk is not configured".to_string())
+                    ));
+                }
+                _ => {}
+            }
+        }
+        return Err(anyhow!("org invite failed: {}", body));
+    }
+    let payload: OrgInviteResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.invite)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn org_members_command(client: &reqwest::Client, args: OrgMembersArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/orgs/{}/members", args.org_id);
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("org members failed: {}", body));
+    }
+    let payload: ListOrgMembersResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.members)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn org_add_member_command(client: &reqwest::Client, args: OrgAddMemberArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/orgs/{}/members", args.org_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        &path,
+        Some(serde_json::json!({
+            "email": args.email,
+            "role": args.role
+        })),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("org add member failed: {}", body));
+    }
+    let payload: OrgMemberResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.member)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn org_update_member_command(client: &reqwest::Client, args: OrgUpdateMemberArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/orgs/{}/members/{}", args.org_id, args.user_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::PATCH,
+        &path,
+        Some(serde_json::json!({
+            "role": args.role
+        })),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("org update member failed: {}", body));
+    }
+    let payload: OrgMemberResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.member)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn org_remove_member_command(client: &reqwest::Client, args: OrgRemoveMemberArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/orgs/{}/members/{}", args.org_id, args.user_id);
+    let response = authed_request(client, &mut session, Method::DELETE, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("org remove member failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn project_list_command(client: &reqwest::Client, args: ProjectListArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = match args.org_id {
+        Some(org_id) if !org_id.trim().is_empty() => {
+            format!("/core/projects?orgId={}", org_id.trim())
+        }
+        _ => "/core/projects".to_string(),
+    };
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("project list failed: {}", body));
+    }
+    let payload: ListProjectsResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.projects)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn project_create_command(client: &reqwest::Client, args: ProjectCreateArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let mut body = serde_json::Map::new();
+    body.insert("orgId".to_string(), serde_json::Value::String(args.org_id));
+    body.insert("name".to_string(), serde_json::Value::String(args.name));
+    if let Some(description) = args.description {
+        body.insert(
+            "description".to_string(),
+            serde_json::Value::String(description),
+        );
+    }
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        "/core/projects",
+        Some(serde_json::Value::Object(body)),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("project create failed: {}", body));
+    }
+    let payload: ProjectResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.project)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn project_get_command(client: &reqwest::Client, args: ProjectGetArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/projects/{}", args.project_id);
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("project get failed: {}", body));
+    }
+    let payload: ProjectResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.project)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn project_update_command(client: &reqwest::Client, args: ProjectUpdateArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let mut body = serde_json::Map::new();
+    if let Some(name) = args.name {
+        body.insert("name".to_string(), serde_json::Value::String(name));
+    }
     if args.clear_description {
         body.insert("description".to_string(), serde_json::Value::Null);
     } else if let Some(description) = args.description {
@@ -1328,44 +2778,1315 @@ async fn project_update_command(client: &reqwest::Client, args: ProjectUpdateArg
         );
     }
-    if body.is_empty() {
+    if body.is_empty() {
+        return Err(anyhow!(
+            "project update requires at least one field (--name, --description, or --clear-description)"
+        ));
+    }
+    let path = format!("/core/projects/{}", args.project_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::PATCH,
+        &path,
+        Some(serde_json::Value::Object(body)),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("project update failed: {}", body));
+    }
+    let payload: ProjectResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.project)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn project_delete_command(client: &reqwest::Client, args: ProjectDeleteArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/projects/{}", args.project_id);
+    let response = authed_request(client, &mut session, Method::DELETE, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("project delete failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn project_members_command(client: &reqwest::Client, args: ProjectMembersArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/projects/{}/members", args.project_id);
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("project members failed: {}", body));
+    }
+    let payload: ListProjectMembersResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.members)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn project_add_member_command(client: &reqwest::Client, args: ProjectAddMemberArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/projects/{}/members", args.project_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        &path,
+        Some(serde_json::json!({
+            "email": args.email,
+            "role": args.role
+        })),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("project add member failed: {}", body));
+    }
+    let payload: ProjectMemberResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.member)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn project_update_member_command(
+    client: &reqwest::Client,
+    args: ProjectUpdateMemberArgs,
+) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/projects/{}/members/{}", args.project_id, args.user_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::PATCH,
+        &path,
+        Some(serde_json::json!({
+            "role": args.role
+        })),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("project update member failed: {}", body));
+    }
+    let payload: ProjectMemberResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.member)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn project_remove_member_command(
+    client: &reqwest::Client,
+    args: ProjectRemoveMemberArgs,
+) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/core/projects/{}/members/{}", args.project_id, args.user_id);
+    let response = authed_request(client, &mut session, Method::DELETE, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("project remove member failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn verify_project_access(
+    client: &reqwest::Client,
+    session: &mut SessionConfig,
+    project_id: &str,
+) -> Result<()> {
+    let path = format!("/core/projects/{}", project_id);
+    let response = authed_request(client, session, Method::GET, &path, None).await?;
+    if response.status().is_success() {
+        return Ok(());
+    }
+    let body = read_error_body(response).await;
+    Err(anyhow!(
+        "project verification failed for {}: {}",
+        project_id,
+        body
+    ))
+}
+fn file_name_component(path: &str) -> String {
+    Path::new(path)
+        .file_name()
+        .and_then(|value| value.to_str())
+        .unwrap_or(path)
+        .to_string()
+}
+fn detect_local_runtime_platform_arch() -> (String, String) {
+    let platform = match std::env::consts::OS {
+        "windows" => "win32",
+        "macos" => "darwin",
+        "linux" => "linux",
+        other => other,
+    }
+    .to_string();
+    let arch = match std::env::consts::ARCH {
+        "x86_64" => "x64",
+        "aarch64" => "arm64",
+        other => other,
+    }
+    .to_string();
+    (platform, arch)
+}
+fn build_unreal_link_manifest_payload(
+    link: &UnrealLinkRecord,
+    include_local_paths: bool,
+) -> serde_json::Value {
+    let mut payload = serde_json::json!({
+        "schemaVersion": 1,
+        "provider": "unreal",
+        "projectId": link.project_id,
+        "uprojectFile": file_name_component(&link.uproject_path),
+        "projectRootName": file_name_component(&link.project_root),
+        "editorBinary": file_name_component(&link.editor_path),
+        "engineRootName": link.engine_root.as_ref().map(|value| file_name_component(value)),
+        "updatedAtEpochMs": link.updated_at_epoch_ms
+    });
+    if include_local_paths {
+        payload["localPaths"] = serde_json::json!({
+            "uprojectPath": link.uproject_path,
+            "projectRoot": link.project_root,
+            "editorPath": link.editor_path,
+            "engineRoot": link.engine_root
+        });
+    }
+    payload
+}
+async fn sync_unreal_link_manifest_asset(
+    client: &reqwest::Client,
+    session: &mut SessionConfig,
+    link: &UnrealLinkRecord,
+    include_local_paths: bool,
+) -> Result<AssetRecord> {
+    let payload = build_unreal_link_manifest_payload(link, include_local_paths);
+    let bytes = serde_json::to_vec_pretty(&payload)?;
+    upload_asset_via_intent(
+        client,
+        session,
+        &link.project_id,
+        ".reallink/link/unreal-link.latest.json",
+        bytes,
+        "application/json",
+        "other",
+        "private",
+    )
+    .await
+}
+pub(crate) async fn link_unreal_command(client: &reqwest::Client, args: LinkUnrealArgs) -> Result<()> {
+    let uproject_path = resolve_uproject_path(&args.uproject)?;
+    let project_root = uproject_path
+        .parent()
+        .ok_or_else(|| anyhow!("Invalid uproject path {}", uproject_path.display()))?
+        .to_path_buf();
+    let (editor_path, engine_root_path) = resolve_editor_and_engine(args.editor, args.engine_root)?;
+    let now = now_epoch_ms();
+    let link_record = UnrealLinkRecord {
+        project_id: args.project_id.clone(),
+        uproject_path: uproject_path.display().to_string(),
+        project_root: project_root.display().to_string(),
+        engine_root: engine_root_path
+            .as_ref()
+            .map(|value| value.display().to_string()),
+        editor_path: editor_path.display().to_string(),
+        created_at_epoch_ms: now,
+        updated_at_epoch_ms: now,
+    };
+    let mut synced_asset: Option<AssetRecord> = None;
+    if !args.no_verify_remote || args.sync_project {
+        let mut session = load_session()?;
+        apply_base_url_override(&mut session, args.base_url.clone());
+        if !args.no_verify_remote {
+            verify_project_access(client, &mut session, &args.project_id).await?;
+        }
+        if args.sync_project {
+            let synced = sync_unreal_link_manifest_asset(
+                client,
+                &mut session,
+                &link_record,
+                args.include_local_paths,
+            )
+            .await?;
+            synced_asset = Some(synced);
+        }
+        save_session(&session)?;
+    }
+    let uproject_cmp = normalize_path_for_compare(&uproject_path);
+    let mut config = load_unreal_links()?;
+    config.links.retain(|entry| {
+        entry.project_id != args.project_id
+            && normalize_path_string_for_compare(&entry.uproject_path) != uproject_cmp
+    });
+    config.links.push(link_record.clone());
+    if args.set_default || config.default_project_id.is_none() {
+        config.default_project_id = Some(args.project_id.clone());
+    }
+    save_unreal_links(&config)?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(&serde_json::json!({
+            "ok": true,
+            "defaultProjectId": config.default_project_id,
+            "link": config.links.iter().find(|entry| entry.project_id == args.project_id),
+            "syncedAssetId": synced_asset.as_ref().map(|entry| entry.id.clone()),
+            "syncedManifestPath": if args.sync_project { Some(".reallink/link/unreal-link.latest.json") } else { None }
+        }))?
+    );
+    Ok(())
+}
+pub(crate) async fn link_list_command() -> Result<()> {
+    let config = load_unreal_links()?;
+    println!("{}", serde_json::to_string_pretty(&config)?);
+    Ok(())
+}
+pub(crate) async fn link_use_command(args: LinkUseArgs) -> Result<()> {
+    let mut config = load_unreal_links()?;
+    if !config
+        .links
+        .iter()
+        .any(|entry| entry.project_id == args.project_id)
+    {
+        return Err(anyhow!(
+            "No link found for project {}. Run `reallink link unreal ...` first.",
+            args.project_id
+        ));
+    }
+    config.default_project_id = Some(args.project_id.clone());
+    save_unreal_links(&config)?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(&serde_json::json!({
+            "ok": true,
+            "defaultProjectId": args.project_id
+        }))?
+    );
+    Ok(())
+}
+fn normalize_match_path(path: &Path) -> String {
+    if let Ok(canonical) = canonicalize_existing_path(path, "uproject") {
+        return normalize_path_for_compare(&canonical);
+    }
+    let absolute = if path.is_absolute() {
+        path.to_path_buf()
+    } else {
+        match std::env::current_dir() {
+            Ok(dir) => dir.join(path),
+            Err(_) => path.to_path_buf(),
+        }
+    };
+    normalize_path_for_compare(&absolute)
+}
+pub(crate) async fn link_remove_command(args: LinkRemoveArgs) -> Result<()> {
+    if args.project_id.is_none() && args.uproject.is_none() {
+        return Err(anyhow!(
+            "Provide --project-id or --uproject to remove a link."
+        ));
+    }
+    let mut config = load_unreal_links()?;
+    let before = config.links.len();
+    let target_uproject_cmp = args
+        .uproject
+        .as_ref()
+        .map(|value| normalize_match_path(value));
+    config.links.retain(|entry| {
+        if let Some(project_id) = args.project_id.as_ref() {
+            if &entry.project_id == project_id {
+                return false;
+            }
+        }
+        if let Some(target_cmp) = target_uproject_cmp.as_ref() {
+            if normalize_path_string_for_compare(&entry.uproject_path) == *target_cmp {
+                return false;
+            }
+        }
+        true
+    });
+    let removed = before.saturating_sub(config.links.len());
+    if removed == 0 {
+        return Err(anyhow!("No matching link found."));
+    }
+    if let Some(default_id) = config.default_project_id.clone() {
+        let has_default = config
+            .links
+            .iter()
+            .any(|entry| entry.project_id == default_id);
+        if !has_default {
+            config.default_project_id = config.links.first().map(|entry| entry.project_id.clone());
+        }
+    }
+    save_unreal_links(&config)?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(&serde_json::json!({
+            "ok": true,
+            "removed": removed,
+            "defaultProjectId": config.default_project_id
+        }))?
+    );
+    Ok(())
+}
+fn resolve_link_target(
+    config: &UnrealLinksConfig,
+    project_id: Option<&str>,
+    uproject: Option<&Path>,
+) -> Result<UnrealLinkRecord> {
+    if let Some(project_id) = project_id {
+        let entry = config
+            .links
+            .iter()
+            .find(|item| item.project_id == project_id)
+            .ok_or_else(|| anyhow!("No link found for project {}", project_id))?;
+        return Ok(entry.clone());
+    }
+    if let Some(uproject) = uproject {
+        let target_cmp = normalize_match_path(uproject);
+        let entry = config
+            .links
+            .iter()
+            .find(|item| normalize_path_string_for_compare(&item.uproject_path) == target_cmp)
+            .ok_or_else(|| anyhow!("No link found for uproject {}", uproject.display()))?;
+        return Ok(entry.clone());
+    }
+    if let Some(default_project_id) = config.default_project_id.as_ref() {
+        if let Some(entry) = config
+            .links
+            .iter()
+            .find(|item| &item.project_id == default_project_id)
+        {
+            return Ok(entry.clone());
+        }
+    }
+    if config.links.len() == 1 {
+        return Ok(config.links[0].clone());
+    }
+    Err(anyhow!(
+        "No target specified. Use --project-id or set a default link with `reallink link use --project-id ...`."
+    ))
+}
+fn unreal_manifest_local_path(link: &UnrealLinkRecord) -> PathBuf {
+    PathBuf::from(&link.project_root)
+        .join(".reallink")
+        .join("link")
+        .join("unreal-link.latest.json")
+}
+fn push_doctor_check(
+    checks: &mut Vec<serde_json::Value>,
+    errors: &mut Vec<String>,
+    warnings: &mut Vec<String>,
+    key: &str,
+    ok: bool,
+    detail: impl Into<String>,
+    warning_only: bool,
+) {
+    let detail_text = detail.into();
+    let status = if ok {
+        "ok"
+    } else if warning_only {
+        "warn"
+    } else {
+        "error"
+    };
+    if !ok {
+        if warning_only {
+            warnings.push(format!("{}: {}", key, detail_text));
+        } else {
+            errors.push(format!("{}: {}", key, detail_text));
+        }
+    }
+    checks.push(serde_json::json!({
+        "key": key,
+        "status": status,
+        "detail": detail_text
+    }));
+}
+pub(crate) async fn link_paths_command(args: LinkPathsArgs) -> Result<()> {
+    let config = load_unreal_links()?;
+    if config.links.is_empty() {
+        return Err(anyhow!(
+            "No local links configured. Run `reallink link unreal ...` first."
+        ));
+    }
+    let target = resolve_link_target(
+        &config,
+        args.project_id.as_deref(),
+        args.uproject.as_deref(),
+    )?;
+    let project_plugins_dir = PathBuf::from(&target.project_root).join("Plugins");
+    let engine_plugins_dir = target.engine_root.as_ref().map(|root| {
+        PathBuf::from(root)
+            .join("Engine")
+            .join("Plugins")
+            .join("Marketplace")
+    });
+    let manifest_path = unreal_manifest_local_path(&target);
+    print_json(&serde_json::json!({
+        "ok": true,
+        "projectId": target.project_id,
+        "paths": {
+            "uprojectPath": target.uproject_path,
+            "projectRoot": target.project_root,
+            "editorPath": target.editor_path,
+            "engineRoot": target.engine_root,
+            "projectPluginsDir": project_plugins_dir.display().to_string(),
+            "enginePluginsDir": engine_plugins_dir.as_ref().map(|value| value.display().to_string()),
+            "manifestPath": manifest_path.display().to_string(),
+            "localLinkConfigPath": unreal_links_path()?.display().to_string()
+        },
+        "remoteManifestAssetPath": ".reallink/link/unreal-link.latest.json"
+    }))?;
+    Ok(())
+}
+pub(crate) async fn link_doctor_command(client: &reqwest::Client, args: LinkDoctorArgs) -> Result<()> {
+    let config = load_unreal_links()?;
+    if config.links.is_empty() {
+        return Err(anyhow!(
+            "No local links configured. Run `reallink link unreal ...` first."
+        ));
+    }
+    let target = resolve_link_target(
+        &config,
+        args.project_id.as_deref(),
+        args.uproject.as_deref(),
+    )?;
+    let mut checks: Vec<serde_json::Value> = Vec::new();
+    let mut warnings: Vec<String> = Vec::new();
+    let mut errors: Vec<String> = Vec::new();
+    let project_root = PathBuf::from(&target.project_root);
+    let uproject_path = PathBuf::from(&target.uproject_path);
+    let editor_path = PathBuf::from(&target.editor_path);
+    let engine_root = target.engine_root.as_ref().map(PathBuf::from);
+    let project_plugins_dir = project_root.join("Plugins");
+    let engine_plugins_dir = engine_root
+        .as_ref()
+        .map(|root| root.join("Engine").join("Plugins").join("Marketplace"));
+    let manifest_path = unreal_manifest_local_path(&target);
+    push_doctor_check(
+        &mut checks,
+        &mut errors,
+        &mut warnings,
+        "projectRoot.exists",
+        project_root.exists() && project_root.is_dir(),
+        format!("projectRoot={}", project_root.display()),
+        false,
+    );
+    let uproject_ext_ok = uproject_path
+        .extension()
+        .and_then(|value| value.to_str())
+        .map(|value| value.eq_ignore_ascii_case("uproject"))
+        .unwrap_or(false);
+    push_doctor_check(
+        &mut checks,
+        &mut errors,
+        &mut warnings,
+        "uproject.valid",
+        uproject_path.exists() && uproject_path.is_file() && uproject_ext_ok,
+        format!("uprojectPath={}", uproject_path.display()),
+        false,
+    );
+    push_doctor_check(
+        &mut checks,
+        &mut errors,
+        &mut warnings,
+        "editor.valid",
+        editor_path.exists() && editor_path.is_file(),
+        format!("editorPath={}", editor_path.display()),
+        false,
+    );
+    if let Some(root) = engine_root.as_ref() {
+        let root_ok = root.exists() && root.is_dir();
+        push_doctor_check(
+            &mut checks,
+            &mut errors,
+            &mut warnings,
+            "engineRoot.valid",
+            root_ok,
+            format!("engineRoot={}", root.display()),
+            false,
+        );
+        let binaries_path = root.join("Engine").join("Binaries");
+        push_doctor_check(
+            &mut checks,
+            &mut errors,
+            &mut warnings,
+            "engineRoot.layout",
+            binaries_path.exists() && binaries_path.is_dir(),
+            format!("expected Engine/Binaries under {}", root.display()),
+            true,
+        );
+    } else {
+        push_doctor_check(
+            &mut checks,
+            &mut errors,
+            &mut warnings,
+            "engineRoot.present",
+            false,
+            "engineRoot not set on this link; plugin engine-scope operations are unavailable",
+            true,
+        );
+    }
+    push_doctor_check(
+        &mut checks,
+        &mut errors,
+        &mut warnings,
+        "plugins.projectDir",
+        project_plugins_dir.exists() && project_plugins_dir.is_dir(),
+        format!("projectPluginsDir={}", project_plugins_dir.display()),
+        true,
+    );
+    if let Some(engine_plugins) = engine_plugins_dir.as_ref() {
+        push_doctor_check(
+            &mut checks,
+            &mut errors,
+            &mut warnings,
+            "plugins.engineDir",
+            engine_plugins.exists() && engine_plugins.is_dir(),
+            format!("enginePluginsDir={}", engine_plugins.display()),
+            true,
+        );
+    }
+    if manifest_path.exists() {
+        let manifest_ok = fs::read_to_string(&manifest_path)
+            .ok()
+            .and_then(|value| json5::from_str::<serde_json::Value>(&value).ok())
+            .is_some();
+        push_doctor_check(
+            &mut checks,
+            &mut errors,
+            &mut warnings,
+            "manifest.local",
+            manifest_ok,
+            format!("manifestPath={}", manifest_path.display()),
+            true,
+        );
+    } else {
+        push_doctor_check(
+            &mut checks,
+            &mut errors,
+            &mut warnings,
+            "manifest.local",
+            false,
+            format!("manifestPath={} (missing)", manifest_path.display()),
+            true,
+        );
+    }
+    if args.verify_remote {
+        let (remote_ok, remote_detail) = match load_session() {
+            Ok(mut session) => {
+                apply_base_url_override(&mut session, args.base_url.clone());
+                let outcome = if let Err(error) =
+                    verify_project_access(client, &mut session, &target.project_id).await
+                {
+                    (false, error.to_string())
+                } else {
+                    (
+                        true,
+                        format!(
+                            "projectId={} verified against {}",
+                            target.project_id, session.base_url
+                        ),
+                    )
+                };
+                let _ = save_session(&session);
+                outcome
+            }
+            Err(error) => (false, format!("no active session: {}", error)),
+        };
+        push_doctor_check(
+            &mut checks,
+            &mut errors,
+            &mut warnings,
+            "remote.verify",
+            remote_ok,
+            remote_detail,
+            false,
+        );
+    }
+    let ok = errors.is_empty();
+    print_json(&serde_json::json!({
+        "ok": ok,
+        "projectId": target.project_id,
+        "checks": checks,
+        "warnings": warnings,
+        "errors": errors,
+        "paths": {
+            "uprojectPath": uproject_path.display().to_string(),
+            "projectRoot": project_root.display().to_string(),
+            "editorPath": editor_path.display().to_string(),
+            "engineRoot": engine_root.as_ref().map(|value| value.display().to_string()),
+            "projectPluginsDir": project_plugins_dir.display().to_string(),
+            "enginePluginsDir": engine_plugins_dir.as_ref().map(|value| value.display().to_string()),
+            "manifestPath": manifest_path.display().to_string()
+        }
+    }))?;
+    Ok(())
+}
+pub(crate) async fn link_open_command(args: LinkOpenArgs) -> Result<()> {
+    let config = load_unreal_links()?;
+    if config.links.is_empty() {
+        return Err(anyhow!(
+            "No local links configured. Run `reallink link unreal ...` first."
+        ));
+    }
+    let target = resolve_link_target(
+        &config,
+        args.project_id.as_deref(),
+        args.uproject.as_deref(),
+    )?;
+    let editor_path = PathBuf::from(&target.editor_path);
+    let uproject_path = PathBuf::from(&target.uproject_path);
+    if !editor_path.exists() {
+        return Err(anyhow!(
+            "Editor path does not exist anymore: {}",
+            editor_path.display()
+        ));
+    }
+    if !uproject_path.exists() {
+        return Err(anyhow!(
+            "uproject path does not exist anymore: {}",
+            uproject_path.display()
+        ));
+    }
+    let mut command = Command::new(&editor_path);
+    command.arg(&uproject_path);
+    for argument in args.extra_arg {
+        command.arg(argument);
+    }
+    if args.wait {
+        let status = command
+            .status()
+            .with_context(|| format!("Failed to run Unreal editor {}", editor_path.display()))?;
+        if !status.success() {
+            return Err(anyhow!("Unreal editor exited with {}", status));
+        }
+        println!(
+            "{}",
+            serde_json::to_string_pretty(&serde_json::json!({
+                "ok": true,
+                "projectId": target.project_id,
+                "waited": true,
+                "status": status.code()
+            }))?
+        );
+    } else {
+        let child = command
+            .spawn()
+            .with_context(|| format!("Failed to launch Unreal editor {}", editor_path.display()))?;
+        println!(
+            "{}",
+            serde_json::to_string_pretty(&serde_json::json!({
+                "ok": true,
+                "projectId": target.project_id,
+                "waited": false,
+                "pid": child.id()
+            }))?
+        );
+    }
+    Ok(())
+}
+pub(crate) async fn link_run_command(args: LinkRunArgs) -> Result<()> {
+    let config = load_unreal_links()?;
+    if config.links.is_empty() {
+        return Err(anyhow!(
+            "No local links configured. Run `reallink link unreal ...` first."
+        ));
+    }
+    let target = resolve_link_target(
+        &config,
+        args.project_id.as_deref(),
+        args.uproject.as_deref(),
+    )?;
+    let editor_path = PathBuf::from(&target.editor_path);
+    let uproject_path = PathBuf::from(&target.uproject_path);
+    if !editor_path.exists() {
+        return Err(anyhow!(
+            "Editor path does not exist anymore: {}",
+            editor_path.display()
+        ));
+    }
+    if !uproject_path.exists() {
+        return Err(anyhow!(
+            "uproject path does not exist anymore: {}",
+            uproject_path.display()
+        ));
+    }
+    let mut command = Command::new(&editor_path);
+    command.arg(&uproject_path);
+    if let Some(commandlet) = args.commandlet.as_ref() {
+        let normalized = commandlet.trim();
+        if normalized.is_empty() {
+            return Err(anyhow!("--commandlet cannot be empty"));
+        }
+        command.arg(format!("-run={}", normalized));
+    }
+    if args.log {
+        command.arg("-log");
+    }
+    if args.headless {
+        command.arg("-unattended");
+        command.arg("-nop4");
+        command.arg("-nosplash");
+        command.arg("-nullrhi");
+    }
+    for argument in args.extra_arg {
+        command.arg(argument);
+    }
+    if args.no_wait {
+        let child = command
+            .spawn()
+            .with_context(|| format!("Failed to launch Unreal editor {}", editor_path.display()))?;
+        println!(
+            "{}",
+            serde_json::to_string_pretty(&serde_json::json!({
+                "ok": true,
+                "projectId": target.project_id,
+                "mode": if args.commandlet.is_some() { "commandlet" } else { "editor" },
+                "waited": false,
+                "pid": child.id()
+            }))?
+        );
+        return Ok(());
+    }
+    let status = command
+        .status()
+        .with_context(|| format!("Failed to run Unreal editor {}", editor_path.display()))?;
+    if !status.success() {
+        return Err(anyhow!("Unreal editor exited with {}", status));
+    }
+    println!(
+        "{}",
+        serde_json::to_string_pretty(&serde_json::json!({
+            "ok": true,
+            "projectId": target.project_id,
+            "mode": if args.commandlet.is_some() { "commandlet" } else { "editor" },
+            "waited": true,
+            "status": status.code()
+        }))?
+    );
+    Ok(())
+}
+fn normalize_public_bucket_base(base_url: &str) -> Result<String> {
+    let trimmed = base_url.trim().trim_end_matches('/');
+    if trimmed.is_empty() {
+        return Err(anyhow!("Plugin base URL is empty"));
+    }
+    let parsed = reqwest::Url::parse(trimmed)
+        .with_context(|| format!("Invalid plugin base URL {}", trimmed))?;
+    Ok(parsed.to_string().trim_end_matches('/').to_string())
+}
+fn compose_plugin_archive_url(base_url: &str, name: &str, version: &str) -> Result<String> {
+    let plugin = name.trim();
+    let release = version.trim();
+    if plugin.is_empty() {
+        return Err(anyhow!("Plugin name is required"));
+    }
+    if release.is_empty() {
+        return Err(anyhow!("Plugin version is required"));
+    }
+    if plugin.contains('/') || plugin.contains('\\') {
+        return Err(anyhow!("Plugin name cannot include path separators"));
+    }
+    let base = normalize_public_bucket_base(base_url)?;
+    Ok(format!("{}/{}/{}/{}.zip", base, plugin, release, plugin))
+}
+fn normalize_sha256_hex(input: &str) -> Result<String> {
+    let cleaned = input.trim().to_ascii_lowercase();
+    if cleaned.len() != 64 {
+        return Err(anyhow!(
+            "SHA-256 must be a 64-character hex string, got length {}",
+            cleaned.len()
+        ));
+    }
+    if !cleaned
+        .chars()
+        .all(|value| matches!(value, '0'..='9' | 'a'..='f'))
+    {
+        return Err(anyhow!("SHA-256 contains non-hex characters"));
+    }
+    Ok(cleaned)
+}
+async fn fetch_plugin_index_value(
+    client: &reqwest::Client,
+    base_url: &str,
+    index_path: &str,
+) -> Result<serde_json::Value> {
+    let base = normalize_public_bucket_base(base_url)?;
+    let normalized_index_path = index_path.trim().trim_start_matches('/');
+    if normalized_index_path.is_empty() {
+        return Err(anyhow!("index path cannot be empty"));
+    }
+    let url = format!("{}/{}", base, normalized_index_path);
+    let response = with_cli_headers(client.get(url.clone()))
+        .send()
+        .await
+        .with_context(|| format!("Failed to fetch plugin index {}", url))?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("plugin index fetch failed: {}", body));
+    }
+    let body = response
+        .text()
+        .await
+        .with_context(|| format!("Failed to read plugin index {}", url))?;
+    serde_json::from_str(&body)
+        .or_else(|_| json5::from_str(&body))
+        .with_context(|| format!("Plugin index is not valid JSON/JSONC: {}", url))
+}
+async fn fetch_plugin_index(
+    client: &reqwest::Client,
+    base_url: &str,
+    index_path: &str,
+) -> Result<PluginIndexFile> {
+    let value = fetch_plugin_index_value(client, base_url, index_path).await?;
+    let parsed: PluginIndexFile = serde_json::from_value(value)
+        .with_context(|| "Plugin index does not match expected schema")?;
+    Ok(parsed)
+}
+fn resolve_plugin_from_index(
+    index: &PluginIndexFile,
+    name: &str,
+    requested_version: &str,
+    base_url: &str,
+) -> Result<(String, String, Option<String>)> {
+    let plugin_name = name.trim();
+    let version_request = requested_version.trim();
+    if plugin_name.is_empty() {
+        return Err(anyhow!("Plugin name is required"));
+    }
+    if version_request.is_empty() {
+        return Err(anyhow!("Plugin version is required"));
+    }
+    let plugin = index
+        .plugins
+        .iter()
+        .find(|entry| entry.name.eq_ignore_ascii_case(plugin_name))
+        .ok_or_else(|| anyhow!("Plugin {} not found in index", plugin_name))?;
+    let resolved_version = if version_request.eq_ignore_ascii_case("latest") {
+        plugin
+            .latest
+            .as_ref()
+            .map(|value| value.trim().to_string())
+            .or_else(|| {
+                plugin
+                    .versions
+                    .first()
+                    .map(|entry| entry.version.trim().to_string())
+            })
+            .ok_or_else(|| anyhow!("Plugin {} has no versions in index", plugin_name))?
+    } else {
+        version_request.to_string()
+    };
+    let version_entry = plugin
+        .versions
+        .iter()
+        .find(|entry| entry.version.trim() == resolved_version)
+        .ok_or_else(|| {
+            anyhow!(
+                "Version {} for plugin {} not found in index",
+                resolved_version,
+                plugin_name
+            )
+        })?;
+    let archive_url = if let Some(url) = version_entry.archive_url.as_ref() {
+        let trimmed = url.trim();
+        if trimmed.is_empty() {
+            compose_plugin_archive_url(base_url, plugin_name, &resolved_version)?
+        } else {
+            trimmed.to_string()
+        }
+    } else {
+        compose_plugin_archive_url(base_url, plugin_name, &resolved_version)?
+    };
+    let expected_sha256 = version_entry
+        .sha256
+        .as_ref()
+        .map(|value| normalize_sha256_hex(value))
+        .transpose()?;
+    Ok((resolved_version, archive_url, expected_sha256))
+}
+fn compute_sha256_hex(path: &Path) -> Result<String> {
+    let mut file =
+        fs::File::open(path).with_context(|| format!("Failed to open {}", path.display()))?;
+    let mut hasher = sha2::Sha256::new();
+    let mut buffer = [0u8; 64 * 1024];
+    loop {
+        let read = file
+            .read(&mut buffer)
+            .with_context(|| format!("Failed reading {}", path.display()))?;
+        if read == 0 {
+            break;
+        }
+        hasher.update(&buffer[..read]);
+    }
+    let digest = hasher.finalize();
+    Ok(format!("{:x}", digest))
+}
+async fn download_plugin_archive_to_file(
+    client: &reqwest::Client,
+    url: &str,
+    destination: &Path,
+) -> Result<()> {
+    if let Some(parent) = destination.parent() {
+        tokio_fs::create_dir_all(parent)
+            .await
+            .with_context(|| format!("Failed to create {}", parent.display()))?;
+    }
+    let response = with_cli_headers(client.get(url.to_string()))
+        .send()
+        .await
+        .with_context(|| format!("Failed to download plugin archive {}", url))?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("Plugin download failed: {}", body));
+    }
+    let mut file = tokio_fs::File::create(destination)
+        .await
+        .with_context(|| format!("Failed to create {}", destination.display()))?;
+    let mut stream = response;
+    while let Some(chunk) = stream
+        .chunk()
+        .await
+        .with_context(|| format!("Failed while downloading {}", url))?
+    {
+        file.write_all(&chunk)
+            .await
+            .with_context(|| format!("Failed writing {}", destination.display()))?;
+    }
+    file.flush()
+        .await
+        .with_context(|| format!("Failed to finalize {}", destination.display()))?;
+    Ok(())
+}
+fn extract_zip_file(zip_path: &Path, destination: &Path) -> Result<()> {
+    let file = fs::File::open(zip_path)
+        .with_context(|| format!("Failed to open {}", zip_path.display()))?;
+    let mut archive = zip::ZipArchive::new(file).with_context(|| "Failed to read zip archive")?;
+    for index in 0..archive.len() {
+        let mut file = archive
+            .by_index(index)
+            .with_context(|| format!("Failed to read zip entry {}", index))?;
+        let Some(name) = file.enclosed_name().map(|value| value.to_path_buf()) else {
+            continue;
+        };
+        let output_path = destination.join(name);
+        if file.is_dir() {
+            fs::create_dir_all(&output_path)
+                .with_context(|| format!("Failed to create {}", output_path.display()))?;
+            continue;
+        }
+        if let Some(parent) = output_path.parent() {
+            fs::create_dir_all(parent)
+                .with_context(|| format!("Failed to create {}", parent.display()))?;
+        }
+        let mut output_file = fs::File::create(&output_path)
+            .with_context(|| format!("Failed to create {}", output_path.display()))?;
+        io::copy(&mut file, &mut output_file)
+            .with_context(|| format!("Failed to extract {}", output_path.display()))?;
+    }
+    Ok(())
+}
+fn collect_uplugin_roots(root: &Path) -> Result<Vec<PathBuf>> {
+    let mut stack = vec![root.to_path_buf()];
+    let mut roots: Vec<PathBuf> = Vec::new();
+    while let Some(path) = stack.pop() {
+        if !path.is_dir() {
+            continue;
+        }
+        for entry in
+            fs::read_dir(&path).with_context(|| format!("Failed to read {}", path.display()))?
+        {
+            let entry = entry?;
+            let child = entry.path();
+            if child.is_dir() {
+                stack.push(child);
+                continue;
+            }
+            let is_uplugin = child
+                .extension()
+                .and_then(|value| value.to_str())
+                .map(|value| value.eq_ignore_ascii_case("uplugin"))
+                .unwrap_or(false);
+            if is_uplugin {
+                if let Some(parent) = child.parent() {
+                    roots.push(parent.to_path_buf());
+                }
+            }
+        }
+    }
+    roots.sort();
+    roots.dedup_by(|left, right| {
+        normalize_path_for_compare(left) == normalize_path_for_compare(right)
+    });
+    Ok(roots)
+}
+fn find_plugin_root_from_extracted(extracted_root: &Path) -> Result<PathBuf> {
+    let roots = collect_uplugin_roots(extracted_root)?;
+    if roots.is_empty() {
         return Err(anyhow!(
-            "project update requires at least one field (--name, --description, or --clear-description)"
+            "Plugin archive does not contain a .uplugin descriptor"
         ));
     }
+    if roots.len() > 1 {
+        return Err(anyhow!(
+            "Plugin archive contains multiple .uplugin roots; expected one"
+        ));
+    }
+    canonicalize_existing_path(&roots[0], "plugin root")
+}
-    let path = format!("/core/projects/{}", args.project_id);
-    let response = authed_request(
-        client,
-        &mut session,
-        Method::PATCH,
-        &path,
-        Some(serde_json::Value::Object(body)),
-    )
-    .await?;
-    if !response.status().is_success() {
-        let body = read_error_body(response).await;
-        return Err(anyhow!("project update failed: {}", body));
+fn remove_existing_path(path: &Path) -> Result<()> {
+    if !path.exists() {
+        return Ok(());
+    }
+    if path.is_dir() {
+        fs::remove_dir_all(path)
+            .with_context(|| format!("Failed to remove directory {}", path.display()))?;
+    } else {
+        fs::remove_file(path)
+            .with_context(|| format!("Failed to remove file {}", path.display()))?;
     }
-    let payload: ProjectResponse = response.json().await?;
-    println!("{}", serde_json::to_string_pretty(&payload.project)?);
-    save_session(&session)?;
     Ok(())
 }
-async fn project_delete_command(client: &reqwest::Client, args: ProjectDeleteArgs) -> Result<()> {
-    let mut session = load_session()?;
-    apply_base_url_override(&mut session, args.base_url);
+fn copy_dir_recursive(source: &Path, destination: &Path) -> Result<()> {
+    fs::create_dir_all(destination)
+        .with_context(|| format!("Failed to create {}", destination.display()))?;
+    for entry in
+        fs::read_dir(source).with_context(|| format!("Failed to read {}", source.display()))?
+    {
+        let entry = entry?;
+        let child = entry.path();
+        let target = destination.join(entry.file_name());
+        if child.is_dir() {
+            copy_dir_recursive(&child, &target)?;
+        } else {
+            if let Some(parent) = target.parent() {
+                fs::create_dir_all(parent)
+                    .with_context(|| format!("Failed to create {}", parent.display()))?;
+            }
+            fs::copy(&child, &target).with_context(|| {
+                format!("Failed to copy {} to {}", child.display(), target.display())
+            })?;
+        }
+    }
+    Ok(())
+}
-    let path = format!("/core/projects/{}", args.project_id);
-    let response = authed_request(client, &mut session, Method::DELETE, &path, None).await?;
-    if !response.status().is_success() {
-        let body = read_error_body(response).await;
-        return Err(anyhow!("project delete failed: {}", body));
+pub(crate) async fn link_plugin_install_command(
+    client: &reqwest::Client,
+    args: LinkPluginInstallArgs,
+) -> Result<()> {
+    let config = load_unreal_links()?;
+    if config.links.is_empty() {
+        return Err(anyhow!(
+            "No local links configured. Run `reallink link unreal ...` first."
+        ));
     }
-    let payload: serde_json::Value = response.json().await?;
-    println!("{}", serde_json::to_string_pretty(&payload)?);
-    save_session(&session)?;
+    let target = resolve_link_target(
+        &config,
+        args.project_id.as_deref(),
+        args.uproject.as_deref(),
+    )?;
+    let plugin_name = args.name.trim();
+    if plugin_name.is_empty() {
+        return Err(anyhow!("Plugin name is required"));
+    }
+    if plugin_name.contains('/') || plugin_name.contains('\\') {
+        return Err(anyhow!("Plugin name cannot include path separators"));
+    }
+    let mut expected_sha256 = args
+        .sha256
+        .as_ref()
+        .map(|value| normalize_sha256_hex(value))
+        .transpose()?;
+    let mut resolved_version = args.version.trim().to_string();
+    if resolved_version.is_empty() {
+        return Err(anyhow!("Plugin version is required"));
+    }
+    let archive_url = if let Some(url) = args.url {
+        let trimmed = url.trim();
+        if trimmed.is_empty() {
+            return Err(anyhow!("--url cannot be empty"));
+        }
+        trimmed.to_string()
+    } else if args.use_index {
+        let index = fetch_plugin_index(client, &args.base_url, &args.index_path).await?;
+        let (resolved, url, index_sha256) =
+            resolve_plugin_from_index(&index, plugin_name, &resolved_version, &args.base_url)?;
+        if expected_sha256.is_none() {
+            expected_sha256 = index_sha256;
+        }
+        resolved_version = resolved;
+        url
+    } else {
+        compose_plugin_archive_url(&args.base_url, plugin_name, &resolved_version)?
+    };
+    let plugin_root_dir = if args.engine {
+        let engine_root = target.engine_root.as_ref().ok_or_else(|| {
+            anyhow!("Selected link has no engine_root; relink with --engine-root or --editor")
+        })?;
+        let root = PathBuf::from(engine_root);
+        root.join("Engine").join("Plugins").join("Marketplace")
+    } else {
+        PathBuf::from(&target.project_root).join("Plugins")
+    };
+    fs::create_dir_all(&plugin_root_dir)
+        .with_context(|| format!("Failed to create {}", plugin_root_dir.display()))?;
+    let destination_dir = plugin_root_dir.join(plugin_name);
+    if destination_dir.exists() && !args.force {
+        return Err(anyhow!(
+            "Plugin destination already exists: {} (use --force to overwrite)",
+            destination_dir.display()
+        ));
+    }
+    if destination_dir.exists() && args.force {
+        remove_existing_path(&destination_dir)?;
+    }
+    let temp_root = std::env::temp_dir().join(format!(
+        "reallink-plugin-install-{}-{}",
+        plugin_name,
+        now_epoch_ms()
+    ));
+    if temp_root.exists() {
+        remove_existing_path(&temp_root)?;
+    }
+    fs::create_dir_all(&temp_root)
+        .with_context(|| format!("Failed to create {}", temp_root.display()))?;
+    let archive_path = temp_root.join("plugin.zip");
+    let temp_extract_root = temp_root.join("extract");
+    download_plugin_archive_to_file(client, &archive_url, &archive_path).await?;
+    let archive_sha256 = compute_sha256_hex(&archive_path)?;
+    if let Some(expected) = expected_sha256.as_ref() {
+        if &archive_sha256 != expected {
+            let _ = remove_existing_path(&temp_root);
+            return Err(anyhow!(
+                "Plugin checksum mismatch (expected {}, got {})",
+                expected,
+                archive_sha256
+            ));
+        }
+    }
+    fs::create_dir_all(&temp_extract_root)
+        .with_context(|| format!("Failed to create {}", temp_extract_root.display()))?;
+    extract_zip_file(&archive_path, &temp_extract_root)?;
+    let plugin_source_root = find_plugin_root_from_extracted(&temp_extract_root)?;
+    copy_dir_recursive(&plugin_source_root, &destination_dir)?;
+    let _ = remove_existing_path(&temp_root);
+    println!(
+        "{}",
+        serde_json::to_string_pretty(&serde_json::json!({
+            "ok": true,
+            "projectId": target.project_id,
+            "plugin": plugin_name,
+            "version": resolved_version,
+            "scope": if args.engine { "engine" } else { "project" },
+            "archiveUrl": archive_url,
+            "archiveSha256": archive_sha256,
+            "verifiedSha256": expected_sha256,
+            "installedTo": destination_dir.display().to_string()
+        }))?
+    );
+    Ok(())
+}
+pub(crate) async fn link_plugin_list_command(
+    client: &reqwest::Client,
+    args: LinkPluginListArgs,
+) -> Result<()> {
+    let parsed = fetch_plugin_index_value(client, &args.base_url, &args.index_path).await?;
+    println!("{}", serde_json::to_string_pretty(&parsed)?);
     Ok(())
 }
@@ -1535,29 +4256,51 @@ async fn file_list_command(client: &reqwest::Client, args: FileListArgs) -> Resu
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
-    let path = format!("/assets?projectId={}", args.project_id);
-    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
-    if !response.status().is_success() {
-        let body = read_error_body(response).await;
-        return Err(anyhow!("file list failed: {}", body));
-    }
-    let mut payload: ListAssetsResponse = response.json().await?;
+    let mut query_parts = vec![format!("projectId={}", args.project_id)];
     if let Some(prefix) = args.path {
         let cleaned = clean_virtual_path(&prefix);
         if !cleaned.is_empty() {
-            let strict = format!("{}/", cleaned);
-            payload.assets = payload
-                .assets
-                .into_iter()
-                .filter(|asset| asset.file_name == cleaned || asset.file_name.starts_with(&strict))
-                .collect();
+            query_parts.push(format!("path={}", cleaned));
         }
     }
+    if let Some(offset) = args.offset {
+        query_parts.push(format!("offset={}", offset));
+    }
+    if let Some(limit) = args.limit {
+        query_parts.push(format!("limit={}", limit));
+    }
+    if let Some(include_folder_markers) = args.include_folder_markers {
+        query_parts.push(format!("includeFolderMarkers={}", include_folder_markers));
+    }
+    let path = format!("/assets?{}", query_parts.join("&"));
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file list failed: {}", body));
+    }
+    let payload: ListAssetsResponse = response.json().await?;
     println!("{}", serde_json::to_string_pretty(&payload.assets)?);
     save_session(&session)?;
     Ok(())
 }
+async fn file_tree_command(client: &reqwest::Client, args: FileTreeArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/assets/tree?projectId={}", args.project_id);
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file tree failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
 async fn file_get_command(client: &reqwest::Client, args: FileGetArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
@@ -1590,6 +4333,77 @@ async fn file_stat_command(client: &reqwest::Client, args: FileStatArgs) -> Resu
     Ok(())
 }
+fn infer_thumbnail_extension(content_type: Option<&str>) -> &'static str {
+    let normalized = content_type.unwrap_or("").to_ascii_lowercase();
+    if normalized.contains("image/png") {
+        "png"
+    } else if normalized.contains("image/jpeg") || normalized.contains("image/jpg") {
+        "jpg"
+    } else if normalized.contains("image/webp") {
+        "webp"
+    } else if normalized.contains("image/svg+xml") {
+        "svg"
+    } else {
+        "bin"
+    }
+}
+async fn file_thumbnail_command(client: &reqwest::Client, args: FileThumbnailArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let size = args.size.as_str();
+    let path = format!("/assets/{}/thumbnail/{}", args.asset_id, size);
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file thumbnail failed: {}", body));
+    }
+    let content_type = response
+        .headers()
+        .get("content-type")
+        .and_then(|value| value.to_str().ok())
+        .map(|value| value.to_string());
+    let bytes = response.bytes().await?;
+    let output_path = args.output_path.unwrap_or_else(|| {
+        PathBuf::from(format!(
+            "{}-{}.{}",
+            args.asset_id,
+            size,
+            infer_thumbnail_extension(content_type.as_deref())
+        ))
+    });
+    if let Some(parent) = output_path.parent() {
+        if !parent.as_os_str().is_empty() {
+            tokio_fs::create_dir_all(parent).await.with_context(|| {
+                format!(
+                    "Failed to create output directory {}",
+                    parent.display()
+                )
+            })?;
+        }
+    }
+    tokio_fs::write(&output_path, &bytes)
+        .await
+        .with_context(|| format!("Failed to write thumbnail {}", output_path.display()))?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(&serde_json::json!({
+            "ok": true,
+            "assetId": args.asset_id,
+            "size": size,
+            "output": output_path.display().to_string(),
+            "bytesWritten": bytes.len(),
+            "contentType": content_type
+        }))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
 async fn file_download_command(client: &reqwest::Client, args: FileDownloadArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
@@ -1605,7 +4419,7 @@ async fn file_download_command(client: &reqwest::Client, args: FileDownloadArgs)
     let fallback_name = base_name_from_virtual_path(&metadata_payload.asset.file_name);
     let mut output_path = args
-        .output
+        .output_path
         .unwrap_or_else(|| PathBuf::from(fallback_name.as_str()));
     if output_path.exists() && output_path.is_dir() {
         output_path = output_path.join(fallback_name.as_str());
@@ -1728,73 +4542,189 @@ async fn file_upload_command(client: &reqwest::Client, args: FileUploadArgs) ->
         return Err(anyhow!("resolved remote file name is empty"));
     }
-    let asset = upload_asset_via_intent(
+    let asset = upload_asset_via_intent(
+        client,
+        &mut session,
+        &args.project_id,
+        &remote_name,
+        bytes,
+        "application/octet-stream",
+        &args.asset_type,
+        &args.visibility,
+    )
+    .await?;
+    println!("{}", serde_json::to_string_pretty(&asset)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn file_mkdir_command(client: &reqwest::Client, args: FileMkdirArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let folder = clean_virtual_path(&args.path);
+    if folder.is_empty() {
+        return Err(anyhow!("folder path is empty"));
+    }
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        "/assets/folder",
+        Some(serde_json::json!({
+            "projectId": args.project_id,
+            "path": folder,
+            "visibility": args.visibility
+        })),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file mkdir failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn file_move_command(client: &reqwest::Client, args: FileMoveArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let file_name = clean_virtual_path(&args.file_name);
+    if file_name.is_empty() {
+        return Err(anyhow!("file_name is empty"));
+    }
+    let path = format!("/assets/{}", args.asset_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::PATCH,
+        &path,
+        Some(serde_json::json!({
+            "fileName": file_name
+        })),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file move failed: {}", body));
+    }
+    let payload: AssetResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.asset)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn file_set_command(client: &reqwest::Client, args: FileSetArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    if args.file_name.is_none() && args.asset_type.is_none() && args.visibility.is_none() {
+        return Err(anyhow!(
+            "At least one of --file-name, --asset-type, or --visibility is required"
+        ));
+    }
+    let mut body = serde_json::Map::new();
+    if let Some(file_name) = args.file_name {
+        let normalized = clean_virtual_path(&file_name);
+        if normalized.is_empty() {
+            return Err(anyhow!("--file-name resolved to an empty path"));
+        }
+        body.insert(
+            "fileName".to_string(),
+            serde_json::Value::String(normalized),
+        );
+    }
+    if let Some(asset_type) = args.asset_type {
+        body.insert("assetType".to_string(), serde_json::Value::String(asset_type));
+    }
+    if let Some(visibility) = args.visibility {
+        body.insert("visibility".to_string(), serde_json::Value::String(visibility));
+    }
+    let path = format!("/assets/{}", args.asset_id);
+    let response = authed_request(
         client,
         &mut session,
-        &args.project_id,
-        &remote_name,
-        bytes,
-        "application/octet-stream",
-        &args.asset_type,
-        &args.visibility,
+        Method::PATCH,
+        &path,
+        Some(serde_json::Value::Object(body)),
     )
     .await?;
-    println!("{}", serde_json::to_string_pretty(&asset)?);
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file set failed: {}", body));
+    }
+    let payload: AssetResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.asset)?);
     save_session(&session)?;
     Ok(())
 }
-async fn file_mkdir_command(client: &reqwest::Client, args: FileMkdirArgs) -> Result<()> {
+async fn file_move_folder_command(client: &reqwest::Client, args: FileMoveFolderArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
-    let folder = clean_virtual_path(&args.path);
-    if folder.is_empty() {
-        return Err(anyhow!("folder path is empty"));
+    let source_path = clean_virtual_path(&args.source_path);
+    if source_path.is_empty() {
+        return Err(anyhow!("source_path is empty"));
     }
-    let marker_file = join_remote_path(Some(&folder), ".reallink.keep");
-    let marker_bytes = format!("folder marker {}\n", now_epoch_ms()).into_bytes();
-    let asset = upload_asset_via_intent(
+    let target_path = clean_virtual_path(&args.target_path);
+    let response = authed_request(
         client,
         &mut session,
-        &args.project_id,
-        &marker_file,
-        marker_bytes,
-        "text/plain",
-        "other",
-        "private",
+        Method::POST,
+        "/assets/folder/move",
+        Some(serde_json::json!({
+            "projectId": args.project_id,
+            "sourcePath": source_path,
+            "targetPath": target_path
+        })),
     )
     .await?;
-    println!("{}", serde_json::to_string_pretty(&asset)?);
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file move-folder failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
     save_session(&session)?;
     Ok(())
 }
-async fn file_move_command(client: &reqwest::Client, args: FileMoveArgs) -> Result<()> {
+async fn file_rmdir_command(client: &reqwest::Client, args: FileRemoveFolderArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
-    let file_name = clean_virtual_path(&args.file_name);
-    if file_name.is_empty() {
-        return Err(anyhow!("file_name is empty"));
+    let folder_path = clean_virtual_path(&args.path);
+    if folder_path.is_empty() {
+        return Err(anyhow!("path is empty"));
     }
-    let path = format!("/assets/{}", args.asset_id);
     let response = authed_request(
         client,
         &mut session,
-        Method::PATCH,
-        &path,
+        Method::POST,
+        "/assets/folder/delete",
         Some(serde_json::json!({
-            "fileName": file_name
+            "projectId": args.project_id,
+            "path": folder_path,
+            "recursive": args.recursive,
+            "dryRun": args.dry_run,
+            "includeFolderMarkers": args.include_folder_markers
         })),
     )
     .await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
-        return Err(anyhow!("file move failed: {}", body));
+        return Err(anyhow!("file rmdir failed: {}", body));
     }
-    let payload: AssetResponse = response.json().await?;
-    println!("{}", serde_json::to_string_pretty(&payload.asset)?);
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
     save_session(&session)?;
     Ok(())
 }
@@ -1865,6 +4795,43 @@ async fn tool_register_command(client: &reqwest::Client, args: ToolRegisterArgs)
     Ok(())
 }
+async fn tool_publish_command(client: &reqwest::Client, args: ToolPublishArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let mut body = serde_json::Map::new();
+    if let Some(channel) = args.channel {
+        body.insert("channel".to_string(), serde_json::Value::String(channel));
+    }
+    if let Some(visibility) = args.visibility {
+        body.insert("visibility".to_string(), serde_json::Value::String(visibility));
+    }
+    if let Some(notes) = args.notes {
+        body.insert("notes".to_string(), serde_json::Value::String(notes));
+    }
+    let path = format!("/tools/definitions/{}/publish", args.tool_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        &path,
+        Some(serde_json::Value::Object(body)),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool publish failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("definition").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
 async fn tool_set_entitlement_command(
     client: &reqwest::Client,
     mut session: SessionConfig,
@@ -1986,23 +4953,222 @@ async fn tool_run_command(client: &reqwest::Client, args: ToolRunArgs) -> Result
         ));
     }
-    let input_value = if let Some(path) = args.input_file {
-        load_jsonc_file(&path, "tool run input")?
-    } else if let Some(input_json) = args.input_json {
-        parse_jsonc_str(&input_json, "tool run input")?
-    } else {
-        serde_json::Value::Object(serde_json::Map::new())
-    };
+    let input_value = if let Some(path) = args.input_file {
+        load_jsonc_file(&path, "tool run input")?
+    } else if let Some(input_json) = args.input_json {
+        parse_jsonc_str(&input_json, "tool run input")?
+    } else {
+        serde_json::Value::Object(serde_json::Map::new())
+    };
+    let input_object =
+        serde_json::Value::Object(parse_object_from_value(input_value, "tool run input")?);
+    let mut body = serde_json::Map::new();
+    body.insert(
+        "toolId".to_string(),
+        serde_json::Value::String(args.tool_id),
+    );
+    body.insert("input".to_string(), input_object);
+    if let Some(org_id) = args.org_id {
+        body.insert("orgId".to_string(), serde_json::Value::String(org_id));
+    }
+    if let Some(project_id) = args.project_id {
+        body.insert(
+            "projectId".to_string(),
+            serde_json::Value::String(project_id),
+        );
+    }
+    let mut metadata_map = if let Some(path) = args.metadata_file {
+        let metadata = load_jsonc_file(&path, "tool run metadata")?;
+        parse_object_from_value(metadata, "tool run metadata")?
+    } else {
+        serde_json::Map::new()
+    };
+    if let Some(idempotency_key) = args.idempotency_key {
+        let normalized = idempotency_key.trim();
+        if !normalized.is_empty() {
+            metadata_map.insert(
+                "idempotencyKey".to_string(),
+                serde_json::Value::String(normalized.to_string()),
+            );
+        }
+    }
+    if !metadata_map.is_empty() {
+        body.insert(
+            "metadata".to_string(),
+            serde_json::Value::Object(metadata_map),
+        );
+    }
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        "/tools/runs",
+        Some(serde_json::Value::Object(body)),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool run failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("run").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_runs_command(client: &reqwest::Client, args: ToolRunsArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let mut query_parts: Vec<String> = Vec::new();
+    if let Some(tool_id) = args.tool_id {
+        query_parts.push(format!("toolId={}", tool_id));
+    }
+    if let Some(project_id) = args.project_id {
+        query_parts.push(format!("projectId={}", project_id));
+    }
+    if let Some(requested_by_user_id) = args.requested_by_user_id {
+        query_parts.push(format!("requestedByUserId={}", requested_by_user_id));
+    }
+    if let Some(status) = args.status {
+        query_parts.push(format!("status={}", status));
+    }
+    let path = if query_parts.is_empty() {
+        "/tools/runs".to_string()
+    } else {
+        format!("/tools/runs?{}", query_parts.join("&"))
+    };
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool runs failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("runs").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_get_run_command(client: &reqwest::Client, args: ToolGetRunArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/tools/runs/{}", args.run_id);
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool get-run failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("run").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_run_events_command(client: &reqwest::Client, args: ToolRunEventsArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let mut path = format!("/tools/runs/{}/events", args.run_id);
+    let mut query_parts: Vec<String> = Vec::new();
+    if let Some(limit) = args.limit {
+        query_parts.push(format!("limit={}", limit));
+    }
+    if let Some(status) = args.status {
+        query_parts.push(format!("status={}", status));
+    }
+    if let Some(stage_prefix) = args.stage_prefix {
+        query_parts.push(format!("stagePrefix={}", stage_prefix));
+    }
+    if let Some(since) = args.since {
+        query_parts.push(format!("since={}", since));
+    }
+    if let Some(until) = args.until {
+        query_parts.push(format!("until={}", until));
+    }
+    if !query_parts.is_empty() {
+        path.push_str(&format!("?{}", query_parts.join("&")));
+    }
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool run-events failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("events").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_local_catalog_command(client: &reqwest::Client, args: ToolLocalCatalogArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let (default_platform, default_arch) = detect_local_runtime_platform_arch();
+    let platform = args.platform.unwrap_or(default_platform);
+    let arch = args.arch.unwrap_or(default_arch);
+    let mut query_parts = vec![
+        format!("platform={}", platform),
+        format!("arch={}", arch),
+    ];
+    if let Some(org_id) = args.org_id {
+        query_parts.push(format!("orgId={}", org_id));
+    }
+    if let Some(project_id) = args.project_id {
+        query_parts.push(format!("projectId={}", project_id));
+    }
+    let path = format!("/tools/local/catalog?{}", query_parts.join("&"));
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool local catalog failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("tools").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_local_install_command(client: &reqwest::Client, args: ToolLocalInstallArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
-    let input_object =
-        serde_json::Value::Object(parse_object_from_value(input_value, "tool run input")?);
+    let (default_platform, default_arch) = detect_local_runtime_platform_arch();
+    let platform = args.platform.unwrap_or(default_platform);
+    let arch = args.arch.unwrap_or(default_arch);
     let mut body = serde_json::Map::new();
     body.insert(
         "toolId".to_string(),
-        serde_json::Value::String(args.tool_id),
+        serde_json::Value::String(args.tool_id.clone()),
     );
-    body.insert("input".to_string(), input_object);
+    body.insert(
+        "platform".to_string(),
+        serde_json::Value::String(platform.clone()),
+    );
+    body.insert("arch".to_string(), serde_json::Value::String(arch.clone()));
     if let Some(org_id) = args.org_id {
         body.insert("orgId".to_string(), serde_json::Value::String(org_id));
     }
@@ -2012,95 +5178,231 @@ async fn tool_run_command(client: &reqwest::Client, args: ToolRunArgs) -> Result
             serde_json::Value::String(project_id),
         );
     }
-    let mut metadata_map = if let Some(path) = args.metadata_file {
-        let metadata = load_jsonc_file(&path, "tool run metadata")?;
-        parse_object_from_value(metadata, "tool run metadata")?
-    } else {
-        serde_json::Map::new()
-    };
-    if let Some(idempotency_key) = args.idempotency_key {
-        let normalized = idempotency_key.trim();
-        if !normalized.is_empty() {
-            metadata_map.insert(
-                "idempotencyKey".to_string(),
-                serde_json::Value::String(normalized.to_string()),
-            );
-        }
-    }
-    if !metadata_map.is_empty() {
-        body.insert(
-            "metadata".to_string(),
-            serde_json::Value::Object(metadata_map),
-        );
+    if let Some(version) = args.version {
+        body.insert("version".to_string(), serde_json::Value::String(version));
     }
     let response = authed_request(
         client,
         &mut session,
         Method::POST,
-        "/tools/runs",
+        "/tools/local/install-intent",
         Some(serde_json::Value::Object(body)),
     )
     .await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
-        return Err(anyhow!("tool run failed: {}", body));
+        return Err(anyhow!("tool local install-intent failed: {}", body));
     }
     let payload: serde_json::Value = response.json().await?;
-    println!(
-        "{}",
-        serde_json::to_string_pretty(payload.get("run").unwrap_or(&payload))?
-    );
-    save_session(&session)?;
-    Ok(())
-}
+    if args.no_download {
+        println!("{}", serde_json::to_string_pretty(&payload)?);
+        save_session(&session)?;
+        return Ok(());
+    }
-async fn tool_runs_command(client: &reqwest::Client, args: ToolRunsArgs) -> Result<()> {
-    let mut session = load_session()?;
-    apply_base_url_override(&mut session, args.base_url);
+    let download_path = payload
+        .pointer("/install/downloadPath")
+        .and_then(|value| value.as_str())
+        .ok_or_else(|| anyhow!("install intent is missing install.downloadPath"))?;
+    let asset_id = payload
+        .pointer("/asset/assetId")
+        .and_then(|value| value.as_str())
+        .unwrap_or("unknown");
+    let fallback_file_name = payload
+        .pointer("/asset/fileName")
+        .and_then(|value| value.as_str())
+        .unwrap_or("tool-bundle.bin");
-    let mut query_parts: Vec<String> = Vec::new();
-    if let Some(tool_id) = args.tool_id {
-        query_parts.push(format!("toolId={}", tool_id));
+    let mut output_path = args
+        .output_path
+        .unwrap_or_else(|| PathBuf::from(base_name_from_virtual_path(fallback_file_name)));
+    if output_path.exists() && output_path.is_dir() {
+        output_path = output_path.join(base_name_from_virtual_path(fallback_file_name));
     }
-    if let Some(project_id) = args.project_id {
-        query_parts.push(format!("projectId={}", project_id));
+    if let Some(parent) = output_path.parent() {
+        if !parent.as_os_str().is_empty() {
+            tokio_fs::create_dir_all(parent)
+                .await
+                .with_context(|| format!("Failed to create output directory {}", parent.display()))?;
+        }
     }
-    if let Some(requested_by_user_id) = args.requested_by_user_id {
-        query_parts.push(format!("requestedByUserId={}", requested_by_user_id));
+    let mut resume_from: Option<u64> = None;
+    if args.resume && output_path.exists() && output_path.is_file() {
+        let existing_size = tokio_fs::metadata(&output_path)
+            .await
+            .with_context(|| {
+                format!(
+                    "Failed to read output file metadata {}",
+                    output_path.display()
+                )
+            })?
+            .len();
+        if existing_size > 0 {
+            let remote_size = payload
+                .pointer("/asset/sizeBytes")
+                .and_then(|value| value.as_u64())
+                .unwrap_or(0);
+            if remote_size > 0 && existing_size >= remote_size {
+                println!(
+                    "{}",
+                    serde_json::to_string_pretty(&serde_json::json!({
+                        "toolId": args.tool_id,
+                        "assetId": asset_id,
+                        "output": output_path.display().to_string(),
+                        "bytesWritten": 0,
+                        "resumedFrom": existing_size,
+                        "alreadyComplete": true
+                    }))?
+                );
+                save_session(&session)?;
+                return Ok(());
+            }
+            resume_from = Some(existing_size);
+        }
     }
-    if let Some(status) = args.status {
-        query_parts.push(format!("status={}", status));
+    let mut headers = Vec::new();
+    if let Some(offset) = resume_from {
+        headers.push(("range".to_string(), format!("bytes={}-", offset)));
+    }
+    let mut download_response = authed_request_with_headers(
+        client,
+        &mut session,
+        Method::GET,
+        download_path,
+        None,
+        &headers,
+    )
+    .await?;
+    if !(download_response.status().is_success()
+        || download_response.status() == StatusCode::PARTIAL_CONTENT)
+    {
+        let body = read_error_body(download_response).await;
+        return Err(anyhow!("tool local install download failed: {}", body));
     }
-    let path = if query_parts.is_empty() {
-        "/tools/runs".to_string()
+    let append_mode = resume_from.is_some() && download_response.status() == StatusCode::PARTIAL_CONTENT;
+    let mut output_file = if append_mode {
+        tokio_fs::OpenOptions::new()
+            .append(true)
+            .open(&output_path)
+            .await
+            .with_context(|| {
+                format!(
+                    "Failed to open output file for append {}",
+                    output_path.display()
+                )
+            })?
     } else {
-        format!("/tools/runs?{}", query_parts.join("&"))
+        tokio_fs::File::create(&output_path)
+            .await
+            .with_context(|| format!("Failed to create output file {}", output_path.display()))?
     };
-    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
-    if !response.status().is_success() {
-        let body = read_error_body(response).await;
-        return Err(anyhow!("tool runs failed: {}", body));
+    let mut bytes_written: u64 = 0;
+    while let Some(chunk) = download_response.chunk().await? {
+        output_file
+            .write_all(&chunk)
+            .await
+            .with_context(|| format!("Failed to write to {}", output_path.display()))?;
+        bytes_written = bytes_written.saturating_add(chunk.len() as u64);
     }
-    let payload: serde_json::Value = response.json().await?;
+    output_file.flush().await?;
     println!(
         "{}",
-        serde_json::to_string_pretty(payload.get("runs").unwrap_or(&payload))?
+        serde_json::to_string_pretty(&serde_json::json!({
+            "toolId": args.tool_id,
+            "platform": platform,
+            "arch": arch,
+            "assetId": asset_id,
+            "output": output_path.display().to_string(),
+            "bytesWritten": bytes_written,
+            "resumedFrom": resume_from,
+            "partialContent": download_response.status() == StatusCode::PARTIAL_CONTENT
+        }))?
     );
     save_session(&session)?;
     Ok(())
 }
-async fn tool_get_run_command(client: &reqwest::Client, args: ToolGetRunArgs) -> Result<()> {
+async fn tool_local_complete_run_command(
+    client: &reqwest::Client,
+    args: ToolLocalCompleteRunArgs,
+) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
-    let path = format!("/tools/runs/{}", args.run_id);
-    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    let normalized_status = args.status.trim().to_lowercase();
+    if normalized_status != "succeeded"
+        && normalized_status != "failed"
+        && normalized_status != "cancelled"
+    {
+        return Err(anyhow!(
+            "status must be one of: succeeded, failed, cancelled"
+        ));
+    }
+    if args.output_file.is_some() && args.output_json.is_some() {
+        return Err(anyhow!(
+            "Provide either --output-file or --output-json, not both"
+        ));
+    }
+    let output_value = if let Some(path) = args.output_file {
+        Some(load_jsonc_file(&path, "tool local complete output")?)
+    } else if let Some(raw) = args.output_json {
+        Some(parse_jsonc_str(&raw, "tool local complete output")?)
+    } else {
+        None
+    };
+    let mut body = serde_json::Map::new();
+    body.insert(
+        "status".to_string(),
+        serde_json::Value::String(normalized_status),
+    );
+    if let Some(output) = output_value {
+        body.insert(
+            "output".to_string(),
+            serde_json::Value::Object(parse_object_from_value(
+                output,
+                "tool local complete output",
+            )?),
+        );
+    }
+    if let Some(error_message) = args.error_message {
+        body.insert(
+            "errorMessage".to_string(),
+            serde_json::Value::String(error_message),
+        );
+    }
+    if let Some(path) = args.metadata_file {
+        let metadata = load_jsonc_file(&path, "tool local complete metadata")?;
+        body.insert(
+            "metadata".to_string(),
+            serde_json::Value::Object(parse_object_from_value(
+                metadata,
+                "tool local complete metadata",
+            )?),
+        );
+    }
+    let path = format!("/tools/runs/{}/complete", args.run_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        &path,
+        Some(serde_json::Value::Object(body)),
+    )
+    .await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
-        return Err(anyhow!("tool get-run failed: {}", body));
+        return Err(anyhow!("tool local complete-run failed: {}", body));
     }
     let payload: serde_json::Value = response.json().await?;
     println!(
@@ -2121,23 +5423,58 @@ fn run_and_check_status(mut command: Command, context: &str) -> Result<()> {
     Ok(())
 }
-async fn self_update_command(client: &reqwest::Client, args: SelfUpdateArgs) -> Result<()> {
+async fn self_update_command(
+    client: &reqwest::Client,
+    args: SelfUpdateArgs,
+    output: OutputFormat,
+) -> Result<()> {
     let current = env!("CARGO_PKG_VERSION");
     let latest = fetch_latest_cli_version(client).await;
     let Some(latest_version) = latest else {
-        println!("Could not check latest version right now.");
+        let payload = serde_json::json!({
+            "ok": false,
+            "checked": false,
+            "currentVersion": current,
+            "message": "Could not check latest version right now."
+        });
+        emit_text_or_json(output, "Could not check latest version right now.", payload)?;
         return Ok(());
     };
     if !is_newer_version(current, &latest_version) {
-        println!("reallink is up to date ({})", current);
+        let payload = serde_json::json!({
+            "ok": true,
+            "checked": true,
+            "upToDate": true,
+            "currentVersion": current,
+            "latestVersion": latest_version
+        });
+        emit_text_or_json(
+            output,
+            &format!("reallink is up to date ({})", current),
+            payload,
+        )?;
         return Ok(());
     }
-    println!("Update available: {} -> {}", current, latest_version);
     if args.check {
-        println!("Run `reallink self-update` to install the update.");
+        let payload = serde_json::json!({
+            "ok": true,
+            "checked": true,
+            "upToDate": false,
+            "currentVersion": current,
+            "latestVersion": latest_version,
+            "action": "run `reallink self-update` to install"
+        });
+        emit_text_or_json(
+            output,
+            &format!(
+                "Update available: {} -> {}. Run `reallink self-update`.",
+                current, latest_version
+            ),
+            payload,
+        )?;
         return Ok(());
     }
@@ -2156,9 +5493,19 @@ async fn self_update_command(client: &reqwest::Client, args: SelfUpdateArgs) ->
             },
             "npm self-update",
         )?;
-        println!(
-            "Updated via npm. Restart your shell if `reallink --version` still shows old version."
-        );
+        let payload = serde_json::json!({
+            "ok": true,
+            "checked": true,
+            "updated": true,
+            "method": "npm",
+            "currentVersion": current,
+            "latestVersion": latest_version
+        });
+        emit_text_or_json(
+            output,
+            "Updated via npm. Restart your shell if `reallink --version` still shows old version.",
+            payload,
+        )?;
         return Ok(());
     }
@@ -2188,33 +5535,191 @@ async fn self_update_command(client: &reqwest::Client, args: SelfUpdateArgs) ->
         )?;
     }
-    println!("Update installed. Verify with `reallink --version`.");
+    let payload = serde_json::json!({
+        "ok": true,
+        "checked": true,
+        "updated": true,
+        "method": if cfg!(windows) { "powershell-installer" } else { "shell-installer" },
+        "currentVersion": current,
+        "latestVersion": latest_version
+    });
+    emit_text_or_json(
+        output,
+        "Update installed. Verify with `reallink --version`.",
+        payload,
+    )?;
     Ok(())
 }
-#[tokio::main]
-async fn main() -> Result<()> {
-    let cli = Cli::parse();
+#[cfg(test)]
+mod tests {
+    use super::{
+        compose_plugin_archive_url, default_login_scopes, default_login_scopes_with_tools,
+        file_name_component, normalize_public_bucket_base, normalize_sha256_hex, parse_api_error,
+        resolve_plugin_from_index,
+    };
+    use super::unreal::{PluginIndexFile, PluginIndexPlugin, PluginIndexVersion};
+    #[test]
+    fn normalizes_public_bucket_base() {
+        let normalized = normalize_public_bucket_base("https://real-agent.link/plugins/unreal/")
+            .expect("base URL should normalize");
+        assert_eq!(normalized, "https://real-agent.link/plugins/unreal");
+    }
+    #[test]
+    fn composes_archive_url() {
+        let url = compose_plugin_archive_url(
+            "https://real-agent.link/plugins/unreal/",
+            "RealLinkUnreal",
+            "latest",
+        )
+        .expect("archive URL should compose");
+        assert_eq!(
+            url,
+            "https://real-agent.link/plugins/unreal/RealLinkUnreal/latest/RealLinkUnreal.zip"
+        );
+    }
+    #[test]
+    fn rejects_plugin_name_with_path_separator() {
+        let result = compose_plugin_archive_url(
+            "https://real-agent.link/plugins/unreal",
+            "RealLink/Unreal",
+            "latest",
+        );
+        assert!(result.is_err());
+    }
+    #[test]
+    fn extracts_file_name_component() {
+        let output = file_name_component("D:/Games/MyGame/MyGame.uproject");
+        assert_eq!(output, "MyGame.uproject");
+    }
+    #[test]
+    fn normalizes_sha256_hex() {
+        let value = normalize_sha256_hex(
+            "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF",
+        )
+        .expect("sha256 should normalize");
+        assert_eq!(
+            value,
+            "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
+        );
+    }
+    #[test]
+    fn resolves_plugin_from_index_with_latest() {
+        let index = PluginIndexFile {
+            schema_version: Some(1),
+            plugins: vec![PluginIndexPlugin {
+                name: "RealLinkUnreal".to_string(),
+                latest: Some("0.1.2".to_string()),
+                versions: vec![PluginIndexVersion {
+                    version: "0.1.2".to_string(),
+                    archive_url: Some(
+                        "https://cdn.example.com/RealLinkUnreal-0.1.2.zip".to_string(),
+                    ),
+                    sha256: Some(
+                        "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
+                            .to_string(),
+                    ),
+                }],
+            }],
+        };
+        let (version, url, sha) = resolve_plugin_from_index(
+            &index,
+            "RealLinkUnreal",
+            "latest",
+            "https://real-agent.link/plugins/unreal",
+        )
+        .expect("index resolve should succeed");
+        assert_eq!(version, "0.1.2");
+        assert_eq!(url, "https://cdn.example.com/RealLinkUnreal-0.1.2.zip");
+        assert_eq!(
+            sha,
+            Some("0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef".to_string())
+        );
+    }
+    #[test]
+    fn default_login_scopes_exclude_tool_scopes() {
+        let scopes = default_login_scopes();
+        assert!(scopes.contains(&"core:read".to_string()));
+        assert!(scopes.contains(&"core:write".to_string()));
+        assert!(scopes.contains(&"scheduler:read".to_string()));
+        assert!(scopes.contains(&"scheduler:write".to_string()));
+        assert!(!scopes.iter().any(|value| value.starts_with("tools:")));
+    }
+    #[test]
+    fn default_login_scopes_with_tools_include_tool_scopes() {
+        let scopes = default_login_scopes_with_tools();
+        assert!(scopes.contains(&"tools:read".to_string()));
+        assert!(scopes.contains(&"tools:write".to_string()));
+        assert!(scopes.contains(&"tools:run".to_string()));
+    }
+    #[test]
+    fn parses_api_error_envelope() {
+        let parsed = parse_api_error(r#"{"code":"CLERK_ORG_NOT_LINKED","message":"Not linked"}"#)
+            .expect("api error should parse");
+        assert_eq!(parsed.code.as_deref(), Some("CLERK_ORG_NOT_LINKED"));
+        assert_eq!(parsed.message.as_deref(), Some("Not linked"));
+    }
+    #[test]
+    fn ignores_non_json_api_error_body() {
+        let parsed = parse_api_error("plain text error");
+        assert!(parsed.is_none());
+    }
+}
+async fn run_cli(cli: Cli) -> Result<()> {
     let client = reqwest::Client::builder()
         .user_agent(concat!("reallink-cli/", env!("CARGO_PKG_VERSION")))
         .build()?;
     if !matches!(&cli.command, Commands::SelfUpdate(_)) {
         let allow_update_fetch = matches!(&cli.command, Commands::Login(_));
-        maybe_notify_update(&client, false, allow_update_fetch).await;
+        maybe_notify_update(&client, false, allow_update_fetch, cli.output).await;
     }
     match cli.command {
-        Commands::Login(args) => login_command(&client, args).await?,
+        Commands::Login(args) => login_command(&client, args, cli.output).await?,
         Commands::Whoami(args) => whoami_command(&client, args).await?,
-        Commands::Logout => logout_command(&client).await?,
-        Commands::SelfUpdate(args) => self_update_command(&client, args).await?,
+        Commands::Logout => logout_command(&client, cli.output).await?,
+        Commands::SelfUpdate(args) => self_update_command(&client, args, cli.output).await?,
+        Commands::Org { command } => match command {
+            OrgCommands::List(args) => org_list_command(&client, args).await?,
+            OrgCommands::Create(args) => org_create_command(&client, args).await?,
+            OrgCommands::Get(args) => org_get_command(&client, args).await?,
+            OrgCommands::Update(args) => org_update_command(&client, args).await?,
+            OrgCommands::Delete(args) => org_delete_command(&client, args).await?,
+            OrgCommands::Invites(args) => org_invites_command(&client, args).await?,
+            OrgCommands::Invite(args) => org_invite_command(&client, args).await?,
+            OrgCommands::Members(args) => org_members_command(&client, args).await?,
+            OrgCommands::AddMember(args) => org_add_member_command(&client, args).await?,
+            OrgCommands::UpdateMember(args) => org_update_member_command(&client, args).await?,
+            OrgCommands::RemoveMember(args) => org_remove_member_command(&client, args).await?,
+        },
+        Commands::Link { command } => unreal::dispatch(&client, command).await?,
         Commands::Project { command } => match command {
             ProjectCommands::List(args) => project_list_command(&client, args).await?,
             ProjectCommands::Create(args) => project_create_command(&client, args).await?,
             ProjectCommands::Get(args) => project_get_command(&client, args).await?,
             ProjectCommands::Update(args) => project_update_command(&client, args).await?,
             ProjectCommands::Delete(args) => project_delete_command(&client, args).await?,
+            ProjectCommands::Members(args) => project_members_command(&client, args).await?,
+            ProjectCommands::AddMember(args) => project_add_member_command(&client, args).await?,
+            ProjectCommands::UpdateMember(args) => {
+                project_update_member_command(&client, args).await?
+            }
+            ProjectCommands::RemoveMember(args) => {
+                project_remove_member_command(&client, args).await?
+            }
         },
         Commands::Token { command } => match command {
             TokenCommands::List(args) => token_list_command(&client, args).await?,
@@ -2223,24 +5728,89 @@ async fn main() -> Result<()> {
         },
         Commands::File { command } => match command {
             FileCommands::List(args) => file_list_command(&client, args).await?,
+            FileCommands::Tree(args) => file_tree_command(&client, args).await?,
             FileCommands::Get(args) => file_get_command(&client, args).await?,
             FileCommands::Stat(args) => file_stat_command(&client, args).await?,
+            FileCommands::Thumbnail(args) => file_thumbnail_command(&client, args).await?,
             FileCommands::Download(args) => file_download_command(&client, args).await?,
             FileCommands::Upload(args) => file_upload_command(&client, args).await?,
             FileCommands::Mkdir(args) => file_mkdir_command(&client, args).await?,
             FileCommands::Move(args) => file_move_command(&client, args).await?,
+            FileCommands::Set(args) => file_set_command(&client, args).await?,
+            FileCommands::MoveFolder(args) => file_move_folder_command(&client, args).await?,
+            FileCommands::Rmdir(args) => file_rmdir_command(&client, args).await?,
             FileCommands::Remove(args) => file_remove_command(&client, args).await?,
         },
         Commands::Tool { command } => match command {
             ToolCommands::List(args) => tool_list_command(&client, args).await?,
             ToolCommands::Register(args) => tool_register_command(&client, args).await?,
+            ToolCommands::Publish(args) => tool_publish_command(&client, args).await?,
             ToolCommands::Enable(args) => tool_enable_command(&client, args).await?,
             ToolCommands::Disable(args) => tool_disable_command(&client, args).await?,
             ToolCommands::Run(args) => tool_run_command(&client, args).await?,
             ToolCommands::Runs(args) => tool_runs_command(&client, args).await?,
             ToolCommands::GetRun(args) => tool_get_run_command(&client, args).await?,
+            ToolCommands::RunEvents(args) => tool_run_events_command(&client, args).await?,
+            ToolCommands::Local { command } => match command {
+                ToolLocalCommands::Catalog(args) => tool_local_catalog_command(&client, args).await?,
+                ToolLocalCommands::Install(args) => tool_local_install_command(&client, args).await?,
+                ToolLocalCommands::CompleteRun(args) => {
+                    tool_local_complete_run_command(&client, args).await?
+                }
+            },
+        },
+        Commands::Logs { command } => match command {
+            LogsCommands::Status => logs_status_command(cli.output).await?,
+            LogsCommands::Consent(args) => logs_consent_command(args, cli.output).await?,
+            LogsCommands::Tail(args) => logs_tail_command(args, cli.output).await?,
+            LogsCommands::Upload(args) => logs_upload_command(&client, args, cli.output).await?,
         },
     }
     Ok(())
 }
+#[tokio::main]
+async fn main() {
+    let cli = Cli::parse();
+    let output = cli.output;
+    let command_summary = command_summary_for_logs();
+    let started_at = now_epoch_ms();
+    if let Err(error) = run_cli(cli).await {
+        let duration_ms = now_epoch_ms().saturating_sub(started_at);
+        append_runtime_log_event(
+            &command_summary,
+            &format!("command failed: {}", error),
+            "error",
+            Some(duration_ms),
+            Some(1),
+        );
+        record_cli_crash_report(&command_summary, &error);
+        match output {
+            OutputFormat::Json => {
+                let payload = serde_json::json!({
+                    "ok": false,
+                    "error": format!("{:#}", error)
+                });
+                if let Err(emit_error) = print_json(&payload) {
+                    eprintln!("Error: {}", error);
+                    eprintln!("Failed to emit JSON error payload: {}", emit_error);
+                }
+            }
+            OutputFormat::Text => {
+                eprintln!("Error: {:#}", error);
+            }
+        }
+        std::process::exit(1);
+    }
+    let duration_ms = now_epoch_ms().saturating_sub(started_at);
+    append_runtime_log_event(
+        &command_summary,
+        "command completed",
+        "info",
+        Some(duration_ms),
+        Some(0),
+    );
+}