npm - reallink-cli - Versions diffs - 0.1.12 → 0.1.14 - Mend

reallink-cli 0.1.12 → 0.1.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md +31 -1
package/bin/reallink.cjs +10 -3
package/package.json +1 -1
package/prebuilt/win32-x64/reallink-cli.exe +0 -0
package/rust/Cargo.lock +1 -1
package/rust/Cargo.toml +1 -1
package/rust/src/generated/contract.rs +1 -1
package/rust/src/logs.rs +277 -0
package/rust/src/main.rs +1951 -182

package/rust/src/main.rs CHANGED Viewed

@@ -14,6 +14,7 @@ use tokio::time::sleep;
 mod unreal;
 mod generated;
+mod logs;
 use unreal::{
     LinkDoctorArgs, LinkOpenArgs, LinkPathsArgs, LinkPluginInstallArgs, LinkPluginListArgs,
     LinkRemoveArgs, LinkRunArgs, LinkUnrealArgs, LinkUseArgs, PluginIndexFile, UnrealLinkRecord,
@@ -81,10 +82,18 @@ enum Commands {
         #[command(subcommand)]
         command: FileCommands,
     },
+    Skill {
+        #[command(subcommand)]
+        command: SkillCommands,
+    },
     Tool {
         #[command(subcommand)]
         command: ToolCommands,
     },
+    Logs {
+        #[command(subcommand)]
+        command: LogsCommands,
+    },
 }
 #[derive(Args)]
@@ -149,24 +158,102 @@ enum OrgCommands {
 #[derive(Subcommand)]
 enum FileCommands {
     List(FileListArgs),
+    Tree(FileTreeArgs),
     Get(FileGetArgs),
     Stat(FileStatArgs),
+    Thumbnail(FileThumbnailArgs),
     Download(FileDownloadArgs),
     Upload(FileUploadArgs),
     Mkdir(FileMkdirArgs),
     Move(FileMoveArgs),
+    Set(FileSetArgs),
+    MoveFolder(FileMoveFolderArgs),
+    Rmdir(FileRemoveFolderArgs),
     Remove(FileRemoveArgs),
 }
+#[derive(Clone, Copy, Debug, Eq, PartialEq, ValueEnum)]
+enum FileThumbnailSize {
+    Small,
+    Medium,
+    Large,
+}
+impl FileThumbnailSize {
+    fn as_str(self) -> &'static str {
+        match self {
+            FileThumbnailSize::Small => "small",
+            FileThumbnailSize::Medium => "medium",
+            FileThumbnailSize::Large => "large",
+        }
+    }
+}
 #[derive(Subcommand)]
 enum ToolCommands {
     List(ToolListArgs),
     Register(ToolRegisterArgs),
+    Publish(ToolPublishArgs),
+    Enable(ToolEnableArgs),
+    Disable(ToolDisableArgs),
+    Context {
+        #[command(subcommand)]
+        command: ToolContextCommands,
+    },
+    Prompt(ToolPromptArgs),
+    Run(ToolRunArgs),
+    Runs(ToolRunsArgs),
+    GetRun(ToolGetRunArgs),
+    RunEvents(ToolRunEventsArgs),
+    TraceStatus(ToolTraceStatusArgs),
+    Local {
+        #[command(subcommand)]
+        command: ToolLocalCommands,
+    },
+}
+#[derive(Subcommand)]
+enum ToolLocalCommands {
+    Catalog(ToolLocalCatalogArgs),
+    Install(ToolLocalInstallArgs),
+    CompleteRun(ToolLocalCompleteRunArgs),
+}
+#[derive(Subcommand)]
+enum ToolContextCommands {
+    Put(ToolContextPutArgs),
+    Get(ToolContextGetArgs),
+}
+#[derive(Subcommand)]
+enum SkillCommands {
+    List(ToolListArgs),
+    Register(ToolRegisterArgs),
+    Publish(ToolPublishArgs),
     Enable(ToolEnableArgs),
     Disable(ToolDisableArgs),
+    Context {
+        #[command(subcommand)]
+        command: ToolContextCommands,
+    },
+    Prompt(ToolPromptArgs),
     Run(ToolRunArgs),
     Runs(ToolRunsArgs),
     GetRun(ToolGetRunArgs),
+    RunEvents(ToolRunEventsArgs),
+    TraceStatus(ToolTraceStatusArgs),
+    Local {
+        #[command(subcommand)]
+        command: ToolLocalCommands,
+    },
+}
+#[derive(Subcommand)]
+enum LogsCommands {
+    Status,
+    Consent(LogsConsentArgs),
+    Tail(LogsTailArgs),
+    Upload(LogsUploadArgs),
 }
 #[derive(Args)]
@@ -200,6 +287,12 @@ struct FileListArgs {
     #[arg(long)]
     path: Option<String>,
     #[arg(long)]
+    offset: Option<u32>,
+    #[arg(long)]
+    limit: Option<u32>,
+    #[arg(long)]
+    include_folder_markers: Option<bool>,
+    #[arg(long)]
     base_url: Option<String>,
 }
@@ -211,6 +304,14 @@ struct FileGetArgs {
     base_url: Option<String>,
 }
+#[derive(Args)]
+struct FileTreeArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long)]
+    base_url: Option<String>,
+}
 #[derive(Args)]
 struct FileStatArgs {
     #[arg(long)]
@@ -219,6 +320,18 @@ struct FileStatArgs {
     base_url: Option<String>,
 }
+#[derive(Args)]
+struct FileThumbnailArgs {
+    #[arg(long)]
+    asset_id: String,
+    #[arg(long, value_enum, default_value_t = FileThumbnailSize::Medium)]
+    size: FileThumbnailSize,
+    #[arg(long = "output")]
+    output_path: Option<PathBuf>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
 #[derive(Args)]
 struct FileDownloadArgs {
     #[arg(long)]
@@ -256,6 +369,8 @@ struct FileMkdirArgs {
     project_id: String,
     #[arg(long)]
     path: String,
+    #[arg(long, default_value = "private")]
+    visibility: String,
     #[arg(long)]
     base_url: Option<String>,
 }
@@ -270,6 +385,48 @@ struct FileMoveArgs {
     base_url: Option<String>,
 }
+#[derive(Args)]
+struct FileSetArgs {
+    #[arg(long)]
+    asset_id: String,
+    #[arg(long)]
+    file_name: Option<String>,
+    #[arg(long)]
+    asset_type: Option<String>,
+    #[arg(long)]
+    visibility: Option<String>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct FileMoveFolderArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long)]
+    source_path: String,
+    #[arg(long, default_value = "")]
+    target_path: String,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct FileRemoveFolderArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long)]
+    path: String,
+    #[arg(long, default_value_t = false)]
+    recursive: bool,
+    #[arg(long, default_value_t = false)]
+    dry_run: bool,
+    #[arg(long, default_value_t = true)]
+    include_folder_markers: bool,
+    #[arg(long)]
+    base_url: Option<String>,
+}
 #[derive(Args)]
 struct FileRemoveArgs {
     #[arg(long)]
@@ -314,6 +471,20 @@ struct ToolEnableArgs {
     base_url: Option<String>,
 }
+#[derive(Args)]
+struct ToolPublishArgs {
+    #[arg(long)]
+    tool_id: String,
+    #[arg(long)]
+    channel: Option<String>,
+    #[arg(long)]
+    visibility: Option<String>,
+    #[arg(long)]
+    notes: Option<String>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
 #[derive(Args)]
 struct ToolDisableArgs {
     #[arg(long)]
@@ -346,6 +517,46 @@ struct ToolRunArgs {
     metadata_file: Option<PathBuf>,
     #[arg(long, help = "Idempotency key for deduplicating retries")]
     idempotency_key: Option<String>,
+    #[arg(long, action = ArgAction::SetTrue, help = "Wait until the run reaches a terminal state")]
+    wait: bool,
+    #[arg(long, default_value_t = 300_000, help = "Wait timeout in milliseconds")]
+    timeout_ms: u64,
+    #[arg(long, default_value_t = 1_500, help = "Polling interval in milliseconds")]
+    poll_interval_ms: u64,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ToolPromptArgs {
+    #[arg(long)]
+    tool_id: String,
+    #[arg(long)]
+    prompt: String,
+    #[arg(long)]
+    org_id: Option<String>,
+    #[arg(long)]
+    project_id: Option<String>,
+    #[arg(long, help = "Optional system prompt")]
+    system_prompt: Option<String>,
+    #[arg(long, help = "Optional model hint passed to remote runtime")]
+    model: Option<String>,
+    #[arg(long, help = "Session key used by remote runtime for context restore")]
+    session_key: Option<String>,
+    #[arg(long, help = "Inline JSON object merged into tool input")]
+    input_json: Option<String>,
+    #[arg(long, help = "Path to JSON/JSONC file merged into tool input")]
+    input_file: Option<PathBuf>,
+    #[arg(long, help = "Path to JSON/JSONC metadata file")]
+    metadata_file: Option<PathBuf>,
+    #[arg(long, help = "Idempotency key for deduplicating retries")]
+    idempotency_key: Option<String>,
+    #[arg(long, action = ArgAction::SetTrue, help = "Wait until the run reaches a terminal state")]
+    wait: bool,
+    #[arg(long, default_value_t = 300_000, help = "Wait timeout in milliseconds")]
+    timeout_ms: u64,
+    #[arg(long, default_value_t = 1_500, help = "Polling interval in milliseconds")]
+    poll_interval_ms: u64,
     #[arg(long)]
     base_url: Option<String>,
 }
@@ -372,6 +583,152 @@ struct ToolGetRunArgs {
     base_url: Option<String>,
 }
+#[derive(Args)]
+struct ToolRunEventsArgs {
+    #[arg(long)]
+    run_id: String,
+    #[arg(long)]
+    limit: Option<u32>,
+    #[arg(long)]
+    status: Option<String>,
+    #[arg(long)]
+    stage_prefix: Option<String>,
+    #[arg(long, help = "Only include events created after this ISO-8601 timestamp")]
+    since: Option<String>,
+    #[arg(long, help = "Only include events created at/before this ISO-8601 timestamp")]
+    until: Option<String>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ToolTraceStatusArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long)]
+    limit: Option<u32>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ToolContextPutArgs {
+    #[arg(long)]
+    context_id: String,
+    #[arg(long)]
+    text: Option<String>,
+    #[arg(long, help = "Path to UTF-8 text file for context payload")]
+    text_file: Option<PathBuf>,
+    #[arg(long)]
+    org_id: Option<String>,
+    #[arg(long)]
+    project_id: Option<String>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ToolContextGetArgs {
+    #[arg(long)]
+    context_id: String,
+    #[arg(long)]
+    org_id: Option<String>,
+    #[arg(long)]
+    project_id: Option<String>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ToolLocalCatalogArgs {
+    #[arg(long)]
+    org_id: Option<String>,
+    #[arg(long)]
+    project_id: Option<String>,
+    #[arg(long)]
+    platform: Option<String>,
+    #[arg(long)]
+    arch: Option<String>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ToolLocalInstallArgs {
+    #[arg(long)]
+    tool_id: String,
+    #[arg(long)]
+    org_id: Option<String>,
+    #[arg(long)]
+    project_id: Option<String>,
+    #[arg(long)]
+    platform: Option<String>,
+    #[arg(long)]
+    arch: Option<String>,
+    #[arg(long)]
+    version: Option<String>,
+    #[arg(long = "output")]
+    output_path: Option<PathBuf>,
+    #[arg(long, help = "Resume download from existing output file size using HTTP Range")]
+    resume: bool,
+    #[arg(long, help = "Only print install intent, do not download")]
+    no_download: bool,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct ToolLocalCompleteRunArgs {
+    #[arg(long)]
+    run_id: String,
+    #[arg(long, default_value = "succeeded")]
+    status: String,
+    #[arg(long, help = "Path to JSON/JSONC file for run output")]
+    output_file: Option<PathBuf>,
+    #[arg(long, help = "Inline JSON object for run output")]
+    output_json: Option<String>,
+    #[arg(long)]
+    error_message: Option<String>,
+    #[arg(long, help = "Path to JSON/JSONC metadata file")]
+    metadata_file: Option<PathBuf>,
+    #[arg(long)]
+    base_url: Option<String>,
+}
+#[derive(Args)]
+struct LogsConsentArgs {
+    #[arg(long, default_value_t = false, conflicts_with = "disable")]
+    enable: bool,
+    #[arg(long, default_value_t = false, conflicts_with = "enable")]
+    disable: bool,
+}
+#[derive(Args)]
+struct LogsTailArgs {
+    #[arg(long, default_value_t = 80)]
+    lines: usize,
+}
+#[derive(Args)]
+struct LogsUploadArgs {
+    #[arg(long)]
+    project_id: String,
+    #[arg(long, action = ArgAction::Set, default_value_t = true)]
+    include_runtime: bool,
+    #[arg(long, action = ArgAction::Set, default_value_t = true)]
+    include_crash: bool,
+    #[arg(long)]
+    clear_on_success: bool,
+    #[arg(long, default_value = "other")]
+    asset_type: String,
+    #[arg(long, default_value = "private")]
+    visibility: String,
+    #[arg(long)]
+    dry_run: bool,
+    #[arg(long)]
+    base_url: Option<String>,
+}
 #[derive(Args)]
 struct ProjectListArgs {
     #[arg(long)]
@@ -813,6 +1170,12 @@ struct AssetRecord {
 #[derive(Debug, Serialize, Deserialize)]
 struct ListAssetsResponse {
     assets: Vec<AssetRecord>,
+    #[serde(default)]
+    total: Option<usize>,
+    #[serde(default)]
+    offset: Option<usize>,
+    #[serde(default)]
+    limit: Option<usize>,
 }
 #[derive(Debug, Serialize, Deserialize)]
@@ -966,18 +1329,20 @@ fn resolve_config_root() -> Result<PathBuf> {
 }
 fn config_path() -> Result<PathBuf> {
-    let base = resolve_config_root()?;
-    Ok(base.join(SESSION_DIR_NAME).join(SESSION_FILE_NAME))
+    Ok(state_root_path()?.join(SESSION_FILE_NAME))
 }
 fn update_cache_path() -> Result<PathBuf> {
-    let base = resolve_config_root()?;
-    Ok(base.join(SESSION_DIR_NAME).join(UPDATE_CACHE_FILE_NAME))
+    Ok(state_root_path()?.join(UPDATE_CACHE_FILE_NAME))
 }
 fn unreal_links_path() -> Result<PathBuf> {
+    Ok(state_root_path()?.join(UNREAL_LINKS_FILE_NAME))
+}
+fn state_root_path() -> Result<PathBuf> {
     let base = resolve_config_root()?;
-    Ok(base.join(SESSION_DIR_NAME).join(UNREAL_LINKS_FILE_NAME))
+    Ok(base.join(SESSION_DIR_NAME))
 }
 fn session_path_display() -> String {
@@ -1315,6 +1680,16 @@ async fn read_error_body(response: reqwest::Response) -> String {
     }
 }
+#[derive(Deserialize)]
+struct ApiErrorEnvelope {
+    code: Option<String>,
+    message: Option<String>,
+}
+fn parse_api_error(body: &str) -> Option<ApiErrorEnvelope> {
+    serde_json::from_str::<ApiErrorEnvelope>(body).ok()
+}
 fn with_cli_headers(request: reqwest::RequestBuilder) -> reqwest::RequestBuilder {
     request
         .header("x-reallink-client", "cli")
@@ -1831,42 +2206,282 @@ async fn logout_command(client: &reqwest::Client, output: OutputFormat) -> Resul
     Ok(())
 }
-async fn whoami_command(client: &reqwest::Client, args: BaseArgs) -> Result<()> {
-    let mut session = load_session()?;
-    apply_base_url_override(&mut session, args.base_url);
-    let response = authed_request(client, &mut session, Method::GET, "/auth/me", None).await?;
-    if !response.status().is_success() {
-        let body = read_error_body(response).await;
-        return Err(anyhow!("whoami failed: {}", body));
+fn sanitize_cli_args(raw: &[String]) -> Vec<String> {
+    let sensitive_flags = [
+        "--input-json",
+        "--input-file",
+        "--metadata-file",
+        "--token",
+        "--refresh-token",
+        "--password",
+        "--secret",
+    ];
+    let mut sanitized = Vec::with_capacity(raw.len());
+    let mut redact_next = false;
+    for value in raw {
+        if redact_next {
+            sanitized.push("<redacted>".to_string());
+            redact_next = false;
+            continue;
+        }
+        if let Some((flag, _rest)) = value.split_once('=') {
+            if sensitive_flags.iter().any(|candidate| candidate == &flag) {
+                sanitized.push(format!("{}=<redacted>", flag));
+                continue;
+            }
+        }
+        if sensitive_flags.iter().any(|candidate| candidate == value) {
+            sanitized.push(value.clone());
+            redact_next = true;
+            continue;
+        }
+        sanitized.push(value.clone());
     }
-    let payload: serde_json::Value = response.json().await?;
-    println!("{}", serde_json::to_string_pretty(&payload)?);
-    save_session(&session)?;
-    Ok(())
+    sanitized
 }
-async fn token_list_command(client: &reqwest::Client, args: BaseArgs) -> Result<()> {
-    let mut session = load_session()?;
-    apply_base_url_override(&mut session, args.base_url);
-    let response = authed_request(client, &mut session, Method::GET, "/auth/tokens", None).await?;
-    if !response.status().is_success() {
-        let body = read_error_body(response).await;
-        return Err(anyhow!("token list failed: {}", body));
+fn command_summary_for_logs() -> String {
+    let args: Vec<String> = std::env::args().skip(1).collect();
+    let sanitized = sanitize_cli_args(&args);
+    if sanitized.is_empty() {
+        "reallink".to_string()
+    } else {
+        format!("reallink {}", sanitized.join(" "))
     }
-    let payload: ListApiTokensResponse = response.json().await?;
-    println!("{}", serde_json::to_string_pretty(&payload.tokens)?);
-    save_session(&session)?;
-    Ok(())
 }
-async fn token_create_command(client: &reqwest::Client, args: TokenCreateArgs) -> Result<()> {
-    let mut session = load_session()?;
-    apply_base_url_override(&mut session, args.base_url);
-    let scopes = if args.scope.is_empty() {
-        return Err(anyhow!("At least one --scope must be provided"));
+fn append_runtime_log_event(
+    command: &str,
+    message: &str,
+    level: &str,
+    duration_ms: Option<u128>,
+    exit_code: Option<i32>,
+) {
+    let state_root = match state_root_path() {
+        Ok(path) => path,
+        Err(_) => return,
+    };
+    let event = logs::RuntimeLogEvent {
+        ts_epoch_ms: now_epoch_ms(),
+        level: level.to_string(),
+        command: command.to_string(),
+        message: message.to_string(),
+        duration_ms,
+        exit_code,
+    };
+    let _ = logs::append_runtime_event(&state_root, &event);
+}
+fn record_cli_crash_report(command: &str, error: &anyhow::Error) {
+    let state_root = match state_root_path() {
+        Ok(path) => path,
+        Err(_) => return,
+    };
+    let report = logs::CrashReport {
+        ts_epoch_ms: now_epoch_ms(),
+        command: command.to_string(),
+        message: error.to_string(),
+        detail: Some(format!("{:#}", error)),
+    };
+    let _ = logs::write_crash_report(&state_root, &report);
+}
+async fn logs_status_command(output: OutputFormat) -> Result<()> {
+    let status = logs::status(&state_root_path()?)?;
+    let payload = serde_json::to_value(&status)?;
+    if output == OutputFormat::Text {
+        println!(
+            "Logs root: {}\nRuntime log: {}\nCrash dir: {}\nUpload consent: {}\nCrash reports: {}",
+            status.logs_root,
+            status.runtime_log_path,
+            status.crash_dir,
+            if status.consent.upload_enabled {
+                "enabled"
+            } else {
+                "disabled"
+            },
+            status.crash_report_count
+        );
+    } else {
+        print_json(&payload)?;
+    }
+    Ok(())
+}
+async fn logs_consent_command(args: LogsConsentArgs, output: OutputFormat) -> Result<()> {
+    let state_root = state_root_path()?;
+    let consent = if args.enable {
+        logs::set_upload_consent(&state_root, true)?
+    } else if args.disable {
+        logs::set_upload_consent(&state_root, false)?
+    } else {
+        logs::load_consent(&state_root)?
+    };
+    let payload = serde_json::json!({
+        "ok": true,
+        "consent": consent
+    });
+    if output == OutputFormat::Text {
+        println!(
+            "Log upload consent is {}.",
+            if consent.upload_enabled {
+                "enabled"
+            } else {
+                "disabled"
+            }
+        );
+    } else {
+        print_json(&payload)?;
+    }
+    Ok(())
+}
+async fn logs_tail_command(args: LogsTailArgs, output: OutputFormat) -> Result<()> {
+    let lines = logs::read_runtime_tail(&state_root_path()?, args.lines)?;
+    if output == OutputFormat::Text {
+        for line in lines {
+            println!("{}", line);
+        }
+    } else {
+        print_json(&serde_json::json!({
+            "ok": true,
+            "lines": lines
+        }))?;
+    }
+    Ok(())
+}
+async fn logs_upload_command(
+    client: &reqwest::Client,
+    args: LogsUploadArgs,
+    output: OutputFormat,
+) -> Result<()> {
+    let state_root = state_root_path()?;
+    let consent = logs::load_consent(&state_root)?;
+    if !consent.upload_enabled {
+        return Err(anyhow!(
+            "Log upload consent is disabled. Run `reallink logs consent --enable` first."
+        ));
+    }
+    let candidates =
+        logs::list_upload_candidates(&state_root, args.include_runtime, args.include_crash)?;
+    if args.dry_run {
+        let payload = serde_json::json!({
+            "ok": true,
+            "dryRun": true,
+            "count": candidates.len(),
+            "candidates": candidates
+        });
+        emit_text_or_json(
+            output,
+            &format!("Dry run complete. {} log files are ready to upload.", payload["count"]),
+            payload,
+        )?;
+        return Ok(());
+    }
+    if candidates.is_empty() {
+        let payload = serde_json::json!({
+            "ok": true,
+            "uploaded": [],
+            "count": 0
+        });
+        emit_text_or_json(output, "No local log files to upload.", payload)?;
+        return Ok(());
+    }
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let mut uploaded = Vec::new();
+    for candidate in candidates {
+        let bytes = fs::read(&candidate.local_path).with_context(|| {
+            format!("Failed to read log file {}", candidate.local_path.display())
+        })?;
+        let asset = upload_asset_via_intent(
+            client,
+            &mut session,
+            &args.project_id,
+            &candidate.remote_path,
+            bytes,
+            &candidate.content_type,
+            &args.asset_type,
+            &args.visibility,
+        )
+        .await?;
+        if args.clear_on_success {
+            let file_name = candidate
+                .local_path
+                .file_name()
+                .and_then(|value| value.to_str())
+                .unwrap_or_default();
+            if file_name.eq_ignore_ascii_case("runtime.jsonl") {
+                fs::write(&candidate.local_path, b"").with_context(|| {
+                    format!("Failed to clear runtime log {}", candidate.local_path.display())
+                })?;
+            } else {
+                let _ = fs::remove_file(&candidate.local_path);
+            }
+        }
+        uploaded.push(serde_json::json!({
+            "localPath": candidate.local_path.display().to_string(),
+            "remotePath": candidate.remote_path,
+            "asset": asset
+        }));
+    }
+    save_session(&session)?;
+    let payload = serde_json::json!({
+        "ok": true,
+        "count": uploaded.len(),
+        "uploaded": uploaded
+    });
+    emit_text_or_json(
+        output,
+        &format!("Uploaded {} log files.", payload["count"]),
+        payload,
+    )?;
+    Ok(())
+}
+async fn whoami_command(client: &reqwest::Client, args: BaseArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let response = authed_request(client, &mut session, Method::GET, "/auth/me", None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("whoami failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn token_list_command(client: &reqwest::Client, args: BaseArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let response = authed_request(client, &mut session, Method::GET, "/auth/tokens", None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("token list failed: {}", body));
+    }
+    let payload: ListApiTokensResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.tokens)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn token_create_command(client: &reqwest::Client, args: TokenCreateArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let scopes = if args.scope.is_empty() {
+        return Err(anyhow!("At least one --scope must be provided"));
     } else {
         args.scope
     };
@@ -2017,6 +2632,27 @@ async fn org_invites_command(client: &reqwest::Client, args: OrgInvitesArgs) ->
     let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
+        if let Some(api_error) = parse_api_error(&body) {
+            match api_error.code.as_deref() {
+                Some("CLERK_ORG_NOT_LINKED") => {
+                    return Err(anyhow!(
+                        "org invites unavailable: {}. Action: create this organization from a Clerk-authenticated session, then retry.",
+                        api_error
+                            .message
+                            .unwrap_or_else(|| "organization is not linked to Clerk".to_string())
+                    ));
+                }
+                Some("CLERK_NOT_CONFIGURED") => {
+                    return Err(anyhow!(
+                        "org invites unavailable: {}. Action: configure CLERK_SECRET_KEY on the API deployment.",
+                        api_error
+                            .message
+                            .unwrap_or_else(|| "Clerk is not configured".to_string())
+                    ));
+                }
+                _ => {}
+            }
+        }
         return Err(anyhow!("org invites failed: {}", body));
     }
     let payload: ListOrgInvitesResponse = response.json().await?;
@@ -2052,6 +2688,35 @@ async fn org_invite_command(client: &reqwest::Client, args: OrgInviteArgs) -> Re
     .await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
+        if let Some(api_error) = parse_api_error(&body) {
+            match api_error.code.as_deref() {
+                Some("CLERK_USER_NOT_LINKED") => {
+                    return Err(anyhow!(
+                        "org invite unavailable: {}. Action: login via Clerk on the web once, then rerun this command.",
+                        api_error
+                            .message
+                            .unwrap_or_else(|| "current user is not linked to Clerk".to_string())
+                    ));
+                }
+                Some("CLERK_ORG_NOT_LINKED") => {
+                    return Err(anyhow!(
+                        "org invite unavailable: {}. Action: create this organization from a Clerk-authenticated session, then retry.",
+                        api_error
+                            .message
+                            .unwrap_or_else(|| "organization is not linked to Clerk".to_string())
+                    ));
+                }
+                Some("CLERK_NOT_CONFIGURED") => {
+                    return Err(anyhow!(
+                        "org invite unavailable: {}. Action: configure CLERK_SECRET_KEY on the API deployment.",
+                        api_error
+                            .message
+                            .unwrap_or_else(|| "Clerk is not configured".to_string())
+                    ));
+                }
+                _ => {}
+            }
+        }
         return Err(anyhow!("org invite failed: {}", body));
     }
     let payload: OrgInviteResponse = response.json().await?;
@@ -2169,16 +2834,22 @@ async fn project_create_command(client: &reqwest::Client, args: ProjectCreateArg
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
+    let mut body = serde_json::Map::new();
+    body.insert("orgId".to_string(), serde_json::Value::String(args.org_id));
+    body.insert("name".to_string(), serde_json::Value::String(args.name));
+    if let Some(description) = args.description {
+        body.insert(
+            "description".to_string(),
+            serde_json::Value::String(description),
+        );
+    }
     let response = authed_request(
         client,
         &mut session,
         Method::POST,
         "/core/projects",
-        Some(serde_json::json!({
-            "orgId": args.org_id,
-            "name": args.name,
-            "description": args.description
-        })),
+        Some(serde_json::Value::Object(body)),
     )
     .await?;
     if !response.status().is_success() {
@@ -2380,6 +3051,23 @@ fn file_name_component(path: &str) -> String {
         .to_string()
 }
+fn detect_local_runtime_platform_arch() -> (String, String) {
+    let platform = match std::env::consts::OS {
+        "windows" => "win32",
+        "macos" => "darwin",
+        "linux" => "linux",
+        other => other,
+    }
+    .to_string();
+    let arch = match std::env::consts::ARCH {
+        "x86_64" => "x64",
+        "aarch64" => "arm64",
+        other => other,
+    }
+    .to_string();
+    (platform, arch)
+}
 fn build_unreal_link_manifest_payload(
     link: &UnrealLinkRecord,
     include_local_paths: bool,
@@ -3685,29 +4373,51 @@ async fn file_list_command(client: &reqwest::Client, args: FileListArgs) -> Resu
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
-    let path = format!("/assets?projectId={}", args.project_id);
-    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
-    if !response.status().is_success() {
-        let body = read_error_body(response).await;
-        return Err(anyhow!("file list failed: {}", body));
-    }
-    let mut payload: ListAssetsResponse = response.json().await?;
+    let mut query_parts = vec![format!("projectId={}", args.project_id)];
     if let Some(prefix) = args.path {
         let cleaned = clean_virtual_path(&prefix);
         if !cleaned.is_empty() {
-            let strict = format!("{}/", cleaned);
-            payload.assets = payload
-                .assets
-                .into_iter()
-                .filter(|asset| asset.file_name == cleaned || asset.file_name.starts_with(&strict))
-                .collect();
+            query_parts.push(format!("path={}", cleaned));
         }
     }
+    if let Some(offset) = args.offset {
+        query_parts.push(format!("offset={}", offset));
+    }
+    if let Some(limit) = args.limit {
+        query_parts.push(format!("limit={}", limit));
+    }
+    if let Some(include_folder_markers) = args.include_folder_markers {
+        query_parts.push(format!("includeFolderMarkers={}", include_folder_markers));
+    }
+    let path = format!("/assets?{}", query_parts.join("&"));
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file list failed: {}", body));
+    }
+    let payload: ListAssetsResponse = response.json().await?;
     println!("{}", serde_json::to_string_pretty(&payload.assets)?);
     save_session(&session)?;
     Ok(())
 }
+async fn file_tree_command(client: &reqwest::Client, args: FileTreeArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/assets/tree?projectId={}", args.project_id);
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file tree failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
 async fn file_get_command(client: &reqwest::Client, args: FileGetArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
@@ -3740,6 +4450,77 @@ async fn file_stat_command(client: &reqwest::Client, args: FileStatArgs) -> Resu
     Ok(())
 }
+fn infer_thumbnail_extension(content_type: Option<&str>) -> &'static str {
+    let normalized = content_type.unwrap_or("").to_ascii_lowercase();
+    if normalized.contains("image/png") {
+        "png"
+    } else if normalized.contains("image/jpeg") || normalized.contains("image/jpg") {
+        "jpg"
+    } else if normalized.contains("image/webp") {
+        "webp"
+    } else if normalized.contains("image/svg+xml") {
+        "svg"
+    } else {
+        "bin"
+    }
+}
+async fn file_thumbnail_command(client: &reqwest::Client, args: FileThumbnailArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let size = args.size.as_str();
+    let path = format!("/assets/{}/thumbnail/{}", args.asset_id, size);
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file thumbnail failed: {}", body));
+    }
+    let content_type = response
+        .headers()
+        .get("content-type")
+        .and_then(|value| value.to_str().ok())
+        .map(|value| value.to_string());
+    let bytes = response.bytes().await?;
+    let output_path = args.output_path.unwrap_or_else(|| {
+        PathBuf::from(format!(
+            "{}-{}.{}",
+            args.asset_id,
+            size,
+            infer_thumbnail_extension(content_type.as_deref())
+        ))
+    });
+    if let Some(parent) = output_path.parent() {
+        if !parent.as_os_str().is_empty() {
+            tokio_fs::create_dir_all(parent).await.with_context(|| {
+                format!(
+                    "Failed to create output directory {}",
+                    parent.display()
+                )
+            })?;
+        }
+    }
+    tokio_fs::write(&output_path, &bytes)
+        .await
+        .with_context(|| format!("Failed to write thumbnail {}", output_path.display()))?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(&serde_json::json!({
+            "ok": true,
+            "assetId": args.asset_id,
+            "size": size,
+            "output": output_path.display().to_string(),
+            "bytesWritten": bytes.len(),
+            "contentType": content_type
+        }))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
 async fn file_download_command(client: &reqwest::Client, args: FileDownloadArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
@@ -3902,20 +4683,24 @@ async fn file_mkdir_command(client: &reqwest::Client, args: FileMkdirArgs) -> Re
     if folder.is_empty() {
         return Err(anyhow!("folder path is empty"));
     }
-    let marker_file = join_remote_path(Some(&folder), ".reallink.keep");
-    let marker_bytes = format!("folder marker {}\n", now_epoch_ms()).into_bytes();
-    let asset = upload_asset_via_intent(
+    let response = authed_request(
         client,
         &mut session,
-        &args.project_id,
-        &marker_file,
-        marker_bytes,
-        "text/plain",
-        "other",
-        "private",
+        Method::POST,
+        "/assets/folder",
+        Some(serde_json::json!({
+            "projectId": args.project_id,
+            "path": folder,
+            "visibility": args.visibility
+        })),
     )
     .await?;
-    println!("{}", serde_json::to_string_pretty(&asset)?);
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file mkdir failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
     save_session(&session)?;
     Ok(())
 }
@@ -3949,27 +4734,139 @@ async fn file_move_command(client: &reqwest::Client, args: FileMoveArgs) -> Resu
     Ok(())
 }
-async fn file_remove_command(client: &reqwest::Client, args: FileRemoveArgs) -> Result<()> {
+async fn file_set_command(client: &reqwest::Client, args: FileSetArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
+    if args.file_name.is_none() && args.asset_type.is_none() && args.visibility.is_none() {
+        return Err(anyhow!(
+            "At least one of --file-name, --asset-type, or --visibility is required"
+        ));
+    }
+    let mut body = serde_json::Map::new();
+    if let Some(file_name) = args.file_name {
+        let normalized = clean_virtual_path(&file_name);
+        if normalized.is_empty() {
+            return Err(anyhow!("--file-name resolved to an empty path"));
+        }
+        body.insert(
+            "fileName".to_string(),
+            serde_json::Value::String(normalized),
+        );
+    }
+    if let Some(asset_type) = args.asset_type {
+        body.insert("assetType".to_string(), serde_json::Value::String(asset_type));
+    }
+    if let Some(visibility) = args.visibility {
+        body.insert("visibility".to_string(), serde_json::Value::String(visibility));
+    }
     let path = format!("/assets/{}", args.asset_id);
-    let response = authed_request(client, &mut session, Method::DELETE, &path, None).await?;
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::PATCH,
+        &path,
+        Some(serde_json::Value::Object(body)),
+    )
+    .await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
-        return Err(anyhow!("file remove failed: {}", body));
+        return Err(anyhow!("file set failed: {}", body));
     }
-    let payload: serde_json::Value = response.json().await?;
-    println!("{}", serde_json::to_string_pretty(&payload)?);
+    let payload: AssetResponse = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload.asset)?);
     save_session(&session)?;
     Ok(())
 }
-async fn tool_list_command(client: &reqwest::Client, args: ToolListArgs) -> Result<()> {
+async fn file_move_folder_command(client: &reqwest::Client, args: FileMoveFolderArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
-    let path = format!(
+    let source_path = clean_virtual_path(&args.source_path);
+    if source_path.is_empty() {
+        return Err(anyhow!("source_path is empty"));
+    }
+    let target_path = clean_virtual_path(&args.target_path);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        "/assets/folder/move",
+        Some(serde_json::json!({
+            "projectId": args.project_id,
+            "sourcePath": source_path,
+            "targetPath": target_path
+        })),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file move-folder failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn file_rmdir_command(client: &reqwest::Client, args: FileRemoveFolderArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let folder_path = clean_virtual_path(&args.path);
+    if folder_path.is_empty() {
+        return Err(anyhow!("path is empty"));
+    }
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        "/assets/folder/delete",
+        Some(serde_json::json!({
+            "projectId": args.project_id,
+            "path": folder_path,
+            "recursive": args.recursive,
+            "dryRun": args.dry_run,
+            "includeFolderMarkers": args.include_folder_markers
+        })),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file rmdir failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn file_remove_command(client: &reqwest::Client, args: FileRemoveArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/assets/{}", args.asset_id);
+    let response = authed_request(client, &mut session, Method::DELETE, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("file remove failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_list_command(client: &reqwest::Client, args: ToolListArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!(
         "/tools/definitions?includeInactive={}&includeDisabledChannel={}",
         args.include_inactive, args.include_disabled_channel
     );
@@ -4015,6 +4912,43 @@ async fn tool_register_command(client: &reqwest::Client, args: ToolRegisterArgs)
     Ok(())
 }
+async fn tool_publish_command(client: &reqwest::Client, args: ToolPublishArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let mut body = serde_json::Map::new();
+    if let Some(channel) = args.channel {
+        body.insert("channel".to_string(), serde_json::Value::String(channel));
+    }
+    if let Some(visibility) = args.visibility {
+        body.insert("visibility".to_string(), serde_json::Value::String(visibility));
+    }
+    if let Some(notes) = args.notes {
+        body.insert("notes".to_string(), serde_json::Value::String(notes));
+    }
+    let path = format!("/tools/definitions/{}/publish", args.tool_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        &path,
+        Some(serde_json::Value::Object(body)),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool publish failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("definition").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
 async fn tool_set_entitlement_command(
     client: &reqwest::Client,
     mut session: SessionConfig,
@@ -4079,80 +5013,693 @@ async fn tool_set_entitlement_command(
     .await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
-        return Err(anyhow!("tool entitlement update failed: {}", body));
+        return Err(anyhow!("tool entitlement update failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("entitlement").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_enable_command(client: &reqwest::Client, args: ToolEnableArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    tool_set_entitlement_command(
+        client,
+        session,
+        args.tool_id,
+        args.org_id,
+        args.project_id,
+        args.user_id,
+        "enabled",
+        args.expires_at,
+        args.metadata_file,
+    )
+    .await
+}
+async fn tool_disable_command(client: &reqwest::Client, args: ToolDisableArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    tool_set_entitlement_command(
+        client,
+        session,
+        args.tool_id,
+        args.org_id,
+        args.project_id,
+        args.user_id,
+        "disabled",
+        None,
+        args.metadata_file,
+    )
+    .await
+}
+async fn tool_prompt_command(client: &reqwest::Client, args: ToolPromptArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    if args.input_json.is_some() && args.input_file.is_some() {
+        return Err(anyhow!(
+            "Provide either --input-json or --input-file, not both"
+        ));
+    }
+    let prompt = args.prompt.trim();
+    if prompt.is_empty() {
+        return Err(anyhow!("--prompt is required"));
+    }
+    let merged_input = if let Some(path) = args.input_file {
+        load_jsonc_file(&path, "tool prompt input")?
+    } else if let Some(input_json) = args.input_json {
+        parse_jsonc_str(&input_json, "tool prompt input")?
+    } else {
+        serde_json::Value::Object(serde_json::Map::new())
+    };
+    let mut input_map = parse_object_from_value(merged_input, "tool prompt input")?;
+    input_map.insert(
+        "prompt".to_string(),
+        serde_json::Value::String(prompt.to_string()),
+    );
+    if let Some(system_prompt) = args.system_prompt {
+        let normalized = system_prompt.trim();
+        if !normalized.is_empty() {
+            input_map.insert(
+                "systemPrompt".to_string(),
+                serde_json::Value::String(normalized.to_string()),
+            );
+        }
+    }
+    if let Some(model) = args.model {
+        let normalized = model.trim();
+        if !normalized.is_empty() {
+            input_map.insert(
+                "model".to_string(),
+                serde_json::Value::String(normalized.to_string()),
+            );
+        }
+    }
+    if let Some(session_key) = args.session_key {
+        let normalized = session_key.trim();
+        if !normalized.is_empty() {
+            input_map.insert(
+                "sessionKey".to_string(),
+                serde_json::Value::String(normalized.to_string()),
+            );
+        }
+    }
+    let mut body = serde_json::Map::new();
+    body.insert(
+        "toolId".to_string(),
+        serde_json::Value::String(args.tool_id),
+    );
+    body.insert("input".to_string(), serde_json::Value::Object(input_map));
+    if let Some(org_id) = args.org_id {
+        body.insert("orgId".to_string(), serde_json::Value::String(org_id));
+    }
+    if let Some(project_id) = args.project_id {
+        body.insert(
+            "projectId".to_string(),
+            serde_json::Value::String(project_id),
+        );
+    }
+    let mut metadata_map = if let Some(path) = args.metadata_file {
+        let metadata = load_jsonc_file(&path, "tool prompt metadata")?;
+        parse_object_from_value(metadata, "tool prompt metadata")?
+    } else {
+        serde_json::Map::new()
+    };
+    if let Some(idempotency_key) = args.idempotency_key {
+        let normalized = idempotency_key.trim();
+        if !normalized.is_empty() {
+            metadata_map.insert(
+                "idempotencyKey".to_string(),
+                serde_json::Value::String(normalized.to_string()),
+            );
+        }
+    }
+    metadata_map.insert(
+        "clientCommand".to_string(),
+        serde_json::Value::String("tool.prompt".to_string()),
+    );
+    if !metadata_map.is_empty() {
+        body.insert(
+            "metadata".to_string(),
+            serde_json::Value::Object(metadata_map),
+        );
+    }
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        "/tools/runs",
+        Some(serde_json::Value::Object(body)),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool prompt failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    let payload = if args.wait {
+        let run_id = payload
+            .get("run")
+            .and_then(|run| run.get("id"))
+            .and_then(serde_json::Value::as_str)
+            .ok_or_else(|| anyhow!("tool prompt response missing run.id"))?;
+        wait_for_tool_run_completion(
+            client,
+            &mut session,
+            run_id,
+            args.timeout_ms,
+            args.poll_interval_ms,
+        )
+        .await?
+    } else {
+        payload
+    };
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("run").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_run_command(client: &reqwest::Client, args: ToolRunArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    if args.input_json.is_some() && args.input_file.is_some() {
+        return Err(anyhow!(
+            "Provide either --input-json or --input-file, not both"
+        ));
+    }
+    let input_value = if let Some(path) = args.input_file {
+        load_jsonc_file(&path, "tool run input")?
+    } else if let Some(input_json) = args.input_json {
+        parse_jsonc_str(&input_json, "tool run input")?
+    } else {
+        serde_json::Value::Object(serde_json::Map::new())
+    };
+    let input_object =
+        serde_json::Value::Object(parse_object_from_value(input_value, "tool run input")?);
+    let mut body = serde_json::Map::new();
+    body.insert(
+        "toolId".to_string(),
+        serde_json::Value::String(args.tool_id),
+    );
+    body.insert("input".to_string(), input_object);
+    if let Some(org_id) = args.org_id {
+        body.insert("orgId".to_string(), serde_json::Value::String(org_id));
+    }
+    if let Some(project_id) = args.project_id {
+        body.insert(
+            "projectId".to_string(),
+            serde_json::Value::String(project_id),
+        );
+    }
+    let mut metadata_map = if let Some(path) = args.metadata_file {
+        let metadata = load_jsonc_file(&path, "tool run metadata")?;
+        parse_object_from_value(metadata, "tool run metadata")?
+    } else {
+        serde_json::Map::new()
+    };
+    if let Some(idempotency_key) = args.idempotency_key {
+        let normalized = idempotency_key.trim();
+        if !normalized.is_empty() {
+            metadata_map.insert(
+                "idempotencyKey".to_string(),
+                serde_json::Value::String(normalized.to_string()),
+            );
+        }
+    }
+    if !metadata_map.is_empty() {
+        body.insert(
+            "metadata".to_string(),
+            serde_json::Value::Object(metadata_map),
+        );
+    }
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        "/tools/runs",
+        Some(serde_json::Value::Object(body)),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool run failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    let payload = if args.wait {
+        let run_id = payload
+            .get("run")
+            .and_then(|run| run.get("id"))
+            .and_then(serde_json::Value::as_str)
+            .ok_or_else(|| anyhow!("tool run response missing run.id"))?;
+        wait_for_tool_run_completion(
+            client,
+            &mut session,
+            run_id,
+            args.timeout_ms,
+            args.poll_interval_ms,
+        )
+        .await?
+    } else {
+        payload
+    };
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("run").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+async fn wait_for_tool_run_completion(
+    client: &reqwest::Client,
+    session: &mut SessionConfig,
+    run_id: &str,
+    timeout_ms: u64,
+    poll_interval_ms: u64,
+) -> Result<serde_json::Value> {
+    let poll_interval = Duration::from_millis(poll_interval_ms.max(250));
+    let deadline = std::time::Instant::now() + Duration::from_millis(timeout_ms.max(1_000));
+    loop {
+        let path = format!("/tools/runs/{}", run_id);
+        let response = authed_request(client, session, Method::GET, &path, None).await?;
+        if !response.status().is_success() {
+            let body = read_error_body(response).await;
+            return Err(anyhow!("tool wait failed: {}", body));
+        }
+        let payload: serde_json::Value = response.json().await?;
+        let status = payload
+            .get("run")
+            .and_then(|run| run.get("status"))
+            .and_then(serde_json::Value::as_str)
+            .unwrap_or_default();
+        if matches!(status, "succeeded" | "failed" | "cancelled") {
+            return Ok(payload);
+        }
+        if std::time::Instant::now() >= deadline {
+            return Err(anyhow!(
+                "Timed out waiting for tool run {} to finish",
+                run_id
+            ));
+        }
+        sleep(poll_interval).await;
+    }
+}
+async fn tool_runs_command(client: &reqwest::Client, args: ToolRunsArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let mut query_parts: Vec<String> = Vec::new();
+    if let Some(tool_id) = args.tool_id {
+        query_parts.push(format!("toolId={}", tool_id));
+    }
+    if let Some(project_id) = args.project_id {
+        query_parts.push(format!("projectId={}", project_id));
+    }
+    if let Some(requested_by_user_id) = args.requested_by_user_id {
+        query_parts.push(format!("requestedByUserId={}", requested_by_user_id));
+    }
+    if let Some(status) = args.status {
+        query_parts.push(format!("status={}", status));
+    }
+    let path = if query_parts.is_empty() {
+        "/tools/runs".to_string()
+    } else {
+        format!("/tools/runs?{}", query_parts.join("&"))
+    };
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool runs failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("runs").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_get_run_command(client: &reqwest::Client, args: ToolGetRunArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = format!("/tools/runs/{}", args.run_id);
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool get-run failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("run").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_run_events_command(client: &reqwest::Client, args: ToolRunEventsArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let mut path = format!("/tools/runs/{}/events", args.run_id);
+    let mut query_parts: Vec<String> = Vec::new();
+    if let Some(limit) = args.limit {
+        query_parts.push(format!("limit={}", limit));
+    }
+    if let Some(status) = args.status {
+        query_parts.push(format!("status={}", status));
+    }
+    if let Some(stage_prefix) = args.stage_prefix {
+        query_parts.push(format!("stagePrefix={}", stage_prefix));
+    }
+    if let Some(since) = args.since {
+        query_parts.push(format!("since={}", since));
+    }
+    if let Some(until) = args.until {
+        query_parts.push(format!("until={}", until));
+    }
+    if !query_parts.is_empty() {
+        path.push_str(&format!("?{}", query_parts.join("&")));
+    }
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool run-events failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!(
+        "{}",
+        serde_json::to_string_pretty(payload.get("events").unwrap_or(&payload))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+fn resolve_report_url(base_url: &str, report_download_path: Option<&str>) -> Option<String> {
+    let path = report_download_path?.trim();
+    if path.is_empty() {
+        return None;
+    }
+    if path.starts_with("http://") || path.starts_with("https://") {
+        return Some(path.to_string());
+    }
+    Some(format!("{}{}", normalize_base_url(base_url), path))
+}
+fn extract_tool_run_report_paths(
+    run: &serde_json::Map<String, serde_json::Value>,
+    base_url: &str,
+) -> serde_json::Value {
+    let output = run
+        .get("output")
+        .and_then(|value| value.as_object())
+        .cloned()
+        .unwrap_or_default();
+    let report_asset_id = output
+        .get("reportHtmlAssetId")
+        .and_then(|value| value.as_str())
+        .or_else(|| output.get("reportAssetId").and_then(|value| value.as_str()));
+    let report_download_path = output
+        .get("reportHtmlDownloadPath")
+        .and_then(|value| value.as_str())
+        .or_else(|| output.get("reportDownloadPath").and_then(|value| value.as_str()));
+    let report_url = resolve_report_url(base_url, report_download_path);
+    let runtime = output
+        .get("runtime")
+        .and_then(|value| value.as_str())
+        .unwrap_or_default();
+    let workflow_mode = output
+        .get("workflowMode")
+        .and_then(|value| value.as_str())
+        .unwrap_or_default();
+    let summary = output
+        .get("summary")
+        .and_then(|value| value.as_str())
+        .unwrap_or_default();
+    serde_json::json!({
+        "reportAssetId": report_asset_id,
+        "reportDownloadPath": report_download_path,
+        "reportUrl": report_url,
+        "runtime": runtime,
+        "workflowMode": workflow_mode,
+        "summary": summary
+    })
+}
+async fn tool_trace_status_command(client: &reqwest::Client, args: ToolTraceStatusArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let limit = args.limit.unwrap_or(80).max(1);
+    let path = format!("/tools/runs?projectId={}&limit={}", args.project_id, limit);
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool trace-status failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    let runs = payload
+        .get("runs")
+        .and_then(|value| value.as_array())
+        .cloned()
+        .unwrap_or_default();
+    let mut items: Vec<serde_json::Value> = Vec::new();
+    for run in &runs {
+        let Some(run_obj) = run.as_object() else {
+            continue;
+        };
+        let tool_id = run_obj
+            .get("toolId")
+            .and_then(|value| value.as_str())
+            .unwrap_or_default()
+            .to_string();
+        let normalized_tool_id = tool_id.to_ascii_lowercase();
+        if !normalized_tool_id.starts_with("trace") && !normalized_tool_id.starts_with("crash") {
+            continue;
+        }
+        let run_id = run_obj
+            .get("id")
+            .and_then(|value| value.as_str())
+            .unwrap_or_default();
+        let status = run_obj
+            .get("status")
+            .and_then(|value| value.as_str())
+            .unwrap_or_default();
+        let created_at = run_obj
+            .get("createdAt")
+            .and_then(|value| value.as_str())
+            .unwrap_or_default();
+        let completed_at = run_obj
+            .get("completedAt")
+            .and_then(|value| value.as_str())
+            .unwrap_or_default();
+        let error_message = run_obj
+            .get("errorMessage")
+            .and_then(|value| value.as_str())
+            .unwrap_or_default();
+        let report = extract_tool_run_report_paths(run_obj, &session.base_url);
+        items.push(serde_json::json!({
+            "runId": run_id,
+            "toolId": tool_id,
+            "status": status,
+            "createdAt": created_at,
+            "completedAt": if completed_at.is_empty() { serde_json::Value::Null } else { serde_json::Value::String(completed_at.to_string()) },
+            "errorMessage": if error_message.is_empty() { serde_json::Value::Null } else { serde_json::Value::String(error_message.to_string()) },
+            "report": report
+        }));
+    }
+    println!(
+        "{}",
+        serde_json::to_string_pretty(&serde_json::json!({
+            "projectId": args.project_id,
+            "count": items.len(),
+            "items": items
+        }))?
+    );
+    save_session(&session)?;
+    Ok(())
+}
+fn build_tool_context_path(
+    context_id: &str,
+    org_id: Option<&str>,
+    project_id: Option<&str>,
+) -> Result<String> {
+    if org_id.is_some() && project_id.is_some() {
+        return Err(anyhow!("Only one of --org-id or --project-id can be set"));
+    }
+    let normalized_context_id = context_id.trim();
+    if normalized_context_id.is_empty() {
+        return Err(anyhow!("--context-id is required"));
+    }
+    let mut path = format!("/tools/runtime/contexts/{}", normalized_context_id);
+    let mut query_parts: Vec<String> = Vec::new();
+    if let Some(org_id) = org_id {
+        let normalized = org_id.trim();
+        if !normalized.is_empty() {
+            query_parts.push(format!("orgId={}", normalized));
+        }
+    }
+    if let Some(project_id) = project_id {
+        let normalized = project_id.trim();
+        if !normalized.is_empty() {
+            query_parts.push(format!("projectId={}", normalized));
+        }
+    }
+    if !query_parts.is_empty() {
+        path.push_str(&format!("?{}", query_parts.join("&")));
+    }
+    Ok(path)
+}
+async fn tool_context_put_command(client: &reqwest::Client, args: ToolContextPutArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    if args.text.is_some() && args.text_file.is_some() {
+        return Err(anyhow!("Provide either --text or --text-file, not both"));
+    }
+    let context_text = if let Some(text_file) = args.text_file {
+        fs::read_to_string(&text_file)
+            .with_context(|| format!("Failed to read context text file {}", text_file.display()))?
+    } else {
+        args.text.unwrap_or_default()
+    };
+    if context_text.trim().is_empty() {
+        return Err(anyhow!("Context text is required (--text or --text-file)"));
+    }
+    let path = build_tool_context_path(
+        &args.context_id,
+        args.org_id.as_deref(),
+        args.project_id.as_deref(),
+    )?;
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::PUT,
+        &path,
+        Some(serde_json::json!({
+            "text": context_text
+        })),
+    )
+    .await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool context put failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_context_get_command(client: &reqwest::Client, args: ToolContextGetArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let path = build_tool_context_path(
+        &args.context_id,
+        args.org_id.as_deref(),
+        args.project_id.as_deref(),
+    )?;
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool context get failed: {}", body));
+    }
+    let payload: serde_json::Value = response.json().await?;
+    println!("{}", serde_json::to_string_pretty(&payload)?);
+    save_session(&session)?;
+    Ok(())
+}
+async fn tool_local_catalog_command(client: &reqwest::Client, args: ToolLocalCatalogArgs) -> Result<()> {
+    let mut session = load_session()?;
+    apply_base_url_override(&mut session, args.base_url);
+    let (default_platform, default_arch) = detect_local_runtime_platform_arch();
+    let platform = args.platform.unwrap_or(default_platform);
+    let arch = args.arch.unwrap_or(default_arch);
+    let mut query_parts = vec![
+        format!("platform={}", platform),
+        format!("arch={}", arch),
+    ];
+    if let Some(org_id) = args.org_id {
+        query_parts.push(format!("orgId={}", org_id));
+    }
+    if let Some(project_id) = args.project_id {
+        query_parts.push(format!("projectId={}", project_id));
+    }
+    let path = format!("/tools/local/catalog?{}", query_parts.join("&"));
+    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    if !response.status().is_success() {
+        let body = read_error_body(response).await;
+        return Err(anyhow!("tool local catalog failed: {}", body));
     }
     let payload: serde_json::Value = response.json().await?;
     println!(
         "{}",
-        serde_json::to_string_pretty(payload.get("entitlement").unwrap_or(&payload))?
+        serde_json::to_string_pretty(payload.get("tools").unwrap_or(&payload))?
     );
     save_session(&session)?;
     Ok(())
 }
-async fn tool_enable_command(client: &reqwest::Client, args: ToolEnableArgs) -> Result<()> {
-    let mut session = load_session()?;
-    apply_base_url_override(&mut session, args.base_url);
-    tool_set_entitlement_command(
-        client,
-        session,
-        args.tool_id,
-        args.org_id,
-        args.project_id,
-        args.user_id,
-        "enabled",
-        args.expires_at,
-        args.metadata_file,
-    )
-    .await
-}
-async fn tool_disable_command(client: &reqwest::Client, args: ToolDisableArgs) -> Result<()> {
-    let mut session = load_session()?;
-    apply_base_url_override(&mut session, args.base_url);
-    tool_set_entitlement_command(
-        client,
-        session,
-        args.tool_id,
-        args.org_id,
-        args.project_id,
-        args.user_id,
-        "disabled",
-        None,
-        args.metadata_file,
-    )
-    .await
-}
-async fn tool_run_command(client: &reqwest::Client, args: ToolRunArgs) -> Result<()> {
+async fn tool_local_install_command(client: &reqwest::Client, args: ToolLocalInstallArgs) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
-    if args.input_json.is_some() && args.input_file.is_some() {
-        return Err(anyhow!(
-            "Provide either --input-json or --input-file, not both"
-        ));
-    }
-    let input_value = if let Some(path) = args.input_file {
-        load_jsonc_file(&path, "tool run input")?
-    } else if let Some(input_json) = args.input_json {
-        parse_jsonc_str(&input_json, "tool run input")?
-    } else {
-        serde_json::Value::Object(serde_json::Map::new())
-    };
-    let input_object =
-        serde_json::Value::Object(parse_object_from_value(input_value, "tool run input")?);
+    let (default_platform, default_arch) = detect_local_runtime_platform_arch();
+    let platform = args.platform.unwrap_or(default_platform);
+    let arch = args.arch.unwrap_or(default_arch);
     let mut body = serde_json::Map::new();
     body.insert(
         "toolId".to_string(),
-        serde_json::Value::String(args.tool_id),
+        serde_json::Value::String(args.tool_id.clone()),
     );
-    body.insert("input".to_string(), input_object);
+    body.insert(
+        "platform".to_string(),
+        serde_json::Value::String(platform.clone()),
+    );
+    body.insert("arch".to_string(), serde_json::Value::String(arch.clone()));
     if let Some(org_id) = args.org_id {
         body.insert("orgId".to_string(), serde_json::Value::String(org_id));
     }
@@ -4162,95 +5709,231 @@ async fn tool_run_command(client: &reqwest::Client, args: ToolRunArgs) -> Result
             serde_json::Value::String(project_id),
         );
     }
-    let mut metadata_map = if let Some(path) = args.metadata_file {
-        let metadata = load_jsonc_file(&path, "tool run metadata")?;
-        parse_object_from_value(metadata, "tool run metadata")?
-    } else {
-        serde_json::Map::new()
-    };
-    if let Some(idempotency_key) = args.idempotency_key {
-        let normalized = idempotency_key.trim();
-        if !normalized.is_empty() {
-            metadata_map.insert(
-                "idempotencyKey".to_string(),
-                serde_json::Value::String(normalized.to_string()),
-            );
-        }
-    }
-    if !metadata_map.is_empty() {
-        body.insert(
-            "metadata".to_string(),
-            serde_json::Value::Object(metadata_map),
-        );
+    if let Some(version) = args.version {
+        body.insert("version".to_string(), serde_json::Value::String(version));
     }
     let response = authed_request(
         client,
         &mut session,
         Method::POST,
-        "/tools/runs",
+        "/tools/local/install-intent",
         Some(serde_json::Value::Object(body)),
     )
     .await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
-        return Err(anyhow!("tool run failed: {}", body));
+        return Err(anyhow!("tool local install-intent failed: {}", body));
     }
     let payload: serde_json::Value = response.json().await?;
-    println!(
-        "{}",
-        serde_json::to_string_pretty(payload.get("run").unwrap_or(&payload))?
-    );
-    save_session(&session)?;
-    Ok(())
-}
+    if args.no_download {
+        println!("{}", serde_json::to_string_pretty(&payload)?);
+        save_session(&session)?;
+        return Ok(());
+    }
-async fn tool_runs_command(client: &reqwest::Client, args: ToolRunsArgs) -> Result<()> {
-    let mut session = load_session()?;
-    apply_base_url_override(&mut session, args.base_url);
+    let download_path = payload
+        .pointer("/install/downloadPath")
+        .and_then(|value| value.as_str())
+        .ok_or_else(|| anyhow!("install intent is missing install.downloadPath"))?;
+    let asset_id = payload
+        .pointer("/asset/assetId")
+        .and_then(|value| value.as_str())
+        .unwrap_or("unknown");
+    let fallback_file_name = payload
+        .pointer("/asset/fileName")
+        .and_then(|value| value.as_str())
+        .unwrap_or("tool-bundle.bin");
-    let mut query_parts: Vec<String> = Vec::new();
-    if let Some(tool_id) = args.tool_id {
-        query_parts.push(format!("toolId={}", tool_id));
+    let mut output_path = args
+        .output_path
+        .unwrap_or_else(|| PathBuf::from(base_name_from_virtual_path(fallback_file_name)));
+    if output_path.exists() && output_path.is_dir() {
+        output_path = output_path.join(base_name_from_virtual_path(fallback_file_name));
     }
-    if let Some(project_id) = args.project_id {
-        query_parts.push(format!("projectId={}", project_id));
+    if let Some(parent) = output_path.parent() {
+        if !parent.as_os_str().is_empty() {
+            tokio_fs::create_dir_all(parent)
+                .await
+                .with_context(|| format!("Failed to create output directory {}", parent.display()))?;
+        }
     }
-    if let Some(requested_by_user_id) = args.requested_by_user_id {
-        query_parts.push(format!("requestedByUserId={}", requested_by_user_id));
+    let mut resume_from: Option<u64> = None;
+    if args.resume && output_path.exists() && output_path.is_file() {
+        let existing_size = tokio_fs::metadata(&output_path)
+            .await
+            .with_context(|| {
+                format!(
+                    "Failed to read output file metadata {}",
+                    output_path.display()
+                )
+            })?
+            .len();
+        if existing_size > 0 {
+            let remote_size = payload
+                .pointer("/asset/sizeBytes")
+                .and_then(|value| value.as_u64())
+                .unwrap_or(0);
+            if remote_size > 0 && existing_size >= remote_size {
+                println!(
+                    "{}",
+                    serde_json::to_string_pretty(&serde_json::json!({
+                        "toolId": args.tool_id,
+                        "assetId": asset_id,
+                        "output": output_path.display().to_string(),
+                        "bytesWritten": 0,
+                        "resumedFrom": existing_size,
+                        "alreadyComplete": true
+                    }))?
+                );
+                save_session(&session)?;
+                return Ok(());
+            }
+            resume_from = Some(existing_size);
+        }
     }
-    if let Some(status) = args.status {
-        query_parts.push(format!("status={}", status));
+    let mut headers = Vec::new();
+    if let Some(offset) = resume_from {
+        headers.push(("range".to_string(), format!("bytes={}-", offset)));
+    }
+    let mut download_response = authed_request_with_headers(
+        client,
+        &mut session,
+        Method::GET,
+        download_path,
+        None,
+        &headers,
+    )
+    .await?;
+    if !(download_response.status().is_success()
+        || download_response.status() == StatusCode::PARTIAL_CONTENT)
+    {
+        let body = read_error_body(download_response).await;
+        return Err(anyhow!("tool local install download failed: {}", body));
     }
-    let path = if query_parts.is_empty() {
-        "/tools/runs".to_string()
+    let append_mode = resume_from.is_some() && download_response.status() == StatusCode::PARTIAL_CONTENT;
+    let mut output_file = if append_mode {
+        tokio_fs::OpenOptions::new()
+            .append(true)
+            .open(&output_path)
+            .await
+            .with_context(|| {
+                format!(
+                    "Failed to open output file for append {}",
+                    output_path.display()
+                )
+            })?
     } else {
-        format!("/tools/runs?{}", query_parts.join("&"))
+        tokio_fs::File::create(&output_path)
+            .await
+            .with_context(|| format!("Failed to create output file {}", output_path.display()))?
     };
-    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
-    if !response.status().is_success() {
-        let body = read_error_body(response).await;
-        return Err(anyhow!("tool runs failed: {}", body));
+    let mut bytes_written: u64 = 0;
+    while let Some(chunk) = download_response.chunk().await? {
+        output_file
+            .write_all(&chunk)
+            .await
+            .with_context(|| format!("Failed to write to {}", output_path.display()))?;
+        bytes_written = bytes_written.saturating_add(chunk.len() as u64);
     }
-    let payload: serde_json::Value = response.json().await?;
+    output_file.flush().await?;
     println!(
         "{}",
-        serde_json::to_string_pretty(payload.get("runs").unwrap_or(&payload))?
+        serde_json::to_string_pretty(&serde_json::json!({
+            "toolId": args.tool_id,
+            "platform": platform,
+            "arch": arch,
+            "assetId": asset_id,
+            "output": output_path.display().to_string(),
+            "bytesWritten": bytes_written,
+            "resumedFrom": resume_from,
+            "partialContent": download_response.status() == StatusCode::PARTIAL_CONTENT
+        }))?
     );
     save_session(&session)?;
     Ok(())
 }
-async fn tool_get_run_command(client: &reqwest::Client, args: ToolGetRunArgs) -> Result<()> {
+async fn tool_local_complete_run_command(
+    client: &reqwest::Client,
+    args: ToolLocalCompleteRunArgs,
+) -> Result<()> {
     let mut session = load_session()?;
     apply_base_url_override(&mut session, args.base_url);
-    let path = format!("/tools/runs/{}", args.run_id);
-    let response = authed_request(client, &mut session, Method::GET, &path, None).await?;
+    let normalized_status = args.status.trim().to_lowercase();
+    if normalized_status != "succeeded"
+        && normalized_status != "failed"
+        && normalized_status != "cancelled"
+    {
+        return Err(anyhow!(
+            "status must be one of: succeeded, failed, cancelled"
+        ));
+    }
+    if args.output_file.is_some() && args.output_json.is_some() {
+        return Err(anyhow!(
+            "Provide either --output-file or --output-json, not both"
+        ));
+    }
+    let output_value = if let Some(path) = args.output_file {
+        Some(load_jsonc_file(&path, "tool local complete output")?)
+    } else if let Some(raw) = args.output_json {
+        Some(parse_jsonc_str(&raw, "tool local complete output")?)
+    } else {
+        None
+    };
+    let mut body = serde_json::Map::new();
+    body.insert(
+        "status".to_string(),
+        serde_json::Value::String(normalized_status),
+    );
+    if let Some(output) = output_value {
+        body.insert(
+            "output".to_string(),
+            serde_json::Value::Object(parse_object_from_value(
+                output,
+                "tool local complete output",
+            )?),
+        );
+    }
+    if let Some(error_message) = args.error_message {
+        body.insert(
+            "errorMessage".to_string(),
+            serde_json::Value::String(error_message),
+        );
+    }
+    if let Some(path) = args.metadata_file {
+        let metadata = load_jsonc_file(&path, "tool local complete metadata")?;
+        body.insert(
+            "metadata".to_string(),
+            serde_json::Value::Object(parse_object_from_value(
+                metadata,
+                "tool local complete metadata",
+            )?),
+        );
+    }
+    let path = format!("/tools/runs/{}/complete", args.run_id);
+    let response = authed_request(
+        client,
+        &mut session,
+        Method::POST,
+        &path,
+        Some(serde_json::Value::Object(body)),
+    )
+    .await?;
     if !response.status().is_success() {
         let body = read_error_body(response).await;
-        return Err(anyhow!("tool get-run failed: {}", body));
+        return Err(anyhow!("tool local complete-run failed: {}", body));
     }
     let payload: serde_json::Value = response.json().await?;
     println!(
@@ -4403,7 +6086,8 @@ async fn self_update_command(
 mod tests {
     use super::{
         compose_plugin_archive_url, default_login_scopes, default_login_scopes_with_tools,
-        file_name_component, normalize_public_bucket_base, normalize_sha256_hex, resolve_plugin_from_index,
+        file_name_component, normalize_public_bucket_base, normalize_sha256_hex, parse_api_error,
+        resolve_plugin_from_index,
     };
     use super::unreal::{PluginIndexFile, PluginIndexPlugin, PluginIndexVersion};
@@ -4508,6 +6192,20 @@ mod tests {
         assert!(scopes.contains(&"tools:write".to_string()));
         assert!(scopes.contains(&"tools:run".to_string()));
     }
+    #[test]
+    fn parses_api_error_envelope() {
+        let parsed = parse_api_error(r#"{"code":"CLERK_ORG_NOT_LINKED","message":"Not linked"}"#)
+            .expect("api error should parse");
+        assert_eq!(parsed.code.as_deref(), Some("CLERK_ORG_NOT_LINKED"));
+        assert_eq!(parsed.message.as_deref(), Some("Not linked"));
+    }
+    #[test]
+    fn ignores_non_json_api_error_body() {
+        let parsed = parse_api_error("plain text error");
+        assert!(parsed.is_none());
+    }
 }
 async fn run_cli(cli: Cli) -> Result<()> {
@@ -4561,22 +6259,72 @@ async fn run_cli(cli: Cli) -> Result<()> {
         },
         Commands::File { command } => match command {
             FileCommands::List(args) => file_list_command(&client, args).await?,
+            FileCommands::Tree(args) => file_tree_command(&client, args).await?,
             FileCommands::Get(args) => file_get_command(&client, args).await?,
             FileCommands::Stat(args) => file_stat_command(&client, args).await?,
+            FileCommands::Thumbnail(args) => file_thumbnail_command(&client, args).await?,
             FileCommands::Download(args) => file_download_command(&client, args).await?,
             FileCommands::Upload(args) => file_upload_command(&client, args).await?,
             FileCommands::Mkdir(args) => file_mkdir_command(&client, args).await?,
             FileCommands::Move(args) => file_move_command(&client, args).await?,
+            FileCommands::Set(args) => file_set_command(&client, args).await?,
+            FileCommands::MoveFolder(args) => file_move_folder_command(&client, args).await?,
+            FileCommands::Rmdir(args) => file_rmdir_command(&client, args).await?,
             FileCommands::Remove(args) => file_remove_command(&client, args).await?,
         },
+        Commands::Skill { command } => match command {
+            SkillCommands::List(args) => tool_list_command(&client, args).await?,
+            SkillCommands::Register(args) => tool_register_command(&client, args).await?,
+            SkillCommands::Publish(args) => tool_publish_command(&client, args).await?,
+            SkillCommands::Enable(args) => tool_enable_command(&client, args).await?,
+            SkillCommands::Disable(args) => tool_disable_command(&client, args).await?,
+            SkillCommands::Context { command } => match command {
+                ToolContextCommands::Put(args) => tool_context_put_command(&client, args).await?,
+                ToolContextCommands::Get(args) => tool_context_get_command(&client, args).await?,
+            },
+            SkillCommands::Prompt(args) => tool_prompt_command(&client, args).await?,
+            SkillCommands::Run(args) => tool_run_command(&client, args).await?,
+            SkillCommands::Runs(args) => tool_runs_command(&client, args).await?,
+            SkillCommands::GetRun(args) => tool_get_run_command(&client, args).await?,
+            SkillCommands::RunEvents(args) => tool_run_events_command(&client, args).await?,
+            SkillCommands::TraceStatus(args) => tool_trace_status_command(&client, args).await?,
+            SkillCommands::Local { command } => match command {
+                ToolLocalCommands::Catalog(args) => tool_local_catalog_command(&client, args).await?,
+                ToolLocalCommands::Install(args) => tool_local_install_command(&client, args).await?,
+                ToolLocalCommands::CompleteRun(args) => {
+                    tool_local_complete_run_command(&client, args).await?
+                }
+            },
+        },
         Commands::Tool { command } => match command {
             ToolCommands::List(args) => tool_list_command(&client, args).await?,
             ToolCommands::Register(args) => tool_register_command(&client, args).await?,
+            ToolCommands::Publish(args) => tool_publish_command(&client, args).await?,
             ToolCommands::Enable(args) => tool_enable_command(&client, args).await?,
             ToolCommands::Disable(args) => tool_disable_command(&client, args).await?,
+            ToolCommands::Context { command } => match command {
+                ToolContextCommands::Put(args) => tool_context_put_command(&client, args).await?,
+                ToolContextCommands::Get(args) => tool_context_get_command(&client, args).await?,
+            },
+            ToolCommands::Prompt(args) => tool_prompt_command(&client, args).await?,
             ToolCommands::Run(args) => tool_run_command(&client, args).await?,
             ToolCommands::Runs(args) => tool_runs_command(&client, args).await?,
             ToolCommands::GetRun(args) => tool_get_run_command(&client, args).await?,
+            ToolCommands::RunEvents(args) => tool_run_events_command(&client, args).await?,
+            ToolCommands::TraceStatus(args) => tool_trace_status_command(&client, args).await?,
+            ToolCommands::Local { command } => match command {
+                ToolLocalCommands::Catalog(args) => tool_local_catalog_command(&client, args).await?,
+                ToolLocalCommands::Install(args) => tool_local_install_command(&client, args).await?,
+                ToolLocalCommands::CompleteRun(args) => {
+                    tool_local_complete_run_command(&client, args).await?
+                }
+            },
+        },
+        Commands::Logs { command } => match command {
+            LogsCommands::Status => logs_status_command(cli.output).await?,
+            LogsCommands::Consent(args) => logs_consent_command(args, cli.output).await?,
+            LogsCommands::Tail(args) => logs_tail_command(args, cli.output).await?,
+            LogsCommands::Upload(args) => logs_upload_command(&client, args, cli.output).await?,
         },
     }
@@ -4587,7 +6335,19 @@ async fn run_cli(cli: Cli) -> Result<()> {
 async fn main() {
     let cli = Cli::parse();
     let output = cli.output;
+    let command_summary = command_summary_for_logs();
+    let started_at = now_epoch_ms();
     if let Err(error) = run_cli(cli).await {
+        let duration_ms = now_epoch_ms().saturating_sub(started_at);
+        append_runtime_log_event(
+            &command_summary,
+            &format!("command failed: {}", error),
+            "error",
+            Some(duration_ms),
+            Some(1),
+        );
+        record_cli_crash_report(&command_summary, &error);
         match output {
             OutputFormat::Json => {
                 let payload = serde_json::json!({
@@ -4605,4 +6365,13 @@ async fn main() {
         }
         std::process::exit(1);
     }
+    let duration_ms = now_epoch_ms().saturating_sub(started_at);
+    append_runtime_log_event(
+        &command_summary,
+        "command completed",
+        "info",
+        Some(duration_ms),
+        Some(0),
+    );
 }