relionhq 2.0.0

package/dist/index.js

@@ -0,0 +1,1057 @@
+#!/usr/bin/env node
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+
+// src/commands/scan.ts
+var path3 = __toESM(require("path"));
+
+// src/config.ts
+var fs = __toESM(require("fs"));
+var path = __toESM(require("path"));
+var os = __toESM(require("os"));
+var GLOBAL_CONFIG_DIR = path.join(os.homedir(), ".relion");
+var GLOBAL_CONFIG_PATH = path.join(GLOBAL_CONFIG_DIR, "config.json");
+var DEFAULT_API_URL = "https://relion.dev";
+function readGlobalConfig() {
+  try {
+    const raw = fs.readFileSync(GLOBAL_CONFIG_PATH, "utf8");
+    return JSON.parse(raw);
+  } catch {
+    return {};
+  }
+}
+function writeGlobalConfig(config) {
+  if (!fs.existsSync(GLOBAL_CONFIG_DIR)) {
+    fs.mkdirSync(GLOBAL_CONFIG_DIR, { recursive: true });
+  }
+  fs.writeFileSync(GLOBAL_CONFIG_PATH, JSON.stringify(config, null, 2), "utf8");
+  try {
+    fs.chmodSync(GLOBAL_CONFIG_PATH, 384);
+  } catch {
+  }
+}
+function readProjectConfig(cwd) {
+  const candidates = [
+    path.join(cwd, ".relionrc"),
+    path.join(cwd, ".relion", "config")
+  ];
+  for (const p of candidates) {
+    try {
+      const raw = fs.readFileSync(p, "utf8");
+      return JSON.parse(raw);
+    } catch {
+    }
+  }
+  return {};
+}
+function resolveConfig(flags, cwd = process.cwd()) {
+  const global = readGlobalConfig();
+  const project = readProjectConfig(cwd);
+  const token = flags.token ?? process.env.RELION_TOKEN ?? project.token ?? global.token ?? null;
+  const apiUrl = flags.apiUrl ?? process.env.RELION_API_URL ?? project.apiUrl ?? global.apiUrl ?? DEFAULT_API_URL;
+  const repoUrl = flags.repoUrl ?? process.env.RELION_REPO_URL ?? project.repoUrl ?? autoDetectRepoUrl() ?? null;
+  const commit = flags.commit ?? process.env.RELION_COMMIT ?? process.env.GITHUB_SHA ?? autoDetectCommit() ?? null;
+  const branch = flags.branch ?? process.env.RELION_BRANCH ?? process.env.GITHUB_REF_NAME ?? autoDetectBranch() ?? null;
+  return {
+    token,
+    apiUrl,
+    repoUrl,
+    commit,
+    branch,
+    workspace: flags.workspace ?? process.env.RELION_WORKSPACE ?? project.workspace ?? global.workspace ?? null,
+    email: global.email ?? null,
+    lastScanId: global.lastScanId ?? null,
+    lastDashboardUrl: global.lastDashboardUrl ?? null
+  };
+}
+function autoDetectRepoUrl() {
+  try {
+    const { execSync: execSync2 } = require("child_process");
+    const remote = execSync2("git remote get-url origin", { stdio: ["pipe", "pipe", "ignore"] }).toString().trim();
+    return remote.replace(/^git@github\.com:/, "https://github.com/").replace(/\.git$/, "");
+  } catch {
+    return null;
+  }
+}
+function autoDetectCommit() {
+  try {
+    const { execSync: execSync2 } = require("child_process");
+    return execSync2("git rev-parse HEAD", { stdio: ["pipe", "pipe", "ignore"] }).toString().trim();
+  } catch {
+    return null;
+  }
+}
+function autoDetectBranch() {
+  try {
+    const { execSync: execSync2 } = require("child_process");
+    return execSync2("git rev-parse --abbrev-ref HEAD", { stdio: ["pipe", "pipe", "ignore"] }).toString().trim();
+  } catch {
+    return null;
+  }
+}
+
+// src/ui.ts
+var NO_COLOR = !process.stdout.isTTY || process.env.NO_COLOR === "1" || process.env.RELION_NO_COLOR === "1";
+var IS_CI = Boolean(process.env.CI);
+var QUIET = process.env.RELION_QUIET === "1";
+function c(code, text) {
+  if (NO_COLOR) return text;
+  return `\x1B[${code}m${text}\x1B[0m`;
+}
+var color = {
+  green: (t) => c("32", t),
+  red: (t) => c("31", t),
+  yellow: (t) => c("33", t),
+  cyan: (t) => c("36", t),
+  gray: (t) => c("90", t),
+  bold: (t) => c("1", t),
+  dim: (t) => c("2", t)
+};
+var FRAMES = ["\u280B", "\u2819", "\u2839", "\u2838", "\u283C", "\u2834", "\u2826", "\u2827", "\u2807", "\u280F"];
+var Spinner = class {
+  constructor() {
+    this.frame = 0;
+    this.timer = null;
+    this.current = "";
+  }
+  start(msg) {
+    if (QUIET || IS_CI) return;
+    this.current = msg;
+    if (!NO_COLOR && process.stdout.isTTY) {
+      this.timer = setInterval(() => {
+        process.stdout.write(`\r${color.cyan(FRAMES[this.frame % FRAMES.length])} ${this.current}  `);
+        this.frame++;
+      }, 80);
+    } else {
+      process.stdout.write(`  ${msg}...
+`);
+    }
+  }
+  update(msg) {
+    this.current = msg;
+  }
+  succeed(msg) {
+    this.stop();
+    if (!QUIET) console.log(`${color.green("\u2713")} ${msg}`);
+  }
+  fail(msg) {
+    this.stop();
+    console.error(`${color.red("\u2717")} ${msg}`);
+  }
+  warn(msg) {
+    this.stop();
+    if (!QUIET) console.log(`${color.yellow("\u26A0")} ${msg}`);
+  }
+  stop() {
+    if (this.timer) {
+      clearInterval(this.timer);
+      this.timer = null;
+      if (process.stdout.isTTY) process.stdout.write("\r\x1B[K");
+    }
+  }
+};
+function printReceipt(opts) {
+  if (QUIET) return;
+  const width = 60;
+  const line = "\u2500".repeat(width);
+  const pad = (label, value) => {
+    const gap = width - label.length - value.length - 2;
+    return `\u2502  ${label}${" ".repeat(Math.max(1, gap))}${value}  \u2502`;
+  };
+  const gateLabel = opts.deployGateStatus === "clear" ? color.green("\u2713 CLEAR") : opts.deployGateStatus === "blocked" ? color.red("\u2717 BLOCKED") : color.yellow("\u26A0 PENDING REVIEW");
+  console.log("");
+  console.log(`\u250C${"\u2500".repeat(width + 2)}\u2510`);
+  console.log(`\u2502  ${color.bold(opts.dryRun ? "Relion Scan \u2014 Dry Run" : "Relion Scan Complete")}${" ".repeat(width - (opts.dryRun ? 20 : 19))}  \u2502`);
+  console.log(`\u251C${line}\u2524`);
+  if (opts.scanId) console.log(pad("Scan ID:", color.dim(opts.scanId)));
+  if (opts.branch || opts.commit) {
+    const meta = [opts.branch, opts.commit ? opts.commit.slice(0, 7) : ""].filter(Boolean).join("  \xB7  Commit: ");
+    console.log(pad("Branch:", color.dim(meta)));
+  }
+  console.log(pad("Duration:", color.dim(`${(opts.durationMs / 1e3).toFixed(1)}s`)));
+  console.log(`\u251C${line}\u2524`);
+  console.log(pad("Files scanned:", String(opts.filesScanned)));
+  console.log(pad("Vendors detected:", String(opts.vendorsDetected)));
+  console.log(pad("API endpoints found:", String(opts.endpointsFound)));
+  console.log(pad("Data transmitted:", opts.dryRun ? "0 bytes (dry run)" : `${humanBytes(opts.bytesTransmitted)}  (metadata only)`));
+  console.log(pad("Source code sent:", color.green("0 bytes  (never)")));
+  if (opts.secretsRedacted > 0) {
+    console.log(pad("Secrets redacted:", color.yellow(String(opts.secretsRedacted))));
+  }
+  console.log(`\u251C${line}\u2524`);
+  console.log(pad("Deploy gate:", gateLabel));
+  if (opts.deployGateAlerts?.length) {
+    console.log(`\u2502${" ".repeat(width + 2)}\u2502`);
+    for (const alert of opts.deployGateAlerts.slice(0, 3)) {
+      const sev = alert.severity === "critical" ? color.red(`[${alert.severity.toUpperCase()}]`) : color.yellow(`[${alert.severity.toUpperCase()}]`);
+      const text = `  ${sev} ${alert.title}`.slice(0, width + 2);
+      console.log(`\u2502${text.padEnd(width + 2)}\u2502`);
+    }
+  }
+  if (opts.dashboardUrl && !opts.dryRun) {
+    console.log(`\u251C${line}\u2524`);
+    console.log(`\u2502  ${color.cyan("View on dashboard:")}${" ".repeat(width - 18)}  \u2502`);
+    console.log(`\u2502  ${color.dim("\u2192")} ${opts.dashboardUrl.slice(0, width - 2).padEnd(width - 2)}  \u2502`);
+  }
+  console.log(`\u2514${"\u2500".repeat(width + 2)}\u2518`);
+  console.log("");
+}
+function printPredeployReceipt(opts) {
+  if (QUIET) return;
+  const width = 60;
+  const line = "\u2500".repeat(width);
+  const pad = (label, value) => {
+    const stripped = value.replace(/\x1b\[[0-9;]*m/g, "");
+    const gap = width - label.length - stripped.length - 2;
+    return `\u2502  ${label}${" ".repeat(Math.max(1, gap))}${value}  \u2502`;
+  };
+  const verdictLabel = opts.verdict === "safe" ? color.green("\u2713 SAFE") : opts.verdict === "caution" ? color.yellow("\u26A0 CAUTION") : opts.verdict === "high_risk" ? color.red("\u2717 HIGH RISK") : opts.verdict === "blocked" ? color.red("\u2717 BLOCKED") : color.dim("\u2014 OFFLINE");
+  console.log("");
+  console.log(`\u250C${"\u2500".repeat(width + 2)}\u2510`);
+  console.log(`\u2502  ${color.bold("Relion Pre-Deploy Check")}${" ".repeat(width - 22)}  \u2502`);
+  console.log(`\u251C${line}\u2524`);
+  if (opts.branch || opts.commit) {
+    const meta = [opts.branch, opts.commit ? opts.commit.slice(0, 7) : ""].filter(Boolean).join(" \u2192 ");
+    console.log(pad("Branch:", color.dim(meta)));
+  }
+  if (opts.baseBranch) console.log(pad("Comparing against:", color.dim(opts.baseBranch)));
+  console.log(pad("Duration:", color.dim(`${(opts.durationMs / 1e3).toFixed(1)}s`)));
+  if (opts.offline) console.log(pad("Mode:", color.yellow("offline")));
+  console.log(`\u251C${line}\u2524`);
+  console.log(pad("Files in diff:", String(opts.filesChangedCount)));
+  console.log(pad("APIs involved:", String(opts.apisInvolvedCount)));
+  console.log(`\u251C${line}\u2524`);
+  console.log(pad("Verdict:", verdictLabel));
+  const nonSafe = opts.findings.filter((f) => f.riskLevel !== "safe" && f.riskLevel !== "info");
+  if (nonSafe.length > 0) {
+    console.log(`\u2502${" ".repeat(width + 2)}\u2502`);
+    for (const finding of nonSafe.slice(0, 5)) {
+      const icon = finding.riskLevel === "blocked" ? color.red("\u2717") : finding.riskLevel === "high_risk" ? color.red("!") : color.yellow("\u26A0");
+      const text = `  ${icon} ${finding.vendorName}: ${finding.description}`;
+      console.log(`\u2502${text.slice(0, width + 2).padEnd(width + 2)}\u2502`);
+    }
+    if (nonSafe.length > 5) {
+      console.log(`\u2502  ${color.dim(`...and ${nonSafe.length - 5} more findings`)}${" ".repeat(Math.max(0, width - 20 - String(nonSafe.length - 5).length))}  \u2502`);
+    }
+  }
+  if (opts.dashboardUrl) {
+    console.log(`\u251C${line}\u2524`);
+    console.log(`\u2502  ${color.cyan("View on dashboard:")}${" ".repeat(width - 18)}  \u2502`);
+    console.log(`\u2502  ${color.dim("\u2192")} ${opts.dashboardUrl.slice(0, width - 2).padEnd(width - 2)}  \u2502`);
+  }
+  console.log(`\u2514${"\u2500".repeat(width + 2)}\u2518`);
+  console.log("");
+}
+function printError(msg, hint) {
+  console.error(`
+${color.red("\u2717")} ${color.bold(msg)}`);
+  if (hint) console.error(color.dim(`  ${hint}`));
+  console.error("");
+}
+function printWarn(msg) {
+  if (!QUIET) console.warn(`${color.yellow("\u26A0")} ${msg}`);
+}
+function printInfo(msg) {
+  if (!QUIET) console.log(`${color.cyan("\u2139")} ${msg}`);
+}
+function humanBytes(bytes) {
+  if (bytes < 1024) return `${bytes} B`;
+  if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
+  return `${(bytes / 1024 / 1024).toFixed(1)} MB`;
+}
+
+// src/engines/git.ts
+var import_child_process = require("child_process");
+function exec(cmd, cwd) {
+  try {
+    return (0, import_child_process.execSync)(cmd, { cwd, stdio: ["pipe", "pipe", "pipe"], timeout: 15e3 }).toString().trim();
+  } catch {
+    return "";
+  }
+}
+function getChangedFiles(root, mode, diffBase, commitSha) {
+  let out = "";
+  switch (mode) {
+    case "staged":
+      out = exec("git diff --cached --name-only", root);
+      break;
+    case "commit":
+      out = exec(`git diff-tree --no-commit-id -r --name-only ${commitSha ?? "HEAD"}`, root);
+      break;
+    case "diff":
+      out = exec(`git diff ${diffBase ?? "HEAD"} --name-only`, root);
+      break;
+    default:
+      out = exec("git diff HEAD --name-only", root);
+      if (!out) out = exec("git diff --cached --name-only", root);
+  }
+  return out ? out.split("\n").filter(Boolean) : [];
+}
+function gitMeta(root) {
+  const commit = exec("git rev-parse --short HEAD", root) || null;
+  const branch = exec("git rev-parse --abbrev-ref HEAD", root) || null;
+  const remote = exec("git remote get-url origin", root);
+  const repoUrl = remote ? remote.replace(/^git@github\.com:/, "https://github.com/").replace(/\.git$/, "") : null;
+  return { commit, branch, repoUrl };
+}
+
+// src/engines/detect.ts
+var fs2 = __toESM(require("fs"));
+var path2 = __toESM(require("path"));
+
+// src/engines/vendors.ts
+var VENDORS = [
+  { key: "stripe", name: "Stripe", packages: ["stripe", "@stripe/stripe-js", "@stripe/react-stripe-js"], envPrefixes: ["STRIPE_"], domains: ["api.stripe.com"] },
+  { key: "openai", name: "OpenAI", packages: ["openai", "@openai/openai"], envPrefixes: ["OPENAI_"], domains: ["api.openai.com"] },
+  { key: "anthropic", name: "Anthropic", packages: ["@anthropic-ai/sdk", "anthropic"], envPrefixes: ["ANTHROPIC_", "CLAUDE_"], domains: ["api.anthropic.com"] },
+  { key: "twilio", name: "Twilio", packages: ["twilio"], envPrefixes: ["TWILIO_"], domains: ["api.twilio.com"] },
+  { key: "sendgrid", name: "SendGrid", packages: ["@sendgrid/mail", "@sendgrid/client"], envPrefixes: ["SENDGRID_"], domains: ["api.sendgrid.com"] },
+  { key: "plaid", name: "Plaid", packages: ["plaid"], envPrefixes: ["PLAID_"], domains: ["production.plaid.com", "sandbox.plaid.com"] },
+  { key: "slack", name: "Slack", packages: ["@slack/web-api", "@slack/bolt"], envPrefixes: ["SLACK_"], domains: ["api.slack.com", "hooks.slack.com"] },
+  { key: "github", name: "GitHub", packages: ["@octokit/rest", "@octokit/core", "octokit", "@octokit/graphql"], envPrefixes: ["GITHUB_TOKEN", "GH_TOKEN"], domains: ["api.github.com"] },
+  { key: "shopify", name: "Shopify", packages: ["@shopify/shopify-api", "@shopify/app-bridge"], envPrefixes: ["SHOPIFY_"], domains: ["myshopify.com", "admin.shopify.com"] },
+  { key: "aws", name: "AWS", packages: ["aws-sdk", "@aws-sdk/client-s3", "@aws-sdk/client-dynamodb", "@aws-sdk/client-lambda", "@aws-sdk/client-sqs"], envPrefixes: ["AWS_"], domains: ["amazonaws.com"] },
+  { key: "google_cloud", name: "Google Cloud", packages: ["@google-cloud/storage", "@google-cloud/bigquery", "googleapis"], envPrefixes: ["GOOGLE_", "GCP_"], domains: ["googleapis.com"] },
+  { key: "datadog", name: "Datadog", packages: ["dd-trace", "datadog-lambda-js"], envPrefixes: ["DD_"], domains: ["api.datadoghq.com"] },
+  { key: "segment", name: "Segment", packages: ["@segment/analytics-node", "analytics-node"], envPrefixes: ["SEGMENT_"], domains: ["api.segment.io"] },
+  { key: "hubspot", name: "HubSpot", packages: ["@hubspot/api-client"], envPrefixes: ["HUBSPOT_", "HS_"], domains: ["api.hubapi.com"] },
+  { key: "salesforce", name: "Salesforce", packages: ["jsforce"], envPrefixes: ["SALESFORCE_", "SF_"], domains: ["salesforce.com"] },
+  { key: "pagerduty", name: "PagerDuty", packages: ["node-pagerduty", "@pagerduty/pdjs"], envPrefixes: ["PAGERDUTY_", "PD_"], domains: ["api.pagerduty.com"] },
+  { key: "resend", name: "Resend", packages: ["resend"], envPrefixes: ["RESEND_"], domains: ["api.resend.com"] },
+  { key: "clerk", name: "Clerk", packages: ["@clerk/nextjs", "@clerk/clerk-sdk-node", "@clerk/backend"], envPrefixes: ["CLERK_"], domains: ["api.clerk.dev"] },
+  { key: "supabase", name: "Supabase", packages: ["@supabase/supabase-js"], envPrefixes: ["SUPABASE_"], domains: ["supabase.co"] },
+  { key: "firebase", name: "Firebase", packages: ["firebase", "firebase-admin"], envPrefixes: ["FIREBASE_"], domains: ["firebaseapp.com"] },
+  { key: "linear", name: "Linear", packages: ["@linear/sdk"], envPrefixes: ["LINEAR_"], domains: ["api.linear.app"] },
+  { key: "notion", name: "Notion", packages: ["@notionhq/client"], envPrefixes: ["NOTION_"], domains: ["api.notion.com"] },
+  { key: "airtable", name: "Airtable", packages: ["airtable"], envPrefixes: ["AIRTABLE_"], domains: ["api.airtable.com"] },
+  { key: "vercel", name: "Vercel", packages: ["@vercel/edge", "@vercel/kv", "@vercel/blob"], envPrefixes: ["VERCEL_"], domains: ["api.vercel.com"] }
+];
+var PACKAGE_TO_VENDOR = /* @__PURE__ */ new Map();
+var PREFIX_TO_VENDOR = /* @__PURE__ */ new Map();
+var DOMAIN_TO_VENDOR = /* @__PURE__ */ new Map();
+for (const v of VENDORS) {
+  for (const pkg of v.packages) PACKAGE_TO_VENDOR.set(pkg, v);
+  for (const pfx of v.envPrefixes) PREFIX_TO_VENDOR.set(pfx, v);
+  for (const dom of v.domains) DOMAIN_TO_VENDOR.set(dom, v);
+}
+
+// src/engines/detect.ts
+var MAX_FILE_BYTES = 256e3;
+var TEXT_EXTS = /* @__PURE__ */ new Set([
+  ".ts",
+  ".tsx",
+  ".js",
+  ".jsx",
+  ".mjs",
+  ".cjs",
+  ".json",
+  ".env",
+  ".yaml",
+  ".yml",
+  ".toml",
+  ".py",
+  ".rb",
+  ".go",
+  ".java",
+  ".cs",
+  ".php",
+  ".rs",
+  ".swift",
+  ".kt",
+  ".scala"
+]);
+function readSafe(filePath) {
+  try {
+    const stat = fs2.statSync(filePath);
+    if (!stat.isFile() || stat.size > MAX_FILE_BYTES) return null;
+    return fs2.readFileSync(filePath, "utf8");
+  } catch {
+    return null;
+  }
+}
+function matchPackageJson(content, detectedMap, filePath) {
+  let parsed;
+  try {
+    parsed = JSON.parse(content);
+  } catch {
+    return;
+  }
+  const deps = {
+    ...parsed.dependencies ?? {},
+    ...parsed.devDependencies ?? {}
+  };
+  for (const pkgName of Object.keys(deps)) {
+    const vendor = PACKAGE_TO_VENDOR.get(pkgName);
+    if (!vendor) continue;
+    upsert(detectedMap, vendor, "strong", `package.json dependency: ${pkgName}`, filePath);
+  }
+}
+function matchSourceFile(content, detectedMap, filePath) {
+  const importRe = /(?:from|require)\s*\(?['"`](@?[a-z0-9_\-./]+)['"`]\)?/g;
+  let m;
+  while ((m = importRe.exec(content)) !== null) {
+    const pkg = m[1];
+    const vendor = PACKAGE_TO_VENDOR.get(pkg) ?? PACKAGE_TO_VENDOR.get(pkg.split("/").slice(0, 2).join("/"));
+    if (vendor) upsert(detectedMap, vendor, "strong", `import: ${pkg}`, filePath);
+  }
+  const envRe = /\bprocess\.env\.([A-Z][A-Z0-9_]+)\b/g;
+  while ((m = envRe.exec(content)) !== null) {
+    const envKey = m[1];
+    for (const [prefix, vendor] of PREFIX_TO_VENDOR) {
+      if (envKey.startsWith(prefix)) {
+        upsert(detectedMap, vendor, "partial", `env var: ${envKey}`, filePath);
+        break;
+      }
+    }
+  }
+  const urlRe = /['"`](https?:\/\/([a-z0-9.\-]+)[^\s'"`]*)/g;
+  while ((m = urlRe.exec(content)) !== null) {
+    const host = m[2];
+    for (const [domain, vendor] of DOMAIN_TO_VENDOR) {
+      if (host.includes(domain)) {
+        upsert(detectedMap, vendor, "partial", `URL reference: ${host}`, filePath);
+        break;
+      }
+    }
+  }
+}
+function matchEnvFile(content, detectedMap, filePath) {
+  for (const line of content.split("\n")) {
+    const key = line.split("=")[0]?.trim().replace(/^export\s+/, "");
+    if (!key) continue;
+    for (const [prefix, vendor] of PREFIX_TO_VENDOR) {
+      if (key.startsWith(prefix)) {
+        upsert(detectedMap, vendor, "partial", `env key: ${key}`, filePath);
+        break;
+      }
+    }
+  }
+}
+function upsert(map, vendor, confidence, signal, filePath) {
+  const existing = map.get(vendor.key);
+  if (existing) {
+    if (confidence === "strong") existing.confidence = "strong";
+    else if (confidence === "partial" && existing.confidence === "weak") existing.confidence = "partial";
+    if (!existing.signals.includes(signal)) existing.signals.push(signal);
+    if (!existing.files.includes(filePath)) existing.files.push(filePath);
+  } else {
+    map.set(vendor.key, { key: vendor.key, name: vendor.name, confidence, signals: [signal], files: [filePath] });
+  }
+}
+function detectVendorsInFiles(root, relPaths) {
+  const detectedMap = /* @__PURE__ */ new Map();
+  for (const rel of relPaths) {
+    const absPath = path2.join(root, rel);
+    const ext = path2.extname(rel).toLowerCase();
+    const base = path2.basename(rel).toLowerCase();
+    if (!TEXT_EXTS.has(ext) && !base.startsWith(".env")) continue;
+    const content = readSafe(absPath);
+    if (!content) continue;
+    if (base === "package.json") {
+      matchPackageJson(content, detectedMap, rel);
+    } else if (base.startsWith(".env") || ext === ".env") {
+      matchEnvFile(content, detectedMap, rel);
+    } else {
+      matchSourceFile(content, detectedMap, rel);
+    }
+  }
+  return [...detectedMap.values()];
+}
+function detectVendorsInRoot(root) {
+  const pkgPath = path2.join(root, "package.json");
+  const content = readSafe(pkgPath);
+  if (!content) return [];
+  const map = /* @__PURE__ */ new Map();
+  matchPackageJson(content, map, "package.json");
+  return [...map.values()];
+}
+
+// src/commands/scan.ts
+async function scanCommand(targetPath, flags) {
+  const root = targetPath ? path3.resolve(targetPath) : process.cwd();
+  const startedAt = Date.now();
+  const config = resolveConfig({ token: flags.token, apiUrl: flags.url, repoUrl: flags.repoUrl, commit: flags.commit, branch: flags.branch }, root);
+  if (!config.token && !flags.dryRun) {
+    printError("No API token found.", "Set RELION_TOKEN env var or run: relion login --token <token>");
+    process.exit(1);
+  }
+  const meta = gitMeta(root);
+  const branch = flags.branch ?? config.branch ?? meta.branch ?? void 0;
+  const commit = flags.commit ?? config.commit ?? meta.commit ?? void 0;
+  const repoUrl = flags.repoUrl ?? config.repoUrl ?? meta.repoUrl ?? void 0;
+  if (flags.output !== "json") console.log(`
+Relion v2.0.0${repoUrl ? `  \xB7  ${repoUrl.replace("https://github.com/", "")}` : ""}
+`);
+  const spinner = new Spinner();
+  try {
+    spinner.start("Detecting API vendors");
+    if (!flags.dryRun && config.token) {
+      await verifyToken(config.token, config.apiUrl);
+    }
+    spinner.succeed("Authenticated");
+    spinner.start("Scanning for API dependencies");
+    const detected = detectVendorsInRoot(root);
+    spinner.succeed(`${detected.length} vendor API${detected.length === 1 ? "" : "s"} detected`);
+    const durationMs = Date.now() - startedAt;
+    if (flags.dryRun || !config.token) {
+      if (flags.output !== "json") {
+        console.log("\nDry run \u2014 results not uploaded:\n");
+        for (const v of detected) {
+          console.log(`  ${v.name} (${v.confidence}) \u2014 ${v.signals[0] ?? ""}`);
+        }
+        console.log("");
+      } else {
+        process.stdout.write(JSON.stringify({ vendors: detected, dryRun: true }, null, 2) + "\n");
+      }
+      process.exit(detected.length === 0 ? 4 : 0);
+    }
+    spinner.start("Uploading API metadata");
+    const payload = {
+      schemaVersion: "2",
+      idempotencyKey: `${commit ?? "none"}-${Date.now()}`,
+      sessionId: `cli-${Date.now()}`,
+      agentVersion: "2.0.0",
+      cliVersion: "2.0.0",
+      repository: { repoUrl, commit, branch },
+      scanMeta: { startedAt: new Date(startedAt).toISOString(), completedAt: (/* @__PURE__ */ new Date()).toISOString(), durationMs, filesScanned: 0, bytesScanned: 0, triggerSource: "cli" },
+      stats: { filesScanned: 0, bytesScanned: 0, vendorsDetected: detected.length, endpointsFound: 0, specFilesFound: 0 },
+      integrations: detected.map((v) => ({
+        vendorKey: v.key,
+        vendorName: v.name,
+        integrationType: "api",
+        description: `Detected via ${v.signals[0] ?? "pattern matching"}`,
+        confidence: v.confidence === "strong" ? "strong" : v.confidence === "partial" ? "partial" : "weak",
+        confidenceScore: v.confidence === "strong" ? 0.9 : v.confidence === "partial" ? 0.6 : 0.3,
+        signals: v.signals.map((s) => ({ signalType: "package_dependency", filePath: v.files[0] ?? "unknown", lineStart: 0, signalValue: s, confidenceWeight: 0.8 })),
+        surfaces: []
+      }))
+    };
+    const res = await fetch(`${config.apiUrl.replace(/\/$/, "")}/api/ingest/scan/v2`, {
+      method: "POST",
+      headers: { Authorization: `Bearer ${config.token}`, "Content-Type": "application/json" },
+      body: JSON.stringify(payload)
+    });
+    if (!res.ok) {
+      const err = await res.json().catch(() => ({ error: "Upload failed" }));
+      throw new Error(err.error ?? `Upload failed (${res.status})`);
+    }
+    const receipt = await res.json();
+    spinner.succeed("Upload complete");
+    if (flags.output === "json") {
+      process.stdout.write(JSON.stringify(receipt, null, 2) + "\n");
+    } else {
+      printReceipt({
+        scanId: receipt.scanId,
+        branch,
+        commit,
+        durationMs,
+        filesScanned: 0,
+        vendorsDetected: detected.length,
+        endpointsFound: 0,
+        bytesTransmitted: JSON.stringify(payload).length,
+        secretsRedacted: 0,
+        deployGateStatus: receipt.deployGate?.status ?? "clear",
+        deployGateAlerts: receipt.deployGate?.alerts ?? [],
+        dashboardUrl: receipt.dashboardUrl,
+        dryRun: false
+      });
+      const global = readGlobalConfig();
+      writeGlobalConfig({ ...global, lastScanId: receipt.scanId, lastScanAt: (/* @__PURE__ */ new Date()).toISOString(), lastDashboardUrl: receipt.dashboardUrl });
+    }
+    if (receipt.deployGate?.status === "blocked") process.exit(2);
+    if (receipt.deployGate?.status === "pending") process.exit(3);
+    if (detected.length === 0) process.exit(4);
+  } catch (err) {
+    spinner.fail("Scan failed");
+    const msg = err instanceof Error ? err.message : String(err);
+    if (msg.includes("401") || msg.includes("Invalid or missing")) {
+      printError("Authentication failed.", "Set RELION_TOKEN env var.");
+    } else {
+      printError(msg);
+    }
+    if (flags.verbose) console.error(err);
+    process.exit(1);
+  }
+}
+async function verifyToken(token, apiUrl) {
+  const res = await fetch(`${apiUrl.replace(/\/$/, "")}/api/cli/whoami`, { headers: { Authorization: `Bearer ${token}` } });
+  if (res.status === 401 || res.status === 403) throw new Error("401 Invalid or missing API token");
+}
+
+// src/commands/login.ts
+async function loginCommand(flags) {
+  const apiUrl = flags.url ?? process.env.RELION_API_URL ?? "https://relion.dev";
+  if (flags.token) {
+    await saveToken(flags.token, apiUrl);
+    return;
+  }
+  const loginUrl = `${apiUrl}/settings/tokens`;
+  console.log(`
+${color.bold("Relion Login")}
+`);
+  console.log(`Create an API token at:
+  ${color.cyan(loginUrl)}
+`);
+  console.log(`Then run:
+  ${color.dim("relion login --token <your-token>")}
+`);
+}
+async function saveToken(token, apiUrl) {
+  console.log(`
+${color.bold("Relion Login")}
+`);
+  printInfo("Verifying token...");
+  let email;
+  try {
+    const res = await fetch(`${apiUrl.replace(/\/$/, "")}/api/cli/whoami`, {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (res.status === 401 || res.status === 403) {
+      printError("Token is invalid or revoked.", "Create a new token at " + apiUrl + "/settings/tokens");
+      process.exit(1);
+    }
+    if (res.ok) {
+      const data = await res.json();
+      email = data.email;
+    }
+  } catch {
+    console.warn(color.yellow("  Could not verify token (network issue). Saving anyway."));
+  }
+  const existing = readGlobalConfig();
+  writeGlobalConfig({ ...existing, token, apiUrl: apiUrl !== "https://relion.dev" ? apiUrl : void 0, email });
+  console.log(`${color.green("\u2713")} ${color.bold("Authenticated")}${email ? ` as ${email}` : ""}`);
+  console.log(`${color.dim("  Token saved to ~/.relion/config.json")}
+`);
+  console.log(`Run: ${color.cyan("relion scan .")}
+`);
+}
+async function logoutCommand() {
+  writeGlobalConfig({});
+  console.log(`${color.green("\u2713")} Logged out. Credentials removed.
+`);
+}
+async function whoamiCommand(flags) {
+  const config = readGlobalConfig();
+  const token = process.env.RELION_TOKEN ?? config.token;
+  const apiUrl = flags.url ?? config.apiUrl ?? "https://relion.dev";
+  if (!token) {
+    printError("Not logged in.", "Run: relion login");
+    process.exit(1);
+  }
+  try {
+    const res = await fetch(`${apiUrl.replace(/\/$/, "")}/api/cli/whoami`, {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (!res.ok) {
+      printError("Token is invalid or expired.", "Run: relion login");
+      process.exit(1);
+    }
+    const data = await res.json();
+    console.log(`
+${color.bold("Relion identity")}`);
+    if (data.email) console.log(`  Email:     ${data.email}`);
+    if (data.workspace) console.log(`  Workspace: ${data.workspace}`);
+    console.log(`  API:       ${apiUrl}
+`);
+  } catch {
+    printError("Could not reach Relion API.", `URL: ${apiUrl}`);
+    process.exit(1);
+  }
+}
+
+// src/commands/status.ts
+async function statusCommand(flags) {
+  const config = readGlobalConfig();
+  const token = process.env.RELION_TOKEN ?? config.token;
+  const apiUrl = flags.url ?? config.apiUrl ?? "https://relion.dev";
+  if (!token) {
+    printError("Not logged in.", "Run: relion login");
+    process.exit(1);
+  }
+  if (!config.lastScanId) {
+    console.log(`
+${color.dim("No scans recorded yet.")}
+`);
+    console.log(`Run: ${color.cyan("relion scan .")}
+`);
+    return;
+  }
+  try {
+    const res = await fetch(
+      `${apiUrl.replace(/\/$/, "")}/api/cli/status/${config.lastScanId}`,
+      { headers: { Authorization: `Bearer ${token}` } }
+    );
+    if (!res.ok) {
+      console.log(`
+${color.dim(`Last scan: ${config.lastScanId}`)}`);
+      if (config.lastDashboardUrl) {
+        console.log(`Dashboard: ${color.cyan(config.lastDashboardUrl)}
+`);
+      }
+      return;
+    }
+    const data = await res.json();
+    if (flags.json) {
+      process.stdout.write(JSON.stringify(data, null, 2) + "\n");
+      return;
+    }
+    const gateIcon = data.deployGate.status === "clear" ? color.green("\u2713 clear") : data.deployGate.status === "blocked" ? color.red("\u2717 blocked") : color.yellow("\u26A0 pending");
+    console.log(`
+${color.bold("Last scan")}`);
+    console.log(`  Scan ID:   ${color.dim(data.scanId)}`);
+    if (data.scannedAt) console.log(`  Scanned:   ${new Date(data.scannedAt).toLocaleString()}`);
+    console.log(`  Findings:  ${data.findingsCount} vendor APIs`);
+    console.log(`  Gate:      ${gateIcon}`);
+    if (data.dashboardUrl) console.log(`  Dashboard: ${color.cyan(data.dashboardUrl)}`);
+    console.log("");
+  } catch {
+    console.log(`
+${color.bold("Last scan")} ${color.dim("(cached)")}`);
+    console.log(`  Scan ID: ${color.dim(config.lastScanId)}`);
+    if (config.lastScanAt) console.log(`  At:      ${new Date(config.lastScanAt).toLocaleString()}`);
+    if (config.lastDashboardUrl) console.log(`  Dashboard: ${color.cyan(config.lastDashboardUrl)}`);
+    console.log("");
+  }
+}
+
+// src/commands/predeploy.ts
+var path4 = __toESM(require("path"));
+
+// src/engines/api.ts
+async function apiFetch(url, token, method = "GET", body) {
+  const opts = {
+    method,
+    headers: {
+      Authorization: `Bearer ${token}`,
+      "Content-Type": "application/json"
+    }
+  };
+  if (body !== void 0) opts.body = JSON.stringify(body);
+  return fetch(url, opts);
+}
+async function lookupRisk(vendorKeys, token, apiUrl) {
+  if (vendorKeys.length === 0) return [];
+  const qs = vendorKeys.map((k) => `vendorKeys=${encodeURIComponent(k)}`).join("&");
+  const url = `${apiUrl.replace(/\/$/, "")}/api/predeploy/risk?${qs}`;
+  try {
+    const res = await apiFetch(url, token);
+    if (!res.ok) return [];
+    const data = await res.json();
+    return data.findings ?? [];
+  } catch {
+    return [];
+  }
+}
+async function submitCheck(payload, token, apiUrl) {
+  const url = `${apiUrl.replace(/\/$/, "")}/api/predeploy/check`;
+  try {
+    const res = await apiFetch(url, token, "POST", payload);
+    if (!res.ok) return null;
+    return await res.json();
+  } catch {
+    return null;
+  }
+}
+function scoreVerdict(findings) {
+  if (findings.some((f) => f.riskLevel === "blocked")) return { verdict: "blocked", exitCode: 2 };
+  if (findings.some((f) => f.riskLevel === "high_risk")) return { verdict: "high_risk", exitCode: 3 };
+  if (findings.some((f) => f.riskLevel === "caution")) return { verdict: "caution", exitCode: 3 };
+  return { verdict: "safe", exitCode: 0 };
+}
+
+// src/commands/predeploy.ts
+async function predeployCommand(targetPath, flags) {
+  const root = targetPath ? path4.resolve(targetPath) : process.cwd();
+  const startedAt = Date.now();
+  const config = resolveConfig({ token: flags.token, apiUrl: flags.url, repoUrl: flags.repoUrl, commit: flags.commit, branch: flags.branch }, root);
+  const offline = flags.offline ?? !config.token;
+  if (!config.token && !offline) {
+    printError("No API token found.", "Set RELION_TOKEN env var or run: relion login --token <token>\nUse --offline to run without cloud lookup.");
+    process.exit(1);
+  }
+  let scopeMode = "default";
+  let diffBase;
+  let commitSha;
+  if (flags.staged) {
+    scopeMode = "staged";
+  } else if (flags.diff) {
+    scopeMode = "diff";
+    diffBase = flags.diff;
+  } else if (flags.commitFlag) {
+    scopeMode = "commit";
+    commitSha = flags.commitFlag;
+  }
+  const scopeLabel = scopeMode === "staged" ? "staged changes" : scopeMode === "diff" ? `diff from ${diffBase ?? "HEAD"}` : scopeMode === "commit" ? `commit ${(commitSha ?? "HEAD").slice(0, 7)}` : "uncommitted changes";
+  if (!flags.json) console.log(`
+Relion pre-deploy check \u2014 ${scopeLabel}
+`);
+  const spinner = new Spinner();
+  try {
+    spinner.start("Resolving changed files");
+    const changedFiles = getChangedFiles(root, scopeMode, diffBase, commitSha);
+    if (changedFiles.length === 0) {
+      spinner.succeed("No changed files found");
+      if (!flags.json) console.log("\nNothing to check \u2014 no changed files detected.\n");
+      process.exit(0);
+    }
+    spinner.succeed(`${changedFiles.length} changed file${changedFiles.length === 1 ? "" : "s"}`);
+    spinner.start("Detecting API dependencies");
+    const detected = detectVendorsInFiles(root, changedFiles);
+    spinner.succeed(detected.length > 0 ? `${detected.length} API vendor${detected.length === 1 ? "" : "s"} detected` : "No vendor APIs detected in changed files");
+    let findings = [];
+    if (!offline && config.token && detected.length > 0) {
+      spinner.start("Checking risk against monitored APIs");
+      findings = await lookupRisk(detected.map((d) => d.key), config.token, config.apiUrl);
+      spinner.succeed(`Risk check complete \u2014 ${findings.filter((f) => f.riskLevel !== "safe").length} finding${findings.length === 1 ? "" : "s"}`);
+    } else if (offline) {
+      if (!flags.json) printWarn("Offline mode \u2014 cloud risk lookup skipped.");
+    }
+    const { verdict, exitCode } = offline ? { verdict: "offline", exitCode: 0 } : scoreVerdict(findings);
+    const durationMs = Date.now() - startedAt;
+    const meta = gitMeta(root);
+    const branch = flags.branch ?? config.branch ?? meta.branch ?? void 0;
+    const commit = flags.commit ?? config.commit ?? meta.commit ?? void 0;
+    const repoUrl = flags.repoUrl ?? config.repoUrl ?? meta.repoUrl ?? void 0;
+    let checkId;
+    let dashboardUrl;
+    if (!offline && config.token) {
+      spinner.start("Submitting check");
+      const receipt = await submitCheck(
+        {
+          verdict,
+          exitCode,
+          branch,
+          baseBranch: flags.baseBranch,
+          commit,
+          repoUrl,
+          scopeMode,
+          offline: false,
+          filesChangedCount: changedFiles.length,
+          apisInvolvedCount: detected.length,
+          changedFiles,
+          findings,
+          durationMs,
+          cliVersion: "2.0.0"
+        },
+        config.token,
+        config.apiUrl
+      );
+      if (receipt) {
+        checkId = receipt.checkId;
+        dashboardUrl = receipt.dashboardUrl;
+        spinner.succeed("Check recorded");
+      } else {
+        spinner.succeed("Check complete (could not reach dashboard)");
+      }
+    }
+    if (flags.json) {
+      process.stdout.write(JSON.stringify({ verdict, exitCode, branch, commit, filesChangedCount: changedFiles.length, apisInvolvedCount: detected.length, findings, durationMs, checkId, dashboardUrl }, null, 2) + "\n");
+    } else {
+      printPredeployReceipt({
+        verdict,
+        branch,
+        commit,
+        baseBranch: flags.baseBranch,
+        filesChangedCount: changedFiles.length,
+        apisInvolvedCount: detected.length,
+        durationMs,
+        offline,
+        findings,
+        dashboardUrl,
+        checkId
+      });
+      if (flags.verbose && findings.length > 0) {
+        console.log("Findings detail:");
+        for (const f of findings) {
+          if (f.riskLevel === "safe") continue;
+          const tag = f.riskLevel.toUpperCase().replace("_", " ");
+          console.log(`  [${tag}] ${f.vendorName}: ${f.description}`);
+          if (f.recommendation) console.log(`         \u2192 ${f.recommendation}`);
+          console.log("");
+        }
+      }
+    }
+    process.exit(exitCode);
+  } catch (err) {
+    spinner.fail("Pre-deploy check failed");
+    const msg = err instanceof Error ? err.message : String(err);
+    if (msg.includes("401") || msg.includes("Invalid or missing")) {
+      printError("Authentication failed.", "Set RELION_TOKEN env var.");
+    } else if (msg.includes("ECONNREFUSED") || msg.includes("fetch failed")) {
+      printError(`Could not reach ${config.apiUrl}`, "Use --offline to skip cloud lookup.");
+    } else {
+      printError(msg);
+    }
+    if (flags.verbose) console.error(err);
+    process.exit(1);
+  }
+}
+
+// src/index.ts
+var VERSION = "2.0.0";
+function parseArgs(argv) {
+  const args = argv.slice(2);
+  const positional = [];
+  const flags = {};
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    if (!arg.startsWith("-")) {
+      positional.push(arg);
+      continue;
+    }
+    const key = arg.replace(/^--?/, "");
+    const next = args[i + 1];
+    if (!next || next.startsWith("-")) {
+      flags[key] = true;
+      continue;
+    }
+    if (key === "ignore") {
+      const existing = flags[key];
+      flags[key] = Array.isArray(existing) ? [...existing, next] : [next];
+      i++;
+      continue;
+    }
+    flags[key] = next;
+    i++;
+  }
+  return { command: positional[0] ?? "help", positional: positional.slice(1), flags };
+}
+function printHelp() {
+  console.log(`
+${color.bold("relion")} \u2014 MCP-powered API contract scanner and monitoring CLI
+
+${color.bold("Usage:")}
+  relion <command> [flags]
+
+${color.bold("Commands:")}
+  scan [path]     Scan a directory for API vendor integrations
+  predeploy       Check API risk before deploying (analyzes git diff)
+  login           Authenticate with Relion
+  logout          Remove stored credentials
+  whoami          Show current identity
+  status          Show last scan result for this directory
+  version         Show CLI version
+
+${color.bold("Scan flags:")}
+  --token <token>    API token (or set RELION_TOKEN)
+  --url <url>        API base URL (default: https://relion.dev)
+  --repo-url <url>   Repository URL for cloud matching
+  --commit <sha>     Git commit SHA (auto-detected from git)
+  --branch <name>    Branch name (auto-detected from git)
+  --dry-run          Run locally, print findings, skip upload
+  --verbose          Show per-file detail
+  --ignore <glob>    Additional patterns to ignore (repeatable)
+  --output json      Machine-readable JSON output
+
+${color.bold("Predeploy flags:")}
+  --staged           Check staged changes (git diff --cached)
+  --diff <base>      Check diff from a base branch/SHA
+  --commit <sha>     Check files changed in a specific commit
+  --base-branch <b>  Base branch label for display
+  --offline          Skip cloud risk lookup (local analysis only)
+  --json             Machine-readable JSON output
+  --verbose          Show per-finding detail
+
+${color.bold("Exit codes:")}
+  0  Clear       1  Error
+  2  Gate blocked    3  Gate pending    4  No findings
+
+${color.bold("Environment variables:")}
+  RELION_TOKEN       API token
+  RELION_API_URL     API base URL
+  RELION_REPO_URL    Repository URL
+  RELION_COMMIT      Git commit SHA
+  RELION_BRANCH      Branch name
+
+${color.dim("https://relion.dev/docs/cli")}
+`);
+}
+async function main() {
+  const { command, positional, flags } = parseArgs(process.argv);
+  const f = flags;
+  switch (command) {
+    case "scan":
+      await scanCommand(positional[0], {
+        token: f.token,
+        url: f.url,
+        repoUrl: f["repo-url"],
+        commit: f.commit,
+        branch: f.branch,
+        dryRun: Boolean(f["dry-run"]),
+        verbose: Boolean(f.verbose),
+        ignore: f.ignore,
+        output: f.output || "text"
+      });
+      break;
+    case "predeploy":
+      await predeployCommand(positional[0], {
+        token: f.token,
+        url: f.url,
+        repoUrl: f["repo-url"],
+        commit: f.commit,
+        branch: f.branch,
+        baseBranch: f["base-branch"],
+        staged: Boolean(f.staged),
+        diff: f.diff,
+        commitFlag: f.commit,
+        offline: Boolean(f.offline),
+        json: Boolean(f.json),
+        verbose: Boolean(f.verbose)
+      });
+      break;
+    case "login":
+      await loginCommand({
+        token: f.token,
+        url: f.url
+      });
+      break;
+    case "logout":
+      await logoutCommand();
+      break;
+    case "whoami":
+      await whoamiCommand({ url: f.url });
+      break;
+    case "status":
+      await statusCommand({
+        json: Boolean(f.json),
+        url: f.url
+      });
+      break;
+    case "version":
+    case "--version":
+    case "-v":
+      console.log(`relion v${VERSION}`);
+      break;
+    case "help":
+    case "--help":
+    case "-h":
+    default:
+      printHelp();
+      break;
+  }
+}
+main().catch((err) => {
+  printError(err instanceof Error ? err.message : String(err));
+  process.exit(1);
+});

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "relionhq",
+  "version": "2.0.0",
+  "description": "Relion CLI — pre-deploy API risk detection and monitoring client.",
+  "license": "MIT",
+  "bin": {
+    "relion": "dist/index.js"
+  },
+  "main": "./dist/index.js",
+  "files": ["dist"],
+  "scripts": {
+    "build": "esbuild src/index.ts --bundle --platform=node --target=node18 --outfile=dist/index.js --external:fsevents",
+    "dev": "node --watch dist/index.js",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "esbuild": "^0.25.0",
+    "typescript": "^5.8.0"
+  },
+  "engines": { "node": ">=18" },
+  "keywords": ["api", "monitoring", "relion", "predeploy", "cli", "deploy", "risk"]
+}