sealos-cli 1.1.1 → 1.1.3

package/dist/main.cjs

@@ -47,940 +47,1033 @@ var import_commander = require("commander");
 // src/lib/auth.ts
 var import_node_child_process = require("child_process");
 var import_node_fs = require("fs");
-var import_node_os = require("os");
+var import_node_os2 = require("os");
 var import_node_path = require("path");
-var SEALOS_AUTH_CLIENT_ID = "af993c98-d19d-4bdc-b338-79b80dc4f8bf";
-var DEFAULT_SEALOS_REGION = "https://usw-1.sealos.io";
-var AUTH_METHOD_DEVICE_GRANT = "oauth2_device_grant";
-var AUTH_METHOD_TOKEN = "token";
-var DEVICE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
-function getAuthPaths(sealosDir = (0, import_node_path.join)((0, import_node_os.homedir)(), ".sealos")) {
-  return {
-    sealosDir,
-    authPath: (0, import_node_path.join)(sealosDir, "auth.json"),
-    kubeconfigPath: (0, import_node_path.join)(sealosDir, "kubeconfig")
-  };
-}
-__name(getAuthPaths, "getAuthPaths");
-function normalizeRegion(region) {
-  return (region || process.env.SEALOS_REGION || DEFAULT_SEALOS_REGION).replace(/\/+$/, "");
-}
-__name(normalizeRegion, "normalizeRegion");
-function createDefaultAuthDependencies() {
-  return {
-    fetch,
-    sleep: /* @__PURE__ */ __name(async (ms) => await new Promise((resolve) => setTimeout(resolve, ms)), "sleep"),
-    openBrowser,
-    now: /* @__PURE__ */ __name(() => /* @__PURE__ */ new Date(), "now"),
-    paths: getAuthPaths(),
-    stderr: process.stderr
-  };
-}
-__name(createDefaultAuthDependencies, "createDefaultAuthDependencies");
-function withDeps(deps = {}) {
-  return {
-    ...createDefaultAuthDependencies(),
-    ...deps
-  };
-}
-__name(withDeps, "withDeps");
-function ensureSealosDir(paths) {
-  (0, import_node_fs.mkdirSync)(paths.sealosDir, { recursive: true });
-}
-__name(ensureSealosDir, "ensureSealosDir");
-function saveAuth(auth, deps = {}) {
-  const { paths } = withDeps(deps);
-  ensureSealosDir(paths);
-  (0, import_node_fs.writeFileSync)(paths.authPath, JSON.stringify(auth, null, 2), { mode: 384 });
-}
-__name(saveAuth, "saveAuth");
-function loadAuth(deps = {}) {
-  const { paths } = withDeps(deps);
-  if (!(0, import_node_fs.existsSync)(paths.authPath)) {
-    throw new Error("Not authenticated. Please run: sealos-cli login");
-  }
-  return JSON.parse((0, import_node_fs.readFileSync)(paths.authPath, "utf-8"));
-}
-__name(loadAuth, "loadAuth");
-function getKubeconfigContent(deps = {}) {
-  const { paths } = withDeps(deps);
-  try {
-    return (0, import_node_fs.readFileSync)(paths.kubeconfigPath, "utf-8");
-  } catch {
-    return null;
+
+// node_modules/chalk/source/vendor/ansi-styles/index.js
+var ANSI_BACKGROUND_OFFSET = 10;
+var wrapAnsi16 = /* @__PURE__ */ __name((offset = 0) => (code) => `\x1B[${code + offset}m`, "wrapAnsi16");
+var wrapAnsi256 = /* @__PURE__ */ __name((offset = 0) => (code) => `\x1B[${38 + offset};5;${code}m`, "wrapAnsi256");
+var wrapAnsi16m = /* @__PURE__ */ __name((offset = 0) => (red2, green2, blue2) => `\x1B[${38 + offset};2;${red2};${green2};${blue2}m`, "wrapAnsi16m");
+var styles = {
+  modifier: {
+    reset: [0, 0],
+    // 21 isn't widely supported and 22 does the same thing
+    bold: [1, 22],
+    dim: [2, 22],
+    italic: [3, 23],
+    underline: [4, 24],
+    overline: [53, 55],
+    inverse: [7, 27],
+    hidden: [8, 28],
+    strikethrough: [9, 29]
+  },
+  color: {
+    black: [30, 39],
+    red: [31, 39],
+    green: [32, 39],
+    yellow: [33, 39],
+    blue: [34, 39],
+    magenta: [35, 39],
+    cyan: [36, 39],
+    white: [37, 39],
+    // Bright color
+    blackBright: [90, 39],
+    gray: [90, 39],
+    // Alias of `blackBright`
+    grey: [90, 39],
+    // Alias of `blackBright`
+    redBright: [91, 39],
+    greenBright: [92, 39],
+    yellowBright: [93, 39],
+    blueBright: [94, 39],
+    magentaBright: [95, 39],
+    cyanBright: [96, 39],
+    whiteBright: [97, 39]
+  },
+  bgColor: {
+    bgBlack: [40, 49],
+    bgRed: [41, 49],
+    bgGreen: [42, 49],
+    bgYellow: [43, 49],
+    bgBlue: [44, 49],
+    bgMagenta: [45, 49],
+    bgCyan: [46, 49],
+    bgWhite: [47, 49],
+    // Bright color
+    bgBlackBright: [100, 49],
+    bgGray: [100, 49],
+    // Alias of `bgBlackBright`
+    bgGrey: [100, 49],
+    // Alias of `bgBlackBright`
+    bgRedBright: [101, 49],
+    bgGreenBright: [102, 49],
+    bgYellowBright: [103, 49],
+    bgBlueBright: [104, 49],
+    bgMagentaBright: [105, 49],
+    bgCyanBright: [106, 49],
+    bgWhiteBright: [107, 49]
   }
-}
-__name(getKubeconfigContent, "getKubeconfigContent");
-function getAuthHeaders(deps = {}) {
-  const kubeconfig = getKubeconfigContent(deps);
-  return kubeconfig ? { Authorization: encodeURIComponent(kubeconfig) } : null;
-}
-__name(getAuthHeaders, "getAuthHeaders");
-function requireAuth(deps = {}) {
-  const headers = getAuthHeaders(deps);
-  if (!headers) {
-    throw new Error('Authentication required. Please run "sealos-cli login" first.');
+};
+var modifierNames = Object.keys(styles.modifier);
+var foregroundColorNames = Object.keys(styles.color);
+var backgroundColorNames = Object.keys(styles.bgColor);
+var colorNames = [...foregroundColorNames, ...backgroundColorNames];
+function assembleStyles() {
+  const codes = /* @__PURE__ */ new Map();
+  for (const [groupName, group] of Object.entries(styles)) {
+    for (const [styleName, style] of Object.entries(group)) {
+      styles[styleName] = {
+        open: `\x1B[${style[0]}m`,
+        close: `\x1B[${style[1]}m`
+      };
+      group[styleName] = styles[styleName];
+      codes.set(style[0], style[1]);
+    }
+    Object.defineProperty(styles, groupName, {
+      value: group,
+      enumerable: false
+    });
   }
-  return headers;
+  Object.defineProperty(styles, "codes", {
+    value: codes,
+    enumerable: false
+  });
+  styles.color.close = "\x1B[39m";
+  styles.bgColor.close = "\x1B[49m";
+  styles.color.ansi = wrapAnsi16();
+  styles.color.ansi256 = wrapAnsi256();
+  styles.color.ansi16m = wrapAnsi16m();
+  styles.bgColor.ansi = wrapAnsi16(ANSI_BACKGROUND_OFFSET);
+  styles.bgColor.ansi256 = wrapAnsi256(ANSI_BACKGROUND_OFFSET);
+  styles.bgColor.ansi16m = wrapAnsi16m(ANSI_BACKGROUND_OFFSET);
+  Object.defineProperties(styles, {
+    rgbToAnsi256: {
+      value(red2, green2, blue2) {
+        if (red2 === green2 && green2 === blue2) {
+          if (red2 < 8) {
+            return 16;
+          }
+          if (red2 > 248) {
+            return 231;
+          }
+          return Math.round((red2 - 8) / 247 * 24) + 232;
+        }
+        return 16 + 36 * Math.round(red2 / 255 * 5) + 6 * Math.round(green2 / 255 * 5) + Math.round(blue2 / 255 * 5);
+      },
+      enumerable: false
+    },
+    hexToRgb: {
+      value(hex) {
+        const matches = /[a-f\d]{6}|[a-f\d]{3}/i.exec(hex.toString(16));
+        if (!matches) {
+          return [0, 0, 0];
+        }
+        let [colorString] = matches;
+        if (colorString.length === 3) {
+          colorString = [...colorString].map((character) => character + character).join("");
+        }
+        const integer = Number.parseInt(colorString, 16);
+        return [
+          /* eslint-disable no-bitwise */
+          integer >> 16 & 255,
+          integer >> 8 & 255,
+          integer & 255
+          /* eslint-enable no-bitwise */
+        ];
+      },
+      enumerable: false
+    },
+    hexToAnsi256: {
+      value: /* @__PURE__ */ __name((hex) => styles.rgbToAnsi256(...styles.hexToRgb(hex)), "value"),
+      enumerable: false
+    },
+    ansi256ToAnsi: {
+      value(code) {
+        if (code < 8) {
+          return 30 + code;
+        }
+        if (code < 16) {
+          return 90 + (code - 8);
+        }
+        let red2;
+        let green2;
+        let blue2;
+        if (code >= 232) {
+          red2 = ((code - 232) * 10 + 8) / 255;
+          green2 = red2;
+          blue2 = red2;
+        } else {
+          code -= 16;
+          const remainder = code % 36;
+          red2 = Math.floor(code / 36) / 5;
+          green2 = Math.floor(remainder / 6) / 5;
+          blue2 = remainder % 6 / 5;
+        }
+        const value = Math.max(red2, green2, blue2) * 2;
+        if (value === 0) {
+          return 30;
+        }
+        let result = 30 + (Math.round(blue2) << 2 | Math.round(green2) << 1 | Math.round(red2));
+        if (value === 2) {
+          result += 60;
+        }
+        return result;
+      },
+      enumerable: false
+    },
+    rgbToAnsi: {
+      value: /* @__PURE__ */ __name((red2, green2, blue2) => styles.ansi256ToAnsi(styles.rgbToAnsi256(red2, green2, blue2)), "value"),
+      enumerable: false
+    },
+    hexToAnsi: {
+      value: /* @__PURE__ */ __name((hex) => styles.ansi256ToAnsi(styles.hexToAnsi256(hex)), "value"),
+      enumerable: false
+    }
+  });
+  return styles;
 }
-__name(requireAuth, "requireAuth");
-function saveKubeconfig(kubeconfig, deps = {}) {
-  const { paths } = withDeps(deps);
-  ensureSealosDir(paths);
-  (0, import_node_fs.writeFileSync)(paths.kubeconfigPath, kubeconfig, { mode: 384 });
+__name(assembleStyles, "assembleStyles");
+var ansiStyles = assembleStyles();
+var ansi_styles_default = ansiStyles;
+
+// node_modules/chalk/source/vendor/supports-color/index.js
+var import_node_process = __toESM(require("process"), 1);
+var import_node_os = __toESM(require("os"), 1);
+var import_node_tty = __toESM(require("tty"), 1);
+function hasFlag(flag, argv = globalThis.Deno ? globalThis.Deno.args : import_node_process.default.argv) {
+  const prefix = flag.startsWith("-") ? "" : flag.length === 1 ? "-" : "--";
+  const position = argv.indexOf(prefix + flag);
+  const terminatorPosition = argv.indexOf("--");
+  return position !== -1 && (terminatorPosition === -1 || position < terminatorPosition);
 }
-__name(saveKubeconfig, "saveKubeconfig");
-function clearAuth(deps = {}) {
-  const { paths } = withDeps(deps);
-  (0, import_node_fs.rmSync)(paths.authPath, { force: true });
-  (0, import_node_fs.rmSync)(paths.kubeconfigPath, { force: true });
+__name(hasFlag, "hasFlag");
+var { env } = import_node_process.default;
+var flagForceColor;
+if (hasFlag("no-color") || hasFlag("no-colors") || hasFlag("color=false") || hasFlag("color=never")) {
+  flagForceColor = 0;
+} else if (hasFlag("color") || hasFlag("colors") || hasFlag("color=true") || hasFlag("color=always")) {
+  flagForceColor = 1;
 }
-__name(clearAuth, "clearAuth");
-function checkAuth(deps = {}) {
-  const { paths } = withDeps(deps);
-  if (!(0, import_node_fs.existsSync)(paths.kubeconfigPath)) {
-    return { authenticated: false };
-  }
-  try {
-    const kubeconfig = (0, import_node_fs.readFileSync)(paths.kubeconfigPath, "utf-8");
-    if (!kubeconfig.includes("server:") || !kubeconfig.includes("token:") && !kubeconfig.includes("client-certificate")) {
-      return { authenticated: false };
+function envForceColor() {
+  if ("FORCE_COLOR" in env) {
+    if (env.FORCE_COLOR === "true") {
+      return 1;
     }
-    const auth = (0, import_node_fs.existsSync)(paths.authPath) ? JSON.parse((0, import_node_fs.readFileSync)(paths.authPath, "utf-8")) : {};
-    return {
-      authenticated: true,
-      kubeconfig_path: paths.kubeconfigPath,
-      region: auth.region || "unknown",
-      workspace: auth.current_workspace?.id || "unknown"
-    };
-  } catch {
-    return { authenticated: false };
+    if (env.FORCE_COLOR === "false") {
+      return 0;
+    }
+    return env.FORCE_COLOR.length === 0 ? 1 : Math.min(Number.parseInt(env.FORCE_COLOR, 10), 3);
   }
 }
-__name(checkAuth, "checkAuth");
-function getAuthInfo(deps = {}) {
-  const { paths } = withDeps(deps);
-  const status = checkAuth(deps);
-  if (!status.authenticated) {
-    return { authenticated: false };
+__name(envForceColor, "envForceColor");
+function translateLevel(level) {
+  if (level === 0) {
+    return false;
   }
-  const auth = (0, import_node_fs.existsSync)(paths.authPath) ? JSON.parse((0, import_node_fs.readFileSync)(paths.authPath, "utf-8")) : {};
   return {
-    ...status,
-    auth_method: auth.auth_method || "unknown",
-    authenticated_at: auth.authenticated_at || "unknown",
-    current_workspace: auth.current_workspace || null
+    level,
+    hasBasic: true,
+    has256: level >= 2,
+    has16m: level >= 3
   };
 }
-__name(getAuthInfo, "getAuthInfo");
-async function parseResponse(res) {
-  return await res.json();
-}
-__name(parseResponse, "parseResponse");
-async function readErrorBody(res) {
-  return await res.text().catch(() => "");
-}
-__name(readErrorBody, "readErrorBody");
-async function requestDeviceAuthorization(region, deps = {}) {
-  const { fetch: fetchImpl } = withDeps(deps);
-  const res = await fetchImpl(`${region}/api/auth/oauth2/device`, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: new URLSearchParams({
-      client_id: SEALOS_AUTH_CLIENT_ID,
-      grant_type: DEVICE_GRANT_TYPE
-    })
-  });
-  if (!res.ok) {
-    const body = await readErrorBody(res);
-    throw new Error(`Device authorization request failed (${res.status}): ${body || res.statusText}`);
+__name(translateLevel, "translateLevel");
+function _supportsColor(haveStream, { streamIsTTY, sniffFlags = true } = {}) {
+  const noFlagForceColor = envForceColor();
+  if (noFlagForceColor !== void 0) {
+    flagForceColor = noFlagForceColor;
   }
-  return await parseResponse(res);
-}
-__name(requestDeviceAuthorization, "requestDeviceAuthorization");
-async function pollForToken(region, deviceCode, interval, expiresIn, deps = {}) {
-  const { fetch: fetchImpl, sleep, now, stderr } = withDeps(deps);
-  const maxWait = Math.min(expiresIn, 600) * 1e3;
-  const deadline = now().getTime() + maxWait;
-  let pollInterval = interval * 1e3;
-  let lastLoggedMinute = -1;
-  while (now().getTime() < deadline) {
-    await sleep(pollInterval);
-    const remaining = Math.ceil((deadline - now().getTime()) / 6e4);
-    if (remaining !== lastLoggedMinute && remaining > 0) {
-      lastLoggedMinute = remaining;
-      stderr.write(`  Waiting for authorization... (${remaining} min remaining)
-`);
+  const forceColor = sniffFlags ? flagForceColor : noFlagForceColor;
+  if (forceColor === 0) {
+    return 0;
+  }
+  if (sniffFlags) {
+    if (hasFlag("color=16m") || hasFlag("color=full") || hasFlag("color=truecolor")) {
+      return 3;
     }
-    const res = await fetchImpl(`${region}/api/auth/oauth2/token`, {
-      method: "POST",
-      headers: { "Content-Type": "application/x-www-form-urlencoded" },
-      body: new URLSearchParams({
-        client_id: SEALOS_AUTH_CLIENT_ID,
-        grant_type: DEVICE_GRANT_TYPE,
-        device_code: deviceCode
-      })
-    });
-    if (res.ok) {
-      return await parseResponse(res);
+    if (hasFlag("color=256")) {
+      return 2;
     }
-    const body = await res.json().catch(() => ({}));
-    switch (body.error) {
-      case "authorization_pending":
-        break;
-      case "slow_down":
-        pollInterval += 5e3;
-        break;
-      case "access_denied":
-        throw new Error("Authorization denied by user");
-      case "expired_token":
-        throw new Error("Device code expired. Please run login again.");
-      default:
-        throw new Error(`Token request failed: ${body.error || res.statusText}`);
+  }
+  if ("TF_BUILD" in env && "AGENT_NAME" in env) {
+    return 1;
+  }
+  if (haveStream && !streamIsTTY && forceColor === void 0) {
+    return 0;
+  }
+  const min = forceColor || 0;
+  if (env.TERM === "dumb") {
+    return min;
+  }
+  if (import_node_process.default.platform === "win32") {
+    const osRelease = import_node_os.default.release().split(".");
+    if (Number(osRelease[0]) >= 10 && Number(osRelease[2]) >= 10586) {
+      return Number(osRelease[2]) >= 14931 ? 3 : 2;
     }
+    return 1;
   }
-  throw new Error("Authorization timed out (10 minutes). Please run login again.");
-}
-__name(pollForToken, "pollForToken");
-async function getRegionToken(region, globalToken, deps = {}) {
-  const { fetch: fetchImpl } = withDeps(deps);
-  const res = await fetchImpl(`${region}/api/auth/regionToken`, {
-    method: "POST",
-    headers: {
-      Authorization: globalToken,
-      "Content-Type": "application/json"
+  if ("CI" in env) {
+    if (["GITHUB_ACTIONS", "GITEA_ACTIONS", "CIRCLECI"].some((key) => key in env)) {
+      return 3;
+    }
+    if (["TRAVIS", "APPVEYOR", "GITLAB_CI", "BUILDKITE", "DRONE"].some((sign) => sign in env) || env.CI_NAME === "codeship") {
+      return 1;
+    }
+    return min;
+  }
+  if ("TEAMCITY_VERSION" in env) {
+    return /^(9\.(0*[1-9]\d*)\.|\d{2,}\.)/.test(env.TEAMCITY_VERSION) ? 1 : 0;
+  }
+  if (env.COLORTERM === "truecolor") {
+    return 3;
+  }
+  if (env.TERM === "xterm-kitty") {
+    return 3;
+  }
+  if (env.TERM === "xterm-ghostty") {
+    return 3;
+  }
+  if (env.TERM === "wezterm") {
+    return 3;
+  }
+  if ("TERM_PROGRAM" in env) {
+    const version = Number.parseInt((env.TERM_PROGRAM_VERSION || "").split(".")[0], 10);
+    switch (env.TERM_PROGRAM) {
+      case "iTerm.app": {
+        return version >= 3 ? 3 : 2;
+      }
+      case "Apple_Terminal": {
+        return 2;
+      }
     }
-  });
-  if (!res.ok) {
-    const body = await readErrorBody(res);
-    throw new Error(`Region token exchange failed (${res.status}): ${body || res.statusText}`);
   }
-  return await parseResponse(res);
-}
-__name(getRegionToken, "getRegionToken");
-function normalizeWorkspaces(data) {
-  const namespaces = Array.isArray(data.data) ? data.data : data.data?.namespaces;
-  return Array.isArray(namespaces) ? namespaces : [];
-}
-__name(normalizeWorkspaces, "normalizeWorkspaces");
-async function listRemoteWorkspaces(region, regionalToken, deps = {}) {
-  const { fetch: fetchImpl } = withDeps(deps);
-  const res = await fetchImpl(`${region}/api/auth/namespace/list`, {
-    headers: { Authorization: regionalToken }
-  });
-  if (!res.ok) {
-    const body = await readErrorBody(res);
-    throw new Error(`List workspaces failed (${res.status}): ${body || res.statusText}`);
+  if (/-256(color)?$/i.test(env.TERM)) {
+    return 2;
   }
-  return normalizeWorkspaces(await parseResponse(res));
-}
-__name(listRemoteWorkspaces, "listRemoteWorkspaces");
-async function switchRemoteWorkspace(region, regionalToken, nsUid, deps = {}) {
-  const { fetch: fetchImpl } = withDeps(deps);
-  const res = await fetchImpl(`${region}/api/auth/namespace/switch`, {
-    method: "POST",
-    headers: {
-      Authorization: regionalToken,
-      "Content-Type": "application/json"
-    },
-    body: JSON.stringify({ ns_uid: nsUid })
-  });
-  if (!res.ok) {
-    const body = await readErrorBody(res);
-    throw new Error(`Switch workspace failed (${res.status}): ${body || res.statusText}`);
+  if (/^screen|^xterm|^vt100|^vt220|^rxvt|color|ansi|cygwin|linux/i.test(env.TERM)) {
+    return 1;
   }
-  return await parseResponse(res);
+  if ("COLORTERM" in env) {
+    return 1;
+  }
+  return min;
 }
-__name(switchRemoteWorkspace, "switchRemoteWorkspace");
-async function getKubeconfig(region, regionalToken, deps = {}) {
-  const { fetch: fetchImpl } = withDeps(deps);
-  const res = await fetchImpl(`${region}/api/auth/getKubeconfig`, {
-    headers: { Authorization: regionalToken }
+__name(_supportsColor, "_supportsColor");
+function createSupportsColor(stream, options = {}) {
+  const level = _supportsColor(stream, {
+    streamIsTTY: stream && stream.isTTY,
+    ...options
   });
-  if (!res.ok) {
-    const body = await readErrorBody(res);
-    throw new Error(`Get kubeconfig failed (${res.status}): ${body || res.statusText}`);
-  }
-  return await parseResponse(res);
+  return translateLevel(level);
 }
-__name(getKubeconfig, "getKubeconfig");
-function openBrowser(url) {
-  const command = (0, import_node_os.platform)() === "darwin" ? "open" : (0, import_node_os.platform)() === "win32" ? "cmd" : "xdg-open";
-  const args = (0, import_node_os.platform)() === "win32" ? ["/c", "start", "", url] : [url];
-  (0, import_node_child_process.execFileSync)(command, args, { stdio: "ignore" });
+__name(createSupportsColor, "createSupportsColor");
+var supportsColor = {
+  stdout: createSupportsColor({ isTTY: import_node_tty.default.isatty(1) }),
+  stderr: createSupportsColor({ isTTY: import_node_tty.default.isatty(2) })
+};
+var supports_color_default = supportsColor;
+
+// node_modules/chalk/source/utilities.js
+function stringReplaceAll(string, substring, replacer) {
+  let index = string.indexOf(substring);
+  if (index === -1) {
+    return string;
+  }
+  const substringLength = substring.length;
+  let endIndex = 0;
+  let returnValue = "";
+  do {
+    returnValue += string.slice(endIndex, index) + substring + replacer;
+    endIndex = index + substringLength;
+    index = string.indexOf(substring, endIndex);
+  } while (index !== -1);
+  returnValue += string.slice(endIndex);
+  return returnValue;
 }
-__name(openBrowser, "openBrowser");
-async function loginWithToken(region, token, deps = {}) {
-  const { now } = withDeps(deps);
-  const normalizedRegion = normalizeRegion(region);
-  saveAuth({
-    region: normalizedRegion,
-    regional_token: token,
-    authenticated_at: now().toISOString(),
-    auth_method: AUTH_METHOD_TOKEN
-  }, deps);
-  return {
-    region: normalizedRegion,
-    workspace: "unknown",
-    limited: true
-  };
+__name(stringReplaceAll, "stringReplaceAll");
+function stringEncaseCRLFWithFirstIndex(string, prefix, postfix, index) {
+  let endIndex = 0;
+  let returnValue = "";
+  do {
+    const gotCR = string[index - 1] === "\r";
+    returnValue += string.slice(endIndex, gotCR ? index - 1 : index) + prefix + (gotCR ? "\r\n" : "\n") + postfix;
+    endIndex = index + 1;
+    index = string.indexOf("\n", endIndex);
+  } while (index !== -1);
+  returnValue += string.slice(endIndex);
+  return returnValue;
 }
-__name(loginWithToken, "loginWithToken");
-async function loginWithDeviceFlow(region, deps = {}) {
-  const fullDeps = withDeps(deps);
-  const normalizedRegion = normalizeRegion(region);
-  const deviceAuth = await requestDeviceAuthorization(normalizedRegion, fullDeps);
-  const {
-    device_code: deviceCode,
-    user_code: userCode,
-    verification_uri: verificationUri,
-    verification_uri_complete: verificationUriComplete,
-    expires_in: expiresIn,
-    interval = 5
-  } = deviceAuth;
-  const url = verificationUriComplete || verificationUri;
-  fullDeps.stderr.write(`
-Please open the following URL in your browser to authorize:
-
-  ${url}
-
-Authorization code: ${userCode}
-Expires in: ${Math.floor(expiresIn / 60)} minutes
+__name(stringEncaseCRLFWithFirstIndex, "stringEncaseCRLFWithFirstIndex");
 
-Waiting for authorization...
-`);
-  if (url) {
-    try {
-      fullDeps.openBrowser(url);
-      fullDeps.stderr.write("Browser opened automatically.\n");
-    } catch {
-      fullDeps.stderr.write("Could not open browser automatically. Please open the URL manually.\n");
-    }
-  }
-  const tokenResponse = await pollForToken(normalizedRegion, deviceCode, interval, expiresIn, fullDeps);
-  const accessToken = tokenResponse.access_token;
-  if (!accessToken) {
-    throw new Error("Token response missing access_token");
+// node_modules/chalk/source/index.js
+var { stdout: stdoutColor, stderr: stderrColor } = supports_color_default;
+var GENERATOR = /* @__PURE__ */ Symbol("GENERATOR");
+var STYLER = /* @__PURE__ */ Symbol("STYLER");
+var IS_EMPTY = /* @__PURE__ */ Symbol("IS_EMPTY");
+var levelMapping = [
+  "ansi",
+  "ansi",
+  "ansi256",
+  "ansi16m"
+];
+var styles2 = /* @__PURE__ */ Object.create(null);
+var applyOptions = /* @__PURE__ */ __name((object, options = {}) => {
+  if (options.level && !(Number.isInteger(options.level) && options.level >= 0 && options.level <= 3)) {
+    throw new Error("The `level` option should be an integer from 0 to 3");
   }
-  fullDeps.stderr.write("Authorization received. Exchanging for regional token...\n");
-  const regionData = await getRegionToken(normalizedRegion, accessToken, fullDeps);
-  const regionalToken = regionData.data?.token;
-  const kubeconfig = regionData.data?.kubeconfig;
-  if (!regionalToken) {
-    throw new Error("Region token response missing data.token field");
+  const colorLevel = stdoutColor ? stdoutColor.level : 0;
+  object.level = options.level === void 0 ? colorLevel : options.level;
+}, "applyOptions");
+var chalkFactory = /* @__PURE__ */ __name((options) => {
+  const chalk2 = /* @__PURE__ */ __name((...strings) => strings.join(" "), "chalk");
+  applyOptions(chalk2, options);
+  Object.setPrototypeOf(chalk2, createChalk.prototype);
+  return chalk2;
+}, "chalkFactory");
+function createChalk(options) {
+  return chalkFactory(options);
+}
+__name(createChalk, "createChalk");
+Object.setPrototypeOf(createChalk.prototype, Function.prototype);
+for (const [styleName, style] of Object.entries(ansi_styles_default)) {
+  styles2[styleName] = {
+    get() {
+      const builder = createBuilder(this, createStyler(style.open, style.close, this[STYLER]), this[IS_EMPTY]);
+      Object.defineProperty(this, styleName, { value: builder });
+      return builder;
+    }
+  };
+}
+styles2.visible = {
+  get() {
+    const builder = createBuilder(this, this[STYLER], true);
+    Object.defineProperty(this, "visible", { value: builder });
+    return builder;
   }
-  if (!kubeconfig) {
-    throw new Error("Region token response missing data.kubeconfig field");
+};
+var getModelAnsi = /* @__PURE__ */ __name((model, level, type, ...arguments_) => {
+  if (model === "rgb") {
+    if (level === "ansi16m") {
+      return ansi_styles_default[type].ansi16m(...arguments_);
+    }
+    if (level === "ansi256") {
+      return ansi_styles_default[type].ansi256(ansi_styles_default.rgbToAnsi256(...arguments_));
+    }
+    return ansi_styles_default[type].ansi(ansi_styles_default.rgbToAnsi(...arguments_));
   }
-  let currentWorkspace;
-  try {
-    const workspaces = await listRemoteWorkspaces(normalizedRegion, regionalToken, fullDeps);
-    currentWorkspace = workspaces.find((workspace) => workspace.nstype === "private") || workspaces[0];
-  } catch {
-    currentWorkspace = void 0;
+  if (model === "hex") {
+    return getModelAnsi("rgb", level, type, ...ansi_styles_default.hexToRgb(...arguments_));
   }
-  saveKubeconfig(kubeconfig, fullDeps);
-  saveAuth({
-    region: normalizedRegion,
-    access_token: accessToken,
-    regional_token: regionalToken,
-    authenticated_at: fullDeps.now().toISOString(),
-    auth_method: AUTH_METHOD_DEVICE_GRANT,
-    ...currentWorkspace ? {
-      current_workspace: {
-        uid: currentWorkspace.uid,
-        id: currentWorkspace.id,
-        teamName: currentWorkspace.teamName
-      }
-    } : {}
-  }, fullDeps);
-  fullDeps.stderr.write("Authentication successful!\n");
-  return {
-    kubeconfig_path: fullDeps.paths.kubeconfigPath,
-    region: normalizedRegion,
-    workspace: currentWorkspace?.id || "default"
+  return ansi_styles_default[type][model](...arguments_);
+}, "getModelAnsi");
+var usedModels = ["rgb", "hex", "ansi256"];
+for (const model of usedModels) {
+  styles2[model] = {
+    get() {
+      const { level } = this;
+      return function(...arguments_) {
+        const styler = createStyler(getModelAnsi(model, levelMapping[level], "color", ...arguments_), ansi_styles_default.color.close, this[STYLER]);
+        return createBuilder(this, styler, this[IS_EMPTY]);
+      };
+    }
+  };
+  const bgModel = "bg" + model[0].toUpperCase() + model.slice(1);
+  styles2[bgModel] = {
+    get() {
+      const { level } = this;
+      return function(...arguments_) {
+        const styler = createStyler(getModelAnsi(model, levelMapping[level], "bgColor", ...arguments_), ansi_styles_default.bgColor.close, this[STYLER]);
+        return createBuilder(this, styler, this[IS_EMPTY]);
+      };
+    }
   };
 }
-__name(loginWithDeviceFlow, "loginWithDeviceFlow");
-async function listWorkspaces(deps = {}) {
-  const auth = loadAuth(deps);
-  if (!auth.regional_token) {
-    throw new Error("No regional_token found. Please run: sealos-cli login");
+var proto = Object.defineProperties(() => {
+}, {
+  ...styles2,
+  level: {
+    enumerable: true,
+    get() {
+      return this[GENERATOR].level;
+    },
+    set(level) {
+      this[GENERATOR].level = level;
+    }
+  }
+});
+var createStyler = /* @__PURE__ */ __name((open, close, parent) => {
+  let openAll;
+  let closeAll;
+  if (parent === void 0) {
+    openAll = open;
+    closeAll = close;
+  } else {
+    openAll = parent.openAll + open;
+    closeAll = close + parent.closeAll;
   }
-  const workspaces = await listRemoteWorkspaces(auth.region, auth.regional_token, deps);
   return {
-    current: auth.current_workspace?.id || null,
-    workspaces: workspaces.map((workspace) => ({
-      uid: workspace.uid,
-      id: workspace.id,
-      teamName: workspace.teamName,
-      role: workspace.role,
-      nstype: workspace.nstype
-    }))
+    open,
+    close,
+    openAll,
+    closeAll,
+    parent
   };
-}
-__name(listWorkspaces, "listWorkspaces");
-async function switchWorkspace(target, deps = {}) {
-  if (!target) {
-    throw new Error("Usage: sealos-cli auth switch <namespace-id-or-uid>");
+}, "createStyler");
+var createBuilder = /* @__PURE__ */ __name((self, _styler, _isEmpty) => {
+  const builder = /* @__PURE__ */ __name((...arguments_) => applyStyle(builder, arguments_.length === 1 ? "" + arguments_[0] : arguments_.join(" ")), "builder");
+  Object.setPrototypeOf(builder, proto);
+  builder[GENERATOR] = self;
+  builder[STYLER] = _styler;
+  builder[IS_EMPTY] = _isEmpty;
+  return builder;
+}, "createBuilder");
+var applyStyle = /* @__PURE__ */ __name((self, string) => {
+  if (self.level <= 0 || !string) {
+    return self[IS_EMPTY] ? "" : string;
   }
-  const fullDeps = withDeps(deps);
-  const auth = loadAuth(fullDeps);
-  if (!auth.regional_token) {
-    throw new Error("No regional_token found. Please run: sealos-cli login");
+  let styler = self[STYLER];
+  if (styler === void 0) {
+    return string;
   }
-  const workspaces = await listRemoteWorkspaces(auth.region, auth.regional_token, fullDeps);
-  if (workspaces.length === 0) {
-    throw new Error("No workspaces found");
+  const { openAll, closeAll } = styler;
+  if (string.includes("\x1B")) {
+    while (styler !== void 0) {
+      string = stringReplaceAll(string, styler.close, styler.open);
+      styler = styler.parent;
+    }
   }
-  const targetLower = target.toLowerCase();
-  const match = workspaces.find(
-    (workspace) => workspace.id === target || workspace.uid === target || workspace.id?.toLowerCase().includes(targetLower) || workspace.teamName?.toLowerCase().includes(targetLower)
-  );
-  if (!match?.uid) {
-    const available = workspaces.map((workspace) => `  ${workspace.id || "unknown"} (${workspace.teamName || "unknown"})`).join("\n");
-    throw new Error(`No workspace matching "${target}". Available:
-${available}`);
+  const lfIndex = string.indexOf("\n");
+  if (lfIndex !== -1) {
+    string = stringEncaseCRLFWithFirstIndex(string, closeAll, openAll, lfIndex);
   }
-  fullDeps.stderr.write(`Switching to workspace: ${match.id || match.uid} (${match.teamName || "unknown"})...
-`);
-  const switchData = await switchRemoteWorkspace(auth.region, auth.regional_token, match.uid, fullDeps);
-  const newToken = switchData.data?.token;
-  if (!newToken) {
-    throw new Error("Switch response missing data.token");
+  return openAll + string + closeAll;
+}, "applyStyle");
+Object.defineProperties(createChalk.prototype, styles2);
+var chalk = createChalk();
+var chalkStderr = createChalk({ level: stderrColor ? stderrColor.level : 0 });
+var source_default = chalk;
+
+// src/lib/errors.ts
+var CliError = class extends Error {
+  constructor(message, exitCode = 1) {
+    super(message);
+    this.exitCode = exitCode;
+    this.name = "CliError";
   }
-  const kubeconfigData = await getKubeconfig(auth.region, newToken, fullDeps);
-  const kubeconfig = kubeconfigData.data?.kubeconfig;
-  if (!kubeconfig) {
-    throw new Error("Kubeconfig response missing data.kubeconfig");
+  exitCode;
+  static {
+    __name(this, "CliError");
   }
-  const nextAuth = {
-    ...auth,
-    regional_token: newToken,
-    current_workspace: {
-      uid: match.uid,
-      id: match.id,
-      teamName: match.teamName
-    }
-  };
-  saveAuth(nextAuth, fullDeps);
-  saveKubeconfig(kubeconfig, fullDeps);
-  fullDeps.stderr.write(`Switched to workspace: ${match.id || match.uid}
-`);
-  return {
-    workspace: {
-      uid: match.uid,
-      id: match.id,
-      teamName: match.teamName
-    },
-    kubeconfig_path: fullDeps.paths.kubeconfigPath
-  };
-}
-__name(switchWorkspace, "switchWorkspace");
-
-// node_modules/chalk/source/vendor/ansi-styles/index.js
-var ANSI_BACKGROUND_OFFSET = 10;
-var wrapAnsi16 = /* @__PURE__ */ __name((offset = 0) => (code) => `\x1B[${code + offset}m`, "wrapAnsi16");
-var wrapAnsi256 = /* @__PURE__ */ __name((offset = 0) => (code) => `\x1B[${38 + offset};5;${code}m`, "wrapAnsi256");
-var wrapAnsi16m = /* @__PURE__ */ __name((offset = 0) => (red2, green2, blue2) => `\x1B[${38 + offset};2;${red2};${green2};${blue2}m`, "wrapAnsi16m");
-var styles = {
-  modifier: {
-    reset: [0, 0],
-    // 21 isn't widely supported and 22 does the same thing
-    bold: [1, 22],
-    dim: [2, 22],
-    italic: [3, 23],
-    underline: [4, 24],
-    overline: [53, 55],
-    inverse: [7, 27],
-    hidden: [8, 28],
-    strikethrough: [9, 29]
-  },
-  color: {
-    black: [30, 39],
-    red: [31, 39],
-    green: [32, 39],
-    yellow: [33, 39],
-    blue: [34, 39],
-    magenta: [35, 39],
-    cyan: [36, 39],
-    white: [37, 39],
-    // Bright color
-    blackBright: [90, 39],
-    gray: [90, 39],
-    // Alias of `blackBright`
-    grey: [90, 39],
-    // Alias of `blackBright`
-    redBright: [91, 39],
-    greenBright: [92, 39],
-    yellowBright: [93, 39],
-    blueBright: [94, 39],
-    magentaBright: [95, 39],
-    cyanBright: [96, 39],
-    whiteBright: [97, 39]
-  },
-  bgColor: {
-    bgBlack: [40, 49],
-    bgRed: [41, 49],
-    bgGreen: [42, 49],
-    bgYellow: [43, 49],
-    bgBlue: [44, 49],
-    bgMagenta: [45, 49],
-    bgCyan: [46, 49],
-    bgWhite: [47, 49],
-    // Bright color
-    bgBlackBright: [100, 49],
-    bgGray: [100, 49],
-    // Alias of `bgBlackBright`
-    bgGrey: [100, 49],
-    // Alias of `bgBlackBright`
-    bgRedBright: [101, 49],
-    bgGreenBright: [102, 49],
-    bgYellowBright: [103, 49],
-    bgBlueBright: [104, 49],
-    bgMagentaBright: [105, 49],
-    bgCyanBright: [106, 49],
-    bgWhiteBright: [107, 49]
+};
+var AuthError = class extends CliError {
+  static {
+    __name(this, "AuthError");
+  }
+  constructor(message = 'Authentication required. Please run "sealos-cli login" first.') {
+    super(message, 1);
+    this.name = "AuthError";
   }
 };
-var modifierNames = Object.keys(styles.modifier);
-var foregroundColorNames = Object.keys(styles.color);
-var backgroundColorNames = Object.keys(styles.bgColor);
-var colorNames = [...foregroundColorNames, ...backgroundColorNames];
-function assembleStyles() {
-  const codes = /* @__PURE__ */ new Map();
-  for (const [groupName, group] of Object.entries(styles)) {
-    for (const [styleName, style] of Object.entries(group)) {
-      styles[styleName] = {
-        open: `\x1B[${style[0]}m`,
-        close: `\x1B[${style[1]}m`
-      };
-      group[styleName] = styles[styleName];
-      codes.set(style[0], style[1]);
-    }
-    Object.defineProperty(styles, groupName, {
-      value: group,
-      enumerable: false
-    });
+var ConfigError = class extends CliError {
+  static {
+    __name(this, "ConfigError");
+  }
+  constructor(message) {
+    super(message, 1);
+    this.name = "ConfigError";
+  }
+};
+var ApiError = class extends CliError {
+  constructor(message, statusCode, code, details) {
+    super(message, 1);
+    this.statusCode = statusCode;
+    this.code = code;
+    this.details = details;
+    this.name = "ApiError";
+  }
+  statusCode;
+  code;
+  details;
+  static {
+    __name(this, "ApiError");
+  }
+};
+function mapApiError(status, body) {
+  const message = body?.error?.message || `API request failed with status ${status}`;
+  if (status === 401) {
+    return new AuthError(message);
   }
-  Object.defineProperty(styles, "codes", {
-    value: codes,
-    enumerable: false
-  });
-  styles.color.close = "\x1B[39m";
-  styles.bgColor.close = "\x1B[49m";
-  styles.color.ansi = wrapAnsi16();
-  styles.color.ansi256 = wrapAnsi256();
-  styles.color.ansi16m = wrapAnsi16m();
-  styles.bgColor.ansi = wrapAnsi16(ANSI_BACKGROUND_OFFSET);
-  styles.bgColor.ansi256 = wrapAnsi256(ANSI_BACKGROUND_OFFSET);
-  styles.bgColor.ansi16m = wrapAnsi16m(ANSI_BACKGROUND_OFFSET);
-  Object.defineProperties(styles, {
-    rgbToAnsi256: {
-      value(red2, green2, blue2) {
-        if (red2 === green2 && green2 === blue2) {
-          if (red2 < 8) {
-            return 16;
-          }
-          if (red2 > 248) {
-            return 231;
-          }
-          return Math.round((red2 - 8) / 247 * 24) + 232;
-        }
-        return 16 + 36 * Math.round(red2 / 255 * 5) + 6 * Math.round(green2 / 255 * 5) + Math.round(blue2 / 255 * 5);
-      },
-      enumerable: false
-    },
-    hexToRgb: {
-      value(hex) {
-        const matches = /[a-f\d]{6}|[a-f\d]{3}/i.exec(hex.toString(16));
-        if (!matches) {
-          return [0, 0, 0];
-        }
-        let [colorString] = matches;
-        if (colorString.length === 3) {
-          colorString = [...colorString].map((character) => character + character).join("");
-        }
-        const integer = Number.parseInt(colorString, 16);
-        return [
-          /* eslint-disable no-bitwise */
-          integer >> 16 & 255,
-          integer >> 8 & 255,
-          integer & 255
-          /* eslint-enable no-bitwise */
-        ];
-      },
-      enumerable: false
-    },
-    hexToAnsi256: {
-      value: /* @__PURE__ */ __name((hex) => styles.rgbToAnsi256(...styles.hexToRgb(hex)), "value"),
-      enumerable: false
-    },
-    ansi256ToAnsi: {
-      value(code) {
-        if (code < 8) {
-          return 30 + code;
-        }
-        if (code < 16) {
-          return 90 + (code - 8);
-        }
-        let red2;
-        let green2;
-        let blue2;
-        if (code >= 232) {
-          red2 = ((code - 232) * 10 + 8) / 255;
-          green2 = red2;
-          blue2 = red2;
-        } else {
-          code -= 16;
-          const remainder = code % 36;
-          red2 = Math.floor(code / 36) / 5;
-          green2 = Math.floor(remainder / 6) / 5;
-          blue2 = remainder % 6 / 5;
-        }
-        const value = Math.max(red2, green2, blue2) * 2;
-        if (value === 0) {
-          return 30;
-        }
-        let result = 30 + (Math.round(blue2) << 2 | Math.round(green2) << 1 | Math.round(red2));
-        if (value === 2) {
-          result += 60;
+  return new ApiError(message, status, body?.error?.code, body?.error?.details);
+}
+__name(mapApiError, "mapApiError");
+function handleError(error2) {
+  if (error2 instanceof ApiError) {
+    console.error(source_default.red("Error:"), error2.message);
+    if (error2.details) {
+      if (Array.isArray(error2.details)) {
+        for (const d of error2.details) {
+          console.error(source_default.yellow(`  ${d.field}:`), d.message);
         }
-        return result;
-      },
-      enumerable: false
-    },
-    rgbToAnsi: {
-      value: /* @__PURE__ */ __name((red2, green2, blue2) => styles.ansi256ToAnsi(styles.rgbToAnsi256(red2, green2, blue2)), "value"),
-      enumerable: false
-    },
-    hexToAnsi: {
-      value: /* @__PURE__ */ __name((hex) => styles.ansi256ToAnsi(styles.hexToAnsi256(hex)), "value"),
-      enumerable: false
+      } else {
+        console.error(source_default.yellow("  Details:"), error2.details);
+      }
     }
-  });
-  return styles;
+    process.exit(error2.exitCode);
+  }
+  if (error2 instanceof CliError) {
+    console.error(source_default.red("Error:"), error2.message);
+    process.exit(error2.exitCode);
+  }
+  if (error2 instanceof Error) {
+    console.error(source_default.red("Error:"), error2.message);
+    if (process.env.DEBUG) {
+      console.error(error2.stack);
+    }
+    process.exit(1);
+  }
+  console.error(source_default.red("Error:"), "An unknown error occurred");
+  process.exit(1);
 }
-__name(assembleStyles, "assembleStyles");
-var ansiStyles = assembleStyles();
-var ansi_styles_default = ansiStyles;
+__name(handleError, "handleError");
 
-// node_modules/chalk/source/vendor/supports-color/index.js
-var import_node_process = __toESM(require("process"), 1);
-var import_node_os2 = __toESM(require("os"), 1);
-var import_node_tty = __toESM(require("tty"), 1);
-function hasFlag(flag, argv = globalThis.Deno ? globalThis.Deno.args : import_node_process.default.argv) {
-  const prefix = flag.startsWith("-") ? "" : flag.length === 1 ? "-" : "--";
-  const position = argv.indexOf(prefix + flag);
-  const terminatorPosition = argv.indexOf("--");
-  return position !== -1 && (terminatorPosition === -1 || position < terminatorPosition);
+// src/lib/auth.ts
+var SEALOS_AUTH_CLIENT_ID = "af993c98-d19d-4bdc-b338-79b80dc4f8bf";
+var DEFAULT_SEALOS_REGION = "https://usw-1.sealos.io";
+var AUTH_METHOD_DEVICE_GRANT = "oauth2_device_grant";
+var AUTH_METHOD_TOKEN = "token";
+var DEVICE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
+function getAuthPaths(sealosDir = (0, import_node_path.join)((0, import_node_os2.homedir)(), ".sealos")) {
+  return {
+    sealosDir,
+    authPath: (0, import_node_path.join)(sealosDir, "auth.json"),
+    kubeconfigPath: (0, import_node_path.join)(sealosDir, "kubeconfig")
+  };
 }
-__name(hasFlag, "hasFlag");
-var { env } = import_node_process.default;
-var flagForceColor;
-if (hasFlag("no-color") || hasFlag("no-colors") || hasFlag("color=false") || hasFlag("color=never")) {
-  flagForceColor = 0;
-} else if (hasFlag("color") || hasFlag("colors") || hasFlag("color=true") || hasFlag("color=always")) {
-  flagForceColor = 1;
+__name(getAuthPaths, "getAuthPaths");
+function normalizeRegion(region) {
+  return (region || process.env.SEALOS_REGION || DEFAULT_SEALOS_REGION).replace(/\/+$/, "");
 }
-function envForceColor() {
-  if ("FORCE_COLOR" in env) {
-    if (env.FORCE_COLOR === "true") {
-      return 1;
-    }
-    if (env.FORCE_COLOR === "false") {
-      return 0;
+__name(normalizeRegion, "normalizeRegion");
+function createDefaultAuthDependencies() {
+  return {
+    fetch,
+    sleep: /* @__PURE__ */ __name(async (ms) => await new Promise((resolve) => setTimeout(resolve, ms)), "sleep"),
+    openBrowser,
+    now: /* @__PURE__ */ __name(() => /* @__PURE__ */ new Date(), "now"),
+    paths: getAuthPaths(),
+    stderr: process.stderr
+  };
+}
+__name(createDefaultAuthDependencies, "createDefaultAuthDependencies");
+function withDeps(deps = {}) {
+  return {
+    ...createDefaultAuthDependencies(),
+    ...deps
+  };
+}
+__name(withDeps, "withDeps");
+function ensureSealosDir(paths) {
+  (0, import_node_fs.mkdirSync)(paths.sealosDir, { recursive: true });
+}
+__name(ensureSealosDir, "ensureSealosDir");
+function saveAuth(auth, deps = {}) {
+  const { paths } = withDeps(deps);
+  ensureSealosDir(paths);
+  (0, import_node_fs.writeFileSync)(paths.authPath, JSON.stringify(auth, null, 2), { mode: 384 });
+}
+__name(saveAuth, "saveAuth");
+function loadAuth(deps = {}) {
+  const { paths } = withDeps(deps);
+  if (!(0, import_node_fs.existsSync)(paths.authPath)) {
+    throw new Error("Not authenticated. Please run: sealos-cli login");
+  }
+  return JSON.parse((0, import_node_fs.readFileSync)(paths.authPath, "utf-8"));
+}
+__name(loadAuth, "loadAuth");
+function getKubeconfigContent(deps = {}) {
+  const { paths } = withDeps(deps);
+  try {
+    return (0, import_node_fs.readFileSync)(paths.kubeconfigPath, "utf-8");
+  } catch {
+    return null;
+  }
+}
+__name(getKubeconfigContent, "getKubeconfigContent");
+function getAuthHeaders(deps = {}) {
+  const kubeconfig = getKubeconfigContent(deps);
+  return kubeconfig ? { Authorization: encodeURIComponent(kubeconfig) } : null;
+}
+__name(getAuthHeaders, "getAuthHeaders");
+function requireAuth(deps = {}) {
+  const headers = getAuthHeaders(deps);
+  if (!headers) {
+    throw new Error('Authentication required. Please run "sealos-cli login" first.');
+  }
+  return headers;
+}
+__name(requireAuth, "requireAuth");
+function saveKubeconfig(kubeconfig, deps = {}) {
+  const { paths } = withDeps(deps);
+  ensureSealosDir(paths);
+  (0, import_node_fs.writeFileSync)(paths.kubeconfigPath, kubeconfig, { mode: 384 });
+}
+__name(saveKubeconfig, "saveKubeconfig");
+function clearAuth(deps = {}) {
+  const { paths } = withDeps(deps);
+  (0, import_node_fs.rmSync)(paths.authPath, { force: true });
+  (0, import_node_fs.rmSync)(paths.kubeconfigPath, { force: true });
+}
+__name(clearAuth, "clearAuth");
+function checkAuth(deps = {}) {
+  const { paths } = withDeps(deps);
+  if (!(0, import_node_fs.existsSync)(paths.kubeconfigPath)) {
+    return { authenticated: false };
+  }
+  try {
+    const kubeconfig = (0, import_node_fs.readFileSync)(paths.kubeconfigPath, "utf-8");
+    if (!kubeconfig.includes("server:") || !kubeconfig.includes("token:") && !kubeconfig.includes("client-certificate")) {
+      return { authenticated: false };
     }
-    return env.FORCE_COLOR.length === 0 ? 1 : Math.min(Number.parseInt(env.FORCE_COLOR, 10), 3);
+    const auth = (0, import_node_fs.existsSync)(paths.authPath) ? JSON.parse((0, import_node_fs.readFileSync)(paths.authPath, "utf-8")) : {};
+    return {
+      authenticated: true,
+      kubeconfig_path: paths.kubeconfigPath,
+      region: auth.region || "unknown",
+      workspace: auth.current_workspace?.id || "unknown"
+    };
+  } catch {
+    return { authenticated: false };
   }
 }
-__name(envForceColor, "envForceColor");
-function translateLevel(level) {
-  if (level === 0) {
-    return false;
+__name(checkAuth, "checkAuth");
+function getAuthInfo(deps = {}) {
+  const { paths } = withDeps(deps);
+  const status = checkAuth(deps);
+  if (!status.authenticated) {
+    return { authenticated: false };
   }
+  const auth = (0, import_node_fs.existsSync)(paths.authPath) ? JSON.parse((0, import_node_fs.readFileSync)(paths.authPath, "utf-8")) : {};
   return {
-    level,
-    hasBasic: true,
-    has256: level >= 2,
-    has16m: level >= 3
+    ...status,
+    auth_method: auth.auth_method || "unknown",
+    authenticated_at: auth.authenticated_at || "unknown",
+    current_workspace: auth.current_workspace || null
   };
 }
-__name(translateLevel, "translateLevel");
-function _supportsColor(haveStream, { streamIsTTY, sniffFlags = true } = {}) {
-  const noFlagForceColor = envForceColor();
-  if (noFlagForceColor !== void 0) {
-    flagForceColor = noFlagForceColor;
-  }
-  const forceColor = sniffFlags ? flagForceColor : noFlagForceColor;
-  if (forceColor === 0) {
-    return 0;
-  }
-  if (sniffFlags) {
-    if (hasFlag("color=16m") || hasFlag("color=full") || hasFlag("color=truecolor")) {
-      return 3;
-    }
-    if (hasFlag("color=256")) {
-      return 2;
+__name(getAuthInfo, "getAuthInfo");
+async function parseResponse(res) {
+  const body = await res.json();
+  if (body && typeof body === "object" && typeof body.code === "number" && ![0, 200].includes(body.code)) {
+    const message = body.message || `Sealos API request failed with code ${body.code}`;
+    if (body.code === 401) {
+      throw new AuthError(`Authentication expired. Please run "sealos-cli login" again. (${message})`);
     }
+    throw new Error(message);
   }
-  if ("TF_BUILD" in env && "AGENT_NAME" in env) {
-    return 1;
-  }
-  if (haveStream && !streamIsTTY && forceColor === void 0) {
-    return 0;
-  }
-  const min = forceColor || 0;
-  if (env.TERM === "dumb") {
-    return min;
+  return body;
+}
+__name(parseResponse, "parseResponse");
+async function readErrorBody(res) {
+  return await res.text().catch(() => "");
+}
+__name(readErrorBody, "readErrorBody");
+async function requestDeviceAuthorization(region, deps = {}) {
+  const { fetch: fetchImpl } = withDeps(deps);
+  const res = await fetchImpl(`${region}/api/auth/oauth2/device`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      client_id: SEALOS_AUTH_CLIENT_ID,
+      grant_type: DEVICE_GRANT_TYPE
+    })
+  });
+  if (!res.ok) {
+    const body = await readErrorBody(res);
+    throw new Error(`Device authorization request failed (${res.status}): ${body || res.statusText}`);
   }
-  if (import_node_process.default.platform === "win32") {
-    const osRelease = import_node_os2.default.release().split(".");
-    if (Number(osRelease[0]) >= 10 && Number(osRelease[2]) >= 10586) {
-      return Number(osRelease[2]) >= 14931 ? 3 : 2;
+  return await parseResponse(res);
+}
+__name(requestDeviceAuthorization, "requestDeviceAuthorization");
+async function pollForToken(region, deviceCode, interval, expiresIn, deps = {}) {
+  const { fetch: fetchImpl, sleep, now, stderr } = withDeps(deps);
+  const maxWait = Math.min(expiresIn, 600) * 1e3;
+  const deadline = now().getTime() + maxWait;
+  let pollInterval = interval * 1e3;
+  let lastLoggedMinute = -1;
+  while (now().getTime() < deadline) {
+    await sleep(pollInterval);
+    const remaining = Math.ceil((deadline - now().getTime()) / 6e4);
+    if (remaining !== lastLoggedMinute && remaining > 0) {
+      lastLoggedMinute = remaining;
+      stderr.write(`  Waiting for authorization... (${remaining} min remaining)
+`);
     }
-    return 1;
-  }
-  if ("CI" in env) {
-    if (["GITHUB_ACTIONS", "GITEA_ACTIONS", "CIRCLECI"].some((key) => key in env)) {
-      return 3;
+    const res = await fetchImpl(`${region}/api/auth/oauth2/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        client_id: SEALOS_AUTH_CLIENT_ID,
+        grant_type: DEVICE_GRANT_TYPE,
+        device_code: deviceCode
+      })
+    });
+    if (res.ok) {
+      return await parseResponse(res);
     }
-    if (["TRAVIS", "APPVEYOR", "GITLAB_CI", "BUILDKITE", "DRONE"].some((sign) => sign in env) || env.CI_NAME === "codeship") {
-      return 1;
+    const body = await res.json().catch(() => ({}));
+    switch (body.error) {
+      case "authorization_pending":
+        break;
+      case "slow_down":
+        pollInterval += 5e3;
+        break;
+      case "access_denied":
+        throw new Error("Authorization denied by user");
+      case "expired_token":
+        throw new Error("Device code expired. Please run login again.");
+      default:
+        throw new Error(`Token request failed: ${body.error || res.statusText}`);
     }
-    return min;
-  }
-  if ("TEAMCITY_VERSION" in env) {
-    return /^(9\.(0*[1-9]\d*)\.|\d{2,}\.)/.test(env.TEAMCITY_VERSION) ? 1 : 0;
-  }
-  if (env.COLORTERM === "truecolor") {
-    return 3;
-  }
-  if (env.TERM === "xterm-kitty") {
-    return 3;
-  }
-  if (env.TERM === "xterm-ghostty") {
-    return 3;
-  }
-  if (env.TERM === "wezterm") {
-    return 3;
   }
-  if ("TERM_PROGRAM" in env) {
-    const version = Number.parseInt((env.TERM_PROGRAM_VERSION || "").split(".")[0], 10);
-    switch (env.TERM_PROGRAM) {
-      case "iTerm.app": {
-        return version >= 3 ? 3 : 2;
-      }
-      case "Apple_Terminal": {
-        return 2;
-      }
+  throw new Error("Authorization timed out (10 minutes). Please run login again.");
+}
+__name(pollForToken, "pollForToken");
+async function getRegionToken(region, globalToken, deps = {}) {
+  const { fetch: fetchImpl } = withDeps(deps);
+  const res = await fetchImpl(`${region}/api/auth/regionToken`, {
+    method: "POST",
+    headers: {
+      Authorization: globalToken,
+      "Content-Type": "application/json"
     }
+  });
+  if (!res.ok) {
+    const body = await readErrorBody(res);
+    throw new Error(`Region token exchange failed (${res.status}): ${body || res.statusText}`);
   }
-  if (/-256(color)?$/i.test(env.TERM)) {
-    return 2;
-  }
-  if (/^screen|^xterm|^vt100|^vt220|^rxvt|color|ansi|cygwin|linux/i.test(env.TERM)) {
-    return 1;
-  }
-  if ("COLORTERM" in env) {
-    return 1;
-  }
-  return min;
+  return await parseResponse(res);
 }
-__name(_supportsColor, "_supportsColor");
-function createSupportsColor(stream, options = {}) {
-  const level = _supportsColor(stream, {
-    streamIsTTY: stream && stream.isTTY,
-    ...options
-  });
-  return translateLevel(level);
+__name(getRegionToken, "getRegionToken");
+function normalizeWorkspaces(data) {
+  const namespaces = Array.isArray(data.data) ? data.data : data.data?.namespaces;
+  return Array.isArray(namespaces) ? namespaces : [];
 }
-__name(createSupportsColor, "createSupportsColor");
-var supportsColor = {
-  stdout: createSupportsColor({ isTTY: import_node_tty.default.isatty(1) }),
-  stderr: createSupportsColor({ isTTY: import_node_tty.default.isatty(2) })
-};
-var supports_color_default = supportsColor;
-
-// node_modules/chalk/source/utilities.js
-function stringReplaceAll(string, substring, replacer) {
-  let index = string.indexOf(substring);
-  if (index === -1) {
-    return string;
+__name(normalizeWorkspaces, "normalizeWorkspaces");
+async function listRemoteWorkspaces(region, regionalToken, deps = {}) {
+  const { fetch: fetchImpl } = withDeps(deps);
+  const res = await fetchImpl(`${region}/api/auth/namespace/list`, {
+    headers: { Authorization: regionalToken }
+  });
+  if (!res.ok) {
+    const body = await readErrorBody(res);
+    throw new Error(`List workspaces failed (${res.status}): ${body || res.statusText}`);
   }
-  const substringLength = substring.length;
-  let endIndex = 0;
-  let returnValue = "";
-  do {
-    returnValue += string.slice(endIndex, index) + substring + replacer;
-    endIndex = index + substringLength;
-    index = string.indexOf(substring, endIndex);
-  } while (index !== -1);
-  returnValue += string.slice(endIndex);
-  return returnValue;
+  return normalizeWorkspaces(await parseResponse(res));
 }
-__name(stringReplaceAll, "stringReplaceAll");
-function stringEncaseCRLFWithFirstIndex(string, prefix, postfix, index) {
-  let endIndex = 0;
-  let returnValue = "";
-  do {
-    const gotCR = string[index - 1] === "\r";
-    returnValue += string.slice(endIndex, gotCR ? index - 1 : index) + prefix + (gotCR ? "\r\n" : "\n") + postfix;
-    endIndex = index + 1;
-    index = string.indexOf("\n", endIndex);
-  } while (index !== -1);
-  returnValue += string.slice(endIndex);
-  return returnValue;
+__name(listRemoteWorkspaces, "listRemoteWorkspaces");
+async function switchRemoteWorkspace(region, regionalToken, nsUid, deps = {}) {
+  const { fetch: fetchImpl } = withDeps(deps);
+  const res = await fetchImpl(`${region}/api/auth/namespace/switch`, {
+    method: "POST",
+    headers: {
+      Authorization: regionalToken,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({ ns_uid: nsUid })
+  });
+  if (!res.ok) {
+    const body = await readErrorBody(res);
+    throw new Error(`Switch workspace failed (${res.status}): ${body || res.statusText}`);
+  }
+  return await parseResponse(res);
 }
-__name(stringEncaseCRLFWithFirstIndex, "stringEncaseCRLFWithFirstIndex");
-
-// node_modules/chalk/source/index.js
-var { stdout: stdoutColor, stderr: stderrColor } = supports_color_default;
-var GENERATOR = /* @__PURE__ */ Symbol("GENERATOR");
-var STYLER = /* @__PURE__ */ Symbol("STYLER");
-var IS_EMPTY = /* @__PURE__ */ Symbol("IS_EMPTY");
-var levelMapping = [
-  "ansi",
-  "ansi",
-  "ansi256",
-  "ansi16m"
-];
-var styles2 = /* @__PURE__ */ Object.create(null);
-var applyOptions = /* @__PURE__ */ __name((object, options = {}) => {
-  if (options.level && !(Number.isInteger(options.level) && options.level >= 0 && options.level <= 3)) {
-    throw new Error("The `level` option should be an integer from 0 to 3");
+__name(switchRemoteWorkspace, "switchRemoteWorkspace");
+async function getKubeconfig(region, regionalToken, deps = {}) {
+  const { fetch: fetchImpl } = withDeps(deps);
+  const res = await fetchImpl(`${region}/api/auth/getKubeconfig`, {
+    headers: { Authorization: regionalToken }
+  });
+  if (!res.ok) {
+    const body = await readErrorBody(res);
+    throw new Error(`Get kubeconfig failed (${res.status}): ${body || res.statusText}`);
   }
-  const colorLevel = stdoutColor ? stdoutColor.level : 0;
-  object.level = options.level === void 0 ? colorLevel : options.level;
-}, "applyOptions");
-var chalkFactory = /* @__PURE__ */ __name((options) => {
-  const chalk2 = /* @__PURE__ */ __name((...strings) => strings.join(" "), "chalk");
-  applyOptions(chalk2, options);
-  Object.setPrototypeOf(chalk2, createChalk.prototype);
-  return chalk2;
-}, "chalkFactory");
-function createChalk(options) {
-  return chalkFactory(options);
+  return await parseResponse(res);
 }
-__name(createChalk, "createChalk");
-Object.setPrototypeOf(createChalk.prototype, Function.prototype);
-for (const [styleName, style] of Object.entries(ansi_styles_default)) {
-  styles2[styleName] = {
-    get() {
-      const builder = createBuilder(this, createStyler(style.open, style.close, this[STYLER]), this[IS_EMPTY]);
-      Object.defineProperty(this, styleName, { value: builder });
-      return builder;
-    }
+__name(getKubeconfig, "getKubeconfig");
+function openBrowser(url) {
+  const command = (0, import_node_os2.platform)() === "darwin" ? "open" : (0, import_node_os2.platform)() === "win32" ? "cmd" : "xdg-open";
+  const args = (0, import_node_os2.platform)() === "win32" ? ["/c", "start", "", url] : [url];
+  (0, import_node_child_process.execFileSync)(command, args, { stdio: "ignore" });
+}
+__name(openBrowser, "openBrowser");
+async function loginWithToken(region, token, deps = {}) {
+  const { now } = withDeps(deps);
+  const normalizedRegion = normalizeRegion(region);
+  saveAuth({
+    region: normalizedRegion,
+    regional_token: token,
+    authenticated_at: now().toISOString(),
+    auth_method: AUTH_METHOD_TOKEN
+  }, deps);
+  return {
+    region: normalizedRegion,
+    workspace: "unknown",
+    limited: true
   };
 }
-styles2.visible = {
-  get() {
-    const builder = createBuilder(this, this[STYLER], true);
-    Object.defineProperty(this, "visible", { value: builder });
-    return builder;
-  }
-};
-var getModelAnsi = /* @__PURE__ */ __name((model, level, type, ...arguments_) => {
-  if (model === "rgb") {
-    if (level === "ansi16m") {
-      return ansi_styles_default[type].ansi16m(...arguments_);
-    }
-    if (level === "ansi256") {
-      return ansi_styles_default[type].ansi256(ansi_styles_default.rgbToAnsi256(...arguments_));
+__name(loginWithToken, "loginWithToken");
+async function loginWithDeviceFlow(region, deps = {}) {
+  const fullDeps = withDeps(deps);
+  const normalizedRegion = normalizeRegion(region);
+  const deviceAuth = await requestDeviceAuthorization(normalizedRegion, fullDeps);
+  const {
+    device_code: deviceCode,
+    user_code: userCode,
+    verification_uri: verificationUri,
+    verification_uri_complete: verificationUriComplete,
+    expires_in: expiresIn,
+    interval = 5
+  } = deviceAuth;
+  const url = verificationUriComplete || verificationUri;
+  fullDeps.stderr.write(`
+Please open the following URL in your browser to authorize:
+
+  ${url}
+
+Authorization code: ${userCode}
+Expires in: ${Math.floor(expiresIn / 60)} minutes
+
+Waiting for authorization...
+`);
+  if (url) {
+    try {
+      fullDeps.openBrowser(url);
+      fullDeps.stderr.write("Browser opened automatically.\n");
+    } catch {
+      fullDeps.stderr.write("Could not open browser automatically. Please open the URL manually.\n");
     }
-    return ansi_styles_default[type].ansi(ansi_styles_default.rgbToAnsi(...arguments_));
   }
-  if (model === "hex") {
-    return getModelAnsi("rgb", level, type, ...ansi_styles_default.hexToRgb(...arguments_));
+  const tokenResponse = await pollForToken(normalizedRegion, deviceCode, interval, expiresIn, fullDeps);
+  const accessToken = tokenResponse.access_token;
+  if (!accessToken) {
+    throw new Error("Token response missing access_token");
   }
-  return ansi_styles_default[type][model](...arguments_);
-}, "getModelAnsi");
-var usedModels = ["rgb", "hex", "ansi256"];
-for (const model of usedModels) {
-  styles2[model] = {
-    get() {
-      const { level } = this;
-      return function(...arguments_) {
-        const styler = createStyler(getModelAnsi(model, levelMapping[level], "color", ...arguments_), ansi_styles_default.color.close, this[STYLER]);
-        return createBuilder(this, styler, this[IS_EMPTY]);
-      };
-    }
-  };
-  const bgModel = "bg" + model[0].toUpperCase() + model.slice(1);
-  styles2[bgModel] = {
-    get() {
-      const { level } = this;
-      return function(...arguments_) {
-        const styler = createStyler(getModelAnsi(model, levelMapping[level], "bgColor", ...arguments_), ansi_styles_default.bgColor.close, this[STYLER]);
-        return createBuilder(this, styler, this[IS_EMPTY]);
-      };
-    }
+  fullDeps.stderr.write("Authorization received. Exchanging for regional token...\n");
+  const regionData = await getRegionToken(normalizedRegion, accessToken, fullDeps);
+  const regionalToken = regionData.data?.token;
+  const kubeconfig = regionData.data?.kubeconfig;
+  if (!regionalToken) {
+    throw new Error("Region token response missing data.token field");
+  }
+  if (!kubeconfig) {
+    throw new Error("Region token response missing data.kubeconfig field");
+  }
+  let currentWorkspace;
+  try {
+    const workspaces = await listRemoteWorkspaces(normalizedRegion, regionalToken, fullDeps);
+    currentWorkspace = workspaces.find((workspace) => workspace.nstype === "private") || workspaces[0];
+  } catch {
+    currentWorkspace = void 0;
+  }
+  saveKubeconfig(kubeconfig, fullDeps);
+  saveAuth({
+    region: normalizedRegion,
+    access_token: accessToken,
+    regional_token: regionalToken,
+    authenticated_at: fullDeps.now().toISOString(),
+    auth_method: AUTH_METHOD_DEVICE_GRANT,
+    ...currentWorkspace ? {
+      current_workspace: {
+        uid: currentWorkspace.uid,
+        id: currentWorkspace.id,
+        teamName: currentWorkspace.teamName
+      }
+    } : {}
+  }, fullDeps);
+  fullDeps.stderr.write("Authentication successful!\n");
+  return {
+    kubeconfig_path: fullDeps.paths.kubeconfigPath,
+    region: normalizedRegion,
+    workspace: currentWorkspace?.id || "default"
   };
 }
-var proto = Object.defineProperties(() => {
-}, {
-  ...styles2,
-  level: {
-    enumerable: true,
-    get() {
-      return this[GENERATOR].level;
-    },
-    set(level) {
-      this[GENERATOR].level = level;
-    }
-  }
-});
-var createStyler = /* @__PURE__ */ __name((open, close, parent) => {
-  let openAll;
-  let closeAll;
-  if (parent === void 0) {
-    openAll = open;
-    closeAll = close;
-  } else {
-    openAll = parent.openAll + open;
-    closeAll = close + parent.closeAll;
+__name(loginWithDeviceFlow, "loginWithDeviceFlow");
+async function listWorkspaces(deps = {}) {
+  const auth = loadAuth(deps);
+  if (!auth.regional_token) {
+    throw new Error("No regional_token found. Please run: sealos-cli login");
   }
+  const workspaces = await listRemoteWorkspaces(auth.region, auth.regional_token, deps);
   return {
-    open,
-    close,
-    openAll,
-    closeAll,
-    parent
+    current: auth.current_workspace?.id || null,
+    workspaces: workspaces.map((workspace) => ({
+      uid: workspace.uid,
+      id: workspace.id,
+      teamName: workspace.teamName,
+      role: workspace.role,
+      nstype: workspace.nstype
+    }))
   };
-}, "createStyler");
-var createBuilder = /* @__PURE__ */ __name((self, _styler, _isEmpty) => {
-  const builder = /* @__PURE__ */ __name((...arguments_) => applyStyle(builder, arguments_.length === 1 ? "" + arguments_[0] : arguments_.join(" ")), "builder");
-  Object.setPrototypeOf(builder, proto);
-  builder[GENERATOR] = self;
-  builder[STYLER] = _styler;
-  builder[IS_EMPTY] = _isEmpty;
-  return builder;
-}, "createBuilder");
-var applyStyle = /* @__PURE__ */ __name((self, string) => {
-  if (self.level <= 0 || !string) {
-    return self[IS_EMPTY] ? "" : string;
+}
+__name(listWorkspaces, "listWorkspaces");
+async function switchWorkspace(target, deps = {}) {
+  if (!target) {
+    throw new Error("Usage: sealos-cli auth switch <namespace-id-or-uid>");
   }
-  let styler = self[STYLER];
-  if (styler === void 0) {
-    return string;
+  const fullDeps = withDeps(deps);
+  const auth = loadAuth(fullDeps);
+  if (!auth.regional_token) {
+    throw new Error("No regional_token found. Please run: sealos-cli login");
   }
-  const { openAll, closeAll } = styler;
-  if (string.includes("\x1B")) {
-    while (styler !== void 0) {
-      string = stringReplaceAll(string, styler.close, styler.open);
-      styler = styler.parent;
+  const workspaces = await listRemoteWorkspaces(auth.region, auth.regional_token, fullDeps);
+  if (workspaces.length === 0) {
+    throw new Error("No workspaces found");
+  }
+  const targetLower = target.toLowerCase();
+  const match = workspaces.find(
+    (workspace) => workspace.id === target || workspace.uid === target || workspace.id?.toLowerCase().includes(targetLower) || workspace.teamName?.toLowerCase().includes(targetLower)
+  );
+  if (!match?.uid) {
+    const available = workspaces.map((workspace) => `  ${workspace.id || "unknown"} (${workspace.teamName || "unknown"})`).join("\n");
+    throw new Error(`No workspace matching "${target}". Available:
+${available}`);
+  }
+  fullDeps.stderr.write(`Switching to workspace: ${match.id || match.uid} (${match.teamName || "unknown"})...
+`);
+  const switchData = await switchRemoteWorkspace(auth.region, auth.regional_token, match.uid, fullDeps);
+  const newToken = switchData.data?.token;
+  if (!newToken) {
+    throw new Error("Switch response missing data.token");
+  }
+  const kubeconfigData = await getKubeconfig(auth.region, newToken, fullDeps);
+  const kubeconfig = kubeconfigData.data?.kubeconfig;
+  if (!kubeconfig) {
+    throw new Error("Kubeconfig response missing data.kubeconfig");
+  }
+  const nextAuth = {
+    ...auth,
+    regional_token: newToken,
+    current_workspace: {
+      uid: match.uid,
+      id: match.id,
+      teamName: match.teamName
     }
-  }
-  const lfIndex = string.indexOf("\n");
-  if (lfIndex !== -1) {
-    string = stringEncaseCRLFWithFirstIndex(string, closeAll, openAll, lfIndex);
-  }
-  return openAll + string + closeAll;
-}, "applyStyle");
-Object.defineProperties(createChalk.prototype, styles2);
-var chalk = createChalk();
-var chalkStderr = createChalk({ level: stderrColor ? stderrColor.level : 0 });
-var source_default = chalk;
+  };
+  saveAuth(nextAuth, fullDeps);
+  saveKubeconfig(kubeconfig, fullDeps);
+  fullDeps.stderr.write(`Switched to workspace: ${match.id || match.uid}
+`);
+  return {
+    workspace: {
+      uid: match.uid,
+      id: match.id,
+      teamName: match.teamName
+    },
+    kubeconfig_path: fullDeps.paths.kubeconfigPath
+  };
+}
+__name(switchWorkspace, "switchWorkspace");
 
 // src/lib/output.ts
 var import_table = require("table");
@@ -3938,92 +4031,9 @@ function spinner(text) {
 }
 __name(spinner, "spinner");
 
-// src/lib/errors.ts
-var CliError = class extends Error {
-  constructor(message, exitCode = 1) {
-    super(message);
-    this.exitCode = exitCode;
-    this.name = "CliError";
-  }
-  exitCode;
-  static {
-    __name(this, "CliError");
-  }
-};
-var AuthError = class extends CliError {
-  static {
-    __name(this, "AuthError");
-  }
-  constructor(message = 'Authentication required. Please run "sealos-cli login" first.') {
-    super(message, 1);
-    this.name = "AuthError";
-  }
-};
-var ConfigError = class extends CliError {
-  static {
-    __name(this, "ConfigError");
-  }
-  constructor(message) {
-    super(message, 1);
-    this.name = "ConfigError";
-  }
-};
-var ApiError = class extends CliError {
-  constructor(message, statusCode, code, details) {
-    super(message, 1);
-    this.statusCode = statusCode;
-    this.code = code;
-    this.details = details;
-    this.name = "ApiError";
-  }
-  statusCode;
-  code;
-  details;
-  static {
-    __name(this, "ApiError");
-  }
-};
-function mapApiError(status, body) {
-  const message = body?.error?.message || `API request failed with status ${status}`;
-  if (status === 401) {
-    return new AuthError(message);
-  }
-  return new ApiError(message, status, body?.error?.code, body?.error?.details);
-}
-__name(mapApiError, "mapApiError");
-function handleError(error2) {
-  if (error2 instanceof ApiError) {
-    console.error(source_default.red("Error:"), error2.message);
-    if (error2.details) {
-      if (Array.isArray(error2.details)) {
-        for (const d of error2.details) {
-          console.error(source_default.yellow(`  ${d.field}:`), d.message);
-        }
-      } else {
-        console.error(source_default.yellow("  Details:"), error2.details);
-      }
-    }
-    process.exit(error2.exitCode);
-  }
-  if (error2 instanceof CliError) {
-    console.error(source_default.red("Error:"), error2.message);
-    process.exit(error2.exitCode);
-  }
-  if (error2 instanceof Error) {
-    console.error(source_default.red("Error:"), error2.message);
-    if (process.env.DEBUG) {
-      console.error(error2.stack);
-    }
-    process.exit(1);
-  }
-  console.error(source_default.red("Error:"), "An unknown error occurred");
-  process.exit(1);
-}
-__name(handleError, "handleError");
-
 // src/commands/auth/login.ts
 function createLoginCommand() {
-  return new import_commander.Command("login").description("Login to Sealos Cloud").argument("[region]", "Sealos region URL (e.g., https://usw-1.sealos.io)").option("-t, --token <token>", "Store a regional token without OAuth device login").option("-o, --output <format>", "Output format: json, table", "table").action(async (region, options) => {
+  return new import_commander.Command("login").description("Login to Sealos Cloud").argument("[region]", "Sealos region URL (e.g., https://usw-1.sealos.io)").option("-t, --token <token>", "Store a regional token without OAuth device login").option("-o, --output <format>", "Output format: json, table", "json").action(async (region, options) => {
     try {
       const result = options.token ? await loginWithToken(region, options.token) : await loginWithDeviceFlow(region);
       if (options.token) {
@@ -4048,14 +4058,32 @@ __name(createLoginCommand, "createLoginCommand");
 // src/commands/auth/logout.ts
 var import_commander2 = require("commander");
 function createLogoutCommand() {
-  return new import_commander2.Command("logout").description("Logout from Sealos Cloud").action(async () => {
+  return new import_commander2.Command("logout").description("Logout from Sealos Cloud").option("-o, --output <format>", "Output format: json, table", "json").action(async (options) => {
     try {
       const status = checkAuth();
       if (!status.authenticated) {
+        if (options.output === "json") {
+          outputJson({
+            success: true,
+            action: "logout",
+            authenticated: false,
+            changed: false
+          });
+          return;
+        }
         warn("You are not logged in");
         return;
       }
       clearAuth();
+      if (options.output === "json") {
+        outputJson({
+          success: true,
+          action: "logout",
+          authenticated: false,
+          changed: true
+        });
+        return;
+      }
       success2("Logged out from Sealos Cloud");
     } catch (error2) {
       handleError(error2);
@@ -4067,7 +4095,7 @@ __name(createLogoutCommand, "createLogoutCommand");
 // src/commands/auth/whoami.ts
 var import_commander3 = require("commander");
 function createWhoamiCommand() {
-  return new import_commander3.Command("whoami").description("Display current user information").option("-o, --output <format>", "Output format: json, table", "table").action(async (options) => {
+  return new import_commander3.Command("whoami").description("Display current user information").option("-o, --output <format>", "Output format: json, table", "json").action(async (options) => {
     try {
       const authInfo = getAuthInfo();
       if (!authInfo.authenticated) {
@@ -4147,7 +4175,7 @@ function createAuthCommand() {
       handleError(error2);
     }
   });
-  authCmd.command("list").description("List all workspaces").option("-o, --output <format>", "Output format: json, table", "table").action(async (options) => {
+  authCmd.command("list").description("List all workspaces").option("-o, --output <format>", "Output format: json, table", "json").action(async (options) => {
     try {
       const result = await listWorkspaces();
       if (options.output === "json") {
@@ -4169,7 +4197,7 @@ function createAuthCommand() {
       handleError(error2);
     }
   });
-  authCmd.command("switch").description("Switch workspace").argument("<namespace>", "Workspace id, uid, or team name").option("-o, --output <format>", "Output format: json, table", "table").action(async (namespace, options) => {
+  authCmd.command("switch").description("Switch workspace").argument("<namespace>", "Workspace id, uid, or team name").option("-o, --output <format>", "Output format: json, table", "json").action(async (namespace, options) => {
     try {
       const result = await switchWorkspace(namespace);
       if (options.output === "json") {
@@ -4189,7 +4217,7 @@ __name(createAuthCommand, "createAuthCommand");
 var import_commander5 = require("commander");
 function createWorkspaceCommand() {
   const workspaceCmd = new import_commander5.Command("workspace").alias("ws").description("Manage workspaces");
-  workspaceCmd.command("switch").description("Switch to another workspace").argument("<namespace>", "Workspace id, uid, or team name").option("-o, --output <format>", "Output format: json, table", "table").action(async (namespace, options) => {
+  workspaceCmd.command("switch").description("Switch to another workspace").argument("<namespace>", "Workspace id, uid, or team name").option("-o, --output <format>", "Output format: json, table", "json").action(async (namespace, options) => {
     try {
       const result = await switchWorkspace(namespace);
       if (options.output === "json") {
@@ -4201,7 +4229,7 @@ function createWorkspaceCommand() {
       handleError(error2);
     }
   });
-  workspaceCmd.command("list").description("List all workspaces").option("-o, --output <format>", "Output format: json, table", "table").action(async (options) => {
+  workspaceCmd.command("list").description("List all workspaces").option("-o, --output <format>", "Output format: json, table", "json").action(async (options) => {
     try {
       const result = await listWorkspaces();
       if (options.output === "json") {
@@ -4223,7 +4251,7 @@ function createWorkspaceCommand() {
       handleError(error2);
     }
   });
-  workspaceCmd.command("current").description("Show current workspace").option("-o, --output <format>", "Output format: json, table", "table").action(async (options) => {
+  workspaceCmd.command("current").description("Show current workspace").option("-o, --output <format>", "Output format: json, table", "json").action(async (options) => {
     try {
       const authInfo = getAuthInfo();
       if (!authInfo.authenticated) {
@@ -5175,7 +5203,7 @@ function printTemplates(templates) {
 __name(printTemplates, "printTemplates");
 function createDevboxCommand() {
   const devboxCmd = new import_commander6.Command("devbox").alias("dev").description("Manage devbox instances");
-  devboxCmd.command("list").description("List all devboxes").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({ spinnerText: "Loading devboxes..." }, async (ctx, options) => {
+  devboxCmd.command("list").description("List all devboxes").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Loading devboxes..." }, async (ctx, options) => {
     const client = createDevboxClient();
     const { data, error: error2, response } = await client.GET("/devbox", {
       headers: ctx.auth
@@ -5188,7 +5216,7 @@ function createDevboxCommand() {
     }
     printDevboxList(data);
   }));
-  devboxCmd.command("create").description("Create a new devbox").requiredOption("--name <name>", "Devbox name").option("--runtime <runtime>", "Runtime environment name").option("--template <runtime>", "Alias for --runtime").option("--cpu <cpu>", "CPU cores", "1").option("--memory <memory>", "Memory in GB", "2").option("--port <spec>", "Port spec, e.g. 8080:http:public or number=8080,protocol=http", collectOption, []).option("--env <NAME=VALUE>", "Environment variable", collectOption, []).option("--secret-env <NAME=SECRET:KEY>", "Environment variable from secret", collectOption, []).option("--autostart", "Auto start devbox after creation").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({ spinnerText: "Creating devbox..." }, async (ctx, options) => {
+  devboxCmd.command("create").description("Create a new devbox").requiredOption("--name <name>", "Devbox name").option("--runtime <runtime>", "Runtime environment name").option("--template <runtime>", "Alias for --runtime").option("--cpu <cpu>", "CPU cores", "1").option("--memory <memory>", "Memory in GB", "2").option("--port <spec>", "Port spec, e.g. 8080:http:public or number=8080,protocol=http", collectOption, []).option("--env <NAME=VALUE>", "Environment variable", collectOption, []).option("--secret-env <NAME=SECRET:KEY>", "Environment variable from secret", collectOption, []).option("--autostart", "Auto start devbox after creation").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Creating devbox..." }, async (ctx, options) => {
     const client = createDevboxClient();
     const { data, error: error2, response } = await client.POST("/devbox", {
       headers: ctx.auth,
@@ -5203,7 +5231,7 @@ function createDevboxCommand() {
     ctx.spinner.succeed(`Devbox "${data.name}" created`);
     printCreateResult(data);
   }));
-  devboxCmd.command("get <name>").description("Get devbox details").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({ spinnerText: "Loading devbox..." }, async (ctx, name, options) => {
+  devboxCmd.command("get <name>").description("Get devbox details").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Loading devbox..." }, async (ctx, name, options) => {
     const client = createDevboxClient();
     const { data, error: error2, response } = await client.GET("/devbox/{name}", {
       headers: ctx.auth,
@@ -5219,7 +5247,7 @@ function createDevboxCommand() {
     }
     printDevboxDetail(data);
   }));
-  devboxCmd.command("update <name>").description("Update devbox resources or ports").option("--cpu <cpu>", "CPU cores").option("--memory <memory>", "Memory in GB").option("--port <spec>", "Port spec. Existing ports can include portName=...", collectOption, []).action(withAuth({ spinnerText: "Updating devbox..." }, async (ctx, name, options) => {
+  devboxCmd.command("update <name>").description("Update devbox resources or ports").option("--cpu <cpu>", "CPU cores").option("--memory <memory>", "Memory in GB").option("--port <spec>", "Port spec. Existing ports can include portName=...", collectOption, []).option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Updating devbox..." }, async (ctx, name, options) => {
     const client = createDevboxClient();
     const { error: error2, response } = await client.PATCH("/devbox/{name}", {
       headers: ctx.auth,
@@ -5229,9 +5257,20 @@ function createDevboxCommand() {
       body: buildUpdateDevboxBody(options)
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "update",
+        resource: "devbox",
+        name,
+        status: "requested"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Devbox "${name}" update requested`);
   }));
-  devboxCmd.command("delete <name>").description("Delete a devbox").alias("rm").action(withAuth({ spinnerText: "Deleting devbox..." }, async (ctx, name) => {
+  devboxCmd.command("delete <name>").description("Delete a devbox").alias("rm").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Deleting devbox..." }, async (ctx, name, options) => {
     const client = createDevboxClient();
     const { error: error2, response } = await client.DELETE("/devbox/{name}", {
       headers: ctx.auth,
@@ -5240,6 +5279,17 @@ function createDevboxCommand() {
       }
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "delete",
+        resource: "devbox",
+        name,
+        status: "deleted"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Devbox "${name}" deleted`);
   }));
   const lifecycleActions = [
@@ -5251,7 +5301,7 @@ function createDevboxCommand() {
   for (const action of lifecycleActions) {
     const command = devboxCmd.command(`${action.name} <name>`).description(`${action.name.charAt(0).toUpperCase()}${action.name.slice(1)} a devbox`);
     if (action.alias) command.alias(action.alias);
-    command.action(withAuth({ spinnerText: action.spinnerText }, async (ctx, name) => {
+    command.option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: action.spinnerText }, async (ctx, name, options) => {
       const client = createDevboxClient();
       const { error: error2, response } = await client.POST(action.endpoint, {
         headers: ctx.auth,
@@ -5261,10 +5311,21 @@ function createDevboxCommand() {
         body: {}
       });
       if (error2) throw mapApiError(response.status, error2);
+      if (options.output === "json") {
+        ctx.spinner.stop();
+        outputJson({
+          success: true,
+          action: action.name,
+          resource: "devbox",
+          name,
+          status: "requested"
+        });
+        return;
+      }
       ctx.spinner.succeed(`Devbox "${name}" ${action.done}`);
     }));
   }
-  devboxCmd.command("autostart <name>").description("Configure devbox autostart").option("--exec-command <command>", "Command to execute when the devbox starts").action(withAuth({ spinnerText: "Configuring autostart..." }, async (ctx, name, options) => {
+  devboxCmd.command("autostart <name>").description("Configure devbox autostart").option("--exec-command <command>", "Command to execute when the devbox starts").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Configuring autostart..." }, async (ctx, name, options) => {
     const client = createDevboxClient();
     const body = options.execCommand ? { execCommand: options.execCommand } : {};
     const { error: error2, response } = await client.POST("/devbox/{name}/autostart", {
@@ -5275,9 +5336,21 @@ function createDevboxCommand() {
       body
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "autostart",
+        resource: "devbox",
+        name,
+        execCommand: options.execCommand ?? null,
+        status: "configured"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Autostart configured for "${name}"`);
   }));
-  devboxCmd.command("monitor <name>").description("Get devbox monitoring data").option("--start <timestamp>", "Start timestamp in seconds or milliseconds").option("--end <timestamp>", "End timestamp in seconds or milliseconds").option("--step <step>", "Sampling interval, e.g. 2m").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({ spinnerText: "Loading monitor data..." }, async (ctx, name, options) => {
+  devboxCmd.command("monitor <name>").description("Get devbox monitoring data").option("--start <timestamp>", "Start timestamp in seconds or milliseconds").option("--end <timestamp>", "End timestamp in seconds or milliseconds").option("--step <step>", "Sampling interval, e.g. 2m").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Loading monitor data..." }, async (ctx, name, options) => {
     const client = createDevboxClient();
     const { data, error: error2, response } = await client.GET("/devbox/{name}/monitor", {
       headers: ctx.auth,
@@ -5298,7 +5371,7 @@ function createDevboxCommand() {
     }
     printMonitor(data);
   }));
-  devboxCmd.command("templates").description("List available devbox templates").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({ spinnerText: "Loading devbox templates..." }, async (ctx, options) => {
+  devboxCmd.command("templates").description("List available devbox templates").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Loading devbox templates..." }, async (ctx, options) => {
     const client = createDevboxClient();
     const { data, error: error2, response } = await client.GET("/devbox/templates", {
       headers: ctx.auth
@@ -5312,7 +5385,7 @@ function createDevboxCommand() {
     printTemplates(data);
   }));
   const releasesCommand = devboxCmd.command("releases").description("Manage devbox releases");
-  releasesCommand.command("list <name>").description("List devbox releases").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({ spinnerText: "Loading releases..." }, async (ctx, name, options) => {
+  releasesCommand.command("list <name>").description("List devbox releases").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Loading releases..." }, async (ctx, name, options) => {
     const client = createDevboxClient();
     const { data, error: error2, response } = await client.GET("/devbox/{name}/releases", {
       headers: ctx.auth,
@@ -5328,7 +5401,7 @@ function createDevboxCommand() {
     }
     printReleases(data);
   }));
-  releasesCommand.command("create <name>").description("Create a devbox release").requiredOption("--tag <tag>", "Release tag").option("--description <description>", "Release description").option("--exec-command <command>", "Autostart command after release restart").option("--no-start", "Keep devbox stopped after the release build completes").action(withAuth({ spinnerText: "Creating release..." }, async (ctx, name, options) => {
+  releasesCommand.command("create <name>").description("Create a devbox release").requiredOption("--tag <tag>", "Release tag").option("--description <description>", "Release description").option("--exec-command <command>", "Autostart command after release restart").option("--no-start", "Keep devbox stopped after the release build completes").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Creating release..." }, async (ctx, name, options) => {
     const client = createDevboxClient();
     const { data, error: error2, response } = await client.POST("/devbox/{name}/releases", {
       headers: ctx.auth,
@@ -5338,9 +5411,14 @@ function createDevboxCommand() {
       body: buildReleaseBody(options)
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson(data);
+      return;
+    }
     ctx.spinner.succeed(`Release "${options.tag}" accepted for "${data.name}" (${data.status})`);
   }));
-  releasesCommand.command("delete <name> <tag>").alias("rm").description("Delete a devbox release").action(withAuth({ spinnerText: "Deleting release..." }, async (ctx, name, tag) => {
+  releasesCommand.command("delete <name> <tag>").alias("rm").description("Delete a devbox release").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Deleting release..." }, async (ctx, name, tag, options) => {
     const client = createDevboxClient();
     const { error: error2, response } = await client.DELETE("/devbox/{name}/releases/{tag}", {
       headers: ctx.auth,
@@ -5349,9 +5427,21 @@ function createDevboxCommand() {
       }
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "delete",
+        resource: "devbox-release",
+        name,
+        tag,
+        status: "deleted"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Release "${tag}" deleted for "${name}"`);
   }));
-  releasesCommand.command("deploy <name> <tag>").description("Deploy a release to AppLaunchpad").action(withAuth({ spinnerText: "Deploying release..." }, async (ctx, name, tag) => {
+  releasesCommand.command("deploy <name> <tag>").description("Deploy a release to AppLaunchpad").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Deploying release..." }, async (ctx, name, tag, options) => {
     const client = createDevboxClient();
     const { error: error2, response } = await client.POST("/devbox/{name}/releases/{tag}/deploy", {
       headers: ctx.auth,
@@ -5360,9 +5450,21 @@ function createDevboxCommand() {
       }
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "deploy",
+        resource: "devbox-release",
+        name,
+        tag,
+        status: "deployed"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Release "${tag}" deployed for "${name}"`);
   }));
-  devboxCmd.command("deployments <name>").description("List deployed applications from a devbox").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({ spinnerText: "Loading deployments..." }, async (ctx, name, options) => {
+  devboxCmd.command("deployments <name>").description("List deployed applications from a devbox").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Loading deployments..." }, async (ctx, name, options) => {
     const client = createDevboxClient();
     const { data, error: error2, response } = await client.GET("/devbox/{name}/deployments", {
       headers: ctx.auth,
@@ -5440,6 +5542,40 @@ function normalizeDatabaseType(type) {
   return resolved;
 }
 __name(normalizeDatabaseType, "normalizeDatabaseType");
+function getDatabaseConnectScheme(type) {
+  const databaseType = normalizeDatabaseType(type);
+  const schemes = {
+    postgresql: "postgresql",
+    mongodb: "mongodb",
+    "apecloud-mysql": "mysql",
+    mysql: "mysql",
+    redis: "redis",
+    kafka: "kafka",
+    qdrant: "qdrant",
+    nebula: "nebula",
+    weaviate: "weaviate",
+    milvus: "milvus",
+    pulsar: "pulsar",
+    clickhouse: "clickhouse"
+  };
+  return schemes[databaseType];
+}
+__name(getDatabaseConnectScheme, "getDatabaseConnectScheme");
+function buildConsolePublicConnection(options) {
+  if (!options.domain || !options.nodePort) return null;
+  const scheme = getDatabaseConnectScheme(options.dbType);
+  const port = String(options.nodePort);
+  if (scheme === "kafka" || scheme === "milvus") {
+    return `${options.domain}:${port}`;
+  }
+  if (!options.username || !options.password) return null;
+  let connection = `${scheme}://${options.username}:${options.password}@${options.domain}:${port}`;
+  if (scheme === "mongodb" || scheme === "postgresql") {
+    connection += "/?directConnection=true";
+  }
+  return connection;
+}
+__name(buildConsolePublicConnection, "buildConsolePublicConnection");
 function normalizeLogDbType(type) {
   const normalized = normalizeDatabaseType(type);
   if (!SUPPORTED_LOG_DB_TYPES.includes(normalized)) {
@@ -5608,9 +5744,89 @@ function printConnectionDetail(connection) {
   outputTable(rows);
 }
 __name(printConnectionDetail, "printConnectionDetail");
+function buildPublicAccessResult(action, name, connection) {
+  return {
+    success: true,
+    action,
+    resource: "database",
+    name,
+    status: action === "enable-public" ? "enabled" : "disabled",
+    publicConnection: connection?.publicConnection ?? null,
+    connection: connection ?? null
+  };
+}
+__name(buildPublicAccessResult, "buildPublicAccessResult");
+function getDatabaseProviderHost() {
+  const override = process.env.SEALOS_DATABASE_HOST?.trim();
+  if (override) {
+    return override.replace(/\/+$/, "");
+  }
+  let authRegion;
+  try {
+    authRegion = loadAuth().region;
+  } catch {
+    authRegion = void 0;
+  }
+  return resolveDbproviderHost(process.env.SEALOS_REGION || authRegion || DEFAULT_SEALOS_REGION);
+}
+__name(getDatabaseProviderHost, "getDatabaseProviderHost");
+async function getLegacyApiData(path, headers) {
+  const url = new URL(path, getDatabaseProviderHost());
+  const response = await fetch(url, {
+    headers: {
+      Authorization: headers.Authorization
+    }
+  });
+  const body = await response.json();
+  if (!response.ok || body.code !== 200) {
+    throw new Error(body.message || `Request failed: ${url.pathname}`);
+  }
+  return body.data;
+}
+__name(getLegacyApiData, "getLegacyApiData");
+async function fetchConsoleConnectionDetails(name, dbType, fallbackConnection, headers) {
+  const [secret, service, config] = await Promise.all([
+    getLegacyApiData(`/api/getSecretByName?dbName=${encodeURIComponent(name)}&dbType=${encodeURIComponent(dbType)}&mock=false`, headers),
+    getLegacyApiData(`/api/getServiceByName?name=${encodeURIComponent(`${name}-export`)}`, headers).catch(() => null),
+    getLegacyApiData("/api/platform/getClientAppConfig", headers).catch(() => null)
+  ]);
+  const nodePort = service?.spec?.ports?.find((port) => port.nodePort)?.nodePort;
+  const publicConnection = buildConsolePublicConnection({
+    dbType,
+    username: secret.username,
+    password: secret.password,
+    domain: config?.domain,
+    nodePort
+  }) ?? fallbackConnection?.publicConnection ?? null;
+  return {
+    privateConnection: {
+      endpoint: `${secret.host}:${secret.port}`,
+      host: secret.host,
+      port: secret.port,
+      username: secret.username,
+      password: secret.password,
+      connectionString: secret.connection
+    },
+    publicConnection
+  };
+}
+__name(fetchConsoleConnectionDetails, "fetchConsoleConnectionDetails");
+async function loadDatabaseConnectionDetails(name, headers) {
+  const client = createDatabaseClient();
+  const { data, error: error2, response } = await client.GET("/databases/{databaseName}", {
+    headers,
+    params: {
+      path: { databaseName: name }
+    }
+  });
+  if (error2) throw mapApiError(response.status, error2);
+  if (!data.type) return data.connection ?? null;
+  return await fetchConsoleConnectionDetails(name, data.type, data.connection, headers);
+}
+__name(loadDatabaseConnectionDetails, "loadDatabaseConnectionDetails");
 function createDatabaseCommand() {
   const dbCmd = new import_commander7.Command("database").alias("db").description("Manage databases");
-  dbCmd.command("list").description("List databases").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({ spinnerText: "Loading databases..." }, async (ctx, options) => {
+  dbCmd.command("list").description("List databases").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Loading databases..." }, async (ctx, options) => {
     const client = createDatabaseClient();
     const { data, error: error2, response } = await client.GET("/databases", {
       headers: ctx.auth
@@ -5649,7 +5865,7 @@ function createDatabaseCommand() {
     }
     outputTable(rows);
   }));
-  dbCmd.command("versions").description("List supported database versions (public endpoint)").option("-o, --output <format>", "Output format (json|table)", "table").option("--host <host>", "Sealos region host for public version lookup, e.g. https://gzg.sealos.run").option("--type <type>", "Filter versions by database type").action(withErrorHandling({ spinnerText: "Loading versions..." }, async (ctx, options) => {
+  dbCmd.command("versions").description("List supported database versions (public endpoint)").option("-o, --output <format>", "Output format (json|table)", "json").option("--host <host>", "Sealos region host for public version lookup, e.g. https://gzg.sealos.run").option("--type <type>", "Filter versions by database type").action(withErrorHandling({ spinnerText: "Loading versions..." }, async (ctx, options) => {
     const client = createDatabaseClient({ baseUrl: options.host });
     const { data, error: error2, response } = await client.GET("/databases/versions");
     if (error2) throw mapApiError(response.status, error2);
@@ -5685,7 +5901,7 @@ function createDatabaseCommand() {
     }
     outputTable(rows);
   }));
-  dbCmd.command("create <type>").description("Create a database").requiredOption("--name <name>", "Database name").option("--version <version>", "Database version").option("--cpu <cpu>", "CPU cores per replica", "1").option("--memory <memory>", "Memory in GB per replica", "1").option("--storage <storage>", "Storage in GB per replica", "3").option("--replicas <replicas>", "Replica count", "1").option("--termination-policy <policy>", "Termination policy (delete|wipeout)").option("--backup-start", "Enable automatic backups").option("--backup-type <type>", "Automatic backup frequency (day|hour|week)").option("--backup-week <day>", "Weekday for weekly backups", collectOption2, []).option("--backup-hour <hour>", "Backup hour (00-23)").option("--backup-minute <minute>", "Backup minute (00-59)").option("--backup-save-time <count>", "Retention count").option("--backup-save-type <type>", "Retention unit (days|hours|weeks|months)").option("--param <KEY=VALUE>", "Database parameter override", collectOption2, []).option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({
+  dbCmd.command("create <type>").description("Create a database").requiredOption("--name <name>", "Database name").option("--version <version>", "Database version").option("--cpu <cpu>", "CPU cores per replica", "1").option("--memory <memory>", "Memory in GB per replica", "1").option("--storage <storage>", "Storage in GB per replica", "3").option("--replicas <replicas>", "Replica count", "1").option("--termination-policy <policy>", "Termination policy (delete|wipeout)").option("--backup-start", "Enable automatic backups").option("--backup-type <type>", "Automatic backup frequency (day|hour|week)").option("--backup-week <day>", "Weekday for weekly backups", collectOption2, []).option("--backup-hour <hour>", "Backup hour (00-23)").option("--backup-minute <minute>", "Backup minute (00-59)").option("--backup-save-time <count>", "Retention count").option("--backup-save-type <type>", "Retention unit (days|hours|weeks|months)").option("--param <KEY=VALUE>", "Database parameter override", collectOption2, []).option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({
     spinnerText: "Creating database..."
   }, async (ctx, type, options) => {
     const client = createDatabaseClient();
@@ -5720,7 +5936,7 @@ function createDatabaseCommand() {
     console.log(source_default.dim(`  Provisioning status: ${data.status}`));
     console.log(source_default.dim(`  Next: sealos-cli database get ${data.name}`));
   }));
-  dbCmd.command("get <name>").alias("describe").description("Get database details").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({ spinnerText: "Loading database..." }, async (ctx, name, options) => {
+  dbCmd.command("get <name>").alias("describe").description("Get database details").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Loading database..." }, async (ctx, name, options) => {
     const client = createDatabaseClient();
     const { data, error: error2, response } = await client.GET("/databases/{databaseName}", {
       headers: ctx.auth,
@@ -5736,23 +5952,16 @@ function createDatabaseCommand() {
     }
     printDatabaseDetail(data);
   }));
-  dbCmd.command("connection <name>").description("Show database connection details").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({ spinnerText: "Loading connection details..." }, async (ctx, name, options) => {
-    const client = createDatabaseClient();
-    const { data, error: error2, response } = await client.GET("/databases/{databaseName}", {
-      headers: ctx.auth,
-      params: {
-        path: { databaseName: name }
-      }
-    });
-    if (error2) throw mapApiError(response.status, error2);
+  dbCmd.command("connection <name>").description("Show database connection details").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Loading connection details..." }, async (ctx, name, options) => {
+    const connection = await loadDatabaseConnectionDetails(name, ctx.auth);
     ctx.spinner.stop();
     if (options.output === "json") {
-      outputJson(data.connection ?? null);
+      outputJson(connection);
       return;
     }
-    printConnectionDetail(data.connection);
+    printConnectionDetail(connection);
   }));
-  dbCmd.command("update <name>").description("Update database resources").option("--cpu <cpu>", "CPU cores per replica").option("--memory <memory>", "Memory in GB per replica").option("--storage <storage>", "Storage in GB per replica").option("--replicas <replicas>", "Replica count").action(withAuth({
+  dbCmd.command("update <name>").description("Update database resources").option("--cpu <cpu>", "CPU cores per replica").option("--memory <memory>", "Memory in GB per replica").option("--storage <storage>", "Storage in GB per replica").option("--replicas <replicas>", "Replica count").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({
     spinnerText: "Updating database..."
   }, async (ctx, name, options) => {
     const quota = buildQuota(options);
@@ -5768,9 +5977,20 @@ function createDatabaseCommand() {
       body: { quota }
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "update",
+        resource: "database",
+        name,
+        status: "requested"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Database "${name}" update requested`);
   }));
-  dbCmd.command("start <name>").description("Start a database").action(withAuth({ spinnerText: "Starting database..." }, async (ctx, name) => {
+  dbCmd.command("start <name>").description("Start a database").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Starting database..." }, async (ctx, name, options) => {
     const client = createDatabaseClient();
     const { error: error2, response } = await client.POST("/databases/{databaseName}/start", {
       headers: ctx.auth,
@@ -5779,9 +5999,20 @@ function createDatabaseCommand() {
       }
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "start",
+        resource: "database",
+        name,
+        status: "requested"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Database "${name}" start requested`);
   }));
-  dbCmd.command("pause <name>").alias("stop").description("Pause a database").action(withAuth({ spinnerText: "Pausing database..." }, async (ctx, name) => {
+  dbCmd.command("pause <name>").alias("stop").description("Pause a database").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Pausing database..." }, async (ctx, name, options) => {
     const client = createDatabaseClient();
     const { error: error2, response } = await client.POST("/databases/{databaseName}/pause", {
       headers: ctx.auth,
@@ -5790,9 +6021,20 @@ function createDatabaseCommand() {
       }
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "pause",
+        resource: "database",
+        name,
+        status: "requested"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Database "${name}" pause requested`);
   }));
-  dbCmd.command("restart <name>").description("Restart a database").action(withAuth({ spinnerText: "Restarting database..." }, async (ctx, name) => {
+  dbCmd.command("restart <name>").description("Restart a database").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Restarting database..." }, async (ctx, name, options) => {
     const client = createDatabaseClient();
     const { error: error2, response } = await client.POST("/databases/{databaseName}/restart", {
       headers: ctx.auth,
@@ -5801,9 +6043,20 @@ function createDatabaseCommand() {
       }
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "restart",
+        resource: "database",
+        name,
+        status: "requested"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Database "${name}" restart requested`);
   }));
-  dbCmd.command("delete <name>").description("Delete a database").option("-f, --force", "Delete without confirmation").action(withAuth({ spinnerText: "Deleting database..." }, async (ctx, name) => {
+  dbCmd.command("delete <name>").description("Delete a database").option("-f, --force", "Delete without confirmation").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Deleting database..." }, async (ctx, name, options) => {
     const client = createDatabaseClient();
     const { error: error2, response } = await client.DELETE("/databases/{databaseName}", {
       headers: ctx.auth,
@@ -5812,9 +6065,20 @@ function createDatabaseCommand() {
       }
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "delete",
+        resource: "database",
+        name,
+        status: "requested"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Database "${name}" delete requested`);
   }));
-  dbCmd.command("backups <name>").description("List backups for a database").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({ spinnerText: "Loading backups..." }, async (ctx, name, options) => {
+  dbCmd.command("backups <name>").description("List backups for a database").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Loading backups..." }, async (ctx, name, options) => {
     const client = createDatabaseClient();
     const { data, error: error2, response } = await client.GET("/databases/{databaseName}/backups", {
       headers: ctx.auth,
@@ -5848,7 +6112,7 @@ function createDatabaseCommand() {
     }
     outputTable(rows);
   }));
-  dbCmd.command("backup <name>").description("Create a database backup").option("--name <backupName>", "Backup name").option("--description <description>", "Backup description").action(withAuth({
+  dbCmd.command("backup <name>").description("Create a database backup").option("--name <backupName>", "Backup name").option("--description <description>", "Backup description").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({
     spinnerText: "Creating backup..."
   }, async (ctx, name, options) => {
     const client = createDatabaseClient();
@@ -5863,11 +6127,23 @@ function createDatabaseCommand() {
       body
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "backup",
+        resource: "database",
+        name,
+        backupName: options.name ?? null,
+        status: "requested"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Backup requested for database "${name}"`);
   }));
-  dbCmd.command("backup-delete <databaseName> <backupName>").description("Delete a database backup").action(withAuth({
+  dbCmd.command("backup-delete <databaseName> <backupName>").description("Delete a database backup").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({
     spinnerText: "Deleting backup..."
-  }, async (ctx, databaseName, backupName) => {
+  }, async (ctx, databaseName, backupName, options) => {
     const client = createDatabaseClient();
     const { error: error2, response } = await client.DELETE("/databases/{databaseName}/backups/{backupName}", {
       headers: ctx.auth,
@@ -5876,9 +6152,21 @@ function createDatabaseCommand() {
       }
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "backup-delete",
+        resource: "database-backup",
+        databaseName,
+        backupName,
+        status: "deleted"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Backup "${backupName}" deleted`);
   }));
-  dbCmd.command("restore <databaseName>").description("Restore a database from a backup").requiredOption("--from <backupName>", "Backup name to restore from").option("--name <name>", "Name for the restored database").option("--replicas <replicas>", "Replica count for the restored database").action(withAuth({
+  dbCmd.command("restore <databaseName>").description("Restore a database from a backup").requiredOption("--from <backupName>", "Backup name to restore from").option("--name <name>", "Name for the restored database").option("--replicas <replicas>", "Replica count for the restored database").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({
     spinnerText: "Restoring database..."
   }, async (ctx, databaseName, options) => {
     const client = createDatabaseClient();
@@ -5893,9 +6181,22 @@ function createDatabaseCommand() {
       body
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "restore",
+        resource: "database",
+        databaseName,
+        backupName: options.from,
+        restoredName: options.name ?? null,
+        status: "requested"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Restore requested from backup "${options.from}"`);
   }));
-  dbCmd.command("enable-public <name>").description("Enable public access for a database").action(withAuth({ spinnerText: "Enabling public access..." }, async (ctx, name) => {
+  dbCmd.command("enable-public <name>").alias("expose").description("Enable public access for a database").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Enabling public access..." }, async (ctx, name, options) => {
     const client = createDatabaseClient();
     const { error: error2, response } = await client.POST("/databases/{databaseName}/enable-public", {
       headers: ctx.auth,
@@ -5904,9 +6205,16 @@ function createDatabaseCommand() {
       }
     });
     if (error2) throw mapApiError(response.status, error2);
+    const connection = await loadDatabaseConnectionDetails(name, ctx.auth);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson(buildPublicAccessResult("enable-public", name, connection));
+      return;
+    }
     ctx.spinner.succeed(`Public access enabled for "${name}"`);
+    printConnectionDetail(connection);
   }));
-  dbCmd.command("disable-public <name>").description("Disable public access for a database").action(withAuth({ spinnerText: "Disabling public access..." }, async (ctx, name) => {
+  dbCmd.command("disable-public <name>").alias("unexpose").description("Disable public access for a database").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Disabling public access..." }, async (ctx, name, options) => {
     const client = createDatabaseClient();
     const { error: error2, response } = await client.POST("/databases/{databaseName}/disable-public", {
       headers: ctx.auth,
@@ -5915,9 +6223,14 @@ function createDatabaseCommand() {
       }
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson(buildPublicAccessResult("disable-public", name));
+      return;
+    }
     ctx.spinner.succeed(`Public access disabled for "${name}"`);
   }));
-  dbCmd.command("logs <podName>").description("Get parsed database logs for a pod").requiredOption("--db-type <type>", "Database type used by the log service").requiredOption("--log-type <type>", "Log type used by the log service").requiredOption("--log-path <path>", 'Log path to read. Use "log-files" first to discover valid paths').option("--page <page>", "Page number", "1").option("--page-size <pageSize>", "Page size", "200").option("-o, --output <format>", "Output format (plain|json|table)", "plain").action(withAuth({
+  dbCmd.command("logs <podName>").description("Get parsed database logs for a pod").requiredOption("--db-type <type>", "Database type used by the log service").requiredOption("--log-type <type>", "Log type used by the log service").requiredOption("--log-path <path>", 'Log path to read. Use "log-files" first to discover valid paths').option("--page <page>", "Page number", "1").option("--page-size <pageSize>", "Page size", "200").option("-o, --output <format>", "Output format (json|table|plain)", "json").action(withAuth({
     spinnerText: "Loading logs..."
   }, async (ctx, podName, options) => {
     const client = createDatabaseClient();
@@ -5954,7 +6267,7 @@ function createDatabaseCommand() {
     console.log(source_default.dim(`
 page=${data.data.metadata.page} total=${data.data.metadata.total} hasMore=${String(data.data.metadata.hasMore)}`));
   }));
-  dbCmd.command("log-files <podName>").description("List database log files for a pod").requiredOption("--db-type <type>", "Database type used by the log service").requiredOption("--log-type <type>", "Log type used by the log service").option("-o, --output <format>", "Output format (json|table)", "table").action(withAuth({
+  dbCmd.command("log-files <podName>").description("List database log files for a pod").requiredOption("--db-type <type>", "Database type used by the log service").requiredOption("--log-type <type>", "Log type used by the log service").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({
     spinnerText: "Loading log files..."
   }, async (ctx, podName, options) => {
     const client = createDatabaseClient();
@@ -5998,6 +6311,22 @@ page=${data.data.metadata.page} total=${data.data.metadata.total} hasMore=${Stri
     }
     outputTable(rows);
   }));
+  dbCmd.command("* [args...]", { hidden: true }).option("-o, --output <format>", "Output format (json|table)", "json").allowUnknownOption().action(async (args, options) => {
+    const [name, operation, ...rest] = args;
+    const aliases = {
+      connection: "connection",
+      connect: "connection",
+      "enable-public": "enable-public",
+      expose: "expose",
+      "disable-public": "disable-public",
+      unexpose: "unexpose"
+    };
+    const command = operation ? aliases[operation] : void 0;
+    if (!name || !command) {
+      throw new Error('Unknown database command. Use "sealos-cli database --help" to list supported commands.');
+    }
+    await dbCmd.parseAsync([command, name, ...rest, "--output", options.output], { from: "user" });
+  });
   return dbCmd;
 }
 __name(createDatabaseCommand, "createDatabaseCommand");
@@ -6044,17 +6373,15 @@ async function resolveYaml(options, spinner2) {
 }
 __name(resolveYaml, "resolveYaml");
 function resolveTemplateDeployMode(template, options, stdinIsTTY = process.stdin.isTTY) {
-  const isRaw = !!(options.file || options.yaml || !stdinIsTTY);
-  if (template && isRaw) {
-    throw new Error("Cannot specify both a template name and --file/--yaml/stdin. Use one or the other.");
+  const hasExplicitRawInput = !!(options.file || options.yaml);
+  const isRaw = hasExplicitRawInput || !template && !stdinIsTTY;
+  if (template && hasExplicitRawInput) {
+    throw new Error("Cannot specify both a template name and --file/--yaml. Use one or the other.");
   }
   if (!template && !isRaw) {
     throw new Error("Provide a template name or use --file/--yaml/stdin to supply raw YAML.");
   }
   if (template) {
-    if (!options.name) {
-      throw new Error("--name is required when deploying from the template catalog.");
-    }
     if (options.dryRun) {
       throw new Error("--dry-run is only supported for raw template deploys (--file, --yaml, or stdin).");
     }
@@ -6065,7 +6392,7 @@ function resolveTemplateDeployMode(template, options, stdinIsTTY = process.stdin
 __name(resolveTemplateDeployMode, "resolveTemplateDeployMode");
 function buildCatalogTemplateDeployBody(template, options) {
   const body = {
-    name: options.name,
+    name: options.name ?? template,
     template
   };
   if (options.set.length > 0) {
@@ -6148,6 +6475,11 @@ function createTemplateCommand() {
         body: body2
       });
       if (error3) throw mapApiError(response2.status, error3);
+      if (deployOptions.output === "json") {
+        ctx.spinner.stop();
+        outputJson(data2);
+        return;
+      }
       ctx.spinner.succeed(`Instance "${data2.name}" created successfully`);
       printInstanceResult(data2, { template: catalogTemplate });
       return;
@@ -6159,6 +6491,11 @@ function createTemplateCommand() {
       body
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (deployOptions.output === "json") {
+      ctx.spinner.stop();
+      outputJson(data);
+      return;
+    }
     if (deployOptions.dryRun) {
       ctx.spinner.succeed("Raw template validation passed; no resources were created");
       printInstanceResult(data, { raw: true, dryRun: true });
@@ -6167,7 +6504,7 @@ function createTemplateCommand() {
     ctx.spinner.succeed(`Raw template deployed as "${data.name}"`);
     printInstanceResult(data, { raw: true });
   });
-  tplCmd.command("list").description("List available templates").option("-c, --category <category>", "Filter by category").option("-l, --language <language>", "Language code (for example: en, zh)").option("-o, --output <format>", "Output format (json|table)", "table").action(withErrorHandling({ spinnerText: "Loading templates..." }, async (ctx, options) => {
+  tplCmd.command("list").description("List available templates").option("-c, --category <category>", "Filter by category").option("-l, --language <language>", "Language code (for example: en, zh)").option("-o, --output <format>", "Output format (json|table)", "json").action(withErrorHandling({ spinnerText: "Loading templates..." }, async (ctx, options) => {
     const client = createTemplateClient();
     const { data, error: error2, response } = await client.GET("/templates", {
       params: { query: options.language ? { language: options.language } : {} }
@@ -6195,7 +6532,7 @@ function createTemplateCommand() {
     }
     outputTable(rows);
   }));
-  tplCmd.command("get <name>").alias("describe").description("Get template details").option("-l, --language <language>", "Language code (for example: en, zh)").option("-o, --output <format>", "Output format (json|table)", "table").action(withErrorHandling({ spinnerText: "Loading template..." }, async (ctx, name, options) => {
+  tplCmd.command("get <name>").alias("describe").description("Get template details").option("-l, --language <language>", "Language code (for example: en, zh)").option("-o, --output <format>", "Output format (json|table)", "json").action(withErrorHandling({ spinnerText: "Loading template..." }, async (ctx, name, options) => {
     const client = createTemplateClient();
     const { data, error: error2, response } = await client.GET("/templates/{name}", {
       params: {
@@ -6243,7 +6580,7 @@ function createTemplateCommand() {
       outputTable(argRows);
     }
   }));
-  tplCmd.command("delete <instance>").alias("rm").description("Delete a deployed template instance").action(withAuth({ spinnerText: "Deleting template instance..." }, async (ctx, instance) => {
+  tplCmd.command("delete <instance>").alias("rm").description("Delete a deployed template instance").option("-o, --output <format>", "Output format (json|table)", "json").action(withAuth({ spinnerText: "Deleting template instance..." }, async (ctx, instance, options) => {
     const client = createTemplateClient();
     const { error: error2, response } = await client.DELETE("/templates/instances/{instanceName}", {
       headers: ctx.auth,
@@ -6252,11 +6589,23 @@ function createTemplateCommand() {
       }
     });
     if (error2) throw mapApiError(response.status, error2);
+    if (options.output === "json") {
+      ctx.spinner.stop();
+      outputJson({
+        success: true,
+        action: "delete",
+        resource: "template-instance",
+        instance,
+        status: "deleted"
+      });
+      return;
+    }
     ctx.spinner.succeed(`Instance "${instance}" deleted`);
   }));
-  tplCmd.command("deploy [template]").description("Deploy a template (from catalog or raw YAML)").option("--name <name>", "Instance name (required when deploying from catalog)").option("--file <path>", "Path to template YAML file").option("--yaml <yaml>", "Template YAML string").option("--set <KEY=VALUE...>", "Set template arguments", (val, prev) => [...prev, val], []).option("--dry-run", "Validate raw template YAML without creating resources").addHelpText("after", `
+  tplCmd.command("deploy [template]").description("Deploy a template (from catalog or raw YAML)").option("--name <name>", "Instance name (defaults to the catalog template name)").option("--file <path>", "Path to template YAML file").option("--yaml <yaml>", "Template YAML string").option("--set <KEY=VALUE...>", "Set template arguments", (val, prev) => [...prev, val], []).option("--dry-run", "Validate raw template YAML without creating resources").option("-o, --output <format>", "Output format (json|table)", "json").addHelpText("after", `
 Examples:
   Catalog:
+    sealos-cli template deploy rybbit
     sealos-cli template deploy perplexica --name my-app --set OPENAI_API_KEY=xxx
 
   Raw:
@@ -6266,8 +6615,12 @@ kind: Template
 ...'
     cat template.yaml | sealos-cli template deploy --dry-run
 `).action(async (template, options) => {
-    const mode = resolveTemplateDeployMode(template, options);
-    await deployTemplate(template, options, mode);
+    try {
+      const mode = resolveTemplateDeployMode(template, options);
+      await deployTemplate(template, options, mode);
+    } catch (error2) {
+      handleError(error2);
+    }
   });
   return tplCmd;
 }
@@ -6276,7 +6629,7 @@ __name(createTemplateCommand, "createTemplateCommand");
 // package.json
 var package_default = {
   name: "sealos-cli",
-  version: "1.1.1",
+  version: "1.1.3",
   description: "Official CLI tool for Sealos Cloud - Manage auth, workspaces, devboxes, databases, and templates",
   types: "dist/main.d.ts",
   type: "module",