simplemdg-dev-cli 1.5.1 → 2.4.4

package/dist/commands/cf.command.js

@@ -1,28 +1,39 @@
-import path from "node:path";
-import { spawn } from "node:child_process";
-import nodeFs from "node:fs";
-import fs from "fs-extra";
-import chalk from "chalk";
-import prompts from "prompts";
-import { authenticateCloudFoundry, buildCloudFoundryTargetKey, listCloudFoundryApps, inferCloudFoundryRegionFromApiEndpoint, listCloudFoundryOrganizations, listCloudFoundrySpaces, readCloudFoundryTarget, scanCloudFoundryOrganizationsAcrossRegions, setCloudFoundryApiEndpoint, targetCloudFoundryOrg, targetCloudFoundrySpace, } from "../core/cf.js";
-import { parseCloudFoundryEnvironment } from "../core/cf-env-parser.js";
-import { readCache, rememberCloudFoundryApps, rememberCloudFoundryLoginProfile, rememberCloudFoundryOrgEntries, rememberEnvironmentFileName, rememberSelectedApp, } from "../core/cache.js";
-import { runCommand, runCommandInherit } from "../core/process.js";
-import { resolveRepositoryPath } from "../core/repository.js";
-import { searchableSelectChoice, selectFromHistoryOrInput } from "../core/prompts.js";
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerCloudFoundryCommands = registerCloudFoundryCommands;
+const node_path_1 = __importDefault(require("node:path"));
+const node_child_process_1 = require("node:child_process");
+const node_crypto_1 = __importDefault(require("node:crypto"));
+const node_net_1 = __importDefault(require("node:net"));
+const node_fs_1 = __importDefault(require("node:fs"));
+const fs_extra_1 = __importDefault(require("fs-extra"));
+const chalk_1 = __importDefault(require("chalk"));
+const cf_db_command_1 = require("./cf-db.command");
+const prompts_1 = __importDefault(require("prompts"));
+const cf_1 = require("../core/cf");
+const cf_env_parser_1 = require("../core/cf-env-parser");
+const cache_1 = require("../core/cache");
+const process_1 = require("../core/process");
+const repository_1 = require("../core/repository");
+const prompts_2 = require("../core/prompts");
+const tooling_1 = require("../core/tooling");
 function validateRequired(value) {
     return value.trim() ? true : "Value is required";
 }
 async function ensureCloudFoundrySessionFromCache() {
-    const target = await readCloudFoundryTarget();
+    await (0, tooling_1.ensureExternalTool)("cf");
+    const target = await (0, cf_1.readCloudFoundryTarget)();
     if (target.apiEndpoint && target.user) {
         return target;
     }
-    const cache = await readCache();
+    const cache = await (0, cache_1.readCache)();
     const profilesWithPassword = cache.cloudFoundry.loginProfiles.filter((profile) => profile.password?.trim());
     if (!profilesWithPassword.length) {
-        console.log(chalk.yellow("You are not logged in to Cloud Foundry yet and no cached password was found."));
-        console.log(chalk.gray("Run smdg cf login once and choose to save the password for automatic re-login."));
+        console.log(chalk_1.default.yellow("You are not logged in to Cloud Foundry yet and no cached password was found."));
+        console.log(chalk_1.default.gray("Run smdg cf login once and choose to save the password for automatic re-login."));
         throw new Error("Cloud Foundry login is required");
     }
     const preferredProfiles = target.apiEndpoint
@@ -33,22 +44,22 @@ async function ensureCloudFoundrySessionFromCache() {
         : profilesWithPassword;
     const selectedProfileIndex = preferredProfiles.length === 1
         ? "0"
-        : await searchableSelectChoice({
+        : await (0, prompts_2.searchableSelectChoice)({
             message: "Select cached CF login profile for automatic re-login",
             choices: preferredProfiles.map((profile, index) => ({
-                title: `${profile.username} · ${profile.org}${profile.space ? `/${profile.space}` : ""} · ${inferCloudFoundryRegionFromApiEndpoint(profile.apiEndpoint)}`,
+                title: `${profile.username} · ${profile.org}${profile.space ? `/${profile.space}` : ""} · ${(0, cf_1.inferCloudFoundryRegionFromApiEndpoint)(profile.apiEndpoint)}`,
                 value: String(index),
             })),
             allowCustomValue: false,
         });
     const profile = preferredProfiles[Number(selectedProfileIndex)] ?? preferredProfiles[0];
-    console.log(chalk.gray(`Auto login CF: ${profile.username} · ${inferCloudFoundryRegionFromApiEndpoint(profile.apiEndpoint)} · ${profile.org}${profile.space ? `/${profile.space}` : ""}`));
-    const apiExitCode = await setCloudFoundryApiEndpoint(profile.apiEndpoint);
+    console.log(chalk_1.default.gray(`Auto login CF: ${profile.username} · ${(0, cf_1.inferCloudFoundryRegionFromApiEndpoint)(profile.apiEndpoint)} · ${profile.org}${profile.space ? `/${profile.space}` : ""}`));
+    const apiExitCode = await (0, cf_1.setCloudFoundryApiEndpoint)(profile.apiEndpoint);
     if (apiExitCode !== 0) {
         process.exitCode = apiExitCode;
         throw new Error("CF api target failed");
     }
-    const authExitCode = await authenticateCloudFoundry({
+    const authExitCode = await (0, cf_1.authenticateCloudFoundry)({
         username: profile.username,
         password: profile.password,
     });
@@ -56,23 +67,88 @@ async function ensureCloudFoundrySessionFromCache() {
         process.exitCode = authExitCode;
         throw new Error("CF automatic login failed. Run smdg cf login and update the cached password.");
     }
-    const orgExitCode = await targetCloudFoundryOrg(profile.org);
+    const orgExitCode = await (0, cf_1.targetCloudFoundryOrg)(profile.org);
     if (orgExitCode !== 0) {
         process.exitCode = orgExitCode;
         throw new Error("CF org target failed");
     }
     if (profile.space) {
-        const spaceExitCode = await targetCloudFoundrySpace(profile.space);
+        const spaceExitCode = await (0, cf_1.targetCloudFoundrySpace)(profile.space);
         if (spaceExitCode !== 0) {
             process.exitCode = spaceExitCode;
             throw new Error("CF space target failed");
         }
     }
-    await rememberCloudFoundryLoginProfile({
+    await (0, cache_1.rememberCloudFoundryLoginProfile)({
         ...profile,
         updatedAt: new Date().toISOString(),
     });
-    return readCloudFoundryTarget();
+    return (0, cf_1.readCloudFoundryTarget)();
+}
+function sortCloudFoundryProfilesForEndpoint(options) {
+    const profilesWithPassword = options.profiles.filter((profile) => profile.password?.trim());
+    return [
+        ...profilesWithPassword.filter((profile) => profile.apiEndpoint === options.apiEndpoint && profile.org === options.preferredOrg),
+        ...profilesWithPassword.filter((profile) => profile.apiEndpoint === options.apiEndpoint && profile.org !== options.preferredOrg),
+        ...profilesWithPassword.filter((profile) => profile.apiEndpoint !== options.apiEndpoint && profile.org === options.preferredOrg),
+        ...profilesWithPassword.filter((profile) => profile.apiEndpoint !== options.apiEndpoint && profile.org !== options.preferredOrg),
+    ].filter((profile, index, array) => {
+        return array.findIndex((item) => {
+            return item.apiEndpoint === profile.apiEndpoint
+                && item.username === profile.username
+                && item.password === profile.password
+                && item.org === profile.org
+                && item.space === profile.space;
+        }) === index;
+    });
+}
+async function ensureCloudFoundryAuthenticatedForApiEndpoint(options) {
+    const apiExitCode = await (0, cf_1.setCloudFoundryApiEndpoint)(options.apiEndpoint);
+    if (apiExitCode !== 0) {
+        process.exitCode = apiExitCode;
+        throw new Error(`Cannot set CF API endpoint: ${options.apiEndpoint}`);
+    }
+    const orgsCheck = await (0, process_1.runCommand)("cf", ["orgs"]);
+    if (orgsCheck.exitCode === 0) {
+        return undefined;
+    }
+    const cache = await (0, cache_1.readCache)();
+    const profiles = sortCloudFoundryProfilesForEndpoint({
+        profiles: cache.cloudFoundry.loginProfiles,
+        apiEndpoint: options.apiEndpoint,
+        preferredOrg: options.preferredOrg,
+    });
+    if (!profiles.length) {
+        console.log(chalk_1.default.yellow(`Not logged in to ${(0, cf_1.inferCloudFoundryRegionFromApiEndpoint)(options.apiEndpoint)} and no cached password was found for automatic login.`));
+        console.log(chalk_1.default.gray("Run smdg cf login once, choose to save password, then retry this command."));
+        throw new Error("Cloud Foundry automatic login is required");
+    }
+    let lastError = orgsCheck.stderr || orgsCheck.stdout || "cf orgs failed";
+    for (const profile of profiles) {
+        console.log(chalk_1.default.gray(`Auto auth CF ${(0, cf_1.inferCloudFoundryRegionFromApiEndpoint)(options.apiEndpoint)} as ${profile.username}...`));
+        const authExitCode = await (0, cf_1.authenticateCloudFoundry)({
+            username: profile.username,
+            password: profile.password,
+        });
+        if (authExitCode !== 0) {
+            lastError = `cf auth failed for ${profile.username}`;
+            continue;
+        }
+        const nextOrgsCheck = await (0, process_1.runCommand)("cf", ["orgs"]);
+        if (nextOrgsCheck.exitCode === 0) {
+            const updatedProfile = {
+                ...profile,
+                apiEndpoint: options.apiEndpoint,
+                org: options.preferredOrg || profile.org,
+                space: options.preferredSpace || profile.space,
+                updatedAt: new Date().toISOString(),
+            };
+            await (0, cache_1.rememberCloudFoundryLoginProfile)(updatedProfile);
+            return updatedProfile;
+        }
+        lastError = nextOrgsCheck.stderr || nextOrgsCheck.stdout || lastError;
+    }
+    throw new Error(`CF automatic login failed for ${options.apiEndpoint}. ${lastError}`);
 }
 function buildCloudFoundryLogsArgs(options) {
     const args = ["logs", options.appName];
@@ -100,13 +176,20 @@ function buildNodeInspectorRemoteCommand(remotePort) {
             `exit 2`,
         ].join("; ");
     }
-    return [
-        `PID=$(pgrep -xo node 2>/dev/null || pgrep -x node 2>/dev/null | head -n 1 || ps -eo pid,args 2>/dev/null | awk '/[n]ode|[c]ds/ {print $1; exit}')`,
-        `if [ -z "$PID" ]; then echo "No Node.js PID found in app container. The app may not be a Node.js app, or Node is hidden behind a launcher. Use prepare mode: Set NODE_OPTIONS and restart app." >&2; ps -eo pid,args 2>/dev/null | head -n 30 >&2; exit 1; fi`,
-        `if command -v ss >/dev/null 2>&1 && ss -H -ntl "sport = :9229" | grep -q .; then echo "Node inspector already listening on 127.0.0.1:9229"`,
-        `else kill -s SIGUSR1 "$PID" && echo "Started Node inspector for PID $PID on 127.0.0.1:9229"; fi`,
+    const detectNodePidScript = [
+        `PID=""`,
+        `if command -v pgrep >/dev/null 2>&1; then PID=$(pgrep -f "(^|/| )node( |$)" 2>/dev/null | head -n 1 || true); fi`,
+        `if [ -z "$PID" ]; then PID=$(ps -eo pid=,args= 2>/dev/null | awk '/[n]ode/ && $0 !~ /awk/ && $0 !~ /pgrep/ {print $1; exit}'); fi`,
+        `if [ -z "$PID" ]; then echo "No Node.js PID found in app container. Use prepare mode: Set NODE_OPTIONS and restart app." >&2; ps -eo pid,args 2>/dev/null | head -n 40 >&2; exit 1; fi`,
+        `echo "Detected Node.js PID: $PID"`,
+        `if command -v ss >/dev/null 2>&1 && ss -H -ntl "sport = :9229" | grep -q .; then echo "Node inspector already listening on 127.0.0.1:9229"; tail -f /dev/null; fi`,
+        `if command -v netstat >/dev/null 2>&1 && netstat -ntl 2>/dev/null | awk '{print $4}' | grep -Eq '(^|:)9229$'; then echo "Node inspector already listening on 127.0.0.1:9229"; tail -f /dev/null; fi`,
+        `kill -USR1 "$PID" || { echo "Cannot send SIGUSR1 to Node.js PID $PID. Use prepare mode: Set NODE_OPTIONS and restart app." >&2; exit 1; }`,
+        `echo "Requested Node inspector for PID $PID on 127.0.0.1:9229"`,
+        `COUNT=0; while [ "$COUNT" -lt 20 ]; do if command -v ss >/dev/null 2>&1 && ss -H -ntl "sport = :9229" | grep -q .; then echo "Node inspector is listening on 127.0.0.1:9229"; break; fi; if command -v netstat >/dev/null 2>&1 && netstat -ntl 2>/dev/null | awk '{print $4}' | grep -Eq '(^|:)9229$'; then echo "Node inspector is listening on 127.0.0.1:9229"; break; fi; COUNT=$((COUNT + 1)); sleep 1; done`,
         `tail -f /dev/null`,
-    ].join("; ");
+    ];
+    return detectNodePidScript.join("; ");
 }
 function buildKeepAliveRemoteCommand() {
     return [
@@ -131,7 +214,7 @@ function buildCloudFoundryDebugSshArgs(options) {
     return args;
 }
 async function selectNodeInspectorPrepareMode(options) {
-    return searchableSelectChoice({
+    return (0, prompts_2.searchableSelectChoice)({
         message: "Prepare Node.js inspector",
         choices: [
             {
@@ -154,14 +237,14 @@ async function selectNodeInspectorPrepareMode(options) {
     });
 }
 async function ensureSshEnabledForDebug(appName) {
-    const sshEnabledResult = await runCommand("cf", ["ssh-enabled", appName]);
+    const sshEnabledResult = await (0, process_1.runCommand)("cf", ["ssh-enabled", appName]);
     const combinedOutput = `${sshEnabledResult.stdout}
 ${sshEnabledResult.stderr}`;
     if (sshEnabledResult.exitCode === 0 && /enabled/i.test(combinedOutput) && !/not enabled/i.test(combinedOutput)) {
         return;
     }
-    console.log(chalk.yellow("SSH is not enabled for this app. Enabling SSH..."));
-    const enableResult = await runCommand("cf", ["enable-ssh", appName]);
+    console.log(chalk_1.default.yellow("SSH is not enabled for this app. Enabling SSH..."));
+    const enableResult = await (0, process_1.runCommand)("cf", ["enable-ssh", appName]);
     if (enableResult.stdout)
         console.log(enableResult.stdout);
     if (enableResult.stderr)
@@ -172,8 +255,8 @@ ${sshEnabledResult.stderr}`;
 }
 async function setNodeInspectorEnvironmentAndRestart(options) {
     const nodeOptions = `--inspect=0.0.0.0:${options.remotePort} --enable-source-maps`;
-    console.log(chalk.gray(`Setting NODE_OPTIONS for ${options.appName}: ${nodeOptions}`));
-    const setEnvResult = await runCommand("cf", ["set-env", options.appName, "NODE_OPTIONS", nodeOptions]);
+    console.log(chalk_1.default.gray(`Setting NODE_OPTIONS for ${options.appName}: ${nodeOptions}`));
+    const setEnvResult = await (0, process_1.runCommand)("cf", ["set-env", options.appName, "NODE_OPTIONS", nodeOptions]);
     if (setEnvResult.stdout)
         console.log(setEnvResult.stdout);
     if (setEnvResult.stderr)
@@ -181,8 +264,8 @@ async function setNodeInspectorEnvironmentAndRestart(options) {
     if (setEnvResult.exitCode !== 0) {
         throw new Error("cf set-env NODE_OPTIONS failed");
     }
-    console.log(chalk.yellow("Restarting app so NODE_OPTIONS takes effect..."));
-    const restartExitCode = await runCommandInherit("cf", ["restart", options.appName]);
+    console.log(chalk_1.default.yellow("Restarting app so NODE_OPTIONS takes effect..."));
+    const restartExitCode = await (0, process_1.runCommandInherit)("cf", ["restart", options.appName]);
     if (restartExitCode !== 0) {
         throw new Error(`cf restart ${options.appName} failed`);
     }
@@ -216,23 +299,23 @@ async function waitForNodeInspectorDebugUrl(localPort, timeoutMs = 10000) {
         await new Promise((resolve) => setTimeout(resolve, 500));
     }
     if (lastError instanceof Error) {
-        console.log(chalk.gray(`Could not read inspector JSON yet: ${lastError.message}`));
+        console.log(chalk_1.default.gray(`Could not read inspector JSON yet: ${lastError.message}`));
     }
     return undefined;
 }
 function printNodeInspectorAttachInfo(options) {
     console.log("");
-    console.log(chalk.green(`Debug tunnel is ready for ${options.appName} instance ${options.instanceIndex}.`));
-    console.log(`Chrome inspect: ${chalk.cyan("chrome://inspect")}`);
-    console.log(`Local inspector JSON: ${chalk.cyan(`http://127.0.0.1:${options.localPort}/json/list`)}`);
+    console.log(chalk_1.default.green(`Debug tunnel is ready for ${options.appName} instance ${options.instanceIndex}.`));
+    console.log(`Chrome inspect: ${chalk_1.default.cyan("chrome://inspect")}`);
+    console.log(`Local inspector JSON: ${chalk_1.default.cyan(`http://127.0.0.1:${options.localPort}/json/list`)}`);
     if (options.debugUrl) {
-        console.log(`Direct DevTools link: ${chalk.cyan(options.debugUrl)}`);
+        console.log(`Direct DevTools link: ${chalk_1.default.cyan(options.debugUrl)}`);
     }
     else {
-        console.log(chalk.yellow("Direct DevTools link was not detected yet. Open chrome://inspect and configure localhost target."));
+        console.log(chalk_1.default.yellow("Direct DevTools link was not detected yet. Open chrome://inspect and configure localhost target."));
     }
     console.log("");
-    console.log(chalk.gray("VS Code attach config:"));
+    console.log(chalk_1.default.gray("VS Code attach config:"));
     console.log(JSON.stringify({
         type: "node",
         request: "attach",
@@ -244,7 +327,7 @@ function printNodeInspectorAttachInfo(options) {
         skipFiles: ["<node_internals>/**"],
     }, null, 2));
     console.log("");
-    console.log(chalk.gray("Keep this terminal open. Press Ctrl+C to close the debug tunnel."));
+    console.log(chalk_1.default.gray("Keep this terminal open. Press Ctrl+C to close the debug tunnel."));
 }
 function buildVscodeNodeAttachConfiguration(options) {
     return {
@@ -266,21 +349,21 @@ function buildVscodeNodeAttachConfiguration(options) {
     };
 }
 async function writeVscodeLaunchConfiguration(options) {
-    const vscodeDirectoryPath = path.resolve(options.cwd, ".vscode");
-    const launchJsonPath = path.join(vscodeDirectoryPath, "launch.json");
+    const vscodeDirectoryPath = node_path_1.default.resolve(options.cwd, ".vscode");
+    const launchJsonPath = node_path_1.default.join(vscodeDirectoryPath, "launch.json");
     const configuration = buildVscodeNodeAttachConfiguration({
         appName: options.appName,
         localPort: options.localPort,
         remoteRoot: options.remoteRoot ?? "/home/vcap/app",
     });
-    await fs.ensureDir(vscodeDirectoryPath);
+    await fs_extra_1.default.ensureDir(vscodeDirectoryPath);
     let launchJson = {
         version: "0.2.0",
         configurations: [],
     };
-    if (await fs.pathExists(launchJsonPath)) {
+    if (await fs_extra_1.default.pathExists(launchJsonPath)) {
         try {
-            const currentContent = await fs.readFile(launchJsonPath, "utf8");
+            const currentContent = await fs_extra_1.default.readFile(launchJsonPath, "utf8");
             const parsed = JSON.parse(currentContent);
             launchJson = {
                 version: typeof parsed.version === "string" ? parsed.version : "0.2.0",
@@ -289,8 +372,8 @@ async function writeVscodeLaunchConfiguration(options) {
         }
         catch {
             const backupPath = `${launchJsonPath}.backup-${Date.now()}`;
-            await fs.copyFile(launchJsonPath, backupPath);
-            console.log(chalk.yellow(`Existing launch.json is not valid JSON. Backup created: ${backupPath}`));
+            await fs_extra_1.default.copyFile(launchJsonPath, backupPath);
+            console.log(chalk_1.default.yellow(`Existing launch.json is not valid JSON. Backup created: ${backupPath}`));
         }
     }
     const configurationName = String(configuration.name);
@@ -301,41 +384,41 @@ async function writeVscodeLaunchConfiguration(options) {
     else {
         launchJson.configurations.unshift(configuration);
     }
-    await fs.writeFile(launchJsonPath, `${JSON.stringify(launchJson, null, 2)}\n`, "utf8");
+    await fs_extra_1.default.writeFile(launchJsonPath, `${JSON.stringify(launchJson, null, 2)}\n`, "utf8");
     return launchJsonPath;
 }
 function printVscodeAttachInstructions(options) {
     console.log("");
     if (options.inspectorReady === false) {
-        console.log(chalk.yellow(`VS Code config was created, but the Node inspector is not reachable yet for ${options.appName} instance ${options.instanceIndex}.`));
-        console.log(chalk.yellow("The VS Code debug toolbar appears only after the inspector is reachable and you start the attach config."));
+        console.log(chalk_1.default.yellow(`VS Code config was created, but the Node inspector is not reachable yet for ${options.appName} instance ${options.instanceIndex}.`));
+        console.log(chalk_1.default.yellow("The VS Code debug toolbar appears only after the inspector is reachable and you start the attach config."));
     }
     else {
-        console.log(chalk.green(`VS Code debug config is ready for ${options.appName} instance ${options.instanceIndex}.`));
+        console.log(chalk_1.default.green(`VS Code debug config is ready for ${options.appName} instance ${options.instanceIndex}.`));
     }
-    console.log(`Launch file: ${chalk.cyan(options.launchJsonPath)}`);
-    console.log(`Attach config: ${chalk.cyan(`Attach BTP ${options.appName}`)}`);
-    console.log(`Inspector: ${chalk.cyan(`127.0.0.1:${options.localPort}`)}`);
+    console.log(`Launch file: ${chalk_1.default.cyan(options.launchJsonPath)}`);
+    console.log(`Attach config: ${chalk_1.default.cyan(`Attach BTP ${options.appName}`)}`);
+    console.log(`Inspector: ${chalk_1.default.cyan(`127.0.0.1:${options.localPort}`)}`);
     console.log("");
-    console.log(chalk.cyan("How to start debugging in VS Code:"));
+    console.log(chalk_1.default.cyan("How to start debugging in VS Code:"));
     console.log("1. Keep this terminal open. It owns the CF SSH tunnel.");
     console.log("2. Open VS Code Run and Debug panel with Ctrl+Shift+D.");
-    console.log(`3. Select ${chalk.cyan(`Attach BTP ${options.appName}`)}.`);
+    console.log(`3. Select ${chalk_1.default.cyan(`Attach BTP ${options.appName}`)}.`);
     console.log("4. Press F5 or the green Start Debugging button.");
     console.log("5. Debug buttons such as pause, step over, step into, restart, and stop appear only after attach succeeds.");
     console.log("");
-    console.log(chalk.gray("Press Ctrl+C in this terminal to close the tunnel."));
+    console.log(chalk_1.default.gray("Press Ctrl+C in this terminal to close the tunnel."));
 }
 async function openVisualStudioCode(options) {
     const args = options.debugPanel
         ? ["--reuse-window", options.cwd, "--command", "workbench.view.debug"]
         : [options.cwd];
-    const result = await runCommand("code", args);
+    const result = await (0, process_1.runCommand)("code", args);
     if (result.exitCode !== 0) {
-        console.log(chalk.yellow("Could not open VS Code automatically. Open this folder manually in VS Code."));
-        console.log(chalk.gray("Then open Run and Debug with Ctrl+Shift+D."));
+        console.log(chalk_1.default.yellow("Could not open VS Code automatically. Open this folder manually in VS Code."));
+        console.log(chalk_1.default.gray("Then open Run and Debug with Ctrl+Shift+D."));
         if (result.stderr)
-            console.log(chalk.gray(result.stderr));
+            console.log(chalk_1.default.gray(result.stderr));
     }
 }
 async function selectDebugMode(options) {
@@ -351,7 +434,7 @@ async function selectDebugMode(options) {
         return "chrome";
     if (options.vscode)
         return "vscode";
-    return searchableSelectChoice({
+    return (0, prompts_2.searchableSelectChoice)({
         message: "Select debug mode",
         choices: [
             {
@@ -396,9 +479,9 @@ async function maybeSwitchCloudFoundryTargetForDebug(options) {
     const currentTargetLabel = [
         target.org ? `org: ${target.org}` : "org: N/A",
         target.space ? `space: ${target.space}` : "space: N/A",
-        target.apiEndpoint ? inferCloudFoundryRegionFromApiEndpoint(target.apiEndpoint) : "current region",
+        target.apiEndpoint ? (0, cf_1.inferCloudFoundryRegionFromApiEndpoint)(target.apiEndpoint) : "current region",
     ].join(" · ");
-    const action = await searchableSelectChoice({
+    const action = await (0, prompts_2.searchableSelectChoice)({
         message: "Select BTP target for debug",
         choices: [
             { title: `Use current target (${currentTargetLabel})`, value: "current" },
@@ -414,7 +497,7 @@ async function selectDebugInstance(options) {
     if (options.instance?.trim()) {
         return options.instance.trim();
     }
-    return searchableSelectChoice({
+    return (0, prompts_2.searchableSelectChoice)({
         message: "Select app instance index",
         choices: [
             { title: "0", value: "0" },
@@ -430,7 +513,7 @@ async function selectDebugPort(options) {
     if (options.value?.trim()) {
         return parsePositivePort(options.value, options.defaultPort);
     }
-    const portValue = await searchableSelectChoice({
+    const portValue = await (0, prompts_2.searchableSelectChoice)({
         message: options.message,
         choices: [
             { title: `${options.defaultPort} recommended`, value: String(options.defaultPort) },
@@ -493,10 +576,10 @@ function writeFilteredLogChunk(chunk, options) {
     options.outputStream?.write(outputText);
 }
 async function refreshAppsCacheForCurrentTarget() {
-    const target = await readCloudFoundryTarget();
-    const targetKey = buildCloudFoundryTargetKey(target);
-    const apps = await listCloudFoundryApps();
-    await rememberCloudFoundryApps(targetKey, apps);
+    const target = await (0, cf_1.readCloudFoundryTarget)();
+    const targetKey = (0, cf_1.buildCloudFoundryTargetKey)(target);
+    const apps = await (0, cf_1.listCloudFoundryApps)();
+    await (0, cache_1.rememberCloudFoundryApps)(targetKey, apps);
     return apps;
 }
 function refreshAppsCacheInDetachedProcess() {
@@ -504,7 +587,7 @@ function refreshAppsCacheInDetachedProcess() {
     if (!entryFilePath) {
         return;
     }
-    const childProcess = spawn(process.execPath, [entryFilePath, "cf", "apps-cache-refresh"], {
+    const childProcess = (0, node_child_process_1.spawn)(process.execPath, [entryFilePath, "cf", "apps-cache-refresh"], {
         detached: true,
         stdio: "ignore",
         windowsHide: true,
@@ -512,12 +595,13 @@ function refreshAppsCacheInDetachedProcess() {
     childProcess.unref();
 }
 async function getAppsWithCache(options) {
+    await ensureCloudFoundrySessionFromCache();
     if (options.refresh) {
         return refreshAppsCacheForCurrentTarget();
     }
-    const target = await readCloudFoundryTarget();
-    const targetKey = buildCloudFoundryTargetKey(target);
-    const cache = await readCache();
+    const target = await (0, cf_1.readCloudFoundryTarget)();
+    const targetKey = (0, cf_1.buildCloudFoundryTargetKey)(target);
+    const cache = await (0, cache_1.readCache)();
     const cachedEntry = cache.cloudFoundry.appListsByTarget[targetKey];
     if (cachedEntry?.apps.length) {
         if (options.startBackgroundRefresh) {
@@ -529,16 +613,16 @@ async function getAppsWithCache(options) {
 }
 async function resolveAppSelection(options) {
     if (options.app?.trim()) {
-        await rememberSelectedApp(options.app.trim());
+        await (0, cache_1.rememberSelectedApp)(options.app.trim());
         return options.app.trim();
     }
     const apps = await getAppsWithCache({ refresh: options.refresh, startBackgroundRefresh: !options.refresh });
-    const cache = await readCache();
+    const cache = await (0, cache_1.readCache)();
     const cachedSelectedAppNames = cache.cloudFoundry.selectedApps;
     const cachedSelectedApps = cachedSelectedAppNames
         .filter((appName) => !apps.some((app) => app.name === appName))
-        .map((appName) => ({ title: `${appName} ${chalk.gray("cached selected")}`, value: appName }));
-    const appName = await searchableSelectChoice({
+        .map((appName) => ({ title: `${appName} ${chalk_1.default.gray("cached selected")}`, value: appName }));
+    const appName = await (0, prompts_2.searchableSelectChoice)({
         message: options.message,
         choices: [
             ...apps.map((app) => ({
@@ -550,7 +634,7 @@ async function resolveAppSelection(options) {
         validateCustomValue: validateRequired,
         customValueTitle: (value) => `Use typed app name: ${value}`,
     });
-    await rememberSelectedApp(appName);
+    await (0, cache_1.rememberSelectedApp)(appName);
     return appName;
 }
 function printTarget(target) {
@@ -562,15 +646,24 @@ function printTarget(target) {
 const DEFAULT_CLOUD_FOUNDRY_API_ENDPOINTS = [
     "https://api.cf.br10.hana.ondemand.com",
     "https://api.cf.eu10.hana.ondemand.com",
+    "https://api.cf.eu10-004.hana.ondemand.com",
+    "https://api.cf.eu10-005.hana.ondemand.com",
+    "https://api.cf.eu20.hana.ondemand.com",
+    "https://api.cf.eu20-001.hana.ondemand.com",
+    "https://api.cf.eu20-002.hana.ondemand.com",
     "https://api.cf.us10.hana.ondemand.com",
+    "https://api.cf.us10-001.hana.ondemand.com",
+    "https://api.cf.us11.hana.ondemand.com",
+    "https://api.cf.us20.hana.ondemand.com",
+    "https://api.cf.us21.hana.ondemand.com",
     "https://api.cf.ap10.hana.ondemand.com",
     "https://api.cf.ap11.hana.ondemand.com",
+    "https://api.cf.ap20.hana.ondemand.com",
     "https://api.cf.ap21.hana.ondemand.com",
     "https://api.cf.jp10.hana.ondemand.com",
     "https://api.cf.ca10.hana.ondemand.com",
     "https://api.cf.ch20.hana.ondemand.com",
-    "https://api.cf.eu20.hana.ondemand.com",
-    "https://api.cf.us20.hana.ondemand.com",
+    "https://api.cf.sa10.hana.ondemand.com",
 ];
 function uniqueValues(values) {
     return [...new Set(values.map((value) => value.trim()).filter(Boolean))];
@@ -585,7 +678,7 @@ async function selectCloudFoundryApiEndpoint(options) {
     }
     const choices = [
         ...cachedApiEndpoints.map((apiEndpoint) => ({
-            title: `${apiEndpoint} ${chalk.gray("cached")}`,
+            title: `${apiEndpoint} ${chalk_1.default.gray("cached")}`,
             value: apiEndpoint,
         })),
         ...DEFAULT_CLOUD_FOUNDRY_API_ENDPOINTS
@@ -593,7 +686,7 @@ async function selectCloudFoundryApiEndpoint(options) {
             .map((apiEndpoint) => ({ title: apiEndpoint, value: apiEndpoint })),
         { title: "Enter CF API endpoint manually", value: "__ENTER_MANUAL__" },
     ];
-    return searchableSelectChoice({
+    return (0, prompts_2.searchableSelectChoice)({
         message: "Select CF API endpoint",
         choices: choices.filter((choice) => choice.value !== "__ENTER_MANUAL__"),
         validateCustomValue: validateRequired,
@@ -604,16 +697,16 @@ async function selectCloudFoundryOrganization(options) {
     if (options.org?.trim()) {
         return options.org.trim();
     }
-    const organizations = await listCloudFoundryOrganizations();
+    const organizations = await (0, cf_1.listCloudFoundryOrganizations)();
     if (organizations.length === 0) {
-        return selectFromHistoryOrInput({
+        return (0, prompts_2.selectFromHistoryOrInput)({
             message: "Select CF org",
             values: options.cachedOrganizations,
             initialValue: options.cachedOrganizations[0],
             validate: validateRequired,
         });
     }
-    return searchableSelectChoice({
+    return (0, prompts_2.searchableSelectChoice)({
         message: "Select CF org",
         choices: organizations.map((organization) => ({ title: organization, value: organization })),
         validateCustomValue: validateRequired,
@@ -624,16 +717,16 @@ async function selectCloudFoundrySpace(options) {
     if (options.space?.trim()) {
         return options.space.trim();
     }
-    const spaces = await listCloudFoundrySpaces();
+    const spaces = await (0, cf_1.listCloudFoundrySpaces)();
     if (spaces.length === 0) {
-        return selectFromHistoryOrInput({
+        return (0, prompts_2.selectFromHistoryOrInput)({
             message: "Select CF space",
             values: options.cachedSpaces,
             initialValue: options.cachedSpaces[0] ?? "app",
         });
     }
     const initialSpace = spaces.includes("app") ? "app" : spaces[0];
-    return searchableSelectChoice({
+    return (0, prompts_2.searchableSelectChoice)({
         message: "Select CF space",
         choices: [
             ...spaces
@@ -648,13 +741,14 @@ async function selectCloudFoundrySpace(options) {
     });
 }
 async function runLoginCommand(options) {
-    const cache = await readCache();
+    await (0, tooling_1.ensureExternalTool)("cf");
+    const cache = await (0, cache_1.readCache)();
     const lastProfile = cache.cloudFoundry.loginProfiles[0];
     const apiEndpoint = await selectCloudFoundryApiEndpoint({
         api: options.api,
         cachedApiEndpoints: cache.cloudFoundry.loginProfiles.map((item) => item.apiEndpoint),
     });
-    const username = options.username ?? await selectFromHistoryOrInput({
+    const username = options.username ?? await (0, prompts_2.selectFromHistoryOrInput)({
         message: "Select CF username",
         values: cache.cloudFoundry.loginProfiles.map((item) => item.username),
         initialValue: lastProfile?.username,
@@ -663,7 +757,7 @@ async function runLoginCommand(options) {
     let password = options.password ?? lastProfile?.password;
     let shouldSavePassword = options.savePassword ?? false;
     if (!password) {
-        const response = await prompts({
+        const response = await (0, prompts_1.default)({
             type: "password",
             name: "password",
             message: "Enter CF password",
@@ -675,7 +769,7 @@ async function runLoginCommand(options) {
         password = response.password;
     }
     else {
-        const response = await prompts({
+        const response = await (0, prompts_1.default)({
             type: "select",
             name: "useCachedPassword",
             message: "Use cached password?",
@@ -686,7 +780,7 @@ async function runLoginCommand(options) {
             initial: 0,
         });
         if (!response.useCachedPassword) {
-            const passwordResponse = await prompts({
+            const passwordResponse = await (0, prompts_1.default)({
                 type: "password",
                 name: "password",
                 message: "Enter CF password",
@@ -699,7 +793,7 @@ async function runLoginCommand(options) {
         }
     }
     if (!shouldSavePassword) {
-        const savePasswordResponse = await prompts({
+        const savePasswordResponse = await (0, prompts_1.default)({
             type: "select",
             name: "savePassword",
             message: "Save password for automatic re-login and region scan?",
@@ -711,12 +805,12 @@ async function runLoginCommand(options) {
         });
         shouldSavePassword = Boolean(savePasswordResponse.savePassword);
     }
-    const apiExitCode = await setCloudFoundryApiEndpoint(apiEndpoint);
+    const apiExitCode = await (0, cf_1.setCloudFoundryApiEndpoint)(apiEndpoint);
     if (apiExitCode !== 0) {
         process.exitCode = apiExitCode;
         return;
     }
-    const authExitCode = await authenticateCloudFoundry({ username, password });
+    const authExitCode = await (0, cf_1.authenticateCloudFoundry)({ username, password });
     if (authExitCode !== 0) {
         process.exitCode = authExitCode;
         return;
@@ -727,7 +821,7 @@ async function runLoginCommand(options) {
             .filter((item) => item.apiEndpoint === apiEndpoint && item.username === username)
             .map((item) => item.org),
     });
-    const orgExitCode = await targetCloudFoundryOrg(org);
+    const orgExitCode = await (0, cf_1.targetCloudFoundryOrg)(org);
     if (orgExitCode !== 0) {
         process.exitCode = orgExitCode;
         return;
@@ -740,13 +834,13 @@ async function runLoginCommand(options) {
             .filter(Boolean),
     });
     if (space) {
-        const spaceExitCode = await targetCloudFoundrySpace(space);
+        const spaceExitCode = await (0, cf_1.targetCloudFoundrySpace)(space);
         if (spaceExitCode !== 0) {
             process.exitCode = spaceExitCode;
             return;
         }
     }
-    await rememberCloudFoundryLoginProfile({
+    await (0, cache_1.rememberCloudFoundryLoginProfile)({
         apiEndpoint,
         username,
         org,
@@ -755,28 +849,29 @@ async function runLoginCommand(options) {
         updatedAt: new Date().toISOString(),
     });
     if (shouldSavePassword) {
-        console.log(chalk.yellow("Password was cached in ~/.simplemdg/cache.json for automatic re-login. Do not use this on shared machines."));
+        console.log(chalk_1.default.yellow("Password was cached in ~/.simplemdg/cache.json for automatic re-login. Do not use this on shared machines."));
     }
-    console.log(chalk.green("CF login completed."));
+    console.log(chalk_1.default.green("CF login completed."));
 }
 function formatCloudFoundryOrgEntry(entry, target) {
     const isCurrent = entry.apiEndpoint === target.apiEndpoint && entry.org === target.org;
     const spaceText = typeof entry.spaceCount === "number"
         ? `${entry.spaceCount} ${entry.spaceCount === 1 ? "space" : "spaces"}`
         : "spaces unknown";
-    return `${entry.org} ${chalk.gray(`${entry.region} · ${spaceText}${isCurrent ? " · current" : ""}`)}`;
+    return `${entry.org} ${chalk_1.default.gray(`${entry.region} · ${spaceText}${isCurrent ? " · current" : ""}`)}`;
 }
 function getCloudFoundryApiEndpointsForOrgSearch(options, target, cache) {
     return uniqueValues([
         options.api ?? "",
         target.apiEndpoint ?? "",
         ...cache.cloudFoundry.loginProfiles.map((item) => item.apiEndpoint),
+        ...cache.cloudFoundry.orgsAcrossRegions.map((item) => item.apiEndpoint),
         ...DEFAULT_CLOUD_FOUNDRY_API_ENDPOINTS,
     ]);
 }
 async function getCloudFoundryOrganizationsAcrossRegions(options) {
-    const target = await readCloudFoundryTarget();
-    const cache = await readCache();
+    const target = await (0, cf_1.readCloudFoundryTarget)();
+    const cache = await (0, cache_1.readCache)();
     const cachedEntries = cache.cloudFoundry.orgsAcrossRegions ?? [];
     const cachedRegionCount = new Set(cachedEntries.map((entry) => entry.region)).size;
     if (!options.refresh && cachedEntries.length && cachedRegionCount > 1) {
@@ -786,21 +881,21 @@ async function getCloudFoundryOrganizationsAcrossRegions(options) {
         });
     }
     const apiEndpoints = getCloudFoundryApiEndpointsForOrgSearch(options, target, cache);
-    console.log(chalk.gray(`Searching CF orgs across ${apiEndpoints.length} region endpoint(s)...`));
+    console.log(chalk_1.default.gray(`Searching CF orgs across ${apiEndpoints.length} region endpoint(s)...`));
     const credentials = cache.cloudFoundry.loginProfiles.map((profile) => ({
         apiEndpoint: profile.apiEndpoint,
         username: profile.username,
         password: profile.password,
     }));
-    const entries = await scanCloudFoundryOrganizationsAcrossRegions(apiEndpoints, credentials);
+    const entries = await (0, cf_1.scanCloudFoundryOrganizationsAcrossRegions)(apiEndpoints, credentials);
     if (entries.length) {
         const regionCount = new Set(entries.map((entry) => entry.region)).size;
-        console.log(chalk.green(`Found ${entries.length} org(s) across ${regionCount} region(s).`));
-        await rememberCloudFoundryOrgEntries(entries);
+        console.log(chalk_1.default.green(`Found ${entries.length} org(s) across ${regionCount} region(s).`));
+        await (0, cache_1.rememberCloudFoundryOrgEntries)(entries);
         return entries;
     }
-    const currentOrganizations = await listCloudFoundryOrganizations().catch(() => []);
-    const currentRegion = target.apiEndpoint ? inferCloudFoundryRegionFromApiEndpoint(target.apiEndpoint) : "current";
+    const currentOrganizations = await (0, cf_1.listCloudFoundryOrganizations)().catch(() => []);
+    const currentRegion = target.apiEndpoint ? (0, cf_1.inferCloudFoundryRegionFromApiEndpoint)(target.apiEndpoint) : "current";
     const fallbackEntries = currentOrganizations.map((organization) => ({
         apiEndpoint: target.apiEndpoint ?? "",
         region: currentRegion,
@@ -808,7 +903,7 @@ async function getCloudFoundryOrganizationsAcrossRegions(options) {
         updatedAt: new Date().toISOString(),
     }));
     if (fallbackEntries.length) {
-        await rememberCloudFoundryOrgEntries(fallbackEntries);
+        await (0, cache_1.rememberCloudFoundryOrgEntries)(fallbackEntries);
     }
     return fallbackEntries;
 }
@@ -818,7 +913,7 @@ async function runOrgCommand(options) {
         ? "list"
         : options.switch
             ? "switch"
-            : await searchableSelectChoice({
+            : await (0, prompts_2.searchableSelectChoice)({
                 message: "What do you want to do with CF org?",
                 choices: [
                     { title: "List orgs across regions", value: "list" },
@@ -836,18 +931,18 @@ async function runOrgCommand(options) {
         refresh: options.refresh,
     });
     const organizationRegionCount = new Set(organizationEntries.map((entry) => entry.region)).size;
-    const latestTarget = await readCloudFoundryTarget();
+    const latestTarget = await (0, cf_1.readCloudFoundryTarget)();
     if (action === "list") {
         printTarget(latestTarget);
         console.log("");
         if (!organizationEntries.length) {
-            console.log(chalk.yellow("No orgs found for current CF user. Run smdg cf login, save the password, then run smdg cf org again."));
+            console.log(chalk_1.default.yellow("No orgs found for current CF user. Run smdg cf login, save the password, then run smdg cf org again."));
             return;
         }
-        console.log(chalk.gray(`Showing ${organizationEntries.length} org(s) across ${organizationRegionCount} region(s).`));
+        console.log(chalk_1.default.gray(`Showing ${organizationEntries.length} org(s) across ${organizationRegionCount} region(s).`));
         console.log("");
         for (const entry of organizationEntries) {
-            const marker = entry.apiEndpoint === latestTarget.apiEndpoint && entry.org === latestTarget.org ? chalk.green("*") : " ";
+            const marker = entry.apiEndpoint === latestTarget.apiEndpoint && entry.org === latestTarget.org ? chalk_1.default.green("*") : " ";
             console.log(`${marker} ${formatCloudFoundryOrgEntry(entry, latestTarget)}`);
         }
         return;
@@ -859,19 +954,19 @@ async function runOrgCommand(options) {
         }) ?? {
             apiEndpoint: options.api?.trim() || latestTarget.apiEndpoint || "",
             region: options.api?.trim()
-                ? inferCloudFoundryRegionFromApiEndpoint(options.api.trim())
-                : inferCloudFoundryRegionFromApiEndpoint(latestTarget.apiEndpoint ?? "current"),
+                ? (0, cf_1.inferCloudFoundryRegionFromApiEndpoint)(options.api.trim())
+                : (0, cf_1.inferCloudFoundryRegionFromApiEndpoint)(latestTarget.apiEndpoint ?? "current"),
             org: options.org.trim(),
             updatedAt: new Date().toISOString(),
         };
     }
     else {
         if (!organizationEntries.length) {
-            console.log(chalk.yellow("No orgs were found across regions."));
-            console.log(chalk.gray("Run smdg cf login and save the password, then run smdg cf org --list --refresh."));
+            console.log(chalk_1.default.yellow("No orgs were found across regions."));
+            console.log(chalk_1.default.gray("Run smdg cf login and save the password, then run smdg cf org --list --refresh."));
             return;
         }
-        const selectedIndex = await searchableSelectChoice({
+        const selectedIndex = await (0, prompts_2.searchableSelectChoice)({
             message: `Search CF org across ${organizationRegionCount} region(s)`,
             choices: organizationEntries.map((entry, index) => ({
                 title: formatCloudFoundryOrgEntry(entry, latestTarget),
@@ -882,7 +977,7 @@ async function runOrgCommand(options) {
         });
         selectedEntry = organizationEntries[Number(selectedIndex)] ?? {
             apiEndpoint: latestTarget.apiEndpoint ?? "",
-            region: inferCloudFoundryRegionFromApiEndpoint(latestTarget.apiEndpoint ?? "current"),
+            region: (0, cf_1.inferCloudFoundryRegionFromApiEndpoint)(latestTarget.apiEndpoint ?? "current"),
             org: selectedIndex,
             updatedAt: new Date().toISOString(),
         };
@@ -890,26 +985,28 @@ async function runOrgCommand(options) {
     if (!selectedEntry.apiEndpoint) {
         throw new Error("Cannot determine CF API endpoint for selected org.");
     }
-    const apiExitCode = await setCloudFoundryApiEndpoint(selectedEntry.apiEndpoint);
-    if (apiExitCode !== 0) {
-        process.exitCode = apiExitCode;
-        return;
-    }
-    const orgExitCode = await targetCloudFoundryOrg(selectedEntry.org);
+    const authenticatedProfile = await ensureCloudFoundryAuthenticatedForApiEndpoint({
+        apiEndpoint: selectedEntry.apiEndpoint,
+        preferredOrg: selectedEntry.org,
+        preferredSpace: options.space,
+        reason: "switch-org",
+    });
+    const orgExitCode = await (0, cf_1.targetCloudFoundryOrg)(selectedEntry.org);
     if (orgExitCode !== 0) {
-        console.log(chalk.yellow("Cannot switch to this org with current CF session. Run smdg cf login for this region, then try again."));
+        console.log(chalk_1.default.yellow("Cannot switch to this org after automatic authentication."));
+        console.log(chalk_1.default.gray("Run smdg cf login, save the password, then try again."));
         process.exitCode = orgExitCode;
         return;
     }
-    const spaces = selectedEntry.spaces?.length ? selectedEntry.spaces : await listCloudFoundrySpaces();
-    const currentTargetAfterOrgSwitch = await readCloudFoundryTarget();
+    const spaces = selectedEntry.spaces?.length ? selectedEntry.spaces : await (0, cf_1.listCloudFoundrySpaces)();
+    const currentTargetAfterOrgSwitch = await (0, cf_1.readCloudFoundryTarget)();
     const preferredSpace = options.space?.trim() || currentTargetAfterOrgSwitch.space || (spaces.includes("app") ? "app" : spaces[0]);
-    const space = options.space?.trim() || await searchableSelectChoice({
+    const space = options.space?.trim() || await (0, prompts_2.searchableSelectChoice)({
         message: "Select CF space",
         choices: [
             ...spaces
                 .filter((spaceName) => spaceName === preferredSpace)
-                .map((spaceName) => ({ title: `${spaceName} ${spaceName === currentTargetAfterOrgSwitch.space ? chalk.gray("current") : chalk.gray("suggested")}`, value: spaceName })),
+                .map((spaceName) => ({ title: `${spaceName} ${spaceName === currentTargetAfterOrgSwitch.space ? chalk_1.default.gray("current") : chalk_1.default.gray("suggested")}`, value: spaceName })),
             ...spaces
                 .filter((spaceName) => spaceName !== preferredSpace)
                 .map((spaceName) => ({ title: spaceName, value: spaceName })),
@@ -918,20 +1015,29 @@ async function runOrgCommand(options) {
         customValueTitle: (value) => `Use typed CF space: ${value}`,
     });
     if (space) {
-        const spaceExitCode = await targetCloudFoundrySpace(space);
+        const spaceExitCode = await (0, cf_1.targetCloudFoundrySpace)(space);
         if (spaceExitCode !== 0) {
             process.exitCode = spaceExitCode;
             return;
         }
     }
-    const switchedTarget = await readCloudFoundryTarget();
-    console.log(chalk.green("CF org/space switched."));
+    if (authenticatedProfile?.password) {
+        await (0, cache_1.rememberCloudFoundryLoginProfile)({
+            ...authenticatedProfile,
+            apiEndpoint: selectedEntry.apiEndpoint,
+            org: selectedEntry.org,
+            space,
+            updatedAt: new Date().toISOString(),
+        });
+    }
+    const switchedTarget = await (0, cf_1.readCloudFoundryTarget)();
+    console.log(chalk_1.default.green("CF org/space switched."));
     printTarget(switchedTarget);
 }
 async function runAppsCommand(options) {
-    const target = await readCloudFoundryTarget();
-    const targetKey = buildCloudFoundryTargetKey(target);
-    const cache = await readCache();
+    const target = await (0, cf_1.readCloudFoundryTarget)();
+    const targetKey = (0, cf_1.buildCloudFoundryTargetKey)(target);
+    const cache = await (0, cache_1.readCache)();
     const cachedEntry = cache.cloudFoundry.appListsByTarget[targetKey];
     printTarget(target);
     console.log("");
@@ -941,12 +1047,12 @@ async function runAppsCommand(options) {
         startBackgroundRefresh: shouldUseCache,
     });
     if (shouldUseCache && cachedEntry) {
-        console.log(chalk.gray(`Using cached cf apps: ${cachedEntry.apps.length} apps, updated at ${cachedEntry.updatedAt}`));
-        console.log(chalk.gray("Refreshing cf apps cache in background. Use --refresh when you want to wait for fresh data."));
+        console.log(chalk_1.default.gray(`Using cached cf apps: ${cachedEntry.apps.length} apps, updated at ${cachedEntry.updatedAt}`));
+        console.log(chalk_1.default.gray("Refreshing cf apps cache in background. Use --refresh when you want to wait for fresh data."));
         console.log("");
     }
     else if (options.refresh) {
-        console.log(chalk.green(`Refreshed cf apps cache for ${targetKey}.`));
+        console.log(chalk_1.default.green(`Refreshed cf apps cache for ${targetKey}.`));
         console.log("");
     }
     if (options.select) {
@@ -962,55 +1068,55 @@ async function runAppsCacheRefreshCommand() {
     await refreshAppsCacheForCurrentTarget();
 }
 async function runBindCommand(options) {
-    const repositoryPath = await resolveRepositoryPath(options.cwd ?? process.cwd());
+    const repositoryPath = await (0, repository_1.resolveRepositoryPath)(options.cwd ?? process.cwd());
     const appName = await resolveAppSelection({ app: options.app, refresh: options.refresh, message: "Select app to cds bind" });
-    const exitCode = await runCommandInherit("cds", ["bind", "--to-app-services", appName], { cwd: repositoryPath });
+    const exitCode = await (0, process_1.runCommandInherit)("cds", ["bind", "--to-app-services", appName], { cwd: repositoryPath });
     process.exitCode = exitCode;
 }
 async function runEnvCommand(options) {
-    const repositoryPath = await resolveRepositoryPath(options.cwd ?? process.cwd());
+    const repositoryPath = await (0, repository_1.resolveRepositoryPath)(options.cwd ?? process.cwd());
     const appName = await resolveAppSelection({ app: options.app, refresh: options.refresh, message: "Select app to export cf env" });
-    const cache = await readCache();
-    const outputFileName = options.out ?? await selectFromHistoryOrInput({
+    const cache = await (0, cache_1.readCache)();
+    const outputFileName = options.out ?? await (0, prompts_2.selectFromHistoryOrInput)({
         message: "Select output env file name",
         values: cache.cloudFoundry.envFileNames,
         initialValue: cache.cloudFoundry.envFileNames[0] ?? "default-env.json",
         validate: validateRequired,
     });
-    const result = await runCommand("cf", ["env", appName]);
+    const result = await (0, process_1.runCommand)("cf", ["env", appName]);
     if (result.exitCode !== 0) {
         throw new Error(result.stderr || result.stdout || "cf env failed");
     }
-    const outputPath = path.resolve(repositoryPath, outputFileName);
+    const outputPath = node_path_1.default.resolve(repositoryPath, outputFileName);
     if (options.raw) {
-        await fs.writeFile(outputPath, result.stdout, "utf8");
+        await fs_extra_1.default.writeFile(outputPath, result.stdout, "utf8");
     }
     else {
-        const parsedEnvironment = parseCloudFoundryEnvironment(result.stdout);
-        await fs.writeJson(outputPath, parsedEnvironment, { spaces: 2 });
+        const parsedEnvironment = (0, cf_env_parser_1.parseCloudFoundryEnvironment)(result.stdout);
+        await fs_extra_1.default.writeJson(outputPath, parsedEnvironment, { spaces: 2 });
     }
-    await rememberSelectedApp(appName);
-    await rememberEnvironmentFileName(outputFileName);
-    console.log(chalk.green(`Exported ${options.raw ? "raw env" : "clean JSON env"} to ${outputPath}`));
+    await (0, cache_1.rememberSelectedApp)(appName);
+    await (0, cache_1.rememberEnvironmentFileName)(outputFileName);
+    console.log(chalk_1.default.green(`Exported ${options.raw ? "raw env" : "clean JSON env"} to ${outputPath}`));
 }
 async function runLogsCommand(options) {
     const appName = await resolveAppSelection({ app: options.app, refresh: options.refresh, message: "Select app to view logs" });
     const shouldFollow = options.follow || !options.recent;
     const shouldReadRecent = options.recent || !shouldFollow;
-    const outputPath = options.out ? path.resolve(process.cwd(), options.out) : undefined;
+    const outputPath = options.out ? node_path_1.default.resolve(process.cwd(), options.out) : undefined;
     if (outputPath) {
-        await fs.ensureDir(path.dirname(outputPath));
+        await fs_extra_1.default.ensureDir(node_path_1.default.dirname(outputPath));
     }
     if (shouldReadRecent && !shouldFollow) {
-        const result = await runCommand("cf", buildCloudFoundryLogsArgs({ appName, recent: true }));
+        const result = await (0, process_1.runCommand)("cf", buildCloudFoundryLogsArgs({ appName, recent: true }));
         const combinedOutput = [result.stdout, result.stderr].filter(Boolean).join("\n");
         const filteredOutput = filterCloudFoundryLogsOutput(combinedOutput, {
             instance: options.instance,
             process: options.process,
         });
         if (outputPath) {
-            await fs.writeFile(outputPath, filteredOutput.endsWith("\n") ? filteredOutput : `${filteredOutput}\n`, "utf8");
-            console.log(chalk.green(`Exported recent logs to ${outputPath}`));
+            await fs_extra_1.default.writeFile(outputPath, filteredOutput.endsWith("\n") ? filteredOutput : `${filteredOutput}\n`, "utf8");
+            console.log(chalk_1.default.green(`Exported recent logs to ${outputPath}`));
         }
         else {
             console.log(filteredOutput);
@@ -1018,12 +1124,12 @@ async function runLogsCommand(options) {
         process.exitCode = result.exitCode;
         return;
     }
-    const outputStream = outputPath ? nodeFs.createWriteStream(outputPath, { flags: "a" }) : undefined;
+    const outputStream = outputPath ? node_fs_1.default.createWriteStream(outputPath, { flags: "a" }) : undefined;
     if (outputPath) {
-        console.log(chalk.gray(`Streaming logs and appending to ${outputPath}`));
+        console.log(chalk_1.default.gray(`Streaming logs and appending to ${outputPath}`));
     }
-    console.log(chalk.gray("Press Ctrl+C to stop realtime logs."));
-    const childProcess = spawn("cf", buildCloudFoundryLogsArgs({ appName, recent: false }), {
+    console.log(chalk_1.default.gray("Press Ctrl+C to stop realtime logs."));
+    const childProcess = (0, node_child_process_1.spawn)("cf", buildCloudFoundryLogsArgs({ appName, recent: false }), {
         stdio: ["ignore", "pipe", "pipe"],
         shell: false,
         windowsHide: true,
@@ -1051,8 +1157,1291 @@ async function runLogsCommand(options) {
         childProcess.on("close", () => resolve());
     });
 }
+function parseWebSocketUrl(value) {
+    const url = new URL(value);
+    return {
+        host: url.hostname,
+        port: Number(url.port || 80),
+        path: `${url.pathname}${url.search}`,
+    };
+}
+async function getNodeInspectorWebSocketUrl(localPort) {
+    const response = await fetch(`http://127.0.0.1:${localPort}/json/list`);
+    if (!response.ok) {
+        return undefined;
+    }
+    const targets = await response.json();
+    return targets.find((target) => target.webSocketDebuggerUrl)?.webSocketDebuggerUrl;
+}
+async function waitForNodeInspectorWebSocketUrl(localPort, timeoutMs = 15000) {
+    const startedAt = Date.now();
+    let lastError;
+    while (Date.now() - startedAt < timeoutMs) {
+        try {
+            const webSocketUrl = await getNodeInspectorWebSocketUrl(localPort);
+            if (webSocketUrl) {
+                return webSocketUrl;
+            }
+        }
+        catch (error) {
+            lastError = error;
+        }
+        await new Promise((resolve) => setTimeout(resolve, 500));
+    }
+    if (lastError instanceof Error) {
+        console.log(chalk_1.default.gray(`Could not read inspector WebSocket yet: ${lastError.message}`));
+    }
+    return undefined;
+}
+function encodeWebSocketFrame(payload) {
+    const payloadBuffer = Buffer.from(payload, "utf8");
+    const maskKey = node_crypto_1.default.randomBytes(4);
+    let header;
+    if (payloadBuffer.length < 126) {
+        header = Buffer.alloc(2);
+        header[0] = 0x81;
+        header[1] = 0x80 | payloadBuffer.length;
+    }
+    else if (payloadBuffer.length <= 0xffff) {
+        header = Buffer.alloc(4);
+        header[0] = 0x81;
+        header[1] = 0x80 | 126;
+        header.writeUInt16BE(payloadBuffer.length, 2);
+    }
+    else {
+        header = Buffer.alloc(10);
+        header[0] = 0x81;
+        header[1] = 0x80 | 127;
+        header.writeBigUInt64BE(BigInt(payloadBuffer.length), 2);
+    }
+    const maskedPayload = Buffer.alloc(payloadBuffer.length);
+    for (let index = 0; index < payloadBuffer.length; index += 1) {
+        maskedPayload[index] = payloadBuffer[index] ^ maskKey[index % 4];
+    }
+    return Buffer.concat([header, maskKey, maskedPayload]);
+}
+function decodeWebSocketFrames(buffer) {
+    const messages = [];
+    let offset = 0;
+    while (offset + 2 <= buffer.length) {
+        const firstByte = buffer[offset];
+        const secondByte = buffer[offset + 1];
+        const opcode = firstByte & 0x0f;
+        const isMasked = Boolean(secondByte & 0x80);
+        let payloadLength = secondByte & 0x7f;
+        let headerLength = 2;
+        if (payloadLength === 126) {
+            if (offset + 4 > buffer.length)
+                break;
+            payloadLength = buffer.readUInt16BE(offset + 2);
+            headerLength = 4;
+        }
+        else if (payloadLength === 127) {
+            if (offset + 10 > buffer.length)
+                break;
+            const longLength = buffer.readBigUInt64BE(offset + 2);
+            if (longLength > BigInt(Number.MAX_SAFE_INTEGER)) {
+                throw new Error("WebSocket frame is too large");
+            }
+            payloadLength = Number(longLength);
+            headerLength = 10;
+        }
+        const maskLength = isMasked ? 4 : 0;
+        const frameLength = headerLength + maskLength + payloadLength;
+        if (offset + frameLength > buffer.length) {
+            break;
+        }
+        let payload = buffer.subarray(offset + headerLength + maskLength, offset + frameLength);
+        if (isMasked) {
+            const maskKey = buffer.subarray(offset + headerLength, offset + headerLength + 4);
+            const unmaskedPayload = Buffer.alloc(payload.length);
+            for (let index = 0; index < payload.length; index += 1) {
+                unmaskedPayload[index] = payload[index] ^ maskKey[index % 4];
+            }
+            payload = unmaskedPayload;
+        }
+        if (opcode === 0x1) {
+            messages.push(payload.toString("utf8"));
+        }
+        offset += frameLength;
+    }
+    return { messages, remaining: buffer.subarray(offset) };
+}
+async function sendInspectorEvaluateCommand(options) {
+    const connection = parseWebSocketUrl(options.webSocketUrl);
+    const timeoutMs = options.timeoutMs ?? 10000;
+    const key = node_crypto_1.default.randomBytes(16).toString("base64");
+    const request = [
+        `GET ${connection.path} HTTP/1.1`,
+        `Host: ${connection.host}:${connection.port}`,
+        "Upgrade: websocket",
+        "Connection: Upgrade",
+        `Sec-WebSocket-Key: ${key}`,
+        "Sec-WebSocket-Version: 13",
+        "",
+        "",
+    ].join("\r\n");
+    await new Promise((resolve, reject) => {
+        const socket = node_net_1.default.createConnection({ host: connection.host, port: connection.port });
+        const commandId = 1;
+        let isHandshakeComplete = false;
+        let handshakeBuffer = Buffer.alloc(0);
+        let frameBuffer = Buffer.alloc(0);
+        const timer = setTimeout(() => {
+            socket.destroy();
+            reject(new Error("Inspector Runtime.evaluate timed out"));
+        }, timeoutMs);
+        const cleanup = () => {
+            clearTimeout(timer);
+            socket.removeAllListeners();
+            socket.end();
+            socket.destroy();
+        };
+        socket.on("connect", () => {
+            socket.write(request);
+        });
+        socket.on("error", (error) => {
+            cleanup();
+            reject(error);
+        });
+        socket.on("data", (chunk) => {
+            try {
+                if (!isHandshakeComplete) {
+                    handshakeBuffer = Buffer.concat([handshakeBuffer, chunk]);
+                    const headerEndIndex = handshakeBuffer.indexOf("\r\n\r\n");
+                    if (headerEndIndex < 0) {
+                        return;
+                    }
+                    const headerText = handshakeBuffer.subarray(0, headerEndIndex).toString("utf8");
+                    if (!/^HTTP\/1\.1 101/i.test(headerText)) {
+                        throw new Error(`Inspector WebSocket upgrade failed: ${headerText.split("\r\n")[0]}`);
+                    }
+                    isHandshakeComplete = true;
+                    const rest = handshakeBuffer.subarray(headerEndIndex + 4);
+                    frameBuffer = rest.length ? Buffer.concat([frameBuffer, rest]) : frameBuffer;
+                    const payload = JSON.stringify({
+                        id: commandId,
+                        method: "Runtime.evaluate",
+                        params: {
+                            expression: options.expression,
+                            awaitPromise: false,
+                            returnByValue: true,
+                        },
+                    });
+                    socket.write(encodeWebSocketFrame(payload));
+                }
+                else {
+                    frameBuffer = Buffer.concat([frameBuffer, chunk]);
+                }
+                const decoded = decodeWebSocketFrames(frameBuffer);
+                frameBuffer = Buffer.from(decoded.remaining);
+                for (const message of decoded.messages) {
+                    const parsed = JSON.parse(message);
+                    if (parsed.id === commandId) {
+                        cleanup();
+                        if (parsed.error) {
+                            reject(new Error(`Inspector Runtime.evaluate failed: ${JSON.stringify(parsed.error)}`));
+                            return;
+                        }
+                        resolve();
+                        return;
+                    }
+                }
+            }
+            catch (error) {
+                cleanup();
+                reject(error);
+            }
+        });
+    });
+}
+function extractJsonFromCloudFoundryLogLine(line) {
+    const jsonStart = line.indexOf("{");
+    if (jsonStart < 0)
+        return undefined;
+    try {
+        return JSON.parse(line.slice(jsonStart));
+    }
+    catch {
+        return undefined;
+    }
+}
+function parseHttpWatchAppLine(line) {
+    if (!line.includes("[APP/") || !line.includes("OUT"))
+        return undefined;
+    const payload = extractJsonFromCloudFoundryLogLine(line);
+    if (!payload)
+        return undefined;
+    const msg = String(payload.msg ?? "");
+    const methodMatch = msg.match(/\b(GET|POST|PUT|PATCH|DELETE|HEAD|OPTIONS)\s+([^\s{]+)/);
+    if (!methodMatch)
+        return undefined;
+    return {
+        source: "APP",
+        method: methodMatch[1],
+        url: methodMatch[2],
+        requestId: String(payload.request_id ?? payload.x_vcap_request_id ?? payload.x_request_id ?? ""),
+        correlationId: String(payload.correlation_id ?? payload.x_correlationid ?? payload.x_correlation_id ?? ""),
+        instance: String(payload.x_cf_instanceindex ?? payload.component_instance ?? ""),
+        user: String(payload.remote_user ?? ""),
+        tenant: String(payload.tenant_subdomain ?? payload.tenantid ?? payload.tenant_id ?? ""),
+        userAgent: String(payload.user_agent ?? ""),
+        contentLength: String(payload.content_length ?? payload.request_size_b ?? ""),
+        authorization: String(payload.authorization ?? ""),
+        message: msg,
+    };
+}
+function parseKeyValueFromRouterLine(line, key) {
+    const regex = new RegExp(`${key}:"([^"]*)"`);
+    return line.match(regex)?.[1];
+}
+function parseHttpWatchRouterLine(line) {
+    if (!line.includes("[RTR/") || !line.includes("HTTP/"))
+        return undefined;
+    const requestMatch = line.match(/"(GET|POST|PUT|PATCH|DELETE|HEAD|OPTIONS)\s+([^\s]+)\s+HTTP\/[^"]+"\s+(\d{3})\s+(\d+)\s+(\d+)/);
+    if (!requestMatch)
+        return undefined;
+    const responseTimeSeconds = Number(line.match(/response_time:([0-9.]+)/)?.[1] ?? "");
+    return {
+        source: "RTR",
+        method: requestMatch[1],
+        url: requestMatch[2],
+        status: requestMatch[3],
+        requestBytes: requestMatch[4],
+        responseBytes: requestMatch[5],
+        durationMs: Number.isFinite(responseTimeSeconds) ? Math.round(responseTimeSeconds * 1000) : undefined,
+        requestId: parseKeyValueFromRouterLine(line, "vcap_request_id"),
+        correlationId: parseKeyValueFromRouterLine(line, "x_correlationid"),
+        instance: line.match(/app_index:"([^"]*)"/)?.[1],
+        tenant: parseKeyValueFromRouterLine(line, "tenantid"),
+        userAgent: line.match(/"\s+"([^"]*)"\s+"[^\"]+:\d+"/)?.[1],
+    };
+}
+function parseHttpWatchLine(line) {
+    return parseHttpWatchAppLine(line) ?? parseHttpWatchRouterLine(line);
+}
+function formatHttpWatchEvent(appName, event) {
+    const status = event.status ? chalk_1.default.green(String(event.status)) : chalk_1.default.gray("APP");
+    const duration = event.durationMs !== undefined ? chalk_1.default.gray(`${event.durationMs}ms`) : "";
+    const source = event.source === "RTR" ? chalk_1.default.magenta("RTR") : chalk_1.default.blue("APP");
+    const requestId = event.requestId ? chalk_1.default.gray(` req=${event.requestId}`) : "";
+    const instance = event.instance ? chalk_1.default.gray(` i=${event.instance}`) : "";
+    const user = event.user ? chalk_1.default.gray(` user=${event.user}`) : "";
+    const tenant = event.tenant ? chalk_1.default.gray(` tenant=${event.tenant}`) : "";
+    const size = event.contentLength || event.requestBytes ? chalk_1.default.gray(` bytes=${event.contentLength || event.requestBytes}`) : "";
+    const auth = event.authorization ? chalk_1.default.gray(` auth=${event.authorization}`) : "";
+    return `${source} ${chalk_1.default.cyan(`[${appName}]`)} ${status} ${chalk_1.default.bold(event.method ?? "")} ${event.url ?? ""} ${duration}${instance}${user}${tenant}${size}${auth}${requestId}`.trim();
+}
+function printHttpWatchLine(appName, line, outputFile) {
+    const event = parseHttpWatchLine(line);
+    if (!event)
+        return;
+    const formatted = formatHttpWatchEvent(appName, event);
+    console.log(formatted);
+    if (outputFile) {
+        const plain = formatted.replace(/\u001b\[[0-9;]*m/g, "");
+        fs_extra_1.default.appendFileSync(outputFile, `${plain}\n`, "utf8");
+    }
+}
+async function resolveHttpWatchApps(options) {
+    if (options.app?.trim()) {
+        return uniqueValues(options.app.split(","));
+    }
+    return resolveRequestTraceApps({ app: options.app, refresh: options.refresh });
+}
+async function runHttpWatchForApps(options) {
+    if (!options.appNames.length)
+        throw new Error("No app selected for HTTP watch");
+    if (options.out) {
+        await fs_extra_1.default.ensureDir(node_path_1.default.dirname(node_path_1.default.resolve(options.out)));
+        await fs_extra_1.default.writeFile(options.out, "", "utf8");
+    }
+    if (options.recent) {
+        for (const appName of options.appNames) {
+            const result = await (0, process_1.runCommand)("cf", ["logs", appName, "--recent"]);
+            const text = `${result.stdout}\n${result.stderr}`;
+            for (const line of text.split(/\r?\n/)) {
+                printHttpWatchLine(appName, line, options.out);
+            }
+        }
+        return;
+    }
+    const children = [];
+    const stopAll = () => {
+        for (const child of children) {
+            if (!child.killed)
+                child.kill();
+        }
+    };
+    process.once("SIGINT", () => {
+        console.log(chalk_1.default.gray("\nStopping HTTP watch..."));
+        stopAll();
+        process.exit(0);
+    });
+    for (const appName of options.appNames) {
+        const child = (0, node_child_process_1.spawn)("cf", ["logs", appName], {
+            stdio: ["ignore", "pipe", "pipe"],
+            shell: false,
+            windowsHide: true,
+        });
+        children.push(child);
+        child.stdout.on("data", (chunk) => {
+            for (const line of chunk.toString("utf8").split(/\r?\n/)) {
+                printHttpWatchLine(appName, line, options.out);
+            }
+        });
+        child.stderr.on("data", (chunk) => {
+            for (const line of chunk.toString("utf8").split(/\r?\n/)) {
+                printHttpWatchLine(appName, line, options.out);
+            }
+        });
+    }
+    console.log(chalk_1.default.green(`HTTP watch is watching ${options.appNames.length} app(s).`));
+    console.log(chalk_1.default.gray("This uses existing CF/CDS/RTR logs. It shows method/path/status/user/tenant/size, but not full request body or full token."));
+    console.log(chalk_1.default.gray("Press Ctrl+C to stop."));
+    await new Promise((resolve) => {
+        let closedCount = 0;
+        for (const child of children) {
+            child.on("close", () => {
+                closedCount += 1;
+                if (closedCount >= children.length)
+                    resolve();
+            });
+        }
+    });
+}
+async function runHttpWatchCommand(options) {
+    if (!options.skipOrgSelect) {
+        await maybeSwitchCloudFoundryTargetForDebug({ app: options.app, refresh: options.refresh, skipOrgSelect: false });
+    }
+    await ensureCloudFoundrySessionFromCache();
+    const appNames = await resolveHttpWatchApps(options);
+    await runHttpWatchForApps({ appNames, recent: options.recent, out: options.out });
+}
+async function runRequestTraceDoctorCommand(options) {
+    await maybeSwitchCloudFoundryTargetForDebug({
+        app: options.app,
+        refresh: options.refresh,
+        instance: options.instance,
+        process: options.process,
+        localPort: options.localPort,
+        remotePort: options.remotePort,
+        skipOrgSelect: options.skipOrgSelect,
+    });
+    await ensureCloudFoundrySessionFromCache();
+    const appNames = await resolveRequestTraceApps({ app: options.app, refresh: options.refresh });
+    const instanceIndex = await selectDebugInstance({ instance: options.instance });
+    for (const appName of appNames) {
+        console.log(chalk_1.default.cyan(`\nRequest trace doctor for ${appName} instance ${instanceIndex}`));
+        console.log(chalk_1.default.gray("Recent router/app HTTP traffic:"));
+        const result = await (0, process_1.runCommand)("cf", ["logs", appName, "--recent"]);
+        const text = `${result.stdout}\n${result.stderr}`;
+        let count = 0;
+        for (const line of text.split(/\r?\n/)) {
+            const event = parseHttpWatchLine(line);
+            if (event) {
+                count += 1;
+                console.log(formatHttpWatchEvent(appName, event));
+                if (count >= 10)
+                    break;
+            }
+        }
+        if (!count) {
+            console.log(chalk_1.default.yellow("No recent HTTP traffic found in CF logs for this app."));
+        }
+        console.log(chalk_1.default.gray("\nRemote process list:"));
+        const processList = await (0, process_1.runCommand)("cf", ["ssh", appName, "-i", instanceIndex, "-T", "-c", "ps -eo pid,args 2>/dev/null | head -n 40"]);
+        if (processList.stdout)
+            console.log(processList.stdout);
+        if (processList.stderr)
+            console.error(processList.stderr);
+    }
+    console.log(chalk_1.default.yellow("\nDoctor summary:"));
+    console.log("- If HTTP traffic appears above, the app is receiving requests.");
+    console.log("- Full body/token are not available from CF/CDS logs because they are intentionally omitted or masked.");
+    console.log("- Use smdg cf http-watch for stable live tracking.");
+    console.log("- Use deep request-trace only when you accept Inspector/preload limitations in dev/test.");
+}
+function buildRequestTraceInjectionExpression(options) {
+    const traceOptions = JSON.stringify(options);
+    const source = `(() => {
+    const options = ${traceOptions};
+    const globalKey = "__SMDG_NETWORK_SPY__";
+
+    const state = globalThis[globalKey] || {
+      installed: false,
+      requestSeq: 0,
+      options,
+      patchedRequests: new WeakSet(),
+      patchedResponses: new WeakSet(),
+      patchedServers: new WeakSet(),
+      activeRequests: new WeakMap(),
+    };
+
+    state.options = options;
+    globalThis[globalKey] = state;
+
+    function write(event) {
+      try {
+        console.log("SMDG_REQUEST_TRACE " + JSON.stringify(event));
+      } catch (error) {
+        console.log("SMDG_REQUEST_TRACE " + JSON.stringify({
+          type: "smdg-request-trace-error",
+          app: options.appName,
+          message: error && error.message ? error.message : String(error),
+        }));
+      }
+    }
+
+    function currentOptions() {
+      return globalThis[globalKey] && globalThis[globalKey].options ? globalThis[globalKey].options : options;
+    }
+
+    function shouldCaptureBody() {
+      const mode = currentOptions().mode;
+      return mode === "body" || mode === "response";
+    }
+
+    function shouldCaptureResponse() {
+      return currentOptions().mode === "response";
+    }
+
+    function maxBodyBytes() {
+      return Number(currentOptions().maxBodyBytes || 20000);
+    }
+
+    function maskAuthorization(value) {
+      if (!value) return undefined;
+      const authMode = currentOptions().authMode;
+      if (authMode === "omit") return undefined;
+      if (authMode === "full") return String(value);
+      const text = String(value);
+      return text.length <= 24 ? "***" : text.slice(0, 16) + "..." + text.slice(-8);
+    }
+
+    function normalizeHeaders(headers) {
+      if (currentOptions().mode === "path") return undefined;
+      const output = {};
+      for (const [key, value] of Object.entries(headers || {})) {
+        const lower = key.toLowerCase();
+        if (lower === "authorization") {
+          const auth = maskAuthorization(value);
+          if (auth !== undefined) output[key] = auth;
+          continue;
+        }
+        if (lower === "cookie" || lower === "set-cookie") {
+          output[key] = "***";
+          continue;
+        }
+        output[key] = value;
+      }
+      return output;
+    }
+
+    function appendChunk(record, chunk) {
+      if (!chunk || !shouldCaptureBody()) return;
+      try {
+        const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk));
+        record.requestBytes += buffer.length;
+        const currentBytes = record.requestChunks.reduce((sum, item) => sum + item.length, 0);
+        const limit = maxBodyBytes();
+        if (currentBytes < limit) {
+          record.requestChunks.push(buffer.subarray(0, Math.max(0, limit - currentBytes)));
+        }
+      } catch {}
+    }
+
+    function appendResponseChunk(record, chunk) {
+      if (!chunk || !shouldCaptureResponse()) return;
+      try {
+        const buffer = Buffer.isBuffer(chunk) ? chunk : Buffer.from(String(chunk));
+        record.responseBytes += buffer.length;
+        const currentBytes = record.responseChunks.reduce((sum, item) => sum + item.length, 0);
+        const limit = maxBodyBytes();
+        if (currentBytes < limit) {
+          record.responseChunks.push(buffer.subarray(0, Math.max(0, limit - currentBytes)));
+        }
+      } catch {}
+    }
+
+    function chunksToText(chunks) {
+      try {
+        if (!chunks || !chunks.length) return undefined;
+        return Buffer.concat(chunks).toString("utf8");
+      } catch {
+        return undefined;
+      }
+    }
+
+    function tryParseContent(text, headers) {
+      if (text === undefined) return undefined;
+      if (!currentOptions().parseBodyJson) return text;
+      const contentType = String((headers && (headers["content-type"] || headers["Content-Type"])) || "");
+      if (contentType.includes("application/json") || /^[\\s]*[\\{\\[]/.test(text)) {
+        try { return JSON.parse(text); } catch { return text; }
+      }
+      if (contentType.includes("application/x-www-form-urlencoded")) {
+        try { return Object.fromEntries(new URLSearchParams(text)); } catch { return text; }
+      }
+      return text;
+    }
+
+    function getRequestUrl(req) {
+      return req.originalUrl || req.url || req.path || "";
+    }
+
+    function patchRequestAndResponse(req, res, source) {
+      if (!req || !res || state.patchedRequests.has(req)) return false;
+
+      state.patchedRequests.add(req);
+      const record = {
+        id: ++state.requestSeq,
+        source,
+        startedAt: Date.now(),
+        requestChunks: [],
+        responseChunks: [],
+        requestBytes: 0,
+        responseBytes: 0,
+      };
+      state.activeRequests.set(req, record);
+
+      try {
+        if (!req.__SMDG_NETWORK_SPY_PUSH_PATCHED__) {
+          const originalPush = req.push;
+          if (typeof originalPush === "function") {
+            req.push = function smdgNetworkTraceRequestPush(chunk, encoding) {
+              appendChunk(record, chunk);
+              return originalPush.call(this, chunk, encoding);
+            };
+            Object.defineProperty(req, "__SMDG_NETWORK_SPY_PUSH_PATCHED__", { value: true, enumerable: false });
+          }
+        }
+      } catch {}
+
+      try {
+        const originalEmit = req.emit;
+        if (typeof originalEmit === "function" && !req.__SMDG_NETWORK_SPY_EMIT_PATCHED__) {
+          req.emit = function smdgNetworkTraceRequestEmit(eventName, chunk, ...args) {
+            if (eventName === "data") appendChunk(record, chunk);
+            return originalEmit.call(this, eventName, chunk, ...args);
+          };
+          Object.defineProperty(req, "__SMDG_NETWORK_SPY_EMIT_PATCHED__", { value: true, enumerable: false });
+        }
+      } catch {}
+
+      try {
+        if (!state.patchedResponses.has(res)) {
+          state.patchedResponses.add(res);
+          const originalWrite = res.write;
+          const originalEnd = res.end;
+
+          if (typeof originalWrite === "function") {
+            res.write = function smdgNetworkTraceResponseWrite(chunk, ...args) {
+              appendResponseChunk(record, chunk);
+              return originalWrite.call(this, chunk, ...args);
+            };
+          }
+
+          if (typeof originalEnd === "function") {
+            res.end = function smdgNetworkTraceResponseEnd(chunk, ...args) {
+              appendResponseChunk(record, chunk);
+              return originalEnd.call(this, chunk, ...args);
+            };
+          }
+        }
+      } catch {}
+
+      const finish = () => {
+        try {
+          const requestBodyText = chunksToText(record.requestChunks);
+          const responseBodyText = chunksToText(record.responseChunks);
+          const headers = req.headers || {};
+          const event = {
+            type: "smdg-request-trace",
+            app: currentOptions().appName,
+            source: record.source,
+            id: record.id,
+            timestamp: new Date(record.startedAt).toISOString(),
+            method: req.method,
+            url: getRequestUrl(req),
+            status: res.statusCode,
+            durationMs: Date.now() - record.startedAt,
+            requestBytes: record.requestBytes,
+            responseBytes: record.responseBytes,
+            headers: normalizeHeaders(headers),
+            body: shouldCaptureBody() ? tryParseContent(requestBodyText, headers) : undefined,
+            responseBody: shouldCaptureResponse() ? tryParseContent(responseBodyText, res.getHeaders ? res.getHeaders() : {}) : undefined,
+          };
+          write(event);
+        } catch (error) {
+          write({
+            type: "smdg-request-trace-error",
+            app: currentOptions().appName,
+            message: error && error.message ? error.message : String(error),
+          });
+        }
+      };
+
+      if (typeof res.once === "function") {
+        res.once("finish", finish);
+        res.once("close", () => {
+          if (!res.writableEnded) finish();
+        });
+      }
+
+      return true;
+    }
+
+    function installDiagnosticsChannelHook() {
+      try {
+        const diagnostics = require("diagnostics_channel");
+        if (!diagnostics || diagnostics.__SMDG_NETWORK_SPY_PATCHED__) return false;
+        const requestStart = diagnostics.channel("http.server.request.start");
+        requestStart.subscribe((message) => {
+          const req = message && (message.request || message.req);
+          const res = message && (message.response || message.res);
+          patchRequestAndResponse(req, res, "diagnostics_channel:http.server.request.start");
+        });
+        Object.defineProperty(diagnostics, "__SMDG_NETWORK_SPY_PATCHED__", { value: true, enumerable: false });
+        return true;
+      } catch {
+        return false;
+      }
+    }
+
+    function installServerEmitHook() {
+      try {
+        const http = require("http");
+        const Server = http && http.Server;
+        if (!Server || !Server.prototype || Server.prototype.__SMDG_NETWORK_SPY_EMIT_PATCHED__) return false;
+        const originalEmit = Server.prototype.emit;
+        Server.prototype.emit = function smdgNetworkTraceServerEmit(eventName, req, res, ...args) {
+          if (eventName === "request") patchRequestAndResponse(req, res, "http.Server.emit");
+          return originalEmit.call(this, eventName, req, res, ...args);
+        };
+        Object.defineProperty(Server.prototype, "__SMDG_NETWORK_SPY_EMIT_PATCHED__", { value: true, enumerable: false });
+        return true;
+      } catch {
+        return false;
+      }
+    }
+
+    function installCreateServerHook(moduleName) {
+      try {
+        const mod = require(moduleName);
+        if (!mod || mod.__SMDG_NETWORK_SPY_CREATE_SERVER_PATCHED__) return false;
+        const originalCreateServer = mod.createServer;
+        if (typeof originalCreateServer !== "function") return false;
+        mod.createServer = function smdgNetworkTraceCreateServer(...args) {
+          const server = originalCreateServer.apply(this, args);
+          hookServer(server, moduleName + ".createServer");
+          return server;
+        };
+        Object.defineProperty(mod, "__SMDG_NETWORK_SPY_CREATE_SERVER_PATCHED__", { value: true, enumerable: false });
+        return true;
+      } catch {
+        return false;
+      }
+    }
+
+    function hookServer(server, source) {
+      try {
+        if (!server || state.patchedServers.has(server)) return false;
+        if (typeof server.prependListener === "function") {
+          server.prependListener("request", (req, res) => patchRequestAndResponse(req, res, source));
+          state.patchedServers.add(server);
+          return true;
+        }
+      } catch {}
+      return false;
+    }
+
+    function hookActiveServers() {
+      let count = 0;
+      try {
+        const handles = typeof process._getActiveHandles === "function" ? process._getActiveHandles() : [];
+        for (const handle of handles) {
+          if (handle && typeof handle.on === "function" && typeof handle.address === "function") {
+            if (hookServer(handle, "active-handle")) count += 1;
+          }
+        }
+      } catch {}
+      return count;
+    }
+
+    const diagnosticsHooked = installDiagnosticsChannelHook();
+    const serverEmitHooked = installServerEmitHook();
+    const httpCreateHooked = installCreateServerHook("http");
+    const httpsCreateHooked = installCreateServerHook("https");
+    const activeServers = hookActiveServers();
+
+    state.installed = true;
+    state.installedAt = state.installedAt || new Date().toISOString();
+
+    write({
+      type: "smdg-request-trace-status",
+      app: options.appName,
+      status: "installed",
+      engine: "network-trace-v4",
+      diagnosticsHooked,
+      serverEmitHooked,
+      httpCreateHooked,
+      httpsCreateHooked,
+      activeServers,
+      mode: options.mode,
+      authMode: options.authMode,
+      maxBodyBytes: options.maxBodyBytes,
+    });
+
+    return "installed:network-trace-v4:" + activeServers;
+  })();`;
+    return source;
+}
+async function selectRequestTraceMode() {
+    return (0, prompts_2.searchableSelectChoice)({
+        message: "Select request trace mode",
+        choices: [
+            { title: "Path only", value: "path", description: "method, URL, status, duration" },
+            { title: "Headers", value: "headers", description: "include request headers, mask sensitive values" },
+            { title: "Headers + body", value: "body", description: "include request body up to a safe size limit" },
+            { title: "Headers + body + response", value: "response", description: "include request body and response body" },
+        ],
+        allowCustomValue: false,
+    });
+}
+async function selectRequestTraceAuthMode() {
+    return (0, prompts_2.searchableSelectChoice)({
+        message: "Authorization header handling",
+        choices: [
+            { title: "Mask token (recommended)", value: "mask" },
+            { title: "Show full token (dev/test only)", value: "full" },
+            { title: "Omit Authorization header", value: "omit" },
+        ],
+        allowCustomValue: false,
+    });
+}
+async function selectRequestTraceDisplayOptions(options) {
+    const headerPreset = await (0, prompts_2.searchableSelectChoice)({
+        message: "Headers to display in terminal",
+        choices: [
+            { title: "Minimal headers", value: "minimal", description: "host, content-type, authorization, request/correlation ids" },
+            { title: "Common debug headers", value: "common", description: "minimal + user-agent, origin, forwarded, CF/B3 headers" },
+            { title: "All captured headers", value: "all", description: "large output" },
+            { title: "Custom header list", value: "custom", description: "enter comma-separated headers" },
+        ],
+        allowCustomValue: false,
+    });
+    let headerNames = [];
+    if (headerPreset === "minimal")
+        headerNames = getMinimalTraceHeaderNames();
+    if (headerPreset === "common")
+        headerNames = getCommonTraceHeaderNames();
+    if (headerPreset === "custom") {
+        const response = await (0, prompts_1.default)({
+            type: "text",
+            name: "headers",
+            message: "Header names to display",
+            initial: "authorization,content-type,content-length,x-correlationid,x-vcap-request-id,tenantid,user-agent",
+            validate: (value) => value.trim() ? true : "At least one header is required",
+        });
+        headerNames = String(response.headers ?? "").split(",").map((item) => item.trim()).filter(Boolean);
+    }
+    const parseResponse = await (0, prompts_1.default)({
+        type: "select",
+        name: "parseBodyJson",
+        message: "Try parse request/response body as JSON when possible?",
+        choices: [
+            { title: "Yes, parse JSON/form body when possible", value: true },
+            { title: "No, keep raw body string", value: false },
+        ],
+        initial: 0,
+    });
+    let outputFile = options.out;
+    if (!outputFile) {
+        const outResponse = await (0, prompts_1.default)({
+            type: "select",
+            name: "export",
+            message: "Export captured trace events to JSONL file?",
+            choices: [
+                { title: "No", value: false },
+                { title: "Yes", value: true },
+            ],
+            initial: 0,
+        });
+        if (outResponse.export) {
+            const fileResponse = await (0, prompts_1.default)({
+                type: "text",
+                name: "file",
+                message: "Trace output file",
+                initial: `smdg-request-trace-${new Date().toISOString().replace(/[:.]/g, "-")}.jsonl`,
+                validate: (value) => value.trim() ? true : "Output file is required",
+            });
+            outputFile = String(fileResponse.file ?? "").trim();
+        }
+    }
+    if (outputFile) {
+        await fs_extra_1.default.ensureDir(node_path_1.default.dirname(node_path_1.default.resolve(outputFile)));
+        await fs_extra_1.default.writeFile(outputFile, "", "utf8");
+        console.log(chalk_1.default.green(`Trace events will be exported to ${node_path_1.default.resolve(outputFile)}`));
+    }
+    return {
+        headerPreset,
+        headerNames,
+        parseBodyJson: Boolean(parseResponse.parseBodyJson),
+        outputFile,
+    };
+}
+async function resolveRequestTraceApps(options) {
+    if (options.app?.trim()) {
+        return uniqueValues(options.app.split(","));
+    }
+    const apps = await getAppsWithCache({ refresh: options.refresh, startBackgroundRefresh: !options.refresh });
+    const selectedApps = [];
+    while (true) {
+        const appName = await (0, prompts_2.searchableSelectChoice)({
+            message: selectedApps.length ? "Add another BTP app to trace, or finish" : "Search/select BTP app to trace",
+            choices: [
+                ...apps
+                    .filter((app) => !selectedApps.includes(app.name))
+                    .map((app) => ({
+                    title: [app.name, app.requestedState, app.routes].filter(Boolean).join(" | "),
+                    value: app.name,
+                })),
+                ...(selectedApps.length ? [{ title: "Done", value: "__DONE__" }] : []),
+            ],
+            validateCustomValue: validateRequired,
+            customValueTitle: (value) => `Use typed app name: ${value}`,
+        });
+        if (appName === "__DONE__") {
+            break;
+        }
+        selectedApps.push(appName);
+        await (0, cache_1.rememberSelectedApp)(appName);
+        const moreResponse = await (0, prompts_1.default)({
+            type: "select",
+            name: "more",
+            message: "Trace another app at the same time?",
+            choices: [
+                { title: "No, start tracing now", value: false },
+                { title: "Yes, add another app", value: true },
+            ],
+            initial: 0,
+        });
+        if (!moreResponse.more) {
+            break;
+        }
+    }
+    return selectedApps;
+}
+function getMinimalTraceHeaderNames() {
+    return [
+        "host",
+        "content-type",
+        "content-length",
+        "authorization",
+        "x-correlation-id",
+        "x-correlationid",
+        "x-vcap-request-id",
+        "tenantid",
+    ];
+}
+function getCommonTraceHeaderNames() {
+    return [
+        ...getMinimalTraceHeaderNames(),
+        "user-agent",
+        "origin",
+        "referer",
+        "x-forwarded-for",
+        "x-forwarded-host",
+        "x-forwarded-path",
+        "x-forwarded-proto",
+        "x-cf-applicationid",
+        "x-cf-instanceindex",
+        "x-cf-true-client-ip",
+        "x-b3-traceid",
+        "x-b3-spanid",
+        "b3",
+    ];
+}
+function normalizeHeaderName(value) {
+    return value.trim().toLowerCase();
+}
+function filterTraceHeaders(headers, display) {
+    if (!headers || typeof headers !== "object")
+        return undefined;
+    const source = headers;
+    if (display.headerPreset === "all")
+        return source;
+    const names = new Set(display.headerNames.map(normalizeHeaderName));
+    const output = {};
+    for (const [key, value] of Object.entries(source)) {
+        if (names.has(normalizeHeaderName(key)))
+            output[key] = value;
+    }
+    return output;
+}
+function stringifyTraceValue(value) {
+    if (value === undefined || value === null)
+        return "";
+    if (typeof value === "string")
+        return value;
+    try {
+        return JSON.stringify(value);
+    }
+    catch {
+        return String(value);
+    }
+}
+function traceEventMatchesFilters(event, filters) {
+    if (filters.paused)
+        return false;
+    const method = String(event.method ?? "").toLowerCase();
+    const url = String(event.url ?? "").toLowerCase();
+    const status = String(event.status ?? "").toLowerCase();
+    const body = stringifyTraceValue(event.body).toLowerCase();
+    const responseBody = stringifyTraceValue(event.responseBody).toLowerCase();
+    const all = stringifyTraceValue(event).toLowerCase();
+    if (filters.method && method !== filters.method.toLowerCase())
+        return false;
+    if (filters.path && !url.includes(filters.path.toLowerCase()))
+        return false;
+    if (filters.status && !status.includes(filters.status.toLowerCase()))
+        return false;
+    if (filters.body && !body.includes(filters.body.toLowerCase()) && !responseBody.includes(filters.body.toLowerCase()))
+        return false;
+    if (filters.text && !all.includes(filters.text.toLowerCase()))
+        return false;
+    return true;
+}
+function buildPrintableTracePayload(event, display) {
+    const output = {
+        type: event.type,
+        app: event.app,
+        source: event.source,
+        id: event.id,
+        timestamp: event.timestamp,
+        method: event.method,
+        url: event.url,
+        status: event.status,
+        durationMs: event.durationMs,
+        requestBytes: event.requestBytes,
+        responseBytes: event.responseBytes,
+    };
+    const headers = filterTraceHeaders(event.headers, display);
+    if (headers && Object.keys(headers).length > 0)
+        output.headers = headers;
+    if (event.body !== undefined)
+        output.body = event.body;
+    if (event.responseBody !== undefined)
+        output.responseBody = event.responseBody;
+    return output;
+}
+function writeTraceEventToFile(outputFile, event) {
+    if (!outputFile)
+        return;
+    try {
+        fs_extra_1.default.appendFileSync(outputFile, `${JSON.stringify(event)}\n`, "utf8");
+    }
+    catch (error) {
+        console.error(chalk_1.default.yellow(`Failed to write trace event to file: ${error instanceof Error ? error.message : String(error)}`));
+    }
+}
+function printRequestTraceEvent(appName, payload, runtime) {
+    const type = String(payload.type ?? "smdg-request-trace");
+    if (type === "smdg-request-trace-status") {
+        console.log(chalk_1.default.green(`[${appName}] ${String(payload.status ?? "trace-status")}`));
+        console.log(chalk_1.default.gray(`engine=${String(payload.engine ?? "unknown")} activeServers=${String(payload.activeServers ?? "?")} mode=${String(payload.mode ?? "")}`));
+        return;
+    }
+    if (type === "smdg-request-trace-error") {
+        console.log(chalk_1.default.red(`[${appName}] trace error: ${String(payload.message ?? "unknown")}`));
+        return;
+    }
+    runtime.events.push(payload);
+    writeTraceEventToFile(runtime.display.outputFile, payload);
+    if (!traceEventMatchesFilters(payload, runtime.filters))
+        return;
+    const time = String(payload.timestamp ?? new Date().toISOString());
+    const method = String(payload.method ?? "");
+    const url = String(payload.url ?? "");
+    const status = String(payload.status ?? "");
+    const duration = String(payload.durationMs ?? "");
+    console.log(chalk_1.default.cyan(`\n[${time}] [${appName}] ${method} ${url} → ${status} ${duration}ms`));
+    console.log(JSON.stringify(buildPrintableTracePayload(payload, runtime.display), null, 2));
+}
+function printRequestTraceLine(appName, line, runtime) {
+    const marker = line.includes("SMDG_REQUEST_TRACE ") ? "SMDG_REQUEST_TRACE " : line.includes("SMDG_REQUEST_SPY ") ? "SMDG_REQUEST_SPY " : undefined;
+    if (!marker)
+        return;
+    const markerIndex = line.indexOf(marker);
+    const payloadText = line.slice(markerIndex + marker.length).trim();
+    try {
+        const payload = JSON.parse(payloadText);
+        printRequestTraceEvent(appName, payload, runtime);
+    }
+    catch {
+        console.log(`[${appName}] ${payloadText}`);
+    }
+}
+function printTraceRuntimeHelp() {
+    console.log(chalk_1.default.gray("\nRuntime trace commands:"));
+    console.log(chalk_1.default.gray("  /method POST        show only one method"));
+    console.log(chalk_1.default.gray("  /path text          show only URLs containing text"));
+    console.log(chalk_1.default.gray("  /body text          show only request/response body containing text"));
+    console.log(chalk_1.default.gray("  /status 500         show only status containing value"));
+    console.log(chalk_1.default.gray("  /text value         search anywhere in the event"));
+    console.log(chalk_1.default.gray("  /headers a,b,c      change displayed headers while running"));
+    console.log(chalk_1.default.gray("  /headers all        display all captured headers"));
+    console.log(chalk_1.default.gray("  /clear              clear active filters"));
+    console.log(chalk_1.default.gray("  /show               show active filters"));
+    console.log(chalk_1.default.gray("  /replay             print matching events already captured"));
+    console.log(chalk_1.default.gray("  /pause or /resume   pause/resume terminal display"));
+    console.log(chalk_1.default.gray("  /help               show this help"));
+}
+function applyTraceRuntimeCommand(input, runtime) {
+    const trimmed = input.trim();
+    if (!trimmed)
+        return;
+    if (!trimmed.startsWith("/")) {
+        runtime.filters.text = trimmed;
+        console.log(chalk_1.default.yellow(`Search text filter: ${trimmed}`));
+        return;
+    }
+    const [commandRaw, ...restParts] = trimmed.slice(1).split(" ");
+    const command = commandRaw.toLowerCase();
+    const value = restParts.join(" ").trim();
+    if (command === "method")
+        runtime.filters.method = value || undefined;
+    else if (command === "path")
+        runtime.filters.path = value || undefined;
+    else if (command === "body")
+        runtime.filters.body = value || undefined;
+    else if (command === "status")
+        runtime.filters.status = value || undefined;
+    else if (command === "text")
+        runtime.filters.text = value || undefined;
+    else if (command === "pause")
+        runtime.filters.paused = true;
+    else if (command === "resume")
+        runtime.filters.paused = false;
+    else if (command === "clear") {
+        runtime.filters.method = undefined;
+        runtime.filters.path = undefined;
+        runtime.filters.body = undefined;
+        runtime.filters.status = undefined;
+        runtime.filters.text = undefined;
+        runtime.filters.paused = false;
+    }
+    else if (command === "headers") {
+        if (!value || value.toLowerCase() === "common") {
+            runtime.display.headerPreset = "common";
+            runtime.display.headerNames = getCommonTraceHeaderNames();
+        }
+        else if (value.toLowerCase() === "minimal") {
+            runtime.display.headerPreset = "minimal";
+            runtime.display.headerNames = getMinimalTraceHeaderNames();
+        }
+        else if (value.toLowerCase() === "all") {
+            runtime.display.headerPreset = "all";
+            runtime.display.headerNames = [];
+        }
+        else {
+            runtime.display.headerPreset = "custom";
+            runtime.display.headerNames = value.split(",").map((item) => item.trim()).filter(Boolean);
+        }
+    }
+    else if (command === "show") {
+        console.log(chalk_1.default.gray(JSON.stringify({ filters: runtime.filters, display: runtime.display, captured: runtime.events.length }, null, 2)));
+        return;
+    }
+    else if (command === "replay") {
+        console.log(chalk_1.default.gray(`Replaying ${runtime.events.length} captured event(s) with current filters...`));
+        for (const event of runtime.events) {
+            if (traceEventMatchesFilters(event, runtime.filters)) {
+                const appName = String(event.app ?? "app");
+                const time = String(event.timestamp ?? "");
+                console.log(chalk_1.default.cyan(`\n[${time}] [${appName}] ${String(event.method ?? "")} ${String(event.url ?? "")} → ${String(event.status ?? "")} ${String(event.durationMs ?? "")}ms`));
+                console.log(JSON.stringify(buildPrintableTracePayload(event, runtime.display), null, 2));
+            }
+        }
+        return;
+    }
+    else if (command === "help" || command === "?") {
+        printTraceRuntimeHelp();
+        return;
+    }
+    else {
+        console.log(chalk_1.default.yellow(`Unknown runtime command: ${command}`));
+        printTraceRuntimeHelp();
+        return;
+    }
+    console.log(chalk_1.default.yellow(`Trace runtime updated: ${trimmed}`));
+}
+function attachTraceRuntimeCommands(runtime) {
+    printTraceRuntimeHelp();
+    process.stdin.setEncoding("utf8");
+    process.stdin.resume();
+    process.stdin.on("data", (chunk) => {
+        for (const line of chunk.split(/\r?\n/)) {
+            applyTraceRuntimeCommand(line, runtime);
+        }
+    });
+}
+function startRequestTraceLogStream(appName, runtime) {
+    const childProcess = (0, node_child_process_1.spawn)("cf", ["logs", appName], {
+        stdio: ["ignore", "pipe", "pipe"],
+        shell: false,
+        windowsHide: true,
+    });
+    childProcess.stdout.on("data", (chunk) => {
+        const lines = chunk.toString("utf8").split(/\r?\n/);
+        for (const line of lines)
+            printRequestTraceLine(appName, line, runtime);
+    });
+    childProcess.stderr.on("data", (chunk) => {
+        const text = chunk.toString("utf8");
+        if (/SMDG_REQUEST_(TRACE|SPY)/.test(text)) {
+            for (const line of text.split(/\r?\n/))
+                printRequestTraceLine(appName, line, runtime);
+        }
+    });
+    return childProcess;
+}
+async function runRequestTraceCommand(options) {
+    await maybeSwitchCloudFoundryTargetForDebug({
+        app: options.app,
+        refresh: options.refresh,
+        instance: options.instance,
+        process: options.process,
+        localPort: options.localPort,
+        remotePort: options.remotePort,
+        skipOrgSelect: options.skipOrgSelect,
+    });
+    await ensureCloudFoundrySessionFromCache();
+    const appNames = await resolveRequestTraceApps(options);
+    if (!appNames.length) {
+        throw new Error("No app selected for request trace");
+    }
+    const engine = await (0, prompts_2.searchableSelectChoice)({
+        message: "Select request trace engine",
+        choices: [
+            {
+                title: "HTTP watch from existing CF/CDS logs (recommended, stable)",
+                value: "http-watch",
+                description: "Shows method/path/status/user/tenant/size. No restart and no source-code change.",
+            },
+            {
+                title: "Deep Node Inspector trace (experimental body capture)",
+                value: "inspector-trace",
+                description: "Attempts runtime injection. May not work for every CAP runtime. Dev/test only.",
+            },
+            {
+                title: "Doctor: verify traffic, process, and limits",
+                value: "doctor",
+            },
+        ],
+        allowCustomValue: false,
+    });
+    if (engine === "http-watch") {
+        await runHttpWatchForApps({ appNames, recent: false, out: undefined });
+        return;
+    }
+    if (engine === "doctor") {
+        await runRequestTraceDoctorCommand({ ...options, app: appNames.join(",") });
+        return;
+    }
+    const traceMode = await selectRequestTraceMode();
+    const authMode = await selectRequestTraceAuthMode();
+    const displayOptions = await selectRequestTraceDisplayOptions(options);
+    const runtime = {
+        display: displayOptions,
+        filters: { paused: false },
+        events: [],
+    };
+    const instanceIndex = await selectDebugInstance({ instance: options.instance });
+    const baseLocalPort = await selectDebugPort({
+        value: options.localPort,
+        message: "Select first local inspector port for request trace",
+        defaultPort: 9329,
+    });
+    const remotePort = parsePositivePort(options.remotePort, 9229);
+    const maxBodyBytes = parsePositivePort(options.maxBodyBytes, 20000);
+    console.log("");
+    console.log(chalk_1.default.yellow("Request trace attaches to the running Node.js app through Node Inspector."));
+    console.log(chalk_1.default.gray("It does not modify your repository source code. It is temporary and disappears after app restart."));
+    const prepareMode = await selectNodeInspectorPrepareMode({ appName: appNames.join(", "), remotePort });
+    const tunnelProcesses = [];
+    const logProcesses = [];
+    const stopAll = () => {
+        for (const child of [...tunnelProcesses, ...logProcesses]) {
+            if (!child.killed)
+                child.kill();
+        }
+    };
+    process.once("SIGINT", () => {
+        console.log(chalk_1.default.gray("\nStopping request trace..."));
+        stopAll();
+        process.exit(0);
+    });
+    for (const [index, appName] of appNames.entries()) {
+        const localPort = baseLocalPort + index;
+        await ensureSshEnabledForDebug(appName);
+        if (prepareMode === "set-env-restart") {
+            await setNodeInspectorEnvironmentAndRestart({ appName, remotePort });
+        }
+        console.log(chalk_1.default.gray(`Opening inspector tunnel for ${appName}: localhost:${localPort} -> 127.0.0.1:${remotePort}`));
+        const tunnelProcess = (0, node_child_process_1.spawn)("cf", buildCloudFoundryDebugSshArgs({
+            appName,
+            instanceIndex,
+            processName: options.process,
+            localPort,
+            remotePort,
+            prepareMode,
+        }), {
+            stdio: ["ignore", "pipe", "pipe"],
+            shell: false,
+            windowsHide: true,
+        });
+        tunnelProcesses.push(tunnelProcess);
+        tunnelProcess.stdout.on("data", (chunk) => process.stdout.write(chalk_1.default.gray(`[${appName}:ssh] ${chunk.toString("utf8")}`)));
+        tunnelProcess.stderr.on("data", (chunk) => process.stderr.write(chalk_1.default.yellow(`[${appName}:ssh] ${chunk.toString("utf8")}`)));
+        const webSocketUrl = await waitForNodeInspectorWebSocketUrl(localPort, 20000);
+        if (!webSocketUrl) {
+            console.log(chalk_1.default.red(`Cannot reach Node Inspector for ${appName} on localhost:${localPort}.`));
+            console.log(chalk_1.default.yellow("Try again and choose: Set NODE_OPTIONS and restart app."));
+            continue;
+        }
+        const expression = buildRequestTraceInjectionExpression({
+            appName,
+            mode: traceMode,
+            authMode,
+            maxBodyBytes,
+            parseBodyJson: displayOptions.parseBodyJson,
+        });
+        await sendInspectorEvaluateCommand({ webSocketUrl, expression });
+        console.log(chalk_1.default.green(`Request trace injected into ${appName}.`));
+        const logProcess = startRequestTraceLogStream(appName, runtime);
+        logProcesses.push(logProcess);
+    }
+    console.log("");
+    console.log(chalk_1.default.green(`Request trace is watching ${appNames.length} app(s).`));
+    console.log(chalk_1.default.gray("Send requests to your services. Type /help for runtime search commands. Press Ctrl+C to stop tunnels and log streams."));
+    attachTraceRuntimeCommands(runtime);
+    await new Promise((resolve) => {
+        const watchedProcesses = [...tunnelProcesses, ...logProcesses];
+        let closedCount = 0;
+        for (const child of watchedProcesses) {
+            child.on("close", () => {
+                closedCount += 1;
+                if (closedCount >= watchedProcesses.length)
+                    resolve();
+            });
+        }
+    });
+}
 async function runDebugCommand(options) {
     await maybeSwitchCloudFoundryTargetForDebug(options);
+    await ensureCloudFoundrySessionFromCache();
     const appName = await resolveAppSelection({
         app: options.app,
         refresh: options.refresh,
@@ -1066,9 +2455,9 @@ async function runDebugCommand(options) {
         defaultPort: 9229,
     });
     const remotePort = parsePositivePort(options.remotePort, 9229);
-    const repositoryPath = await resolveRepositoryPath(process.cwd()).catch(() => process.cwd());
+    const repositoryPath = await (0, repository_1.resolveRepositoryPath)(process.cwd()).catch(() => process.cwd());
     if (debugMode === "check-ssh") {
-        const result = await runCommand("cf", ["ssh-enabled", appName]);
+        const result = await (0, process_1.runCommand)("cf", ["ssh-enabled", appName]);
         if (result.stdout)
             console.log(result.stdout);
         if (result.stderr)
@@ -1077,7 +2466,7 @@ async function runDebugCommand(options) {
         return;
     }
     if (debugMode === "enable-ssh") {
-        const result = await runCommand("cf", ["enable-ssh", appName]);
+        const result = await (0, process_1.runCommand)("cf", ["enable-ssh", appName]);
         if (result.stdout)
             console.log(result.stdout);
         if (result.stderr)
@@ -1086,7 +2475,7 @@ async function runDebugCommand(options) {
             process.exitCode = result.exitCode;
             return;
         }
-        const restartResponse = await prompts({
+        const restartResponse = await (0, prompts_1.default)({
             type: "select",
             name: "restart",
             message: "Restart app now so SSH setting takes effect?",
@@ -1097,11 +2486,11 @@ async function runDebugCommand(options) {
             initial: 0,
         });
         if (restartResponse.restart) {
-            const restartExitCode = await runCommandInherit("cf", ["restart", appName]);
+            const restartExitCode = await (0, process_1.runCommandInherit)("cf", ["restart", appName]);
             process.exitCode = restartExitCode;
             return;
         }
-        console.log(chalk.yellow(`SSH was enabled. Restart the app before debugging: cf restart ${appName}`));
+        console.log(chalk_1.default.yellow(`SSH was enabled. Restart the app before debugging: cf restart ${appName}`));
         return;
     }
     let launchJsonPath;
@@ -1112,8 +2501,8 @@ async function runDebugCommand(options) {
             localPort,
             remoteRoot: "/home/vcap/app",
         });
-        console.log(chalk.green(`Updated VS Code launch config: ${launchJsonPath}`));
-        const openResponse = await prompts({
+        console.log(chalk_1.default.green(`Updated VS Code launch config: ${launchJsonPath}`));
+        const openResponse = await (0, prompts_1.default)({
             type: "select",
             name: "open",
             message: "Open current folder in VS Code?",
@@ -1132,7 +2521,7 @@ async function runDebugCommand(options) {
             appName,
             instanceIndex,
             localPort,
-            launchJsonPath: launchJsonPath ?? path.resolve(repositoryPath, ".vscode", "launch.json"),
+            launchJsonPath: launchJsonPath ?? node_path_1.default.resolve(repositoryPath, ".vscode", "launch.json"),
         });
         return;
     }
@@ -1142,7 +2531,7 @@ async function runDebugCommand(options) {
         return;
     }
     if (options.enableSsh) {
-        const result = await runCommand("cf", ["enable-ssh", appName]);
+        const result = await (0, process_1.runCommand)("cf", ["enable-ssh", appName]);
         if (result.stdout)
             console.log(result.stdout);
         if (result.stderr)
@@ -1152,28 +2541,28 @@ async function runDebugCommand(options) {
             return;
         }
         if (options.restart) {
-            const restartExitCode = await runCommandInherit("cf", ["restart", appName]);
+            const restartExitCode = await (0, process_1.runCommandInherit)("cf", ["restart", appName]);
             if (restartExitCode !== 0) {
                 process.exitCode = restartExitCode;
                 return;
             }
         }
         else {
-            console.log(chalk.yellow("SSH was enabled. If cf ssh still fails, restart the app or run: cf restart " + appName));
+            console.log(chalk_1.default.yellow("SSH was enabled. If cf ssh still fails, restart the app or run: cf restart " + appName));
         }
     }
     console.log("");
-    console.log(chalk.cyan("BTP debug works by opening a CF SSH tunnel to the Node.js inspector."));
-    console.log(chalk.gray("If this is the first time debugging this app, choose: Set NODE_OPTIONS and restart app."));
-    console.log(chalk.gray("If the app was already restarted with NODE_OPTIONS=--inspect, choose: Inspector is already enabled."));
+    console.log(chalk_1.default.cyan("BTP debug works by opening a CF SSH tunnel to the Node.js inspector."));
+    console.log(chalk_1.default.gray("If this is the first time debugging this app, choose: Set NODE_OPTIONS and restart app."));
+    console.log(chalk_1.default.gray("If the app was already restarted with NODE_OPTIONS=--inspect, choose: Inspector is already enabled."));
     const prepareMode = await selectNodeInspectorPrepareMode({ appName, remotePort });
     await ensureSshEnabledForDebug(appName);
     if (prepareMode === "set-env-restart") {
         await setNodeInspectorEnvironmentAndRestart({ appName, remotePort });
     }
-    console.log(chalk.gray(`Starting Node.js inspector tunnel for ${appName} instance ${instanceIndex}...`));
-    console.log(chalk.gray(`Forwarding localhost:${localPort} -> app container 127.0.0.1:${remotePort}`));
-    const childProcess = spawn("cf", buildCloudFoundryDebugSshArgs({
+    console.log(chalk_1.default.gray(`Starting Node.js inspector tunnel for ${appName} instance ${instanceIndex}...`));
+    console.log(chalk_1.default.gray(`Forwarding localhost:${localPort} -> app container 127.0.0.1:${remotePort}`));
+    const childProcess = (0, node_child_process_1.spawn)("cf", buildCloudFoundryDebugSshArgs({
         appName,
         instanceIndex,
         processName: options.process,
@@ -1194,13 +2583,13 @@ async function runDebugCommand(options) {
         const debugUrl = await waitForNodeInspectorDebugUrl(localPort);
         if (debugMode === "vscode") {
             if (!debugUrl) {
-                console.log(chalk.yellow("Inspector is not reachable yet on localhost. If you selected running-process mode and see a Node PID error, run debug again and choose 'Set NODE_OPTIONS and restart app'."));
+                console.log(chalk_1.default.yellow("Inspector is not reachable yet on localhost. If you selected running-process mode and see a Node PID error, run debug again and choose 'Set NODE_OPTIONS and restart app'."));
             }
             printVscodeAttachInstructions({
                 appName,
                 instanceIndex,
                 localPort,
-                launchJsonPath: launchJsonPath ?? path.resolve(repositoryPath, ".vscode", "launch.json"),
+                launchJsonPath: launchJsonPath ?? node_path_1.default.resolve(repositoryPath, ".vscode", "launch.json"),
                 inspectorReady: Boolean(debugUrl),
             });
             return;
@@ -1224,9 +2613,9 @@ async function runDebugCommand(options) {
         clearTimeout(fallbackTimer);
         if (!hasPrintedAttachInfo || (exitCode ?? 0) !== 0) {
             console.log("");
-            console.log(chalk.red("Debug tunnel stopped before a working inspector connection was confirmed."));
-            console.log(chalk.yellow("Run smdg cf debug again and choose 'Set NODE_OPTIONS and restart app' when asked to prepare Node.js inspector."));
-            console.log(chalk.gray("After the app restarts, choose VS Code guided debugging and start the attach config from VS Code Run and Debug."));
+            console.log(chalk_1.default.red("Debug tunnel stopped before a working inspector connection was confirmed."));
+            console.log(chalk_1.default.yellow("Run smdg cf debug again and choose 'Set NODE_OPTIONS and restart app' when asked to prepare Node.js inspector."));
+            console.log(chalk_1.default.gray("After the app restarts, choose VS Code guided debugging and start the attach config from VS Code Run and Debug."));
         }
         process.exitCode = exitCode ?? 0;
     });
@@ -1235,14 +2624,14 @@ async function runDebugCommand(options) {
     });
 }
 async function runTargetCommand() {
-    const target = await readCloudFoundryTarget();
+    const target = await (0, cf_1.readCloudFoundryTarget)();
     printTarget(target);
 }
 async function runCacheCommand() {
-    const cache = await readCache();
+    const cache = await (0, cache_1.readCache)();
     console.log(JSON.stringify(cache.cloudFoundry, null, 2));
 }
-export function registerCloudFoundryCommands(program) {
+function registerCloudFoundryCommands(program) {
     const cfCommand = program.command("cf").description("Cloud Foundry helper commands for SimpleMDG");
     cfCommand
         .command("login")
@@ -1317,10 +2706,48 @@ export function registerCloudFoundryCommands(program) {
         .option("--open", "Open current folder in VS Code after creating launch.json")
         .option("--skip-org-select", "Use current CF org/space without asking")
         .action(runDebugCommand);
+    cfCommand
+        .command("http-watch")
+        .alias("watch-http")
+        .description("Watch incoming HTTP requests using existing CF/CDS/RTR logs. Stable and does not modify apps.")
+        .option("--app <appName>", "BTP app name. Use comma-separated names to watch multiple apps")
+        .option("--refresh", "Refresh app list before selecting")
+        .option("--recent", "Parse recent logs and exit")
+        .option("--out <fileName>", "Write parsed HTTP events to a file")
+        .option("--skip-org-select", "Use current CF org/space without asking")
+        .action(runHttpWatchCommand);
+    cfCommand
+        .command("request-trace-doctor")
+        .description("Diagnose why deep request-trace may not capture body/header in a BTP Node.js app")
+        .option("--app <appName>", "BTP app name. Use comma-separated names")
+        .option("--refresh", "Refresh app list before selecting")
+        .option("--instance <index>", "App instance index", "0")
+        .option("--process <processName>", "CF process name for multi-process apps")
+        .option("--local-port <port>", "First local inspector port", "9329")
+        .option("--remote-port <port>", "Remote inspector port in app container", "9229")
+        .option("--max-body-bytes <bytes>", "Maximum request/response body bytes to print", "20000")
+        .option("--skip-org-select", "Use current CF org/space without asking")
+        .action(runRequestTraceDoctorCommand);
+    cfCommand
+        .command("request-trace")
+        .alias("network-trace")
+        .alias("traffic")
+        .description("Watch incoming HTTP requests from BTP Node.js apps without editing backend source code")
+        .option("--app <appName>", "BTP app name. Use comma-separated names to trace multiple apps")
+        .option("--refresh", "Refresh app list before selecting")
+        .option("--instance <index>", "App instance index", "0")
+        .option("--process <processName>", "CF process name for multi-process apps")
+        .option("--local-port <port>", "First local inspector port", "9329")
+        .option("--remote-port <port>", "Remote inspector port in app container", "9229")
+        .option("--max-body-bytes <bytes>", "Maximum request/response body bytes to print", "20000")
+        .option("--out <fileName>", "Export captured trace events to a JSONL file")
+        .option("--skip-org-select", "Use current CF org/space without asking")
+        .action(runRequestTraceCommand);
     cfCommand
         .command("apps-cache-refresh")
         .description("Refresh cached cf apps for current target. Internal command used by smdg cf apps.")
         .action(runAppsCacheRefreshCommand);
+    (0, cf_db_command_1.registerCloudFoundryDbCommands)(cfCommand);
     cfCommand.command("cache").description("Print cached Cloud Foundry values").action(runCacheCommand);
 }
 //# sourceMappingURL=cf.command.js.map