timeback-studio 0.1.5 → 0.1.7

package/dist/bin.js

@@ -2950,6 +2950,11 @@ ${t}
 ${import_picocolors2.default.green(C)}  ${import_picocolors2.default.reset(n)} ${import_picocolors2.default.gray(_2.repeat(Math.max(s - i - 1, 1)) + me)}
 ${c}
 ${import_picocolors2.default.gray(de + _2.repeat(s + 2) + pe)}
+`);
+};
+var xe = (t = "") => {
+  process.stdout.write(`${import_picocolors2.default.gray(d2)}  ${import_picocolors2.default.red(t)}
+
 `);
 };
 var Ie = (t = "") => {
@@ -16695,7 +16700,7 @@ function intro(title) {
 }
 var outro = {
   success: (message = "Done") => Se(green(message)),
-  cancelled: () => Se(dim("Cancelled")),
+  cancelled: () => xe(dim("Cancelled")),
   error: (message) => Se(red(message)),
   warn: (message) => Se(yellow(message)),
   info: (message) => Se(dim(message))
@@ -16795,8 +16800,8 @@ async function getConfiguredEnvironments() {
   return configured;
 }
 function getEnvCredentials() {
-  const clientId = process.env.TIMEBACK_CLIENT_ID;
-  const clientSecret = process.env.TIMEBACK_CLIENT_SECRET;
+  const clientId = process.env.TIMEBACK_API_CLIENT_ID ?? process.env.TIMEBACK_CLIENT_ID;
+  const clientSecret = process.env.TIMEBACK_API_CLIENT_SECRET ?? process.env.TIMEBACK_CLIENT_SECRET;
   if (clientId && clientSecret) {
     const result = CredentialsSchema.safeParse({ clientId, clientSecret });
     if (result.success) {
@@ -16840,19 +16845,23 @@ async function validateEmailWithTimeback(environment, clientId, clientSecret, em
   });
   try {
     const page = await client.oneroster.users.list({
-      where: { email: email3 },
+      where: {
+        email: email3,
+        status: "active"
+      },
       limit: 1
     });
     if (page.data.length === 0) {
       return {
         valid: false,
+        reason: "not_found",
         error: `No user found with email "${email3}" in ${environment}`
       };
     }
     return { valid: true };
   } catch (error48) {
     const message = error48 instanceof Error ? error48.message : "Unknown error";
-    return { valid: false, error: `Failed to validate email: ${message}` };
+    return { valid: false, reason: "api_error", error: `Failed to validate email: ${message}` };
   }
 }
 
@@ -16868,7 +16877,7 @@ async function promptForCredentials(environment) {
     }
   });
   if (isCancelled(clientId))
-    return null;
+    return { status: "cancelled" };
   const clientSecret = await ge({
     message: `Client Secret ${dim(`(${environment})`)}`,
     validate: (value) => {
@@ -16878,7 +16887,7 @@ async function promptForCredentials(environment) {
     }
   });
   if (isCancelled(clientSecret))
-    return null;
+    return { status: "cancelled" };
   const email3 = await he({
     message: `Your email ${dim("(for fetching your OneRoster profile)")}`,
     placeholder: "you@example.com",
@@ -16891,33 +16900,47 @@ async function promptForCredentials(environment) {
     }
   });
   if (isCancelled(email3))
-    return null;
+    return { status: "cancelled" };
   if (email3) {
     const s = Y2();
     s.start("Validating email...");
     const result = await validateEmailWithTimeback(environment, clientId, clientSecret, email3);
     if (!result.valid) {
-      s.stop(red("Email validation failed"));
-      M2.error(result.error ?? "Unknown error");
+      const errorMsg = result.error ?? "Email validation failed";
+      s.stop(red(errorMsg));
       M2.info("Please contact a Timeback admin to set up your account.");
-      return null;
+      return {
+        status: "error",
+        error: errorMsg
+      };
     }
     s.stop(green("Email validated"));
   }
-  return { clientId, clientSecret, email: email3 || undefined };
+  return {
+    status: "ok",
+    credentials: { clientId, clientSecret, email: email3 || undefined }
+  };
 }
 async function ensureCredentials(options) {
   const { env: env2, credentials, introTitle = "Timeback", skipIntro = false } = options;
   const existing = credentials[env2];
-  if (existing)
-    return existing;
+  if (existing) {
+    return { status: "ok", credentials: existing, source: "existing" };
+  }
   if (!skipIntro) {
     intro(introTitle);
   }
   Me(`No credentials configured for ${env2}.`, "Credential setup required");
-  const newCreds = await promptForCredentials(env2);
-  if (!newCreds)
-    return null;
+  const promptResult = await promptForCredentials(env2);
+  if (promptResult.status === "cancelled") {
+    outro.cancelled();
+    return { status: "cancelled" };
+  }
+  if (promptResult.status === "error") {
+    outro.error("Credential setup failed");
+    return { status: "error", error: promptResult.error };
+  }
+  const newCreds = promptResult.credentials;
   const saved = await saveCredentials(env2, newCreds);
   if (saved) {
     M2.success(`${env2} credentials saved`);
@@ -16926,7 +16949,7 @@ async function ensureCredentials(options) {
     M2.warn(`Credentials not saved`);
   }
   credentials[env2] = newCreds;
-  return newCreds;
+  return { status: "ok", credentials: newCreds, source: "prompted" };
 }
 // ../internal/cli-infra/src/config/playcademy.ts
 var FILE_PATTERNS = ["playcademy.config.ts", "playcademy.config.js", "playcademy.config.json"];
@@ -17140,6 +17163,8 @@ var ActivityCompletedInput = exports_external.object({
   metricsId: exports_external.string().optional(),
   id: exports_external.string().optional(),
   extensions: exports_external.record(exports_external.string(), exports_external.unknown()).optional(),
+  edApp: exports_external.union([exports_external.string(), exports_external.record(exports_external.string(), exports_external.unknown())]).optional(),
+  session: exports_external.union([exports_external.string(), exports_external.record(exports_external.string(), exports_external.unknown())]).optional(),
   attempt: exports_external.number().int().min(1).optional(),
   generatedExtensions: exports_external.object({
     pctCompleteApp: exports_external.number().optional()
@@ -17152,7 +17177,9 @@ var TimeSpentInput = exports_external.object({
   eventTime: IsoDateTimeString.optional(),
   metricsId: exports_external.string().optional(),
   id: exports_external.string().optional(),
-  extensions: exports_external.record(exports_external.string(), exports_external.unknown()).optional()
+  extensions: exports_external.record(exports_external.string(), exports_external.unknown()).optional(),
+  edApp: exports_external.union([exports_external.string(), exports_external.record(exports_external.string(), exports_external.unknown())]).optional(),
+  session: exports_external.union([exports_external.string(), exports_external.record(exports_external.string(), exports_external.unknown())]).optional()
 }).strict();
 var TimebackEvent = exports_external.union([TimebackActivityEvent, TimebackTimeSpentEvent]);
 var CaliperEnvelope = exports_external.object({
@@ -17342,7 +17369,7 @@ var TimebackConfig = exports_external.object({
   path: ["courses"]
 });
 // ../types/src/zod/edubridge.ts
-var EdubridgeDateString = IsoDateTimeString;
+var EdubridgeDateString = exports_external.union([IsoDateTimeString, IsoDateString]);
 var EduBridgeEnrollment = exports_external.object({
   id: exports_external.string(),
   role: exports_external.string(),
@@ -19408,8 +19435,8 @@ async function addCredentials(options = {}) {
       }
       isOverwriting = true;
     }
-    const creds = await promptForCredentials(env2);
-    if (creds === null) {
+    const result = await promptForCredentials(env2);
+    if (result.status === "cancelled") {
       if (!inline) {
         if (isOverwriting) {
           outro.info("Existing credentials unchanged");
@@ -19417,11 +19444,21 @@ async function addCredentials(options = {}) {
           outro.cancelled();
         }
       }
-      if (exitOnComplete)
+      if (exitOnComplete) {
         process.exit(0);
+      }
+      return;
+    }
+    if (result.status === "error") {
+      if (!inline) {
+        outro.error("Credential setup failed");
+      }
+      if (exitOnComplete) {
+        process.exit(1);
+      }
       return;
     }
-    await saveCredentials(env2, creds);
+    await saveCredentials(env2, result.credentials);
     M2.success(`${env2} credentials saved`);
     savedCount++;
   }
@@ -19433,6 +19470,184 @@ async function addCredentials(options = {}) {
   if (exitOnComplete)
     process.exit(0);
 }
+// src/cli/commands/credentials/create-account.ts
+import { randomUUID } from "node:crypto";
+import { TimebackClient as TimebackClient2 } from "@timeback/core";
+async function promptName(label) {
+  const value = await he({
+    message: label,
+    placeholder: "Enter name",
+    validate: (v2) => {
+      if (!v2?.trim())
+        return `${label} is required`;
+    }
+  });
+  if (isCancelled(value))
+    return null;
+  return value.trim();
+}
+async function searchOrganizations(client, query) {
+  const allOrgs = await client.oneroster.orgs.listAll({
+    where: { status: "active" },
+    max: 100
+  });
+  if (!query.trim())
+    return allOrgs;
+  const lowerQuery = query.toLowerCase().trim();
+  return allOrgs.filter((org) => org.name?.toLowerCase().includes(lowerQuery));
+}
+async function searchForOrganization(client) {
+  const query = await he({
+    message: "Search for organization",
+    placeholder: "Enter organization name to search"
+  });
+  if (isCancelled(query))
+    return null;
+  const s = Y2();
+  s.start("Searching organizations...");
+  let results;
+  try {
+    results = await searchOrganizations(client, query);
+    s.stop(green(`Found ${results.length} result${results.length === 1 ? "" : "s"}`));
+  } catch (error48) {
+    s.stop(red("Failed to search organizations"));
+    M2.error(error48 instanceof Error ? error48.message : "Unknown error");
+    return null;
+  }
+  if (results.length === 0) {
+    M2.warn("No organizations found matching your search");
+    return promptOrganization(client);
+  }
+  const validResults = results.filter((org) => org.sourcedId);
+  if (validResults.length === 0) {
+    M2.warn("No valid organizations found (missing IDs)");
+    return promptOrganization(client);
+  }
+  const options = validResults.map((org) => ({
+    value: org.sourcedId,
+    label: org.name ?? "Unnamed Organization"
+  }));
+  options.push({ value: "__back__", label: `${dim("←")} Back to options` });
+  const selection = await ve({
+    message: "Select an organization",
+    options
+  });
+  if (isCancelled(selection))
+    return null;
+  if (selection === "__back__") {
+    return promptOrganization(client);
+  }
+  return validResults.find((org) => org.sourcedId === selection) ?? null;
+}
+async function promptOrganization(client) {
+  const action = await ve({
+    message: "Organization",
+    options: [
+      { value: "search", label: "Search for existing organization" },
+      { value: "create", label: "Create new organization" }
+    ]
+  });
+  if (isCancelled(action))
+    return null;
+  if (action === "create") {
+    return createNewOrganization(client);
+  }
+  return searchForOrganization(client);
+}
+async function createNewOrganization(client) {
+  const name = await he({
+    message: "Organization name",
+    placeholder: "Enter organization name",
+    validate: (v2) => {
+      if (!v2?.trim())
+        return "Organization name is required";
+    }
+  });
+  if (isCancelled(name))
+    return null;
+  const s = Y2();
+  s.start("Creating organization...");
+  const sourcedId = randomUUID();
+  try {
+    await client.oneroster.orgs.create({
+      sourcedId,
+      name: name.trim(),
+      type: "school",
+      status: "active"
+    });
+    const organization = await client.oneroster.orgs.get(sourcedId);
+    s.stop(green(`Organization "${name}" created`));
+    return organization;
+  } catch (error48) {
+    s.stop(red("Failed to create organization"));
+    M2.error(error48 instanceof Error ? error48.message : "Unknown error");
+    return null;
+  }
+}
+async function createUser(client, email3, givenName, familyName, organizationId) {
+  const s = Y2();
+  s.start("Creating account...");
+  const sourcedId = randomUUID();
+  try {
+    await client.oneroster.users.create({
+      sourcedId,
+      givenName,
+      familyName,
+      email: email3.toLowerCase(),
+      enabledUser: true,
+      status: "active",
+      roles: [
+        {
+          roleType: "primary",
+          role: "administrator",
+          org: { sourcedId: organizationId }
+        }
+      ]
+    });
+    const user = await client.oneroster.users.get(sourcedId);
+    s.stop(green("Account created successfully"));
+    return user;
+  } catch (error48) {
+    s.stop(red("Failed to create account"));
+    M2.error(error48 instanceof Error ? error48.message : "Unknown error");
+    return null;
+  }
+}
+async function createAccountFlow(options) {
+  const { environment, clientId, clientSecret, email: email3 } = options;
+  M2.info("");
+  M2.info(`No account found for ${dim(email3)} in ${environment}`);
+  const shouldCreate = await ye({
+    message: "Would you like to create a new account?",
+    initialValue: true
+  });
+  if (isCancelled(shouldCreate)) {
+    return { success: false };
+  }
+  if (!shouldCreate) {
+    return { success: false, declined: true };
+  }
+  const client = new TimebackClient2({
+    env: environment,
+    auth: { clientId, clientSecret }
+  });
+  const givenName = await promptName("First name");
+  if (!givenName)
+    return { success: false };
+  const familyName = await promptName("Last name");
+  if (!familyName)
+    return { success: false };
+  const organization = await promptOrganization(client);
+  if (!organization?.sourcedId)
+    return { success: false };
+  const user = await createUser(client, email3, givenName, familyName, organization.sourcedId);
+  if (!user) {
+    return { success: false };
+  }
+  M2.success(`Account created for ${user.givenName} ${user.familyName}`);
+  return { success: true };
+}
+
 // src/cli/commands/credentials/email.ts
 async function updateEmail(options = {}) {
   const { exitOnComplete = true, inline = false } = options;
@@ -19501,32 +19716,58 @@ async function updateEmail(options = {}) {
     return;
   }
   const emailUnchanged = email3 === (currentEmail ?? "");
-  if (emailUnchanged) {
-    if (!inline)
-      outro.info("Email unchanged");
-    if (exitOnComplete)
-      process.exit(0);
-    return;
-  }
   if (email3) {
     const s = Y2();
-    s.start("Validating email...");
+    s.start("Checking account...");
     const result = await validateEmailWithTimeback(targetEnv, currentCreds.clientId, currentCreds.clientSecret, email3);
     if (!result.valid) {
-      s.stop(red("Email validation failed"));
-      M2.error(result.error ?? "Unknown error");
-      M2.info("Please contact a Timeback admin to set up your account.");
+      if (result.reason !== "not_found") {
+        s.stop(red("Account check failed"));
+        M2.error(result.error ?? "Unknown error");
+        if (!inline)
+          outro.error("Account check failed");
+        if (exitOnComplete)
+          process.exit(1);
+        return;
+      }
+      s.stop(red("No account found"));
+      const { success: accountCreated, declined } = await createAccountFlow({
+        environment: targetEnv,
+        clientId: currentCreds.clientId,
+        clientSecret: currentCreds.clientSecret,
+        email: email3
+      });
+      if (!emailUnchanged) {
+        await saveCredentials(targetEnv, {
+          ...currentCreds,
+          email: email3
+        });
+        M2.success(`Email saved for ${targetEnv}`);
+      }
+      if (!inline) {
+        if (accountCreated || declined) {
+          outro.success();
+        } else {
+          outro.info("Setup incomplete - run this command again to finish");
+        }
+      }
+      if (exitOnComplete)
+        process.exit(0);
+      return;
+    }
+    s.stop(green("Account verified"));
+    if (emailUnchanged) {
       if (!inline)
-        outro.error("Email validation failed");
+        outro.info("Email unchanged");
       if (exitOnComplete)
-        process.exit(1);
+        process.exit(0);
       return;
     }
     await saveCredentials(targetEnv, {
       ...currentCreds,
       email: email3
     });
-    s.stop(green(`Email updated for ${targetEnv}`));
+    M2.success(`Email updated for ${targetEnv}`);
     if (!inline)
       outro.success();
     if (exitOnComplete)
@@ -19688,14 +19929,21 @@ async function promptInitialCredentials(options = {}) {
     outro.cancelled();
     process.exit(0);
   }
+  const configuredEnvs = [];
   for (const env2 of environments) {
-    const creds = await promptForCredentials(env2);
-    if (creds) {
-      await saveCredentials(env2, creds);
-      M2.success(`${env2} credentials saved`);
+    const result = await promptForCredentials(env2);
+    if (result.status === "cancelled") {
+      outro.cancelled();
+      process.exit(0);
+    }
+    if (result.status === "error") {
+      outro.error("Credential setup failed");
+      process.exit(1);
     }
+    await saveCredentials(env2, result.credentials);
+    M2.success(`${env2} credentials saved`);
+    configuredEnvs.push(env2);
   }
-  const configuredEnvs = environments;
   let selectedEnv;
   if (configuredEnvs.length === 1) {
     selectedEnv = configuredEnvs[0];
@@ -19835,7 +20083,7 @@ function printError3(error48, opts = {}) {
   parser.printError(error48);
 }
 // src/cli/lib/courses.ts
-import { TimebackClient as TimebackClient2 } from "@timeback/core";
+import { TimebackClient as TimebackClient3 } from "@timeback/core";
 async function fetchCoursesByIds(client, ids) {
   const courses = [];
   for (const id of ids) {
@@ -19847,7 +20095,7 @@ async function fetchCoursesByIds(client, ids) {
   return courses;
 }
 async function fetchCourses(creds, env2, ids) {
-  const client = new TimebackClient2({
+  const client = new TimebackClient3({
     env: env2,
     auth: { clientId: creds.clientId, clientSecret: creds.clientSecret }
   });
@@ -19869,7 +20117,7 @@ async function checkCoursesManaged(creds, env2, ids) {
   if (ids.length === 0) {
     return { allManaged: true, unmanagedCourses: [] };
   }
-  const client = new TimebackClient2({
+  const client = new TimebackClient3({
     env: env2,
     auth: { clientId: creds.clientId, clientSecret: creds.clientSecret }
   });
@@ -19917,7 +20165,7 @@ async function handleCredentialSetup(options = {}) {
   };
 }
 // src/cli/lib/onboarding/import.ts
-import { TimebackClient as TimebackClient3 } from "@timeback/core";
+import { TimebackClient as TimebackClient4 } from "@timeback/core";
 async function promptImportApp(credentials, configuredEnvs) {
   let env2;
   if (configuredEnvs.length === 1 && configuredEnvs[0]) {
@@ -19930,7 +20178,7 @@ async function promptImportApp(credentials, configuredEnvs) {
     env2 = selectedEnv;
   }
   const creds = credentials[env2];
-  const client = new TimebackClient3({
+  const client = new TimebackClient4({
     env: env2,
     auth: { clientId: creds.clientId, clientSecret: creds.clientSecret }
   });
@@ -20058,10 +20306,11 @@ function buildUserConfigFromCourses(courses) {
   };
 }
 async function resolveFromCourseIds(courseIds, env2, credentials, configuredEnvs) {
-  const creds = await ensureCredentials({ env: env2, credentials, skipIntro: true });
-  if (!creds) {
+  const ensureResult = await ensureCredentials({ env: env2, credentials, skipIntro: true });
+  if (ensureResult.status !== "ok") {
     return null;
   }
+  const creds = ensureResult.credentials;
   const courses = await fetchCourses(creds, env2, courseIds);
   if (courses.length === 0) {
     M2.warn("No courses found for the provided IDs.");
@@ -22359,7 +22608,8 @@ var cors = (options) => {
 async function handleBootstrap(c, ctx) {
   const { bootstrap } = c.get("services");
   const env2 = c.get("env");
-  const email3 = ctx.credentials[env2]?.email;
+  const freshCredentials = await getSavedCredentials(env2);
+  const email3 = freshCredentials?.email;
   const courseIds = ctx.userConfig.courseIds[env2];
   const result = await bootstrap.getBootstrap({ email: email3, courseIds });
   return c.json(result);
@@ -23291,11 +23541,15 @@ class StatusService {
   }
   async getStatus() {
     const configuredEnvironments = await getConfiguredEnvironments();
+    const [stagingCreds, productionCreds] = await Promise.all([
+      getSavedCredentials("staging"),
+      getSavedCredentials("production")
+    ]);
     return {
       config: this.ctx.userConfig,
       environment: this.ctx.defaultEnvironment,
       configuredEnvironments,
-      hasEmail: !!this.ctx.credentials.staging?.email || !!this.ctx.credentials.production?.email
+      hasEmail: !!stagingCreds?.email || !!productionCreds?.email
     };
   }
 }
@@ -23440,7 +23694,6 @@ function createEnvMiddleware(ctx, manager) {
       }, 400);
     }
     if (!manager.has(env2)) {
-      log7.warn("Environment not configured", { env: env2 });
       const error48 = createStudioError("ENV_NOT_CONFIGURED", `Environment '${env2}' not configured`);
       return c.json({
         success: false,
@@ -23970,10 +24223,14 @@ function startServer(ctx, serverConfig, configFile) {
 
 // src/cli/commands/serve/index.ts
 async function launchServer(serverConfig, userConfig, credentials, env2, opts, configFile) {
-  const creds = await ensureCredentials({ env: env2, credentials, skipIntro: true });
-  if (!creds) {
+  const ensureResult = await ensureCredentials({ env: env2, credentials, skipIntro: true });
+  if (ensureResult.status === "cancelled") {
+    process.exit(0);
+  }
+  if (ensureResult.status === "error") {
     process.exit(1);
   }
+  const creds = ensureResult.credentials;
   const derivedSensors = await resolveSensors({
     config: userConfig,
     env: env2,

package/dist/cli/commands/credentials/add.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"add.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/credentials/add.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,OAAO,CAAA;AAE3C;;;GAGG;AACH,wBAAsB,cAAc,CAAC,OAAO,GAAE,cAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuEhF"}
+{"version":3,"file":"add.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/credentials/add.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,OAAO,CAAA;AAE3C;;;GAGG;AACH,wBAAsB,cAAc,CAAC,OAAO,GAAE,cAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuFhF"}

package/dist/cli/commands/credentials/create-account.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Account Creation
+ *
+ * Interactive CLI flow for creating a new Timeback user account
+ * when no matching account exists for the provided email.
+ */
+import type { CredentialEnvironment } from '@timeback/internal-cli-infra';
+/**
+ * Options for creating a new account.
+ */
+interface CreateAccountOptions {
+    environment: CredentialEnvironment;
+    clientId: string;
+    clientSecret: string;
+    email: string;
+}
+/**
+ * Result of the account creation flow.
+ */
+interface CreateAccountResult {
+    success: boolean;
+    /** User explicitly declined to create an account (vs cancelled or failed) */
+    declined?: boolean;
+}
+/**
+ * Interactive flow to create a new Timeback account.
+ *
+ * Called when no matching user is found for the provided email.
+ * Guides the user through entering their name and selecting/creating
+ * an organization.
+ *
+ * @param options - Account creation options
+ * @returns Result indicating success and the created user
+ */
+export declare function createAccountFlow(options: CreateAccountOptions): Promise<CreateAccountResult>;
+export {};
+//# sourceMappingURL=create-account.d.ts.map

package/dist/cli/commands/credentials/create-account.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-account.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/credentials/create-account.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AASH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AAGzE;;GAEG;AACH,UAAU,oBAAoB;IAC7B,WAAW,EAAE,qBAAqB,CAAA;IAClC,QAAQ,EAAE,MAAM,CAAA;IAChB,YAAY,EAAE,MAAM,CAAA;IACpB,KAAK,EAAE,MAAM,CAAA;CACb;AAED;;GAEG;AACH,UAAU,mBAAmB;IAC5B,OAAO,EAAE,OAAO,CAAA;IAChB,6EAA6E;IAC7E,QAAQ,CAAC,EAAE,OAAO,CAAA;CAClB;AA2ND;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CAAC,OAAO,EAAE,oBAAoB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CA0CnG"}

package/dist/cli/commands/credentials/email.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"email.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/credentials/email.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,OAAO,CAAA;AAE3C;;;GAGG;AACH,wBAAsB,WAAW,CAAC,OAAO,GAAE,cAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAqH7E"}
+{"version":3,"file":"email.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/credentials/email.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,OAAO,CAAA;AAE3C;;;GAGG;AACH,wBAAsB,WAAW,CAAC,OAAO,GAAE,cAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAqJ7E"}

package/dist/cli/commands/credentials/lib/initial.d.ts

@@ -7,7 +7,7 @@ interface PromptInitialCredentialsOptions {
  * Runs the first-time credential setup flow.
  *
  * @param options - Options for the prompt
- * @returns The selected environment to use for this run, or null if cancelled
+ * @returns The selected environment to use for this run, or null if cancelled/error
  */
 export declare function promptInitialCredentials(options?: PromptInitialCredentialsOptions): Promise<CredentialEnvironment | null>;
 export {};

package/dist/cli/commands/credentials/lib/initial.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"initial.d.ts","sourceRoot":"","sources":["../../../../../src/cli/commands/credentials/lib/initial.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AAEzE,UAAU,+BAA+B;IACxC,kEAAkE;IAClE,SAAS,CAAC,EAAE,OAAO,CAAA;CACnB;AAED;;;;;GAKG;AACH,wBAAsB,wBAAwB,CAC7C,OAAO,GAAE,+BAAoC,GAC3C,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAyDvC"}
+{"version":3,"file":"initial.d.ts","sourceRoot":"","sources":["../../../../../src/cli/commands/credentials/lib/initial.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,8BAA8B,CAAA;AAEzE,UAAU,+BAA+B;IACxC,kEAAkE;IAClE,SAAS,CAAC,EAAE,OAAO,CAAA;CACnB;AAED;;;;;GAKG;AACH,wBAAsB,wBAAwB,CAC7C,OAAO,GAAE,+BAAoC,GAC3C,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAoEvC"}

package/dist/cli/commands/serve/config.d.ts

@@ -42,7 +42,7 @@ export declare function buildUserConfigFromCourses(courses: CourseConfig[]): Loa
  * @param env - Target environment
  * @param credentials - Credentials map
  * @param configuredEnvs - List of configured environments
- * @returns Resolved config, or null if cancelled
+ * @returns Resolved config, or null if cancelled/error
  */
 export declare function resolveFromCourseIds(courseIds: string[], env: Environment, credentials: EnvironmentCredentials, configuredEnvs: Environment[]): Promise<ResolvedConfig | null>;
 /**

package/dist/cli/commands/serve/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/serve/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AA0BH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AACnD,OAAO,KAAK,EACX,WAAW,EACX,WAAW,EACX,sBAAsB,EACtB,gBAAgB,EAChB,aAAa,EACb,MAAM,iBAAiB,CAAA;AACxB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AAE7C,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3D,UAAU,yBAAyB;IAClC,QAAQ,EAAE,cAAc,CAAA;IACxB,WAAW,EAAE,sBAAsB,CAAA;IACnC,cAAc,EAAE,WAAW,EAAE,CAAA;CAC7B;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,mBAAmB,CACxC,SAAS,EAAE,MAAM,EAAE,EACnB,IAAI,EAAE,YAAY,EAClB,kBAAkB,EAAE,WAAW,GAC7B,OAAO,CAAC,yBAAyB,GAAG,IAAI,CAAC,CAqF3C;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,YAAY,GAAG,gBAAgB,CAqBhF;AAED;;;;GAIG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,gBAAgB,CAkBpF;AAED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CACzC,SAAS,EAAE,MAAM,EAAE,EACnB,GAAG,EAAE,WAAW,EAChB,WAAW,EAAE,sBAAsB,EACnC,cAAc,EAAE,WAAW,EAAE,GAC3B,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CA8BhC;AAED;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC9C,WAAW,EAAE,sBAAsB,EACnC,cAAc,EAAE,WAAW,EAAE,EAC7B,UAAU,EAAE,WAAW,EACvB,UAAU,GAAE,aAAkB,GAC5B,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CA0BhC;AAmCD;;;;;;;;;GASG;AACH;;GAEG;AACH,UAAU,qBAAqB;IAC9B,MAAM,EAAE,gBAAgB,CAAA;IACxB,GAAG,EAAE,WAAW,CAAA;IAChB,IAAI,EAAE,YAAY,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;CAClB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CACnC,OAAO,EAAE,qBAAqB,GAC5B,OAAO,CAAC,MAAM,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,CA2EtC;AAMD;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,aAAa,CAClC,SAAS,EAAE,MAAM,EAAE,EACnB,IAAI,EAAE,YAAY,EAClB,WAAW,EAAE,sBAAsB,EACnC,cAAc,EAAE,WAAW,EAAE,EAC7B,UAAU,EAAE,WAAW,GACrB,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAShC"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/serve/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AA0BH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AACnD,OAAO,KAAK,EACX,WAAW,EACX,WAAW,EACX,sBAAsB,EACtB,gBAAgB,EAChB,aAAa,EACb,MAAM,iBAAiB,CAAA;AACxB,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AAE7C,OAAO,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAE3D,UAAU,yBAAyB;IAClC,QAAQ,EAAE,cAAc,CAAA;IACxB,WAAW,EAAE,sBAAsB,CAAA;IACnC,cAAc,EAAE,WAAW,EAAE,CAAA;CAC7B;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,mBAAmB,CACxC,SAAS,EAAE,MAAM,EAAE,EACnB,IAAI,EAAE,YAAY,EAClB,kBAAkB,EAAE,WAAW,GAC7B,OAAO,CAAC,yBAAyB,GAAG,IAAI,CAAC,CAqF3C;AAED;;;;GAIG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,YAAY,GAAG,gBAAgB,CAqBhF;AAED;;;;GAIG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,gBAAgB,CAkBpF;AAED;;;;;;;;GAQG;AACH,wBAAsB,oBAAoB,CACzC,SAAS,EAAE,MAAM,EAAE,EACnB,GAAG,EAAE,WAAW,EAChB,WAAW,EAAE,sBAAsB,EACnC,cAAc,EAAE,WAAW,EAAE,GAC3B,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAgChC;AAED;;;;;;;GAOG;AACH,wBAAsB,yBAAyB,CAC9C,WAAW,EAAE,sBAAsB,EACnC,cAAc,EAAE,WAAW,EAAE,EAC7B,UAAU,EAAE,WAAW,EACvB,UAAU,GAAE,aAAkB,GAC5B,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CA0BhC;AAmCD;;;;;;;;;GASG;AACH;;GAEG;AACH,UAAU,qBAAqB;IAC9B,MAAM,EAAE,gBAAgB,CAAA;IACxB,GAAG,EAAE,WAAW,CAAA;IAChB,IAAI,EAAE,YAAY,CAAA;IAClB,KAAK,EAAE,WAAW,CAAA;CAClB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAsB,cAAc,CACnC,OAAO,EAAE,qBAAqB,GAC5B,OAAO,CAAC,MAAM,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,CA2EtC;AAMD;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,aAAa,CAClC,SAAS,EAAE,MAAM,EAAE,EACnB,IAAI,EAAE,YAAY,EAClB,WAAW,EAAE,sBAAsB,EACnC,cAAc,EAAE,WAAW,EAAE,EAC7B,UAAU,EAAE,WAAW,GACrB,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAShC"}

package/dist/cli/commands/serve/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/serve/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAmBH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAmM3C;;;;;;;;;;;;GAYG;AACH,wBAAsB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAsCzF"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/serve/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAmBH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AA0M3C;;;;;;;;;;;;GAYG;AACH,wBAAsB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAsCzF"}

package/dist/index.js

@@ -840,6 +840,11 @@ ${t}
 ${import_picocolors2.default.green(C)}  ${import_picocolors2.default.reset(n)} ${import_picocolors2.default.gray(_2.repeat(Math.max(s - i - 1, 1)) + me)}
 ${c}
 ${import_picocolors2.default.gray(de + _2.repeat(s + 2) + pe)}
+`);
+};
+var xe = (t = "") => {
+  process.stdout.write(`${import_picocolors2.default.gray(d2)}  ${import_picocolors2.default.red(t)}
+
 `);
 };
 var Ie = (t = "") => {
@@ -14585,7 +14590,7 @@ function intro(title) {
 }
 var outro = {
   success: (message = "Done") => Se(green(message)),
-  cancelled: () => Se(dim("Cancelled")),
+  cancelled: () => xe(dim("Cancelled")),
   error: (message) => Se(red(message)),
   warn: (message) => Se(yellow(message)),
   info: (message) => Se(dim(message))
@@ -14685,8 +14690,8 @@ async function getConfiguredEnvironments() {
   return configured;
 }
 function getEnvCredentials() {
-  const clientId = process.env.TIMEBACK_CLIENT_ID;
-  const clientSecret = process.env.TIMEBACK_CLIENT_SECRET;
+  const clientId = process.env.TIMEBACK_API_CLIENT_ID ?? process.env.TIMEBACK_CLIENT_ID;
+  const clientSecret = process.env.TIMEBACK_API_CLIENT_SECRET ?? process.env.TIMEBACK_CLIENT_SECRET;
   if (clientId && clientSecret) {
     const result = CredentialsSchema.safeParse({ clientId, clientSecret });
     if (result.success) {
@@ -14730,19 +14735,23 @@ async function validateEmailWithTimeback(environment, clientId, clientSecret, em
   });
   try {
     const page = await client.oneroster.users.list({
-      where: { email: email3 },
+      where: {
+        email: email3,
+        status: "active"
+      },
       limit: 1
     });
     if (page.data.length === 0) {
       return {
         valid: false,
+        reason: "not_found",
         error: `No user found with email "${email3}" in ${environment}`
       };
     }
     return { valid: true };
   } catch (error48) {
     const message = error48 instanceof Error ? error48.message : "Unknown error";
-    return { valid: false, error: `Failed to validate email: ${message}` };
+    return { valid: false, reason: "api_error", error: `Failed to validate email: ${message}` };
   }
 }
 
@@ -14758,7 +14767,7 @@ async function promptForCredentials(environment) {
     }
   });
   if (isCancelled(clientId))
-    return null;
+    return { status: "cancelled" };
   const clientSecret = await ge({
     message: `Client Secret ${dim(`(${environment})`)}`,
     validate: (value) => {
@@ -14768,7 +14777,7 @@ async function promptForCredentials(environment) {
     }
   });
   if (isCancelled(clientSecret))
-    return null;
+    return { status: "cancelled" };
   const email3 = await he({
     message: `Your email ${dim("(for fetching your OneRoster profile)")}`,
     placeholder: "you@example.com",
@@ -14781,33 +14790,47 @@ async function promptForCredentials(environment) {
     }
   });
   if (isCancelled(email3))
-    return null;
+    return { status: "cancelled" };
   if (email3) {
     const s = Y2();
     s.start("Validating email...");
     const result = await validateEmailWithTimeback(environment, clientId, clientSecret, email3);
     if (!result.valid) {
-      s.stop(red("Email validation failed"));
-      M2.error(result.error ?? "Unknown error");
+      const errorMsg = result.error ?? "Email validation failed";
+      s.stop(red(errorMsg));
       M2.info("Please contact a Timeback admin to set up your account.");
-      return null;
+      return {
+        status: "error",
+        error: errorMsg
+      };
     }
     s.stop(green("Email validated"));
   }
-  return { clientId, clientSecret, email: email3 || undefined };
+  return {
+    status: "ok",
+    credentials: { clientId, clientSecret, email: email3 || undefined }
+  };
 }
 async function ensureCredentials(options) {
   const { env: env2, credentials, introTitle = "Timeback", skipIntro = false } = options;
   const existing = credentials[env2];
-  if (existing)
-    return existing;
+  if (existing) {
+    return { status: "ok", credentials: existing, source: "existing" };
+  }
   if (!skipIntro) {
     intro(introTitle);
   }
   Me(`No credentials configured for ${env2}.`, "Credential setup required");
-  const newCreds = await promptForCredentials(env2);
-  if (!newCreds)
-    return null;
+  const promptResult = await promptForCredentials(env2);
+  if (promptResult.status === "cancelled") {
+    outro.cancelled();
+    return { status: "cancelled" };
+  }
+  if (promptResult.status === "error") {
+    outro.error("Credential setup failed");
+    return { status: "error", error: promptResult.error };
+  }
+  const newCreds = promptResult.credentials;
   const saved = await saveCredentials(env2, newCreds);
   if (saved) {
     M2.success(`${env2} credentials saved`);
@@ -14816,7 +14839,7 @@ async function ensureCredentials(options) {
     M2.warn(`Credentials not saved`);
   }
   credentials[env2] = newCreds;
-  return newCreds;
+  return { status: "ok", credentials: newCreds, source: "prompted" };
 }
 // ../internal/cli-infra/src/config/playcademy.ts
 var FILE_PATTERNS = ["playcademy.config.ts", "playcademy.config.js", "playcademy.config.json"];
@@ -15030,6 +15053,8 @@ var ActivityCompletedInput = exports_external.object({
   metricsId: exports_external.string().optional(),
   id: exports_external.string().optional(),
   extensions: exports_external.record(exports_external.string(), exports_external.unknown()).optional(),
+  edApp: exports_external.union([exports_external.string(), exports_external.record(exports_external.string(), exports_external.unknown())]).optional(),
+  session: exports_external.union([exports_external.string(), exports_external.record(exports_external.string(), exports_external.unknown())]).optional(),
   attempt: exports_external.number().int().min(1).optional(),
   generatedExtensions: exports_external.object({
     pctCompleteApp: exports_external.number().optional()
@@ -15042,7 +15067,9 @@ var TimeSpentInput = exports_external.object({
   eventTime: IsoDateTimeString.optional(),
   metricsId: exports_external.string().optional(),
   id: exports_external.string().optional(),
-  extensions: exports_external.record(exports_external.string(), exports_external.unknown()).optional()
+  extensions: exports_external.record(exports_external.string(), exports_external.unknown()).optional(),
+  edApp: exports_external.union([exports_external.string(), exports_external.record(exports_external.string(), exports_external.unknown())]).optional(),
+  session: exports_external.union([exports_external.string(), exports_external.record(exports_external.string(), exports_external.unknown())]).optional()
 }).strict();
 var TimebackEvent = exports_external.union([TimebackActivityEvent, TimebackTimeSpentEvent]);
 var CaliperEnvelope = exports_external.object({
@@ -15232,7 +15259,7 @@ var TimebackConfig = exports_external.object({
   path: ["courses"]
 });
 // ../types/src/zod/edubridge.ts
-var EdubridgeDateString = IsoDateTimeString;
+var EdubridgeDateString = exports_external.union([IsoDateTimeString, IsoDateString]);
 var EduBridgeEnrollment = exports_external.object({
   id: exports_external.string(),
   role: exports_external.string(),
@@ -17483,8 +17510,8 @@ async function addCredentials(options = {}) {
       }
       isOverwriting = true;
     }
-    const creds = await promptForCredentials(env2);
-    if (creds === null) {
+    const result = await promptForCredentials(env2);
+    if (result.status === "cancelled") {
       if (!inline) {
         if (isOverwriting) {
           outro.info("Existing credentials unchanged");
@@ -17492,11 +17519,21 @@ async function addCredentials(options = {}) {
           outro.cancelled();
         }
       }
-      if (exitOnComplete)
+      if (exitOnComplete) {
         process.exit(0);
+      }
       return;
     }
-    await saveCredentials(env2, creds);
+    if (result.status === "error") {
+      if (!inline) {
+        outro.error("Credential setup failed");
+      }
+      if (exitOnComplete) {
+        process.exit(1);
+      }
+      return;
+    }
+    await saveCredentials(env2, result.credentials);
     M2.success(`${env2} credentials saved`);
     savedCount++;
   }
@@ -17508,6 +17545,184 @@ async function addCredentials(options = {}) {
   if (exitOnComplete)
     process.exit(0);
 }
+// src/cli/commands/credentials/create-account.ts
+import { randomUUID } from "node:crypto";
+import { TimebackClient as TimebackClient3 } from "@timeback/core";
+async function promptName(label) {
+  const value = await he({
+    message: label,
+    placeholder: "Enter name",
+    validate: (v2) => {
+      if (!v2?.trim())
+        return `${label} is required`;
+    }
+  });
+  if (isCancelled(value))
+    return null;
+  return value.trim();
+}
+async function searchOrganizations(client, query) {
+  const allOrgs = await client.oneroster.orgs.listAll({
+    where: { status: "active" },
+    max: 100
+  });
+  if (!query.trim())
+    return allOrgs;
+  const lowerQuery = query.toLowerCase().trim();
+  return allOrgs.filter((org) => org.name?.toLowerCase().includes(lowerQuery));
+}
+async function searchForOrganization(client) {
+  const query = await he({
+    message: "Search for organization",
+    placeholder: "Enter organization name to search"
+  });
+  if (isCancelled(query))
+    return null;
+  const s = Y2();
+  s.start("Searching organizations...");
+  let results;
+  try {
+    results = await searchOrganizations(client, query);
+    s.stop(green(`Found ${results.length} result${results.length === 1 ? "" : "s"}`));
+  } catch (error48) {
+    s.stop(red("Failed to search organizations"));
+    M2.error(error48 instanceof Error ? error48.message : "Unknown error");
+    return null;
+  }
+  if (results.length === 0) {
+    M2.warn("No organizations found matching your search");
+    return promptOrganization(client);
+  }
+  const validResults = results.filter((org) => org.sourcedId);
+  if (validResults.length === 0) {
+    M2.warn("No valid organizations found (missing IDs)");
+    return promptOrganization(client);
+  }
+  const options = validResults.map((org) => ({
+    value: org.sourcedId,
+    label: org.name ?? "Unnamed Organization"
+  }));
+  options.push({ value: "__back__", label: `${dim("←")} Back to options` });
+  const selection = await ve({
+    message: "Select an organization",
+    options
+  });
+  if (isCancelled(selection))
+    return null;
+  if (selection === "__back__") {
+    return promptOrganization(client);
+  }
+  return validResults.find((org) => org.sourcedId === selection) ?? null;
+}
+async function promptOrganization(client) {
+  const action = await ve({
+    message: "Organization",
+    options: [
+      { value: "search", label: "Search for existing organization" },
+      { value: "create", label: "Create new organization" }
+    ]
+  });
+  if (isCancelled(action))
+    return null;
+  if (action === "create") {
+    return createNewOrganization(client);
+  }
+  return searchForOrganization(client);
+}
+async function createNewOrganization(client) {
+  const name = await he({
+    message: "Organization name",
+    placeholder: "Enter organization name",
+    validate: (v2) => {
+      if (!v2?.trim())
+        return "Organization name is required";
+    }
+  });
+  if (isCancelled(name))
+    return null;
+  const s = Y2();
+  s.start("Creating organization...");
+  const sourcedId = randomUUID();
+  try {
+    await client.oneroster.orgs.create({
+      sourcedId,
+      name: name.trim(),
+      type: "school",
+      status: "active"
+    });
+    const organization = await client.oneroster.orgs.get(sourcedId);
+    s.stop(green(`Organization "${name}" created`));
+    return organization;
+  } catch (error48) {
+    s.stop(red("Failed to create organization"));
+    M2.error(error48 instanceof Error ? error48.message : "Unknown error");
+    return null;
+  }
+}
+async function createUser(client, email3, givenName, familyName, organizationId) {
+  const s = Y2();
+  s.start("Creating account...");
+  const sourcedId = randomUUID();
+  try {
+    await client.oneroster.users.create({
+      sourcedId,
+      givenName,
+      familyName,
+      email: email3.toLowerCase(),
+      enabledUser: true,
+      status: "active",
+      roles: [
+        {
+          roleType: "primary",
+          role: "administrator",
+          org: { sourcedId: organizationId }
+        }
+      ]
+    });
+    const user = await client.oneroster.users.get(sourcedId);
+    s.stop(green("Account created successfully"));
+    return user;
+  } catch (error48) {
+    s.stop(red("Failed to create account"));
+    M2.error(error48 instanceof Error ? error48.message : "Unknown error");
+    return null;
+  }
+}
+async function createAccountFlow(options) {
+  const { environment, clientId, clientSecret, email: email3 } = options;
+  M2.info("");
+  M2.info(`No account found for ${dim(email3)} in ${environment}`);
+  const shouldCreate = await ye({
+    message: "Would you like to create a new account?",
+    initialValue: true
+  });
+  if (isCancelled(shouldCreate)) {
+    return { success: false };
+  }
+  if (!shouldCreate) {
+    return { success: false, declined: true };
+  }
+  const client = new TimebackClient3({
+    env: environment,
+    auth: { clientId, clientSecret }
+  });
+  const givenName = await promptName("First name");
+  if (!givenName)
+    return { success: false };
+  const familyName = await promptName("Last name");
+  if (!familyName)
+    return { success: false };
+  const organization = await promptOrganization(client);
+  if (!organization?.sourcedId)
+    return { success: false };
+  const user = await createUser(client, email3, givenName, familyName, organization.sourcedId);
+  if (!user) {
+    return { success: false };
+  }
+  M2.success(`Account created for ${user.givenName} ${user.familyName}`);
+  return { success: true };
+}
+
 // src/cli/commands/credentials/email.ts
 async function updateEmail(options = {}) {
   const { exitOnComplete = true, inline = false } = options;
@@ -17576,32 +17791,58 @@ async function updateEmail(options = {}) {
     return;
   }
   const emailUnchanged = email3 === (currentEmail ?? "");
-  if (emailUnchanged) {
-    if (!inline)
-      outro.info("Email unchanged");
-    if (exitOnComplete)
-      process.exit(0);
-    return;
-  }
   if (email3) {
     const s = Y2();
-    s.start("Validating email...");
+    s.start("Checking account...");
     const result = await validateEmailWithTimeback(targetEnv, currentCreds.clientId, currentCreds.clientSecret, email3);
     if (!result.valid) {
-      s.stop(red("Email validation failed"));
-      M2.error(result.error ?? "Unknown error");
-      M2.info("Please contact a Timeback admin to set up your account.");
+      if (result.reason !== "not_found") {
+        s.stop(red("Account check failed"));
+        M2.error(result.error ?? "Unknown error");
+        if (!inline)
+          outro.error("Account check failed");
+        if (exitOnComplete)
+          process.exit(1);
+        return;
+      }
+      s.stop(red("No account found"));
+      const { success: accountCreated, declined } = await createAccountFlow({
+        environment: targetEnv,
+        clientId: currentCreds.clientId,
+        clientSecret: currentCreds.clientSecret,
+        email: email3
+      });
+      if (!emailUnchanged) {
+        await saveCredentials(targetEnv, {
+          ...currentCreds,
+          email: email3
+        });
+        M2.success(`Email saved for ${targetEnv}`);
+      }
+      if (!inline) {
+        if (accountCreated || declined) {
+          outro.success();
+        } else {
+          outro.info("Setup incomplete - run this command again to finish");
+        }
+      }
+      if (exitOnComplete)
+        process.exit(0);
+      return;
+    }
+    s.stop(green("Account verified"));
+    if (emailUnchanged) {
       if (!inline)
-        outro.error("Email validation failed");
+        outro.info("Email unchanged");
       if (exitOnComplete)
-        process.exit(1);
+        process.exit(0);
       return;
     }
     await saveCredentials(targetEnv, {
       ...currentCreds,
       email: email3
     });
-    s.stop(green(`Email updated for ${targetEnv}`));
+    M2.success(`Email updated for ${targetEnv}`);
     if (!inline)
       outro.success();
     if (exitOnComplete)
@@ -17763,14 +18004,21 @@ async function promptInitialCredentials(options = {}) {
     outro.cancelled();
     process.exit(0);
   }
+  const configuredEnvs = [];
   for (const env2 of environments) {
-    const creds = await promptForCredentials(env2);
-    if (creds) {
-      await saveCredentials(env2, creds);
-      M2.success(`${env2} credentials saved`);
+    const result = await promptForCredentials(env2);
+    if (result.status === "cancelled") {
+      outro.cancelled();
+      process.exit(0);
     }
+    if (result.status === "error") {
+      outro.error("Credential setup failed");
+      process.exit(1);
+    }
+    await saveCredentials(env2, result.credentials);
+    M2.success(`${env2} credentials saved`);
+    configuredEnvs.push(env2);
   }
-  const configuredEnvs = environments;
   let selectedEnv;
   if (configuredEnvs.length === 1) {
     selectedEnv = configuredEnvs[0];
@@ -17807,7 +18055,7 @@ async function handleCredentialSetup(options = {}) {
   };
 }
 // src/cli/lib/onboarding/import.ts
-import { TimebackClient as TimebackClient3 } from "@timeback/core";
+import { TimebackClient as TimebackClient4 } from "@timeback/core";
 async function promptImportApp(credentials, configuredEnvs) {
   let env2;
   if (configuredEnvs.length === 1 && configuredEnvs[0]) {
@@ -17820,7 +18068,7 @@ async function promptImportApp(credentials, configuredEnvs) {
     env2 = selectedEnv;
   }
   const creds = credentials[env2];
-  const client = new TimebackClient3({
+  const client = new TimebackClient4({
     env: env2,
     auth: { clientId: creds.clientId, clientSecret: creds.clientSecret }
   });
@@ -17948,10 +18196,11 @@ function buildUserConfigFromCourses(courses) {
   };
 }
 async function resolveFromCourseIds(courseIds, env2, credentials, configuredEnvs) {
-  const creds = await ensureCredentials({ env: env2, credentials, skipIntro: true });
-  if (!creds) {
+  const ensureResult = await ensureCredentials({ env: env2, credentials, skipIntro: true });
+  if (ensureResult.status !== "ok") {
     return null;
   }
+  const creds = ensureResult.credentials;
   const courses = await fetchCourses(creds, env2, courseIds);
   if (courses.length === 0) {
     M2.warn("No courses found for the provided IDs.");
@@ -20249,7 +20498,8 @@ var cors = (options) => {
 async function handleBootstrap(c, ctx) {
   const { bootstrap } = c.get("services");
   const env2 = c.get("env");
-  const email3 = ctx.credentials[env2]?.email;
+  const freshCredentials = await getSavedCredentials(env2);
+  const email3 = freshCredentials?.email;
   const courseIds = ctx.userConfig.courseIds[env2];
   const result = await bootstrap.getBootstrap({ email: email3, courseIds });
   return c.json(result);
@@ -21181,11 +21431,15 @@ class StatusService {
   }
   async getStatus() {
     const configuredEnvironments = await getConfiguredEnvironments();
+    const [stagingCreds, productionCreds] = await Promise.all([
+      getSavedCredentials("staging"),
+      getSavedCredentials("production")
+    ]);
     return {
       config: this.ctx.userConfig,
       environment: this.ctx.defaultEnvironment,
       configuredEnvironments,
-      hasEmail: !!this.ctx.credentials.staging?.email || !!this.ctx.credentials.production?.email
+      hasEmail: !!stagingCreds?.email || !!productionCreds?.email
     };
   }
 }
@@ -21330,7 +21584,6 @@ function createEnvMiddleware(ctx, manager) {
       }, 400);
     }
     if (!manager.has(env2)) {
-      log7.warn("Environment not configured", { env: env2 });
       const error48 = createStudioError("ENV_NOT_CONFIGURED", `Environment '${env2}' not configured`);
       return c.json({
         success: false,
@@ -21860,10 +22113,14 @@ function startServer(ctx, serverConfig, configFile) {
 
 // src/cli/commands/serve/index.ts
 async function launchServer(serverConfig, userConfig, credentials, env2, opts, configFile) {
-  const creds = await ensureCredentials({ env: env2, credentials, skipIntro: true });
-  if (!creds) {
+  const ensureResult = await ensureCredentials({ env: env2, credentials, skipIntro: true });
+  if (ensureResult.status === "cancelled") {
+    process.exit(0);
+  }
+  if (ensureResult.status === "error") {
     process.exit(1);
   }
+  const creds = ensureResult.credentials;
   const derivedSensors = await resolveSensors({
     config: userConfig,
     env: env2,

package/dist/server/controllers/bootstrap.d.ts

@@ -11,6 +11,9 @@ import type { EnvVariables } from '../lib';
  *
  * Requires env middleware to set `env` and `client` context variables.
  *
+ * NOTE: We read credentials fresh from disk to pick up changes made via CLI
+ * (e.g., email updates, account creation) without requiring a server restart.
+ *
  * @param c - Hono context with env variables
  * @param ctx - App context
  * @returns JSON response with user and courses

package/dist/server/controllers/bootstrap.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../../src/server/controllers/bootstrap.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAE1C;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,SAAS,EAAE,YAAY,CAAA;CAAE,CAAC,EAAE,GAAG,EAAE,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mEAU7F"}
+{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../../src/server/controllers/bootstrap.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAA;AACnC,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAA;AAE1C;;;;;;;;;;;GAWG;AACH,wBAAsB,eAAe,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,SAAS,EAAE,YAAY,CAAA;CAAE,CAAC,EAAE,GAAG,EAAE,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mEAW7F"}

package/dist/server/services/status.d.ts

@@ -15,10 +15,13 @@ export declare class StatusService {
     private readonly ctx;
     constructor(ctx: AppContext);
     /**
- * Build the status payload.
- *
- * @returns Status payload object
- */
+     * Build the status payload.
+     *
+     * NOTE: We read credentials fresh from disk to pick up changes made via CLI
+     * (e.g., email updates, account creation) without requiring a server restart.
+     *
+     * @returns Status payload object
+     */
     getStatus(): Promise<StatusEventPayload>;
 }
 //# sourceMappingURL=status.d.ts.map

package/dist/server/services/status.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../../src/server/services/status.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAErD;;;;;GAKG;AACH,qBAAa,aAAa;IACzB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAY;IAEhC,YAAY,GAAG,EAAE,UAAU,EAE1B;IAED;;;;GAIE;IACI,SAAS,IAAI,OAAO,CAAC,kBAAkB,CAAC,CAU7C;CACD"}
+{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../../src/server/services/status.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAA;AAErD;;;;;GAKG;AACH,qBAAa,aAAa;IACzB,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAY;IAEhC,YAAY,GAAG,EAAE,UAAU,EAE1B;IAED;;;;;;;OAOG;IACG,SAAS,IAAI,OAAO,CAAC,kBAAkB,CAAC,CAc7C;CACD"}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "timeback-studio",
-	"version": "0.1.5",
+	"version": "0.1.7",
 	"type": "module",
 	"exports": {
 		".": {
@@ -27,7 +27,7 @@
 	"dependencies": {
 		"@clack/prompts": "^0.11.0",
 		"@hono/node-server": "^1.19.7",
-		"@timeback/core": "0.1.3",
+		"@timeback/core": "0.1.4",
 		"c12": "^3.3.3",
 		"colorette": "^2.0.20",
 		"commander": "^14.0.2",