vigthoria-cli 1.9.2 → 1.9.5

package/dist/commands/preview.js

@@ -254,14 +254,36 @@ class PreviewCommand {
      * Open URL in default browser
      */
     openBrowser(url) {
-        const { exec } = require('child_process');
+        const { execFile } = require('child_process');
         const platform = process.platform;
-        const cmd = platform === 'darwin' ? 'open' : platform === 'win32' ? 'start' : 'xdg-open';
-        exec(`${cmd} ${url}`, (err) => {
-            if (err) {
-                this.logger.debug(`Could not auto-open browser: ${err.message}`);
+        // Validate URL scheme before passing to OS — prevents shell injection via crafted URLs
+        try {
+            const parsed = new URL(url);
+            if (parsed.protocol !== 'https:' && parsed.protocol !== 'http:')
+                return;
+            const safeUrl = parsed.href;
+            if (platform === 'darwin') {
+                execFile('open', [safeUrl], (err) => {
+                    if (err)
+                        this.logger.debug(`Could not auto-open browser: ${err.message}`);
+                });
             }
-        });
+            else if (platform === 'win32') {
+                execFile('cmd', ['/c', 'start', '', safeUrl], (err) => {
+                    if (err)
+                        this.logger.debug(`Could not auto-open browser: ${err.message}`);
+                });
+            }
+            else {
+                execFile('xdg-open', [safeUrl], (err) => {
+                    if (err)
+                        this.logger.debug(`Could not auto-open browser: ${err.message}`);
+                });
+            }
+        }
+        catch {
+            this.logger.debug(`Skipping browser open — invalid URL: ${url}`);
+        }
     }
     /**
      * Show consolidated diff of recent agent changes using git
@@ -322,7 +344,10 @@ class PreviewCommand {
                         let oldContent = '';
                         if (modified.includes(relPath)) {
                             try {
-                                oldContent = execSync(`git show HEAD:${relPath}`, { cwd: projectPath, encoding: 'utf-8' });
+                                // Validate relPath is a safe relative path before interpolating — prevents injection
+                                if (/^[a-zA-Z0-9_\-./]+$/.test(relPath) && !relPath.includes('..')) {
+                                    oldContent = execSync(`git show HEAD:${relPath}`, { cwd: projectPath, encoding: 'utf-8' });
+                                }
                             }
                             catch {
                                 // File is new or not tracked

package/dist/commands/repo.js

@@ -460,17 +460,17 @@ class RepoCommand {
                 const os = require('os');
                 const platform = os.platform();
                 if (platform === 'win32') {
-                    // Use PowerShell's Expand-Archive on Windows
-                    const { execSync } = await import('child_process');
-                    execSync(`powershell -Command "Expand-Archive -Path '${tempArchive}' -DestinationPath '${outputPath}' -Force"`, {
-                        stdio: 'ignore',
-                        windowsHide: true
-                    });
+                    // Use PowerShell's Expand-Archive — args as array to prevent injection
+                    const { execFileSync } = await import('child_process');
+                    execFileSync('powershell', [
+                        '-NoProfile', '-NonInteractive', '-Command',
+                        `Expand-Archive -Path '${tempArchive.replace(/'/g, "''")}' -DestinationPath '${outputPath.replace(/'/g, "''")}' -Force`
+                    ], { stdio: 'ignore', windowsHide: true });
                 }
                 else {
-                    // Use unzip on Unix-like systems
-                    const { execSync } = await import('child_process');
-                    execSync(`unzip -o "${tempArchive}" -d "${outputPath}"`, { stdio: 'ignore' });
+                    // Use unzip on Unix-like systems — args as array to prevent injection
+                    const { execFileSync } = await import('child_process');
+                    execFileSync('unzip', ['-o', tempArchive, '-d', outputPath], { stdio: 'ignore' });
                 }
                 fs.unlinkSync(tempArchive);
             }
@@ -750,14 +750,20 @@ class RepoCommand {
             console.log(chalk_1.default.bold(`   ${data.url}\n`));
             if (options.browser) {
                 try {
-                    const { execSync } = await import('child_process');
+                    const { execFileSync } = await import('child_process');
                     const platform = process.platform;
+                    // Validate URL scheme before passing to OS — prevents shell injection
+                    const parsedUrl = new URL(data.url);
+                    if (parsedUrl.protocol !== 'https:' && parsedUrl.protocol !== 'http:') {
+                        throw new Error('Unsafe URL scheme for browser open');
+                    }
+                    const safeUrl = parsedUrl.href;
                     if (platform === 'win32')
-                        execSync(`start "" "${data.url}"`, { stdio: 'ignore' });
+                        execFileSync('cmd', ['/c', 'start', '', safeUrl], { stdio: 'ignore', windowsHide: true });
                     else if (platform === 'darwin')
-                        execSync(`open "${data.url}"`, { stdio: 'ignore' });
+                        execFileSync('open', [safeUrl], { stdio: 'ignore' });
                     else
-                        execSync(`xdg-open "${data.url}"`, { stdio: 'ignore' });
+                        execFileSync('xdg-open', [safeUrl], { stdio: 'ignore' });
                 }
                 catch { /* browser open is optional */ }
             }

package/dist/commands/update.d.ts

@@ -0,0 +1,9 @@
+type PackageManager = 'npm' | 'pnpm' | 'yarn' | 'bun';
+interface UpdateOptions {
+    check?: boolean;
+    packageManager?: PackageManager;
+    global?: boolean;
+}
+export declare function updateCommand(options?: UpdateOptions): Promise<void>;
+export declare function update(): Promise<void>;
+export default updateCommand;

package/dist/commands/update.js

@@ -0,0 +1,235 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.updateCommand = updateCommand;
+exports.update = update;
+const node_child_process_1 = require("node:child_process");
+const node_fs_1 = require("node:fs");
+const path = __importStar(require("node:path"));
+const node_util_1 = require("node:util");
+const tools_js_1 = require("../utils/tools.js");
+const execFileAsync = (0, node_util_1.promisify)(node_child_process_1.execFile);
+function markSuccessExit() {
+    process.exitCode = 0;
+}
+function markErrorExit() {
+    process.exitCode = 1;
+}
+function findPackageJson(startDir) {
+    let currentDir = startDir;
+    for (let depth = 0; depth < 8; depth += 1) {
+        const candidate = path.join(currentDir, 'package.json');
+        if ((0, node_fs_1.existsSync)(candidate)) {
+            return candidate;
+        }
+        const parentDir = path.join(currentDir, '..');
+        if (parentDir === currentDir) {
+            break;
+        }
+        currentDir = parentDir;
+    }
+    return null;
+}
+function readOwnPackageJson() {
+    const currentFile = __filename;
+    const packagePath = findPackageJson(path.join(currentFile, '..'));
+    if (!packagePath) {
+        throw new Error('Unable to locate package.json for the Vigthoria CLI.');
+    }
+    try {
+        return JSON.parse((0, node_fs_1.readFileSync)(packagePath, 'utf8'));
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`Unable to read package metadata: ${message}`);
+    }
+}
+function compareVersions(a, b) {
+    const parse = (version) => version.replace(/^v/, '').split(/[.-]/).map((part) => {
+        const value = Number.parseInt(part, 10);
+        return Number.isNaN(value) ? 0 : value;
+    });
+    const left = parse(a);
+    const right = parse(b);
+    const length = Math.max(left.length, right.length);
+    for (let index = 0; index < length; index += 1) {
+        const leftValue = left[index] ?? 0;
+        const rightValue = right[index] ?? 0;
+        if (leftValue > rightValue)
+            return 1;
+        if (leftValue < rightValue)
+            return -1;
+    }
+    return 0;
+}
+function quoteCmdArg(value) {
+    if (!/[\s"&()<>^|]/.test(value)) {
+        return value;
+    }
+    return `"${value.replace(/(\\*)"/g, '$1$1\\"')}"`;
+}
+function toPlatformCommand(command, args) {
+    if (process.platform !== 'win32') {
+        return { command, args };
+    }
+    const cmdPath = process.env.ComSpec || path.join(process.env.SystemRoot || 'C:\\Windows', 'System32', 'cmd.exe');
+    return {
+        command: cmdPath,
+        args: ['/d', '/s', '/c', [command, ...args].map(quoteCmdArg).join(' ')],
+    };
+}
+async function execPackageManager(command, args, timeout) {
+    const platformCommand = toPlatformCommand(command, args);
+    const { stdout } = await execFileAsync(platformCommand.command, platformCommand.args, {
+        timeout,
+        maxBuffer: 1024 * 1024,
+        windowsHide: true,
+    });
+    return stdout;
+}
+async function getLatestVersion(packageName) {
+    try {
+        const stdout = await execPackageManager('npm', ['view', packageName, 'version'], 30_000);
+        const latest = stdout.trim();
+        if (!latest) {
+            throw new Error('npm returned an empty version response');
+        }
+        return latest;
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        throw new Error(`Unable to check the latest published version: ${message}`);
+    }
+}
+async function getVersionInfo() {
+    const packageJson = readOwnPackageJson();
+    const packageName = packageJson.name;
+    const current = packageJson.version;
+    if (!packageName || !current) {
+        throw new Error('The CLI package metadata must include both name and version.');
+    }
+    const latest = await getLatestVersion(packageName);
+    return {
+        current,
+        latest,
+        packageName,
+        updateAvailable: compareVersions(current, latest) < 0,
+    };
+}
+function resolveInstallCommand(packageManager, packageName, installGlobal) {
+    const target = `${packageName}@latest`;
+    switch (packageManager) {
+        case 'pnpm':
+            return { command: 'pnpm', args: installGlobal ? ['add', '--global', target] : ['add', '-D', target] };
+        case 'yarn':
+            return { command: 'yarn', args: installGlobal ? ['global', 'add', target] : ['add', '--dev', target] };
+        case 'bun':
+            return { command: 'bun', args: installGlobal ? ['add', '--global', target] : ['add', '--dev', target] };
+        case 'npm':
+        default:
+            return { command: 'npm', args: installGlobal ? ['install', '--global', target] : ['install', '--save-dev', target] };
+    }
+}
+function formatCommand(command) {
+    return [command.command, ...command.args].map(quoteCmdArg).join(' ');
+}
+async function runInstall(packageManager, packageName, installGlobal) {
+    const installCommand = resolveInstallCommand(packageManager, packageName, installGlobal);
+    await execPackageManager(installCommand.command, installCommand.args, 120_000);
+}
+async function updateCommand(options = {}) {
+    try {
+        const info = await getVersionInfo();
+        console.log(`Vigthoria CLI current version: ${info.current}`);
+        console.log(`Vigthoria CLI latest version:  ${info.latest}`);
+        if (!info.updateAvailable) {
+            console.log('You are already running the latest Vigthoria CLI.');
+            markSuccessExit();
+            return;
+        }
+        console.log(`Update available for ${info.packageName}: ${info.current} → ${info.latest}`);
+        if (options.check) {
+            markSuccessExit();
+            return;
+        }
+        const packageManager = options.packageManager ?? 'npm';
+        const installGlobal = options.global ?? true;
+        console.log(`Installing ${info.packageName}@latest with ${packageManager}...`);
+        if (process.platform === 'win32') {
+            const installerResult = await (0, tools_js_1.installUpdateWindows)();
+            if (!installerResult.success && installerResult.error === 'ENOENT') {
+                const fallbackCommand = resolveInstallCommand(packageManager, info.packageName, installGlobal);
+                console.warn('Windows update installer was not found (ENOENT).');
+                console.warn('The bundled Windows installer may be missing from this installation.');
+                console.warn(`Manual installation command: ${formatCommand(fallbackCommand)}`);
+                console.warn('If automatic fallback fails, run the command above manually or download the latest Windows installer from the Vigthoria release page.');
+                await execPackageManager(fallbackCommand.command, fallbackCommand.args, 120_000);
+                console.log('Package manager installation finished successfully.');
+            }
+            else if (!installerResult.success) {
+                throw new Error(installerResult.error || 'Windows installer failed to start.');
+            }
+            else {
+                console.log('Windows installer started successfully. Complete the installer prompts to finish updating.');
+            }
+        }
+        else {
+            await runInstall(packageManager, info.packageName, installGlobal);
+            console.log('Package manager installation finished successfully.');
+        }
+        console.log('Vigthoria CLI update complete.');
+        markSuccessExit();
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        console.error(`Update failed: ${message}`);
+        markErrorExit();
+    }
+}
+async function update() {
+    try {
+        await updateCommand();
+        if (process.exitCode === 1) {
+            return;
+        }
+        markSuccessExit();
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        console.error(`Update failed: ${message}`);
+        markErrorExit();
+    }
+}
+exports.default = updateCommand;

package/dist/index.d.ts

@@ -15,6 +15,7 @@
  *   vigthoria workflow          - Manage repeatable VigFlow workflows
  *   vigthoria operator          - Start BMAD operator mode
  */
+export declare function validateReleaseMetadata(): boolean;
 export declare function setupErrorHandlers(): void;
-export declare function main(): Promise<void>;
+export declare function main(args: string[]): Promise<void>;
 export declare const __cliErrorHandlingReady = true;

package/dist/index.js

@@ -54,6 +54,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.__cliErrorHandlingReady = void 0;
+exports.validateReleaseMetadata = validateReleaseMetadata;
 exports.setupErrorHandlers = setupErrorHandlers;
 exports.main = main;
 const commander_1 = require("commander");
@@ -96,17 +97,19 @@ function getInvokedBinaryName() {
     return path.basename(executable, path.extname(executable)).toLowerCase();
 }
 // Get version from package.json dynamically
+function getPackageMetadataPaths() {
+    return [
+        path.join(__dirname, '..', 'package.json'),
+        path.join(__dirname, '..', '..', 'package.json'),
+        path.join(process.cwd(), 'package.json'),
+        path.join(process.cwd(), 'node_modules', 'vigthoria-cli', 'package.json'),
+        // Also check global npm paths on Windows
+        path.join(process.env.APPDATA || '', 'npm', 'node_modules', 'vigthoria-cli', 'package.json'),
+    ];
+}
 function getVersion() {
     try {
-        // Try multiple paths to find package.json
-        const possiblePaths = [
-            path.join(__dirname, '..', 'package.json'),
-            path.join(__dirname, '..', '..', 'package.json'),
-            path.join(process.cwd(), 'node_modules', 'vigthoria-cli', 'package.json'),
-            // Also check global npm paths on Windows
-            path.join(process.env.APPDATA || '', 'npm', 'node_modules', 'vigthoria-cli', 'package.json'),
-        ];
-        for (const p of possiblePaths) {
+        for (const p of getPackageMetadataPaths()) {
             if (fs.existsSync(p)) {
                 const pkg = JSON.parse(fs.readFileSync(p, 'utf8'));
                 if (pkg.name === 'vigthoria-cli') {
@@ -116,9 +119,59 @@ function getVersion() {
         }
     }
     catch (e) {
-        // Fallback to hardcoded version
+        const message = e instanceof Error ? e.message : String(e);
+        if (process.env.VIGTHORIA_DEBUG_VERSION === '1') {
+            console.error(chalk_1.default.gray(`Unable to read package version: ${message}`));
+        }
+    }
+    return '1.9.3';
+}
+function validateReleaseMetadata() {
+    try {
+        const packagePath = getPackageMetadataPaths().find((candidate) => fs.existsSync(candidate));
+        if (!packagePath) {
+            return false;
+        }
+        const pkg = JSON.parse(fs.readFileSync(packagePath, 'utf8'));
+        const packageDir = path.dirname(packagePath);
+        const readmePath = path.join(packageDir, 'README.md');
+        if (!fs.existsSync(readmePath)) {
+            return false;
+        }
+        const readme = fs.readFileSync(readmePath, 'utf8');
+        const bins = pkg.bin && typeof pkg.bin === 'object' ? pkg.bin : {};
+        const requiredReadmePhrases = [
+            'npm install -g vigthoria-cli',
+            'curl -fsSL https://cli.vigthoria.io/install.sh | bash',
+            'irm https://cli.vigthoria.io/install.ps1 | iex',
+            'vigthoria login',
+            'vigthoria chat',
+            'vig c',
+            'vigthoria edit',
+            'vigthoria update',
+            'vigthoria doctor',
+            'version 1.9.3',
+            'vigthoria-cli-1.9.3.tgz',
+        ];
+        return (pkg.name === 'vigthoria-cli' &&
+            pkg.version === '1.9.3' &&
+            pkg.description === 'Vigthoria Coder CLI - AI-powered terminal coding assistant' &&
+            pkg.main === 'dist/index.js' &&
+            bins.vigthoria === 'dist/index.js' &&
+            bins.vig === 'dist/index.js' &&
+            bins['vigthoria-chat'] === 'dist/index.js' &&
+            requiredReadmePhrases.every((phrase) => readme.includes(phrase)) &&
+            /Version\s+1\.9\.3/i.test(readme) &&
+            !readme.includes('vigthoria-cli-1.9.2.tgz') &&
+            !/version\s+1\.9\.2/i.test(readme));
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (process.env.VIGTHORIA_DEBUG_VERSION === '1') {
+            console.error(chalk_1.default.gray(`Release metadata validation failed: ${message}`));
+        }
+        return false;
     }
-    return '1.9.2';
 }
 const VERSION = getVersion();
 const VIGTHORIA_DEFAULT_MANIFEST_URL = process.env.VIGTHORIA_UPDATE_MANIFEST_URL || "https://coder.vigthoria.io/releases/manifest.json";
@@ -177,6 +230,13 @@ async function installGlobalPackageWithNpm(packageSpec) {
     const { execFileSync, execSync } = await import('child_process');
     const attempts = [];
     if (process.platform === 'win32') {
+        // First-choice: cmd.exe /c npm — resolves npm.cmd shims on any Windows Node setup
+        const comspec = process.env.COMSPEC || 'cmd.exe';
+        attempts.push({
+            label: 'cmd.exe /c npm',
+            command: comspec,
+            args: ['/c', 'npm', 'install', '-g', packageSpec],
+        });
         const npmExecPath = process.env.npm_execpath;
         if (npmExecPath && fs.existsSync(npmExecPath)) {
             attempts.push({
@@ -403,14 +463,16 @@ function setupErrorHandlers() {
         }
     });
 }
-async function main() {
+async function main(args) {
     const program = new commander_1.Command();
     const config = new config_js_2.Config();
     const logger = new logger_js_1.Logger();
     const invokedBinaryName = getInvokedBinaryName();
-    const firstArg = process.argv[2];
-    const jsonOutputRequested = process.argv.includes('--json');
-    const directPromptRequested = process.argv.includes('--prompt') || process.argv.includes('-P');
+    const argv = [...args];
+    const firstArg = argv[2];
+    const jsonOutputRequested = argv.includes('--json');
+    const directPromptRequested = argv.includes('--prompt') || argv.includes('-P');
+    const isLegionCortexRequest = invokedBinaryName === 'vigthoria' && argv[2] === 'legion' && argv.includes('--cortex');
     if (invokedBinaryName === 'vigthoria-chat') {
         const knownCommands = new Set([
             'chat', 'chat-resume', 'agent', 'edit', 'generate', 'explain', 'fix', 'review', 'cancel',
@@ -418,17 +480,18 @@ async function main() {
             '--help', '-h', '--version', '-V', 'help', 'version',
         ]);
         if (!firstArg || firstArg.startsWith('-') || !knownCommands.has(firstArg)) {
-            process.argv.splice(2, 0, 'chat');
+            argv.splice(2, 0, 'chat');
         }
     }
-    const requestedCommand = resolveRequestedCommand(process.argv);
-    // Skip gateway JWT auth when running on-server with a service key (e.g., GodMode on-box).
+    const requestedCommand = resolveRequestedCommand(argv);
+    // Skip gateway JWT auth when running on-server with a service key (e.g., Cortex on-box).
     // The service key is checked by Hyper Loop directly — no user session needed.
     const hasServiceKey = !!(process.env.HYPERLOOP_SERVICE_KEY ||
         process.env.V3_SERVICE_KEY);
-    if (!hasServiceKey && requestedCommand && isAuthProtectedCommand(requestedCommand)) {
+    if (!hasServiceKey && !isLegionCortexRequest && requestedCommand && isAuthProtectedCommand(requestedCommand)) {
         const authOk = await enforceGatewayAuthSession(config, logger, jsonOutputRequested);
         if (!authOk) {
+            process.exitCode = 1;
             return;
         }
     }
@@ -988,13 +1051,18 @@ Examples:
         .description('Run parallel tasks via Hyper Loop Legion orchestrator')
         .option('--workers', 'List available Legion workers')
         .option('--status', 'Show Legion infrastructure status')
-        .option('--godmode', 'Estimate, isolate, parallel-attack, and synthesize with strongest models')
-        .option('--approve', 'Auto-approve Godmode execution prompt')
+        .option('--cortex', 'Vigthoria Cortex: maximum intelligence execution')
+        .option('--approve', 'Auto-approve Cortex execution prompt')
         .option('--no-approve', 'Require interactive approval before execution')
-        .option('--auto-charge', 'Attempt direct VigCoin top-up when Godmode balance is low')
-        .option('--plan-only', 'Run Godmode estimator only; do not execute Legion job')
-        .option('--models <csv>', 'Comma-separated model IDs to constrain Godmode selection')
-        .option('--timeout <seconds>', 'Override Legion execution timeout in seconds (defaults to server policy)')
+        .option('--auto-charge', 'Attempt direct VigCoin top-up when Cortex balance is low')
+        .option('--plan-only', 'Run Cortex estimator only; do not execute Legion job')
+        .option('--force-budget', 'Allow execution when estimated budget exceeds the hard safe-stop ceiling')
+        .option('--ignore-preflight', 'Bypass mandatory local preflight checks (no warranty)')
+        .option('--speed', 'Enable speed mode (allows optional role skips when convergence is detected)')
+        .option('--repro-cmd <command>', 'Local reproduction/preflight command to validate before cloud spend')
+        .option('--expect-repro-fail', 'Require repro command to fail (non-zero) before proceeding')
+        .option('--models <csv>', 'Comma-separated model IDs to constrain Cortex selection')
+        .option('-t, --timeout <seconds>', 'Override Legion execution timeout in seconds (defaults to server policy)')
         .option('-w, --worker <name>', 'Execute a specific worker')
         .option('-p, --project <path>', 'Project directory', process.cwd())
         .action(async (request, options) => {
@@ -1003,11 +1071,16 @@ Examples:
         await legion.run(request, {
             workers: options.workers,
             status: options.status,
-            godmode: options.godmode,
+            cortex: Boolean(options.cortex),
             approve: options.approve,
             noApprove: options.approve === false,
             autoCharge: options.autoCharge,
             planOnly: options.planOnly,
+            forceBudget: options.forceBudget,
+            ignorePreflight: options.ignorePreflight,
+            speed: options.speed,
+            reproCmd: options.reproCmd,
+            expectReproFail: options.expectReproFail,
             models: options.models,
             timeoutSec: Number.isFinite(parsedTimeout) && parsedTimeout > 0 ? parsedTimeout : undefined,
             worker: options.worker,
@@ -1060,8 +1133,11 @@ Examples:
     // Auth commands
     program
         .command('login')
-        .description('Login to Vigthoria Coder')
-        .option('-t, --token <token>', 'API token')
+        .description('Login to Vigthoria Coder (prompts for credentials when run without flags)')
+        .option('-t, --token <token>', 'API token for token-based authentication')
+        .option('-e, --email <email>', 'Account email for credential-based login')
+        .option('-p, --password <password>', 'Account password for credential-based login')
+        .option('--device', 'Use OAuth device flow (requires server support)')
         .action(async (options) => {
         await (0, auth_js_1.handleLogin)(options);
     });
@@ -1083,13 +1159,14 @@ Examples:
         .action(() => {
         const checks = [
             ['Node.js', process.version],
-            ['Platform', `linux x64`],
+            ['Platform', `${process.platform} ${process.arch}`],
             ['Working directory', process.cwd()],
         ];
         console.log('Vigthoria CLI diagnostics');
         for (const [label, value] of checks) {
             console.log(`- ${label}: ${value}`);
         }
+        process.exitCode = 0;
     });
     // Config command
     program
@@ -1264,7 +1341,7 @@ Examples:
         await legion.run(undefined, {
             status: true,
             workers: false,
-            godmode: false,
+            cortex: false,
             approve: false,
             noApprove: true,
             planOnly: false,
@@ -1317,12 +1394,16 @@ Examples:
     }
     try {
         // Default to chat if no command
-        if (process.argv.length === 2) {
+        if (args.length === 2) {
             const chat = new chat_js_1.ChatCommand(config, logger);
             await chat.run({ model: 'code', project: process.cwd() });
+            process.exitCode = 0;
             return;
         }
-        await program.parseAsync(process.argv);
+        await program.parseAsync(args);
+        if (process.exitCode === undefined || process.exitCode === 0) {
+            process.exitCode = 0;
+        }
     }
     catch (error) {
         reportCliError(error, jsonOutputRequested);
@@ -1336,7 +1417,7 @@ process.on('unhandledRejection', (reason) => {
 });
 async function bootstrapCli() {
     try {
-        await main();
+        await main(process.argv);
     }
     catch (err) {
         handleFatalCliError(err, process.argv.includes('--json'));