xtra-cli 0.1.0

package/dist/commands/integration.js

@@ -0,0 +1,188 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.kubernetesCommand = exports.integrationCommand = void 0;
+const commander_1 = require("commander");
+const chalk_1 = __importDefault(require("chalk"));
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+const inquirer_1 = __importDefault(require("inquirer"));
+const fs_1 = __importDefault(require("fs"));
+exports.integrationCommand = new commander_1.Command("integration");
+exports.integrationCommand
+    .command("sync")
+    .description("Sync secrets to external integrations (GitHub)")
+    .option("-p, --project <id>", "Project ID (defaults to current directory config)")
+    .option("-e, --env <environment>", "Environment (development, staging, production)", "development")
+    .option("--github", "Sync to GitHub")
+    .option("--repo <owner/repo>", "GitHub repository (e.g., owner/repo)")
+    .option("--prefix <prefix>", "Prefix for secret keys")
+    .action(async (options) => {
+    try {
+        let projectId = options.project;
+        if (!projectId) {
+            projectId = (0, config_1.getConfigValue)("project");
+            if (!projectId) {
+                console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or run 'xtra project set' first."));
+                process.exit(1);
+            }
+        }
+        // Check if GitHub connected
+        const status = await api_1.api.getIntegrationStatus("github");
+        if (!status.connected) {
+            console.log(chalk_1.default.yellow("\nGitHub not connected. Please connect via the web dashboard first."));
+            console.log(chalk_1.default.blue("Visit: http://localhost:3000/integrations\n"));
+            process.exit(1);
+        }
+        console.log(chalk_1.default.green(`\nConnected as: ${status.username}`));
+        let repo = options.repo;
+        // If repo not provided, fetch list and ask user
+        if (!repo) {
+            console.log("Fetching repositories...");
+            const repos = await api_1.api.getIntegrationRepos("github");
+            const answer = await inquirer_1.default.prompt([
+                {
+                    type: "list",
+                    name: "repo",
+                    message: "Select a repository to sync to:",
+                    choices: repos.map((r) => ({
+                        name: `${r.fullName} ${r.private ? "(🔒)" : ""}`,
+                        value: r.id.toString(),
+                        short: r.fullName
+                    }))
+                }
+            ]);
+            // Find selected repo details
+            const selectedRepo = repos.find((r) => r.id.toString() === answer.repo);
+            if (selectedRepo) {
+                repo = { owner: selectedRepo.owner, name: selectedRepo.name };
+            }
+        }
+        else {
+            // Parse repo string
+            const [owner, name] = repo.split("/");
+            if (!owner || !name) {
+                console.error(chalk_1.default.red("Error: Invalid repository format. Use owner/repo"));
+                process.exit(1);
+            }
+            repo = { owner, name };
+        }
+        console.log(chalk_1.default.blue(`\nSyncing secrets from ${options.env} to GitHub repo: ${repo.owner}/${repo.name}...`));
+        const result = await api_1.api.syncSecretsToGithub({
+            projectId,
+            environment: options.env,
+            repoOwner: repo.owner,
+            repoName: repo.name,
+            secretPrefix: options.prefix
+        });
+        console.log(chalk_1.default.green(`\nSuccessfully synced ${result.summary.synced} secrets!`));
+        if (result.summary.failed > 0) {
+            console.log(chalk_1.default.red(`${result.summary.failed} secrets failed to sync.`));
+        }
+        // Show details
+        result.results.forEach((r) => {
+            if (r.success) {
+                console.log(chalk_1.default.green(`✓ ${r.key}`));
+            }
+            else {
+                console.log(chalk_1.default.red(`✗ ${r.key}: ${r.error}`));
+            }
+        });
+    }
+    catch (error) {
+        console.error(chalk_1.default.red("\nError syncing secrets:"), error.message || error);
+        process.exit(1);
+    }
+});
+exports.kubernetesCommand = new commander_1.Command("kubernetes");
+exports.kubernetesCommand
+    .command("export")
+    .description("Export secrets as Kubernetes manifest")
+    .option("-p, --project <id>", "Project ID")
+    .option("-e, --env <environment>", "Environment", "development")
+    .option("-n, --namespace <namespace>", "Kubernetes namespace", "default")
+    .option("-o, --output <file>", "Output file path")
+    .option("--name <name>", "Secret resource name")
+    .action(async (options) => {
+    try {
+        let projectId = options.project;
+        if (!projectId) {
+            projectId = (0, config_1.getConfigValue)("project");
+            if (!projectId) {
+                console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or run 'xtra project set' first."));
+                process.exit(1);
+            }
+        }
+        console.log(chalk_1.default.blue(`Generating Kubernetes manifest for ${options.env}...`));
+        const manifest = await api_1.api.exportKubernetesSecret(projectId, {
+            environment: options.env,
+            namespace: options.namespace,
+            name: options.name
+        });
+        if (options.output) {
+            fs_1.default.writeFileSync(options.output, manifest);
+            console.log(chalk_1.default.green(`\nManifest saved to ${options.output}`));
+        }
+        else {
+            console.log("\n" + manifest);
+        }
+    }
+    catch (error) {
+        console.error(chalk_1.default.red("\nError generating manifest:"), error.message || error);
+        process.exit(1);
+    }
+});
+exports.kubernetesCommand
+    .command("apply")
+    .description("Apply secrets directly to Kubernetes cluster (requires kubectl)")
+    .option("-p, --project <id>", "Project ID")
+    .option("-e, --env <environment>", "Environment", "development")
+    .option("-n, --namespace <namespace>", "Kubernetes namespace", "default")
+    .action(async (options) => {
+    try {
+        // Check for kubectl
+        const { execSync } = require("child_process");
+        try {
+            execSync("kubectl version --client", { stdio: "ignore" });
+        }
+        catch (e) {
+            console.error(chalk_1.default.red("Error: kubectl not found or not configured."));
+            process.exit(1);
+        }
+        let projectId = options.project;
+        if (!projectId) {
+            projectId = (0, config_1.getConfigValue)("project");
+            if (!projectId) {
+                console.error(chalk_1.default.red("Error: Project ID is required. Use -p <id> or run 'xtra project set' first."));
+                process.exit(1);
+            }
+        }
+        console.log(chalk_1.default.blue(`Fetching secrets for ${options.env}...`));
+        const manifest = await api_1.api.exportKubernetesSecret(projectId, {
+            environment: options.env,
+            namespace: options.namespace,
+            // No custom name, let backend generate it
+        });
+        console.log(chalk_1.default.blue("Applying to Kubernetes..."));
+        try {
+            const child = require("child_process").spawn("kubectl", ["apply", "-f", "-"]);
+            child.stdin.write(manifest);
+            child.stdin.end();
+            child.stdout.on("data", (data) => {
+                console.log(data.toString());
+            });
+            child.stderr.on("data", (data) => {
+                console.error(chalk_1.default.yellow(data.toString()));
+            });
+        }
+        catch (e) {
+            console.error(chalk_1.default.red("Failed to apply manifest:"), e.message);
+        }
+    }
+    catch (error) {
+        console.error(chalk_1.default.red("\nError:"), error.message || error);
+        process.exit(1);
+    }
+});

package/dist/commands/local.js

@@ -0,0 +1,198 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.localCommand = void 0;
+/**
+ * local.ts — Toggle between cloud/local-only mode for offline development
+ *
+ * In "local" mode:
+ *  - xtra run reads from .env.local instead of calling the API
+ *  - A flag XTRA_LOCAL_MODE=true is written to the CLI config
+ *  - All API calls are bypassed — completely offline capable
+ *
+ * Usage:
+ *   xtra local on              # Enable local mode (reads from .env.local)
+ *   xtra local off             # Disable local mode (back to cloud)
+ *   xtra local status          # Show current mode
+ *   xtra local sync            # Pull cloud secrets and write to .env.local
+ */
+const commander_1 = require("commander");
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const readline = __importStar(require("readline"));
+const LOCAL_ENV_FILE = ".env.local";
+function isLocalMode() {
+    return (0, config_1.getConfigValue)("localMode") === true
+        || process.env.XTRA_LOCAL_MODE === "true";
+}
+exports.localCommand = new commander_1.Command("local")
+    .description("Toggle cloud/local mode for offline development")
+    .addHelpText("after", `
+In local mode, 'xtra run' reads secrets from .env.local instead of the cloud API.
+This allows fully offline development without any API calls.
+
+Examples:
+  $ xtra local status           # Check current mode
+  $ xtra local on               # Enable offline (local) mode
+  $ xtra local off              # Disable — back to cloud mode
+  $ xtra local sync             # Pull cloud secrets → .env.local
+  $ xtra local sync -p proj -e production  # Pull production to .env.local
+`);
+// ── status ────────────────────────────────────────────────────────────────────
+exports.localCommand
+    .command("status")
+    .description("Show current cloud/local mode")
+    .action(() => {
+    const mode = isLocalMode();
+    const envFilePath = path.join(process.cwd(), LOCAL_ENV_FILE);
+    const hasLocalFile = fs.existsSync(envFilePath);
+    console.log(chalk_1.default.bold("\nMode Status:\n"));
+    console.log(`  Mode        : ${mode ? chalk_1.default.yellow("🔌 LOCAL (offline)") : chalk_1.default.green("☁  CLOUD")}`);
+    console.log(`  .env.local  : ${hasLocalFile ? chalk_1.default.green("Found") : chalk_1.default.gray("Not found")}`);
+    console.log(`  Config flag : ${chalk_1.default.gray((0, config_1.getConfigValue)("localMode") ? "true" : "false")}`);
+    console.log(`  Env var     : ${chalk_1.default.gray(process.env.XTRA_LOCAL_MODE || "(not set)")}`);
+    console.log();
+    if (!mode) {
+        console.log(chalk_1.default.gray("  Run 'xtra local on' to switch to offline mode."));
+    }
+    else {
+        console.log(chalk_1.default.gray("  Run 'xtra local off' to switch back to cloud mode."));
+        if (!hasLocalFile) {
+            console.log(chalk_1.default.yellow("  ⚠ No .env.local file found. Run 'xtra local sync' to pull secrets."));
+        }
+    }
+    console.log();
+});
+// ── on ────────────────────────────────────────────────────────────────────────
+exports.localCommand
+    .command("on")
+    .description("Enable local mode — secrets read from .env.local")
+    .action(() => {
+    (0, config_1.setConfig)("localMode", true);
+    console.log(chalk_1.default.yellow("🔌 Local mode ENABLED."));
+    console.log(chalk_1.default.gray("   'xtra run' will now read from .env.local instead of the cloud."));
+    const localFilePath = path.join(process.cwd(), LOCAL_ENV_FILE);
+    if (!fs.existsSync(localFilePath)) {
+        console.log(chalk_1.default.yellow(`   ⚠ No .env.local file found. Run 'xtra local sync' to populate it.`));
+    }
+});
+// ── off ───────────────────────────────────────────────────────────────────────
+exports.localCommand
+    .command("off")
+    .description("Disable local mode — secrets fetched from cloud again")
+    .action(() => {
+    (0, config_1.setConfig)("localMode", false);
+    console.log(chalk_1.default.green("☁  Cloud mode ENABLED."));
+    console.log(chalk_1.default.gray("   'xtra run' will now fetch secrets from XtraSecurity Cloud."));
+});
+// ── sync ─────────────────────────────────────────────────────────────────────
+exports.localCommand
+    .command("sync")
+    .description("Pull cloud secrets to .env.local for offline use")
+    .option("-p, --project <id>", "Project ID")
+    .option("-e, --env <environment>", "Environment", "development")
+    .option("-b, --branch <branch>", "Branch", "main")
+    .option("-o, --output <file>", "Output file", LOCAL_ENV_FILE)
+    .option("--overwrite", "Overwrite existing file without prompt", false)
+    .action(async (options) => {
+    let { project, env, branch, output, overwrite } = options;
+    const envMap = { dev: "development", stg: "staging", prod: "production" };
+    env = envMap[env] || env;
+    if (!project)
+        project = (0, config_1.getConfigValue)("project");
+    if (!project) {
+        console.error(chalk_1.default.red("Error: Project ID required. Use -p <id>."));
+        process.exit(1);
+    }
+    const outputPath = path.resolve(process.cwd(), output);
+    // Warn if production
+    if (env === "production" && !overwrite) {
+        console.log(chalk_1.default.red(`⚠  You are syncing PRODUCTION secrets to ${output}.`));
+        const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+        const confirmed = await new Promise(resolve => {
+            rl.question(chalk_1.default.yellow("Type 'yes' to confirm: "), (ans) => {
+                rl.close();
+                resolve(ans.trim().toLowerCase() === "yes");
+            });
+        });
+        if (!confirmed) {
+            console.log(chalk_1.default.gray("Sync cancelled."));
+            return;
+        }
+    }
+    const spinner = (0, ora_1.default)(`Fetching ${env} secrets from cloud...`).start();
+    try {
+        const secrets = await api_1.api.getSecrets(project, env, branch);
+        spinner.stop();
+        const count = Object.keys(secrets).length;
+        if (count === 0) {
+            console.log(chalk_1.default.yellow("No secrets found."));
+            return;
+        }
+        // Write dotenv format
+        const lines = [
+            `# xtra local sync — ${env}/${branch}`,
+            `# Generated: ${new Date().toISOString()}`,
+            `# DO NOT COMMIT THIS FILE`,
+            "",
+            ...Object.entries(secrets).map(([k, v]) => `${k}=${v}`)
+        ];
+        fs.writeFileSync(outputPath, lines.join("\n") + "\n", "utf8");
+        console.log(chalk_1.default.green(`✅ Synced ${count} secrets to ${output}`));
+        console.log(chalk_1.default.gray("   Run 'xtra local on' to switch to local mode."));
+        // Remind about .gitignore
+        const gitignorePath = path.join(process.cwd(), ".gitignore");
+        let gitignore = "";
+        try {
+            gitignore = fs.readFileSync(gitignorePath, "utf8");
+        }
+        catch (_) { }
+        if (!gitignore.includes(output)) {
+            console.log(chalk_1.default.yellow(`\n  ⚠ Remember to add '${output}' to your .gitignore!`));
+        }
+    }
+    catch (e) {
+        spinner.fail("Sync failed.");
+        console.error(chalk_1.default.red(e?.response?.data?.error || e.message));
+        process.exit(1);
+    }
+});

package/dist/commands/login.js

@@ -0,0 +1,176 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loginCommand = void 0;
+const commander_1 = require("commander");
+const inquirer_1 = __importDefault(require("inquirer"));
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+const chalk_1 = __importDefault(require("chalk"));
+const ora_1 = __importDefault(require("ora"));
+exports.loginCommand = new commander_1.Command("login")
+    .description("Authenticate with XtraSecurity")
+    .option("-k, --key <key>", "Login using an Access Key")
+    .option("-e, --email <email>", "Login using Email")
+    .option("--sso", "Login via Web (SSO)")
+    .action(async (options) => {
+    try {
+        // Interactive Login Choice
+        if (!options.key && !options.email && !options.sso) {
+            const { method } = await inquirer_1.default.prompt([
+                {
+                    type: "list",
+                    name: "method",
+                    message: "How would you like to login?",
+                    choices: [
+                        { name: "Browser Login (SSO)", value: "sso" },
+                        { name: "Access Key", value: "key" },
+                        { name: "Email & Password", value: "email" }
+                    ],
+                },
+            ]);
+            if (method === "sso") {
+                await handleSSOLogin();
+                return;
+            }
+            else if (method === "key") {
+                const { key } = await inquirer_1.default.prompt([{ type: "password", name: "key", message: "Enter Access Key:" }]);
+                await handleKeyLogin(key);
+                return;
+            }
+            // Fall through to Email
+        }
+        if (options.sso) {
+            await handleSSOLogin();
+        }
+        else if (options.key) {
+            await handleKeyLogin(options.key);
+        }
+        else {
+            // Abstract Email Login
+            let { email } = options;
+            if (!email) {
+                const answers = await inquirer_1.default.prompt([
+                    { type: "input", name: "email", message: "Email:" },
+                ]);
+                email = answers.email;
+            }
+            const answers = await inquirer_1.default.prompt([
+                { type: "password", name: "password", message: "Password:" },
+            ]);
+            const password = answers.password;
+            const spinner = (0, ora_1.default)("Authenticating...").start();
+            const data = await api_1.api.login(email, password);
+            (0, config_1.setConfig)("token", data.token);
+            spinner.succeed("Logged in successfully!");
+        }
+    }
+    catch (error) {
+        if (error.response) {
+            console.error(chalk_1.default.red(`\nError: ${error.response.data.error || 'Login failed'}`));
+        }
+        else {
+            console.error(chalk_1.default.red(`\nError: ${error.message}`));
+        }
+        process.exit(1);
+    }
+});
+async function handleKeyLogin(key) {
+    const spinner = (0, ora_1.default)("Authenticating with Access Key...").start();
+    const data = await api_1.api.login(undefined, undefined, key);
+    (0, config_1.setConfig)("token", data.token);
+    if (data.user) {
+        console.log(chalk_1.default.green(`\nLogged in as ${data.user.email}`));
+    }
+    spinner.succeed("Logged in successfully!");
+}
+async function handleSSOLogin() {
+    const http = require("http");
+    // 'open' is strictly ESM, so we must use dynamic import
+    const { default: open } = await Promise.resolve().then(() => __importStar(require("open")));
+    return new Promise((resolve) => {
+        const server = http.createServer(async (req, res) => {
+            const url = new URL(req.url, `http://${req.headers.host}`);
+            const token = url.searchParams.get("token");
+            const email = url.searchParams.get("email");
+            const workspaceId = url.searchParams.get("workspaceId");
+            const workspaceName = url.searchParams.get("workspaceName");
+            if (token) {
+                (0, config_1.setConfig)("token", token);
+                if (workspaceId)
+                    (0, config_1.setConfig)("workspace", workspaceId);
+                res.writeHead(200, { "Content-Type": "text/html" });
+                res.end(`
+                <html>
+                    <body style="background:#111;color:#eee;font-family:sans-serif;text-align:center;padding:50px;">
+                        <h1>Login Successful</h1>
+                        <p>You have successfully logged in to XtraSync.</p>
+                        <p>You can now close this tab and return to your terminal.</p>
+                        <script>
+                            setTimeout(function() { window.close(); }, 1000);
+                        </script>
+                    </body>
+                </html>
+                `);
+                console.log(chalk_1.default.green(`\n✔ SS0 Login Successful! Logged in as ${email}`));
+                if (workspaceId) {
+                    console.log(chalk_1.default.dim(`Selected Workspace: ${workspaceName} (${workspaceId})`));
+                }
+                res.end(() => {
+                    server.close();
+                    setTimeout(() => {
+                        process.exit(0);
+                    }, 1000);
+                });
+            }
+            else {
+                res.writeHead(400);
+                res.end("Missing token");
+            }
+        });
+        server.listen(0, async () => {
+            const address = server.address();
+            const port = typeof address === 'string' ? 0 : address?.port;
+            const callbackUrl = `http://localhost:${port}`;
+            const { apiUrl } = require("../lib/config").getConfig();
+            const ssoUrl = `${apiUrl}/auth/cli/sso?callbackUrl=${encodeURIComponent(callbackUrl)}`;
+            console.log(chalk_1.default.blue(`Waiting for browser login... (Opening ${ssoUrl})`));
+            await open(ssoUrl);
+        });
+    });
+}

package/dist/commands/login.test.js

@@ -0,0 +1,51 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const login_1 = require("./login");
+const api_1 = require("../lib/api");
+const config_1 = require("../lib/config");
+const inquirer_1 = __importDefault(require("inquirer"));
+// Mock dependencies
+jest.mock('../lib/api');
+jest.mock('../lib/config');
+jest.mock('inquirer');
+jest.mock('ora', () => {
+    return jest.fn(() => ({
+        start: jest.fn().mockReturnThis(),
+        succeed: jest.fn().mockReturnThis(),
+        fail: jest.fn().mockReturnThis(),
+    }));
+});
+describe('Login Command', () => {
+    const mockApi = api_1.api;
+    const mockInquirer = inquirer_1.default;
+    beforeEach(() => {
+        jest.clearAllMocks();
+    });
+    it('should login with API key option', async () => {
+        mockApi.login.mockResolvedValue({ token: 'test-token-from-key' });
+        // Simulate command execution with --key option
+        const mockOptions = { key: 'xtra_key_abc123' };
+        // Execute the action handler directly
+        await login_1.loginCommand._actionHandler(mockOptions);
+        expect(mockApi.login).toHaveBeenCalledWith(undefined, undefined, 'xtra_key_abc123');
+        expect(config_1.setConfig).toHaveBeenCalledWith('token', 'test-token-from-key');
+    });
+    it('should prompt for email and password if no options provided', async () => {
+        mockInquirer.prompt
+            .mockResolvedValueOnce({ method: 'email' })
+            .mockResolvedValueOnce({ email: 'test@example.com' })
+            .mockResolvedValueOnce({ password: 'password123' });
+        mockApi.login.mockResolvedValue({ token: 'email-token' });
+        await login_1.loginCommand._actionHandler({});
+        expect(mockInquirer.prompt).toHaveBeenCalledTimes(3);
+        expect(mockApi.login).toHaveBeenCalledWith('test@example.com', 'password123', undefined);
+    });
+    it('should handle login failure gracefully', async () => {
+        mockApi.login.mockRejectedValue(new Error('Invalid credentials'));
+        const mockOptions = { key: 'bad-key' };
+        await expect(login_1.loginCommand._actionHandler(mockOptions)).rejects.toThrow('Invalid credentials');
+    });
+});