---
name: business-cli
description: Use this skill to operate the Mere Business CLI for invite redemption, onboarding, workspace selection, browser-authenticated sessions, JSON automation, and business setup workflows.
---

# Business CLI

Use this skill when the task is to run the business repo CLIs, explain their behavior, debug auth/session issues, or map a CLI command to the server routes that back it.

## Decision guide

- Use `zerosmb` or `mere-business` for workspace-scoped product operations.
- Use `mere-business onboard start <code>` when a user brings a Mere platform onboarding invite code and wants the agent to create, provision, and wait on a new business workspace. Pass overrides such as `--name`, `--slug`, or `--existing-city` only when the invite is incomplete or the user asks.
- Use `/Users/nerd/mere/business/skills/mere-onboarding-agent/SKILL.md` for the complete invite-code experience where the agent should behave like the Mere onboarding assistant before and after workspace creation.
- Use `mere-business invite redeem <code>` for lightweight invite inspection or for workspace/team invites that only need claiming. It updates the local workspace list when access is granted.
- Use `mere-admin` for platform-scoped org, workspace, onboarding invite, user, admin, connection, and token management.
- Keep the auth models distinct:
  - `zerosmb` uses the shared product CLI contract under `apps/console/src/routes/api/cli/v1/auth/*`.
  - `mere-admin` stays on the separate admin contract under `apps/console/src/routes/api/admin/v1/auth/*`.

## Quick start

1. Build the workspace CLI:
   - `cd /Users/nerd/mere/business && pnpm --filter @zerosmb/cli build`
2. Build the admin CLI when needed:
   - `cd /Users/nerd/mere/business && pnpm --filter @zerosmb/admin-cli build`
3. Workspace auth:
   - `pnpm --filter @zerosmb/cli exec zerosmb auth login`
   - `pnpm --filter @zerosmb/cli exec zerosmb auth whoami`
4. Admin auth:
   - `pnpm --filter @zerosmb/admin-cli exec mere-admin auth login`
   - `pnpm --filter @zerosmb/admin-cli exec mere-admin auth whoami`
5. Prefer `--json` for automation and `--no-interactive` or `--yes` only when the user clearly wants non-interactive mutation behavior.

## References

- [command-reference.md](references/command-reference.md): canonical command families for both CLIs.
- [route-map.md](references/route-map.md): auth routes, workspace command multiplexer, and admin route anchors.
- `/Users/nerd/mere/business/docs/cli.md`: full workspace CLI flags and examples.
- `/Users/nerd/mere/business/docs/admin-cli.md`: full admin CLI auth, scopes, and destructive guardrails.

## Workspace CLI patterns

1. Start with `auth login`, then verify session and workspace using `auth whoami`, `workspace current`, and `workspace list`.
2. Prefer one-off `--workspace <id|slug|host>` overrides over changing the stored default unless the user explicitly wants to switch defaults.
3. Use `--json` for reads that will be quoted back precisely or piped into other tooling.
4. The local session lives at `$XDG_STATE_HOME/zerosmb/session.json` or `~/.local/state/zerosmb/session.json`.
5. The saved session includes refresh token state, current access token, workspace list, default workspace, and expiry claims.

## Admin CLI patterns

1. `mere-admin` has its own session and config storage and does not share state with `zerosmb`.
2. Session paths:
   - config: `$XDG_CONFIG_HOME/mere-admin/config.json` or `~/.config/mere-admin/config.json`
   - state: `$XDG_STATE_HOME/mere-admin/session.json` or `~/.local/state/mere-admin/session.json`
3. Destructive admin commands require explicit confirmation:
   - interactive: type the exact target id
   - non-interactive: pass both `--yes` and `--confirm <exact-target>`
4. Machine-token auth remains separate from the human browser flow and is still valid for automation.

## Command families

### Workspace CLI

- `auth`, `workspace`
- `invite redeem`, `onboard start`
- `ops`, `mail`, `messages`
- `contacts`, `companies`, `deals`, `tasks`
- `campaigns`, `voice`, `site`, `reach`, `calendar`
- `settings profile`, `settings ai`, `settings slack`, `settings team`

### Admin CLI

- `auth`
- `orgs`, `workspaces`, `users`
- `members`, `invites`, `entitlements`
- `onboarding-invites`
- `connections`, `admins`, `tokens`

## Routing model

- Workspace CLI browser auth is handled in `apps/console`, but workspace commands execute through the single `POST /api/cli/v2` multiplexer in `apps/workspace`.
- Admin CLI auth and resource routes all live in `apps/console/src/routes/api/admin/v1/*`.
- Public onboarding and team invite links enter through `apps/console/src/routes/invite/[code]`; CLI invite redemption uses `POST /api/cli/v1/invites/redeem`; automated CLI onboarding uses `POST /api/cli/v1/onboarding/bootstrap` and `POST /api/cli/v1/onboarding/status`; platform onboarding invite creation uses `POST /api/admin/v1/onboarding-invites`.
- Shared dedicated-token helpers live in `business/packages/cli-auth`.

## Safe edit boundaries

For workspace CLI behavior:
- `business/packages/cli/src/*`
- `business/apps/console/src/routes/api/cli/v1/auth/*`
- `business/apps/console/src/routes/api/cli/v1/onboarding/*`
- `business/apps/workspace/src/routes/api/cli/v2/+server.ts`

For admin CLI behavior:
- `business/packages/admin-cli/src/*`
- `business/apps/console/src/routes/api/admin/v1/*`

For shared product CLI auth/session primitives:
- `business/packages/cli-auth/*`