feat(cli): add init command for Stripe Projects handoff

[moranshe-max]

What & why

Adds base44 init — scaffolds a local project for an already-existing Base44 app (e.g. one provisioned by the Stripe Projects CLI), using the app id and access token supplied via the environment, without creating a new app or requiring an interactive login. This is the local-dev handoff after stripe projects add base44_projects.

Changes

• init command (cli/commands/project/init.ts, registered in program.ts): resolves the app id from --app-id or BASE44_APP_ID, scaffolds the template against the existing id (no createProject() call), defaults path to the current dir.
• Env-token auth (core/auth/config.ts, core/clients/base44-client.ts): BASE44_ACCESS_TOKEN is used verbatim as the bearer token, taking precedence over ~/.base44/auth.json and bypassing OAuth refresh (provider-issued tokens can't refresh via /oauth/token). isLoggedIn() honors it so requireAuth commands run without login.
• .env auto-load + normalization (core/utils/env.ts + cli/bootstrap-env.ts as the first import): loads .env/.env.local before the HTTP clients capture the API URL, and normalizes the Stripe CLI's resource-prefixed vars (e.g. BASE44_PROJECTS_BASE44_APP_ID) to the bare BASE44_* names (prefix-agnostic; ambiguous matches left unset).
• Non-destructive scaffolding (core/project/template.ts): renderTemplate gains a skipExisting mode so init never clobbers existing files (e.g. a Stripe-managed .gitignore).
• Shared internals (cli/commands/project/scaffold-shared.ts): create's post-scaffold logic (push/deploy/skills/output + getTemplateById) is extracted and reused by both create and init (create.ts shrank ~138 lines).

Verification

• typecheck ✓, lint ✓, 520 tests ✓ (new specs: init, env-token-auth, core env; adds a givenEnv testkit helper).
• Real Stripe e2e against a live provisioned app: stripe projects env --pull → base44 init (scaffolded the real appId via prefix-normalization) → entities push → deploy --yes, all authenticated by the Stripe env token; test artifacts cleaned up afterward. (This e2e is what surfaced the prefix-normalization requirement.)

⚠️ Known limitation / follow-up

entities push (and deploy) is a full reconcile — the remote is made to match base44/entities/ exactly, so entities present remotely but absent locally are deleted. init currently scaffolds a fresh template and does not pull the existing app's resources, so running push/deploy after init against an app that already has data models can delete them (including the default User entity). There is also no entities pull command today.

Recommended follow-up before this is used for non-empty apps: have init mirror the existing app's resources (pull entities — GET /entity-schemas already exists — plus functions/agents/connectors) so the first push is non-destructive. Tracking this separately.

🤖 Generated with Claude Code

[github-actions]

🚀 Package Preview Available!

---

Install this PR's preview build with npm:

npm i @base44-preview/cli@0.0.54-pr.535.dfef860

Prefer not to change any import paths? Install using npm alias so your code still imports base44:

npm i "base44@npm:@base44-preview/cli@0.0.54-pr.535.dfef860"

Or add it to your package.json dependencies:

{
  "dependencies": {
    "base44": "npm:@base44-preview/cli@0.0.54-pr.535.dfef860"
  }
}

• 📦 Preview Package: @base44-preview/cli@0.0.54-pr.535.dfef860
• 🔗 View this commit on GitHub

---

_{Preview published to npm registry — try new features instantly!}

[moranshe-max]

Superseded by a 3-PR stack: #536 (scaffold-shared) → #537 (env-token auth) → init (3/3). Same final diff, split for review.