@a8techads/cli 0.3.0 → 0.4.0

package/dist/a8techads.js

@@ -3200,6 +3200,52 @@ function createProfileCommand() {
   return profile;
 }
 
+// src/utils/http.ts
+async function apiRequest(opts) {
+  await refreshTokenIfNeeded();
+  const creds = loadCredentials();
+  const profile = getCurrentProfile(creds);
+  if (!profile) {
+    throw new Error('No active profile. Run "a8techads auth login" to authenticate.');
+  }
+  const ctx = loadContext();
+  const context = getCurrentContext(ctx);
+  validateTenantMatch(profile.access_token, context?.tenant_id ?? null);
+  const headers = {
+    Authorization: `Bearer ${profile.access_token}`,
+    "Content-Type": "application/json",
+    ...opts.headers
+  };
+  if (context?.current_capability) {
+    headers["X-Effective-Capability"] = context.current_capability;
+  }
+  if (context?.impersonation) {
+    headers["X-Impersonate-Tenant"] = context.impersonation.target_tenant_id;
+    if (context.impersonation.effective_capability) {
+      headers["X-Impersonate-Capability"] = context.impersonation.effective_capability;
+    }
+  }
+  const url = `${profile.api_url}${opts.path}`;
+  return fetch(url, {
+    method: opts.method ?? "GET",
+    headers,
+    body: opts.body ? JSON.stringify(opts.body) : undefined
+  });
+}
+function validateTenantMatch(accessToken, contextTenantId) {
+  const claims = decodeJwt(accessToken);
+  if (!claims)
+    return;
+  const authClaims = getAuthClaims(claims);
+  const tokenTenantId = authClaims?.tenant_id ?? null;
+  if (!contextTenantId || !tokenTenantId)
+    return;
+  if (contextTenantId !== tokenTenantId) {
+    throw new Error(`Token tenant mismatch. Context tenant: ${contextTenantId}, token tenant: ${tokenTenantId}.
+` + `Run 'a8techads context set-tenant ${contextTenantId}' to re-authenticate.`);
+  }
+}
+
 // src/commands/context.ts
 function createContextCommand() {
   const context = new Command("context").description("Workspace context — tenant, capability, and app selection").addHelpText("after", `
@@ -3242,6 +3288,16 @@ Examples:
     }
     console.log(`App:          ${profileCtx?.app ?? "none"}`);
     console.log(`Capability:   ${profileCtx?.current_capability ?? "null (platform)"}`);
+    if (profileCtx?.impersonation) {
+      const imp = profileCtx.impersonation;
+      console.log(`
+--- Managed Access Session ---`);
+      console.log(`Target:       ${imp.target_tenant_name} (${imp.target_tenant_id})`);
+      console.log(`Capability:   ${imp.effective_capability}`);
+      console.log(`Role:         ${imp.effective_role}`);
+      console.log(`Grant:        ${imp.managed_grant_id ?? "none"}`);
+      console.log(`Started:      ${imp.started_at}`);
+    }
   });
   context.command("set-tenant").description(`Switch to a different tenant. Triggers re-authentication if the
 tenant differs from the current token tenant.
@@ -3376,6 +3432,74 @@ Shortcuts:
     console.log("Capability: PUBLISHER");
     console.log("App: ssp");
   });
+  context.command("assume-role").description(`Start a managed access session as a platform operator.
+
+Requires: platform_owner or platform_admin role.`).option("--tenant <id>", "Target tenant ID (required)").option("--capability <cap>", "Effective capability: ADVERTISER or PUBLISHER").addHelpText("after", `
+Examples:
+  $ a8techads context assume-role --tenant 00000000-... --capability ADVERTISER
+  $ a8techads context assume-role --tenant <id>`).action(async (opts) => {
+    if (!opts.tenant) {
+      console.error("Error: --tenant is required.");
+      console.error('Run "a8techads context assume-role --help" for usage.');
+      process.exit(1);
+    }
+    try {
+      const body = { target_tenant_id: opts.tenant };
+      if (opts.capability)
+        body.target_capability = opts.capability;
+      const resp = await apiRequest({
+        method: "POST",
+        path: "/api/v1/console/impersonation/start",
+        body
+      });
+      if (!resp.ok) {
+        const err = await resp.json().catch(() => ({ error: resp.statusText }));
+        console.error(`Error: ${err.error || resp.statusText}`);
+        process.exit(1);
+      }
+      const data = await resp.json();
+      const targetTenant = data.target_tenant || {};
+      const ctx = loadContext();
+      const impersonation = {
+        target_tenant_id: opts.tenant,
+        target_tenant_name: targetTenant.company_name || "Unknown",
+        effective_capability: data.effective_capability || opts.capability || "",
+        effective_role: data.effective_role || "",
+        managed_grant_id: data.managed_grant_id || null,
+        started_at: new Date().toISOString()
+      };
+      setCurrentContext(ctx, { impersonation });
+      saveContext(ctx);
+      console.log("Managed access session started.");
+      console.log(`Target:      ${impersonation.target_tenant_name} (${opts.tenant})`);
+      console.log(`Capability:  ${impersonation.effective_capability}`);
+      console.log(`Grant:       ${impersonation.managed_grant_id || "auto-created"}`);
+    } catch (err) {
+      console.error(`Failed: ${err.message}`);
+      process.exit(1);
+    }
+  });
+  context.command("end-session").description(`End the current managed access session.
+
+Requires: an active managed access session.`).addHelpText("after", `
+Examples:
+  $ a8techads context end-session`).action(async () => {
+    const ctx = loadContext();
+    const profileCtx = getCurrentContext(ctx);
+    if (!profileCtx?.impersonation) {
+      console.log("No active managed access session.");
+      return;
+    }
+    try {
+      await apiRequest({
+        method: "POST",
+        path: "/api/v1/console/impersonation/end"
+      });
+    } catch {}
+    setCurrentContext(ctx, { impersonation: null });
+    saveContext(ctx);
+    console.log("Managed access session ended.");
+  });
   return context;
 }
 function deriveAppFromTenant(tenant) {
@@ -3392,46 +3516,6 @@ function deriveAuthUrl(tokenEndpoint) {
   return url.origin;
 }
 
-// src/utils/http.ts
-async function apiRequest(opts) {
-  await refreshTokenIfNeeded();
-  const creds = loadCredentials();
-  const profile = getCurrentProfile(creds);
-  if (!profile) {
-    throw new Error('No active profile. Run "a8techads auth login" to authenticate.');
-  }
-  const ctx = loadContext();
-  const context = getCurrentContext(ctx);
-  validateTenantMatch(profile.access_token, context?.tenant_id ?? null);
-  const headers = {
-    Authorization: `Bearer ${profile.access_token}`,
-    "Content-Type": "application/json",
-    ...opts.headers
-  };
-  if (context?.current_capability) {
-    headers["X-Effective-Capability"] = context.current_capability;
-  }
-  const url = `${profile.api_url}${opts.path}`;
-  return fetch(url, {
-    method: opts.method ?? "GET",
-    headers,
-    body: opts.body ? JSON.stringify(opts.body) : undefined
-  });
-}
-function validateTenantMatch(accessToken, contextTenantId) {
-  const claims = decodeJwt(accessToken);
-  if (!claims)
-    return;
-  const authClaims = getAuthClaims(claims);
-  const tokenTenantId = authClaims?.tenant_id ?? null;
-  if (!contextTenantId || !tokenTenantId)
-    return;
-  if (contextTenantId !== tokenTenantId) {
-    throw new Error(`Token tenant mismatch. Context tenant: ${contextTenantId}, token tenant: ${tokenTenantId}.
-` + `Run 'a8techads context set-tenant ${contextTenantId}' to re-authenticate.`);
-  }
-}
-
 // src/utils/api-prefix.ts
 function getApiPrefix() {
   const ctx = loadContext();
@@ -3572,7 +3656,7 @@ Examples:
   });
   cmd.command("create").description(`Create a new audience.
 
-Phase 1 only supports type UPLOADED_LIST.`).option("--name <name>", "Audience name (required)").option("--type <type>", "Audience type (default: UPLOADED_LIST)", "UPLOADED_LIST").option("--description <desc>", "Description").option("--ttl <days>", "Membership TTL in days (default: 90)", "90").option("--from-json <file>", "Create from JSON file").addHelpText("after", `
+Phase 1 only supports type UPLOADED_LIST.`).option("--name <name>", "Audience name (required)").option("--type <type>", "Audience type: UPLOADED_LIST or RETARGETING", "UPLOADED_LIST").option("--description <desc>", "Description").option("--ttl <days>", "Membership TTL in days (default: 90)", "90").option("--goal-id <id>", "Conversion goal ID (required for RETARGETING type)").option("--from-json <file>", "Create from JSON file").addHelpText("after", `
 Examples:
   $ a8techads audiences create --name "High-Value Customers"
   $ a8techads audiences create --name "Retarget Pool" --ttl 30
@@ -3586,6 +3670,10 @@ Examples:
         console.error('Error: --name is required. Run "a8techads audiences create --help".');
         process.exit(1);
       }
+      if (opts.type === "RETARGETING" && !opts.goalId) {
+        console.error("Error: --goal-id is required for RETARGETING type.");
+        process.exit(1);
+      }
       body = {
         name: opts.name,
         type: opts.type,
@@ -3593,6 +3681,9 @@ Examples:
       };
       if (opts.description)
         body.description = opts.description;
+      if (opts.goalId) {
+        body.rules = { source: "conversion_goal", goal_id: opts.goalId, action: "positive", recency_days: 30 };
+      }
     }
     const resp = await apiRequest({ method: "POST", path: `${dspPrefix()}/audiences`, body });
     const json = await resp.json();
@@ -3657,28 +3748,53 @@ Examples:
     }
     console.log(`Audience ${id} archived.`);
   });
-  cmd.command("upload").description(`Upload a user list to populate audience membership.
+  cmd.command("upload").description(`Upload user identifiers to populate audience membership.
 
-Accepts CSV or JSON files with user identifiers.`).argument("<id>", "Audience ID").option("--file <path>", "File path (CSV or JSON)").option("--identifier-type <type>", "Identifier type: EMAIL_HASH or DEVICE_ID", "EMAIL_HASH").option("--estimated-size <n>", "Estimated number of users in file").addHelpText("after", `
+Reads a file with one identifier per line (email hash, device ID, etc.)
+and uploads to the audience membership store.`).argument("<id>", "Audience ID").option("--file <path>", "File path (one identifier per line, or JSON array)").option("--identifier-type <type>", "Identifier type: EMAIL_HASH or DEVICE_ID", "EMAIL_HASH").addHelpText("after", `
 Examples:
-  $ a8techads audiences upload <id> --file users.csv --identifier-type EMAIL_HASH
-  $ a8techads audiences upload <id> --file devices.json --identifier-type DEVICE_ID`).action(async (id, opts) => {
+  $ a8techads audiences upload <id> --file users.txt --identifier-type EMAIL_HASH
+  $ a8techads audiences upload <id> --file devices.txt --identifier-type DEVICE_ID
+
+File format (one per line):
+  a1b2c3d4e5f6...
+  f6e5d4c3b2a1...`).action(async (id, opts) => {
     if (!opts.file) {
       console.error("Error: --file is required.");
       process.exit(1);
     }
+    const { readFileSync: readFileSync3 } = await import("fs");
+    let identifiers;
+    try {
+      const content = readFileSync3(opts.file, "utf-8").trim();
+      try {
+        identifiers = JSON.parse(content);
+        if (!Array.isArray(identifiers))
+          throw new Error("not array");
+      } catch {
+        identifiers = content.split(`
+`).map((l) => l.trim()).filter((l) => l.length > 0);
+      }
+    } catch (err) {
+      console.error(`Error reading file: ${err.message}`);
+      process.exit(1);
+    }
+    if (identifiers.length === 0) {
+      console.error("Error: file contains no identifiers.");
+      process.exit(1);
+    }
+    console.log(`Uploading ${identifiers.length} identifiers...`);
     const body = {
+      identifiers,
       identifierType: opts.identifierType
     };
-    if (opts.estimatedSize)
-      body.estimatedSize = Number(opts.estimatedSize);
     const resp = await apiRequest({ method: "POST", path: `${dspPrefix()}/audiences/${id}/upload`, body });
     const json = await resp.json();
     if (!resp.ok) {
       console.error(`Error: ${json.error ?? resp.statusText}`);
       process.exit(1);
     }
-    console.log(`Upload processed. Audience status: ${json.data?.status ?? json.status}`);
+    console.log(`Upload complete. Status: ${json.data?.status ?? json.status}, Members: ${json.data?.uploadedCount ?? json.uploadedCount ?? "?"}`);
   });
   return cmd;
 }
@@ -4488,6 +4604,117 @@ Examples:
   return cmd;
 }
 
+// src/commands/admin.ts
+function createAdminCommand() {
+  const cmd = new Command("admin").description(`Platform administration (Console)
+
+Requires: platform_owner or platform_admin role.`).addHelpText("after", `
+Examples:
+  $ a8techads admin tenants list
+  $ a8techads admin tenants get <id>
+  $ a8techads admin audit-logs
+  $ a8techads admin system health`);
+  const tenants = cmd.command("tenants").description("Tenant management");
+  addFormatOption(tenants.command("list").description("List all tenants.")).action(async (opts) => {
+    const resp = await apiRequest({ path: "/api/v1/console/tenants" });
+    const json = await resp.json();
+    if (!resp.ok) {
+      console.error(`Error: ${json.error ?? resp.statusText}`);
+      process.exit(1);
+    }
+    const rows = (json.data ?? json).map((t) => ({
+      id: t.id,
+      name: t.companyName ?? t.company_name,
+      type: t.tenantType ?? t.tenant_type,
+      status: t.status
+    }));
+    const columns = [
+      { key: "id", header: "ID", width: 36 },
+      { key: "name", header: "NAME", width: 25 },
+      { key: "type", header: "TYPE", width: 12 },
+      { key: "status", header: "STATUS", width: 10 }
+    ];
+    printData(rows, columns, opts.format);
+  });
+  addFormatOption(tenants.command("get").description("Get tenant details.").argument("<id>", "Tenant ID")).action(async (id, opts) => {
+    const resp = await apiRequest({ path: `/api/v1/console/tenants/${id}` });
+    const json = await resp.json();
+    if (!resp.ok) {
+      console.error(`Error: ${json.error ?? resp.statusText}`);
+      process.exit(1);
+    }
+    printDetail(json.data ?? json, opts.format);
+  });
+  const members = tenants.command("members").description("Tenant member management");
+  addFormatOption(members.command("list").description("List tenant members.").option("--tenant <id>", "Tenant ID (required)")).action(async (opts) => {
+    if (!opts.tenant) {
+      console.error("Error: --tenant is required.");
+      process.exit(1);
+    }
+    const resp = await apiRequest({ path: `/api/v1/console/tenants/${opts.tenant}/members` });
+    const json = await resp.json();
+    if (!resp.ok) {
+      console.error(`Error: ${json.error ?? resp.statusText}`);
+      process.exit(1);
+    }
+    const rows = (json.data ?? json).map((m) => ({
+      id: m.userId ?? m.user_id ?? m.id,
+      email: m.email,
+      role: m.role,
+      status: m.status
+    }));
+    printData(rows, [
+      { key: "id", header: "USER ID", width: 36 },
+      { key: "email", header: "EMAIL", width: 30 },
+      { key: "role", header: "ROLE", width: 20 }
+    ], opts.format);
+  });
+  addFormatOption(cmd.command("audit-logs").description("View audit logs.").option("--tenant <id>", "Filter by tenant").option("--limit <n>", "Max results", "20")).action(async (opts) => {
+    const params = new URLSearchParams({ limit: opts.limit });
+    if (opts.tenant)
+      params.set("tenant_id", opts.tenant);
+    const resp = await apiRequest({ path: `/api/v1/console/audit-logs?${params}` });
+    const json = await resp.json();
+    if (!resp.ok) {
+      console.error(`Error: ${json.error ?? resp.statusText}`);
+      process.exit(1);
+    }
+    const rows = (json.data ?? json).map((l) => ({
+      action: l.action,
+      target: l.targetType ?? l.target_type,
+      targetId: l.targetId ?? l.target_id,
+      user: l.adminUserId ?? l.admin_user_id,
+      time: l.createdAt ?? l.created_at
+    }));
+    printData(rows, [
+      { key: "action", header: "ACTION", width: 25 },
+      { key: "target", header: "TARGET", width: 12 },
+      { key: "targetId", header: "TARGET ID", width: 36 },
+      { key: "time", header: "TIME", width: 22 }
+    ], opts.format);
+  });
+  const system = cmd.command("system").description("System operations");
+  addFormatOption(system.command("health").description("System health check.")).action(async (opts) => {
+    const resp = await apiRequest({ path: "/api/v1/console/system/health" });
+    const json = await resp.json();
+    if (!resp.ok) {
+      console.error(`Error: ${json.error ?? resp.statusText}`);
+      process.exit(1);
+    }
+    printDetail(json.data ?? json, opts.format);
+  });
+  system.command("cache-clear").description("Clear system cache.").action(async () => {
+    const resp = await apiRequest({ method: "POST", path: "/api/v1/console/system/cache/clear" });
+    if (!resp.ok) {
+      const j = await resp.json();
+      console.error(`Error: ${j.error ?? resp.statusText}`);
+      process.exit(1);
+    }
+    console.log("Cache cleared.");
+  });
+  return cmd;
+}
+
 // src/commands/settings.ts
 function settingsPrefix() {
   const ctx = loadContext();
@@ -4619,7 +4846,7 @@ Examples:
 
 // src/index.ts
 function createProgram() {
-  const program2 = new Command().name("a8techads").description("A8TechAds CLI — programmatic ad platform management").version("0.2.0").addHelpText("after", `
+  const program2 = new Command().name("a8techads").description("A8TechAds CLI — programmatic ad platform management").version("0.4.0").addHelpText("after", `
 Command Groups:
   auth          Authentication (login, logout, token, status)
   profile       Multi-profile management
@@ -4654,6 +4881,7 @@ Getting Started:
   program2.addCommand(createUsersCommand());
   program2.addCommand(createSettingsCommand());
   program2.addCommand(createInvoicesCommand());
+  program2.addCommand(createAdminCommand());
   return program2;
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@a8techads/cli",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "A8TechAds CLI — programmatic ad platform management",
   "type": "module",
   "bin": {