@adobe/ccweb-add-on-ssl 2.5.0 → 3.0.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/ccweb-add-on-ssl",
-  "version": "2.5.0",
+  "version": "3.0.0",
   "author": "Adobe",
   "license": "MIT",
   "description": "SSL scripts for Adobe Creative Cloud Web Add-on.",
@@ -16,18 +16,21 @@
   "bin": {
     "ccweb-add-on-ssl": "./bin/run.js"
   },
+  "engines": {
+    "node": ">=18.0.0"
+  },
   "oclif": {
     "bin": "ccweb-add-on-ssl",
     "commands": "./dist/commands",
-    "plugins": [],
     "topicSeparator": " "
   },
   "repository": {
     "url": "https://github.com/adobe/create-ccweb-add-on"
   },
   "dependencies": {
-    "@adobe/ccweb-add-on-devcert": "0.1.1",
-    "@oclif/core": "2.8.0",
+    "@adobe/ccweb-add-on-devcert": "0.2.1",
+    "@oclif/core": "4.2.8",
+    "@swc/helpers": "0.5.12",
     "chalk": "4.1.1",
     "fs-extra": "10.0.1",
     "inversify": "6.0.1",
@@ -35,18 +38,17 @@
     "prompts": "2.4.2",
     "reflect-metadata": "0.1.13",
     "string-template": "1.0.0",
-    "tslib": "2.6.2",
-    "@swc/helpers": "0.5.12",
-    "@adobe/ccweb-add-on-analytics": "2.5.0",
-    "@adobe/ccweb-add-on-core": "2.5.0"
+    "tslib": "2.7.0",
+    "@adobe/ccweb-add-on-analytics": "3.0.0",
+    "@adobe/ccweb-add-on-core": "3.0.0"
   },
   "devDependencies": {
-    "@oclif/test": "2.3.4",
+    "@oclif/test": "4.1.12",
     "@types/chai-as-promised": "7.1.3",
     "@types/chai": "4.2.14",
     "@types/fs-extra": "9.0.13",
     "@types/mocha": "9.1.1",
-    "@types/node": "16.18.36",
+    "@types/node": "18.18.2",
     "@types/prompts": "2.0.14",
     "@types/sinon": "9.0.8",
     "@types/string-template": "1.0.2",
@@ -54,13 +56,13 @@
     "chai-as-promised": "7.1.1",
     "chai": "4.3.4",
     "mocha": "10.0.0",
-    "oclif": "3.2.28",
+    "oclif": "4.17.34",
     "prettier": "2.8.0",
     "rimraf": "3.0.2",
     "sinon": "9.2.1",
     "ts-node": "10.9.2",
     "ts-sinon": "2.0.1",
-    "typescript": "5.4.5"
+    "typescript": "5.7.3"
   },
   "scripts": {
     "clean": "rimraf dist coverage",

package/src/AnalyticsMarkers.ts

@@ -25,12 +25,15 @@
 export enum AnalyticsErrorMarkers {
     ERROR_SSL_INVALID_HOSTNAME = "ERROR_SSL_INVALID_HOSTNAME",
     ERROR_SSL_SETUP = "ERROR_SSL_SETUP",
-    ERROR_SSL_REMOVE = "ERROR_SSL_REMOVE"
+    ERROR_SSL_REMOVE = "ERROR_SSL_REMOVE",
+    ERROR_SSL_PURGE = "ERROR_SSL_PURGE"
 }
 
 export enum AnalyticsSuccessMarkers {
     SUCCESSFUL_SSL_MANUAL_SETUP = "SUCCESSFUL_SSL_MANUAL_SETUP",
     SUCCESSFUL_SSL_AUTOMATIC_SETUP = "SUCCESSFUL_SSL_AUTOMATIC_SETUP",
     SUCCESSFUL_SSL_MANUAL_REMOVE = "SUCCESSFUL_SSL_MANUAL_REMOVE",
-    SUCCESSFUL_SSL_AUTOMATIC_REMOVE = "SUCCESSFUL_SSL_AUTOMATIC_REMOVE"
+    SUCCESSFUL_SSL_AUTOMATIC_REMOVE = "SUCCESSFUL_SSL_AUTOMATIC_REMOVE",
+    SUCCESSFUL_SSL_MANUAL_PURGE = "SUCCESSFUL_SSL_MANUAL_PURGE",
+    SUCCESSFUL_SSL_AUTOMATIC_PURGE = "SUCCESSFUL_SSL_AUTOMATIC_PURGE"
 }

package/src/app/CommandExecutor.ts

@@ -33,5 +33,5 @@ export interface CommandExecutor {
      * @param options - Command arguments entered by user represented as {@link CommandOptions}.
      * @returns Promise.
      */
-    execute(options: CommandOptions): Promise<void>;
+    execute(options?: CommandOptions): Promise<void>;
 }

package/src/app/PurgeCommandExecutor.ts

@@ -0,0 +1,144 @@
+/********************************************************************************
+ * MIT License
+
+ * © Copyright 2025 Adobe. All rights reserved.
+
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ ********************************************************************************/
+
+import type { AnalyticsService } from "@adobe/ccweb-add-on-analytics";
+import { ITypes as IAnalyticsTypes } from "@adobe/ccweb-add-on-analytics";
+import type { Logger, Preferences } from "@adobe/ccweb-add-on-core";
+import { ITypes as ICoreTypes } from "@adobe/ccweb-add-on-core";
+import devcert from "@adobe/ccweb-add-on-devcert";
+import chalk from "chalk";
+import fs from "fs-extra";
+import { inject, injectable } from "inversify";
+import prompts from "prompts";
+import "reflect-metadata";
+import { AnalyticsErrorMarkers, AnalyticsSuccessMarkers } from "../AnalyticsMarkers.js";
+import { SSLRemoveOption } from "../models/Types.js";
+import type { CommandExecutor } from "./CommandExecutor.js";
+
+/**
+ * Purge command execution implementation class.
+ */
+@injectable()
+export class PurgeCommandExecutor implements CommandExecutor {
+    private readonly _preferences: Preferences;
+    private readonly _analyticsService: AnalyticsService;
+    private readonly _logger: Logger;
+
+    /**
+     * Instantiate {@link PurgeCommandExecutor}.
+     * @param preferences - {@link Preferences} reference.
+     * @param analyticsService - {@link AnalyticsService} reference.
+     * @param logger - {@link Logger} reference.
+     * @returns Reference to a new {@link PurgeCommandExecutor} instance.
+     */
+    constructor(
+        @inject(ICoreTypes.Preferences) preferences: Preferences,
+        @inject(IAnalyticsTypes.AnalyticsService) analyticsService: AnalyticsService,
+        @inject(ICoreTypes.Logger) logger: Logger
+    ) {
+        this._preferences = preferences;
+        this._analyticsService = analyticsService;
+        this._logger = logger;
+    }
+
+    /**
+     * Purge all SSL artifacts and invalidate the certificate authority from the trusted source.
+     * @returns Promise.
+     */
+    async execute(): Promise<void> {
+        const response = await prompts.prompt({
+            type: "select",
+            name: "purgeConfirmation",
+            message: this._promptMessage(LOGS.purgeConfirmation),
+            choices: [
+                { title: this._promptMessageOption(LOGS.keepSSL), value: SSLRemoveOption.Keep },
+                { title: this._promptMessageOption(LOGS.removeSSL), value: SSLRemoveOption.Remove }
+            ],
+            initial: 0
+        });
+
+        if (!response || !response.purgeConfirmation) {
+            this._analyticsService.postEvent(
+                AnalyticsErrorMarkers.ERROR_SSL_PURGE,
+                LOGS.sslPurgeOptionNotSpecified,
+                false
+            );
+
+            return;
+        }
+
+        if (response.purgeConfirmation === SSLRemoveOption.Keep) {
+            return;
+        }
+
+        this._logger.information(LOGS.removingAndInvalidatingSSL, { prefix: LOGS.newLine });
+        this._logger.message(LOGS.requireSystemPassword);
+        this._logger.message(LOGS.requireSystemPasswordReason);
+        this._logger.message(LOGS.retryRunningIfTakingLonger);
+
+        this._purgeCustomSSL();
+        this._purgeWxpSSL();
+
+        this._logger.success(LOGS.removedAllSSL, { prefix: LOGS.newLine, postfix: LOGS.newLine });
+    }
+
+    private _purgeCustomSSL(): void {
+        const userPreference = this._preferences.get();
+        if (userPreference.ssl !== undefined) {
+            userPreference.ssl = undefined;
+            this._preferences.set(userPreference);
+
+            this._analyticsService.postEvent(AnalyticsSuccessMarkers.SUCCESSFUL_SSL_MANUAL_PURGE, "", true);
+        }
+    }
+
+    private _purgeWxpSSL(): void {
+        if (fs.existsSync(devcert.location())) {
+            devcert.removeAll();
+            this._analyticsService.postEvent(AnalyticsSuccessMarkers.SUCCESSFUL_SSL_AUTOMATIC_PURGE, "", true);
+        }
+    }
+
+    private _promptMessage(message: string): string {
+        return chalk.hex("#E59400")(message);
+    }
+
+    private _promptMessageOption(message: string): string {
+        return chalk.green.bold(message);
+    }
+}
+
+const LOGS = {
+    newLine: "\n",
+    sslPurgeOptionNotSpecified: "SSL purge option is not specified.",
+    purgeConfirmation: "Are you sure you want to remove all SSL artifacts from your system",
+    keepSSL: "No, keep existing SSL artifacts",
+    removeSSL: "Yes, remove all SSL artifacts",
+    removingAndInvalidatingSSL: "Removing and invalidating all SSL artifacts from your system ...",
+    requireSystemPassword: "This may require you to enter your system's password,",
+    requireSystemPasswordReason:
+        "so that the SSL certificate can be removed from your system's trusted certificate path.",
+    retryRunningIfTakingLonger: "[If this takes longer than expected, please break and retry]",
+    removedAllSSL: "Removed all SSL artifacts."
+};

package/src/app/SSLReader.ts

@@ -45,7 +45,8 @@ export interface SSLReader {
     /**
      * Read the SSL artifacts.
      * @param hostname - Hostname in the SSL certificate.
+     * @param port - Port where the add-on is being hosted.
      * @returns Promise of {@link SSLData}.
      */
-    read(hostname: string): Promise<SSLData>;
+    read(hostname: string, port: number): Promise<SSLData>;
 }

package/src/app/SetupCommandExecutor.ts

@@ -26,8 +26,8 @@ import type { AnalyticsService } from "@adobe/ccweb-add-on-analytics";
 import { ITypes as IAnalyticsTypes } from "@adobe/ccweb-add-on-analytics";
 import type { Logger, Preferences } from "@adobe/ccweb-add-on-core";
 import { ITypes as ICoreTypes, isFile } from "@adobe/ccweb-add-on-core";
-import chalk from "chalk";
 import devcert from "@adobe/ccweb-add-on-devcert";
+import chalk from "chalk";
 import { inject, injectable } from "inversify";
 import path from "path";
 import process from "process";
@@ -147,8 +147,6 @@ export class SetupCommandExecutor implements CommandExecutor {
             prefix: LOGS.newLine
         });
 
-        // Consider updating the signature of `_removeExistingSSL` to accept only `options`
-        // when we introduce the @oclf command to `remove` an existing SSL.
         return await this._removeExistingSSL(options, isCustomSSL, isWxpSSL);
     }
 
@@ -229,7 +227,12 @@ export class SetupCommandExecutor implements CommandExecutor {
         }
 
         if (isWxpSSL) {
-            await devcert.removeDomain(options.hostname);
+            if (devcert.caExpiryInDays() <= 0) {
+                devcert.removeAll();
+            } else {
+                await devcert.removeDomain(options.hostname);
+            }
+
             this._analyticsService.postEvent(
                 AnalyticsSuccessMarkers.SUCCESSFUL_SSL_AUTOMATIC_REMOVE,
                 options.hostname,
@@ -237,7 +240,7 @@ export class SetupCommandExecutor implements CommandExecutor {
             );
         }
 
-        this._logger.success(LOGS.removed, { postfix: LOGS.newLine });
+        this._logger.success(LOGS.removedExistingSSL, { prefix: LOGS.newLine, postfix: LOGS.newLine });
         return true;
     }
 
@@ -295,7 +298,7 @@ const LOGS = {
     automatically: "Automatically, set it up for me",
     manually: "Manually, I already have an SSL certificate and key",
     settingUpSSL: "Setting up self-signed SSL certificate ...",
-    requireSystemPassword: "This is only a one time step and may require you to enter your system's password",
+    requireSystemPassword: "This is only a one time step and may require you to enter your system's password,",
     requireSystemPasswordReason: "so that the SSL certificate can be added to your system's trusted certificate path.",
     retryRunningIfTakingLonger: "[If this takes longer than expected, please break and retry]",
     sslSetupComplete: "SSL setup complete!",
@@ -306,5 +309,5 @@ const LOGS = {
     invalidPathSpecified: "Invalid {asset} path specified.",
     sslSetupOptionNotSpecified: "SSL setup option is not specified.",
     sslRemoveOptionNotSpecified: "SSL remove option is not specified.",
-    removed: "Removed."
+    removedExistingSSL: "Removed existing SSL certificate."
 };

package/src/app/WxpSSLReader.ts

@@ -28,6 +28,7 @@ import devcert from "@adobe/ccweb-add-on-devcert";
 import fs from "fs-extra";
 import { inject, injectable } from "inversify";
 import "reflect-metadata";
+import format from "string-template";
 import type { SSLData } from "../models/index.js";
 
 /**
@@ -70,24 +71,27 @@ export class WxpSSLReader {
     /**
      * Read the SSL artifacts.
      * @param hostname - Hostname in the SSL certificate.
+     * @param port - Port where the add-on is being hosted.
      * @returns Promise of {@link SSLData}.
      */
-    async read(hostname: string): Promise<SSLData> {
+    async read(hostname: string, port: number): Promise<SSLData> {
         const sslSettings = this._getUserDefinedSSL(hostname);
 
         // When SSL is set up manuually by the `user`.
         if (sslSettings !== undefined) {
             const { certificatePath, keyPath } = sslSettings;
             if (!certificatePath || !isFile(certificatePath)) {
-                this._logger.error(LOGS.invalidCertificatePath);
+                this._handleInvalidUserSSLCertificate(LOGS.invalidCertificatePath);
                 return process.exit(1);
             }
 
             if (!keyPath || !isFile(keyPath)) {
-                this._logger.error(LOGS.invalidKeyPath);
+                this._handleInvalidUserSSLCertificate(LOGS.invalidKeyPath);
                 return process.exit(1);
             }
 
+            this._handleUnknownExpirySSLCertificate(hostname, port);
+
             return {
                 cert: fs.readFileSync(certificatePath),
                 key: fs.readFileSync(keyPath)
@@ -96,10 +100,23 @@ export class WxpSSLReader {
 
         // When SSL is set up automatically by `devcert`.
         if (this.isWxpSSL(hostname)) {
+            const caExpiry = devcert.caExpiryInDays();
+            const certificateExpiry = devcert.certificateExpiryInDays(hostname);
+
+            const expiry = Math.min(certificateExpiry, caExpiry);
+            if (expiry <= 0) {
+                this._handleExpiredSSLCertificate();
+                return process.exit(1);
+            }
+
+            if (expiry <= 7) {
+                this._handleNearingExpirySSLCertificate(expiry);
+            }
+
             return await devcert.certificateFor(hostname);
         }
 
-        this._logger.error(LOGS.noSSLDataFound, { postfix: LOGS.newLine });
+        this._handleNoSSLCertificateFound();
         return process.exit(1);
     }
 
@@ -111,11 +128,60 @@ export class WxpSSLReader {
 
         return ssl.get(hostname);
     }
+
+    private _handleExpiredSSLCertificate() {
+        this._logger.error(LOGS.noValidSSLCertificateFound);
+        this._logger.error(LOGS.expiredSSLCertificate);
+        this._recreateSSLCertificate();
+    }
+
+    private _handleNearingExpirySSLCertificate(expiry: number) {
+        this._logger.warning(format(LOGS.nearingExpirySSLCertificate, { expiry }));
+        this._recreateSSLCertificate();
+    }
+
+    private _handleNoSSLCertificateFound() {
+        this._logger.error(LOGS.noValidSSLCertificateFound);
+        this._logger.error(LOGS.invalidatedSSLCertificate);
+        this._recreateSSLCertificate();
+    }
+
+    private _handleInvalidUserSSLCertificate(errorMessage: string) {
+        this._logger.error(errorMessage);
+        this._recreateSSLCertificate();
+    }
+
+    private _handleUnknownExpirySSLCertificate(hostname: string, port: number) {
+        this._logger.warning(LOGS.undeterminedExpirySSLCertificate);
+        this._logger.warning(LOGS.unableToSideloadAddOn);
+        this._logger.warning(format(LOGS.checkCertificateValidity, { hostname, port }));
+        this._recreateSSLCertificate();
+    }
+
+    private _recreateSSLCertificate() {
+        this._logger.warning(LOGS.recreateSSLCertificate, { prefix: LOGS.newLine });
+        this._logger.information(LOGS.setupSSLCommand, { prefix: LOGS.tab });
+
+        this._logger.warning(LOGS.example, { prefix: LOGS.newLine });
+        this._logger.information(LOGS.setupSSLCommandExample, { prefix: LOGS.tab, postfix: LOGS.newLine });
+    }
 }
 
 const LOGS = {
     newLine: "\n",
+    tab: "  ",
     invalidCertificatePath: "Invalid SSL certificate file path.",
     invalidKeyPath: "Invalid SSL key file path.",
-    noSSLDataFound: "No SSL related certificate or key files were found. Please retry after setting them up."
+    noValidSSLCertificateFound: "Could not locate a valid SSL certificate to host the add-on.",
+    expiredSSLCertificate: "The SSL certificate has expired.",
+    nearingExpirySSLCertificate: "Your SSL certificate will expire in {expiry} days.",
+    invalidatedSSLCertificate:
+        "If you had previously set it up, it may have been invalidated due to a version upgrade.",
+    undeterminedExpirySSLCertificate: "Could not determine the expiry of your SSL certificate.",
+    unableToSideloadAddOn: "If you are unable to sideload your add-on, please check the validity of:",
+    checkCertificateValidity: "https://{hostname}:{port} certificate in your browser.",
+    recreateSSLCertificate: "To re-create the SSL certificate, you may run:",
+    setupSSLCommand: "npx @adobe/ccweb-add-on-ssl setup --hostname [hostname]",
+    example: "Example:",
+    setupSSLCommandExample: "npx @adobe/ccweb-add-on-ssl setup --hostname localhost"
 };

package/src/app/index.ts

@@ -23,6 +23,7 @@
  ********************************************************************************/
 
 export * from "./CommandExecutor.js";
-export * from "./SSLReader.js";
+export * from "./PurgeCommandExecutor.js";
 export * from "./SetupCommandExecutor.js";
+export * from "./SSLReader.js";
 export * from "./WxpSSLReader.js";

package/src/commands/purge.ts

@@ -0,0 +1,72 @@
+/********************************************************************************
+ * MIT License
+
+ * © Copyright 2025 Adobe. All rights reserved.
+
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ ********************************************************************************/
+
+import { BaseCommand, CLIProgram } from "@adobe/ccweb-add-on-analytics";
+import { UncaughtExceptionHandler } from "@adobe/ccweb-add-on-core";
+import type { Config } from "@oclif/core";
+import process from "process";
+import "reflect-metadata";
+import { AnalyticsErrorMarkers } from "../AnalyticsMarkers.js";
+import type { CommandExecutor } from "../app/CommandExecutor.js";
+import { IContainer, ITypes } from "../config/index.js";
+import { PROGRAM_NAME } from "../constants.js";
+
+/**
+ * SSL Purge command.
+ */
+export class Purge extends BaseCommand {
+    private readonly _commandExecutor: CommandExecutor;
+
+    static description = "Remove and invalidate all add-on related SSL artifacts from your system.";
+
+    static args = {};
+
+    static flags = {};
+
+    constructor(argv: string[], config: Config) {
+        super(argv, config, new CLIProgram(PROGRAM_NAME, config.name + "@" + config.version));
+
+        this._commandExecutor = IContainer.getNamed<CommandExecutor>(ITypes.CommandExecutor, "purge");
+    }
+
+    async run(): Promise<void> {
+        UncaughtExceptionHandler.registerExceptionHandler(PROGRAM_NAME);
+
+        const rootDirectory = process.cwd();
+        process.chdir(rootDirectory);
+
+        const {
+            flags: { analytics }
+        } = await this.parse(Purge);
+
+        await this._seekAnalyticsConsent(analytics);
+
+        await this._commandExecutor.execute();
+    }
+
+    async catch(error: { message: string }): Promise<void> {
+        this._analyticsService.postEvent(AnalyticsErrorMarkers.ERROR_SSL_PURGE, error.message, false);
+        throw error;
+    }
+}

package/src/commands/setup.ts

@@ -1,5 +1,3 @@
-#!/usr/bin/env node
-
 /********************************************************************************
  * MIT License
 
@@ -24,11 +22,11 @@
  * SOFTWARE.
  ********************************************************************************/
 
-import type { AnalyticsConsent, AnalyticsService } from "@adobe/ccweb-add-on-analytics";
-import { CLIProgram, ITypes as IAnalyticsTypes } from "@adobe/ccweb-add-on-analytics";
+import { BaseCommand, CLIProgram } from "@adobe/ccweb-add-on-analytics";
 import { UncaughtExceptionHandler } from "@adobe/ccweb-add-on-core";
 import type { Config } from "@oclif/core";
-import { Command, Flags } from "@oclif/core";
+import { Flags } from "@oclif/core";
+import type { BooleanFlag, CustomOptions, OptionFlag } from "@oclif/core/lib/interfaces/parser.js";
 import process from "process";
 import "reflect-metadata";
 import { AnalyticsErrorMarkers } from "../AnalyticsMarkers.js";
@@ -41,18 +39,18 @@ import type { CommandValidator } from "../validators/CommandValidator.js";
 /**
  * SSL Setup command.
  */
-export class Setup extends Command {
-    private readonly _analyticsConsent: AnalyticsConsent;
-    private readonly _analyticsService: AnalyticsService;
-
+export class Setup extends BaseCommand {
     private readonly _commandValidator: CommandValidator;
     private readonly _commandExecutor: CommandExecutor;
 
-    static description = "Setup a trusted SSL certificate for hosting an add-on.";
+    static description = "Setup a locally trusted SSL certificate for hosting an add-on.";
 
     static args = {};
 
-    static flags = {
+    static flags: {
+        hostname: OptionFlag<string, CustomOptions>;
+        useExisting: BooleanFlag<boolean>;
+    } = {
         hostname: Flags.string({
             char: "h",
             description: "Hostname in the SSL certificate.",
@@ -64,35 +62,17 @@ export class Setup extends Command {
             required: false,
             default: false,
             hidden: true
-        }),
-        analytics: Flags.string({
-            char: "a",
-            description: "Turn on/off sending analytics to Adobe.",
-            options: ["on", "off"],
-            required: false
-        }),
-        verbose: Flags.boolean({
-            char: "v",
-            description: "Print detailed logs.",
-            required: false,
-            default: false
         })
     };
 
     constructor(argv: string[], config: Config) {
-        super(argv, config);
-
-        this._analyticsConsent = IContainer.get<AnalyticsConsent>(IAnalyticsTypes.AnalyticsConsent);
-
-        this._analyticsService = IContainer.get<AnalyticsService>(IAnalyticsTypes.AnalyticsService);
-        this._analyticsService.program = new CLIProgram(PROGRAM_NAME, this.config.name + "@" + this.config.version);
-        this._analyticsService.startTime = Date.now();
+        super(argv, config, new CLIProgram(PROGRAM_NAME, config.name + "@" + config.version));
 
         this._commandValidator = IContainer.getNamed<CommandValidator>(ITypes.CommandValidator, "setup");
         this._commandExecutor = IContainer.getNamed<CommandExecutor>(ITypes.CommandExecutor, "setup");
     }
 
-    async run() {
+    async run(): Promise<void> {
         UncaughtExceptionHandler.registerExceptionHandler(PROGRAM_NAME);
 
         const rootDirectory = process.cwd();
@@ -109,16 +89,8 @@ export class Setup extends Command {
         await this._commandExecutor.execute(options);
     }
 
-    async catch(error: { message: string }) {
+    async catch(error: { message: string }): Promise<void> {
         this._analyticsService.postEvent(AnalyticsErrorMarkers.ERROR_SSL_SETUP, error.message, false);
         throw error;
     }
-
-    private async _seekAnalyticsConsent(analytics: string | undefined): Promise<void> {
-        if (analytics === undefined) {
-            await this._analyticsConsent.get();
-        } else {
-            await this._analyticsConsent.set(analytics === "on");
-        }
-    }
 }

package/src/config/inversify.config.ts

@@ -23,14 +23,15 @@
  ********************************************************************************/
 
 import { IContainer as ICoreContainer } from "@adobe/ccweb-add-on-core";
+import { Container } from "inversify";
 import "reflect-metadata";
 import type { CommandExecutor, SSLReader } from "../app/index.js";
-import { SetupCommandExecutor, WxpSSLReader } from "../app/index.js";
+import { PurgeCommandExecutor, SetupCommandExecutor, WxpSSLReader } from "../app/index.js";
 import type { CommandValidator } from "../validators/index.js";
 import { SetupCommandValidator } from "../validators/index.js";
 import { ITypes } from "./inversify.types.js";
 
-const container = ICoreContainer;
+const container: Container = ICoreContainer;
 
 container
     .bind<CommandExecutor>(ITypes.CommandExecutor)
@@ -38,6 +39,12 @@ container
     .inSingletonScope()
     .whenTargetNamed("setup");
 
+container
+    .bind<CommandExecutor>(ITypes.CommandExecutor)
+    .to(PurgeCommandExecutor)
+    .inSingletonScope()
+    .whenTargetNamed("purge");
+
 container
     .bind<CommandValidator>(ITypes.CommandValidator)
     .to(SetupCommandValidator)

package/src/config/inversify.types.ts

@@ -22,7 +22,11 @@
  * SOFTWARE.
  ********************************************************************************/
 
-export const ITypes = {
+export const ITypes: {
+    CommandExecutor: symbol;
+    CommandValidator: symbol;
+    SSLReader: symbol;
+} = {
     CommandExecutor: Symbol.for("CommandExecutor"),
     CommandValidator: Symbol.for("CommandValidator"),
     SSLReader: Symbol.for("SSLReader")

package/src/index.ts

@@ -26,3 +26,5 @@ export * from "./app/index.js";
 export * from "./config/index.js";
 export * from "./constants.js";
 export * from "./models/index.js";
+
+export { run } from "@oclif/core";