@aemeath/surf-cli 0.1.0

package/dist/adapters/surfshark-account-client.js

@@ -0,0 +1,226 @@
+import { setTimeout as delay } from 'node:timers/promises';
+import { SurfCliError } from '../core/errors.js';
+import { openVpnCredentialsSchema } from '../core/types.js';
+class CookieJar {
+    cookies = new Map();
+    setFromHeaders(headers) {
+        const getSetCookie = headers.getSetCookie;
+        const values = typeof getSetCookie === 'function'
+            ? getSetCookie.call(headers)
+            : splitSetCookie(headers.get('set-cookie'));
+        for (const value of values) {
+            const [pair] = value.split(';');
+            if (!pair) {
+                continue;
+            }
+            const separatorIndex = pair.indexOf('=');
+            if (separatorIndex < 1) {
+                continue;
+            }
+            const name = pair.slice(0, separatorIndex).trim();
+            const cookieValue = pair.slice(separatorIndex + 1).trim();
+            this.cookies.set(name, cookieValue);
+        }
+    }
+    header() {
+        if (this.cookies.size === 0) {
+            return undefined;
+        }
+        return [...this.cookies.entries()].map(([key, value]) => `${key}=${value}`).join('; ');
+    }
+}
+export class SurfsharkAccountClient {
+    baseUrl;
+    jar = new CookieJar();
+    constructor(baseUrl = 'https://my.surfshark.com') {
+        this.baseUrl = baseUrl;
+    }
+    async loginWithEmail(email, password) {
+        const result = await this.request('/auth/login', {
+            method: 'POST',
+            body: { username: email.trim(), password }
+        });
+        if (!result.ok) {
+            const errorCode = extractSurfsharkErrorCode(result.body, result.status);
+            if (errorCode === 423) {
+                return {
+                    authenticated: false,
+                    twoFactorRequired: true,
+                    credentials: null,
+                    message: 'Surfshark account requires 2FA. Use --manual or --code.'
+                };
+            }
+            return {
+                authenticated: false,
+                twoFactorRequired: false,
+                credentials: null,
+                message: `Surfshark account login failed with status ${result.status}. Use manual OpenVPN credentials.`
+            };
+        }
+        const credentials = await this.fetchOpenVpnCredentialsFromSession();
+        return {
+            authenticated: true,
+            twoFactorRequired: false,
+            credentials,
+            message: credentials
+                ? 'Surfshark account login succeeded and OpenVPN service credentials were found.'
+                : 'Surfshark account login succeeded, but OpenVPN service credentials were not exposed by the current account API response.'
+        };
+    }
+    async createLoginCodeChallenge() {
+        const result = await this.request('/auth/api/v1/account/authorization/create', {
+            method: 'POST'
+        });
+        if (!result.ok || !result.body) {
+            throw new SurfCliError('AUTH_FAILED', `Could not create Surfshark login code challenge. Status: ${result.status}`);
+        }
+        const code = getString(result.body, 'code');
+        const hash = getString(result.body, 'hash');
+        const expiresAfter = getNumber(result.body, 'expiresAfter') ?? getNumber(result.body, 'expires_after');
+        if (!code || !hash || !expiresAfter) {
+            throw new SurfCliError('AUTH_FAILED', 'Surfshark login code challenge response did not include code, hash, and expiry.');
+        }
+        return {
+            code: code.toUpperCase(),
+            hash,
+            expiresAfterSeconds: expiresAfter
+        };
+    }
+    async waitForLoginCodeActivation(challenge, options = {}) {
+        const pollIntervalMs = options.pollIntervalMs ?? 5_000;
+        const timeoutMs = options.timeoutMs ?? challenge.expiresAfterSeconds * 1_000;
+        const deadline = Date.now() + timeoutMs;
+        while (Date.now() < deadline) {
+            const result = await this.request('/auth/login-code', {
+                method: 'POST',
+                body: { hash: challenge.hash }
+            });
+            if (result.ok) {
+                const credentials = await this.fetchOpenVpnCredentialsFromSession();
+                return {
+                    activated: true,
+                    credentials,
+                    message: credentials
+                        ? 'Surfshark code login succeeded and OpenVPN service credentials were found.'
+                        : 'Surfshark code login succeeded, but OpenVPN service credentials were not exposed by the current account API response.'
+                };
+            }
+            await delay(pollIntervalMs);
+        }
+        return {
+            activated: false,
+            credentials: null,
+            message: 'Surfshark login code expired before activation.'
+        };
+    }
+    async fetchOpenVpnCredentialsFromSession() {
+        const result = await this.request('/auth/p_api/v2/account/users/me', {
+            method: 'GET'
+        });
+        if (!result.ok || !result.body) {
+            return null;
+        }
+        return extractOpenVpnCredentials(result.body);
+    }
+    async request(path, options) {
+        const headers = {
+            Accept: 'application/json',
+            'User-Agent': 'surf-cli/0.1'
+        };
+        if (options.body !== undefined) {
+            headers['Content-Type'] = 'application/json';
+        }
+        const cookieHeader = this.jar.header();
+        if (cookieHeader) {
+            headers.Cookie = cookieHeader;
+        }
+        let response;
+        try {
+            response = await fetch(new URL(path, this.baseUrl), {
+                method: options.method,
+                headers,
+                ...(options.body === undefined ? {} : { body: JSON.stringify(options.body) }),
+                redirect: 'manual'
+            });
+        }
+        catch (error) {
+            throw new SurfCliError('NETWORK_ERROR', 'Could not reach Surfshark account API.', {
+                cause: error
+            });
+        }
+        this.jar.setFromHeaders(response.headers);
+        const body = await parseJsonBody(response);
+        return {
+            ok: response.ok || response.status === 302,
+            status: response.status,
+            body
+        };
+    }
+}
+export function extractOpenVpnCredentials(value) {
+    return findCredentials(value, []);
+}
+function findCredentials(value, path) {
+    if (!value || typeof value !== 'object') {
+        return null;
+    }
+    if (!Array.isArray(value)) {
+        const record = value;
+        const pathHint = path.join('.').toLowerCase();
+        const username = record.username;
+        const password = record.password;
+        const looksLikeCredentialContainer = /credential|openvpn|manual|service|vpn/.test(pathHint);
+        if (looksLikeCredentialContainer &&
+            typeof username === 'string' &&
+            typeof password === 'string') {
+            const parsed = openVpnCredentialsSchema.safeParse({ username, password });
+            if (parsed.success) {
+                return parsed.data;
+            }
+        }
+        for (const [key, nested] of Object.entries(record)) {
+            const found = findCredentials(nested, [...path, key]);
+            if (found) {
+                return found;
+            }
+        }
+        return null;
+    }
+    for (const [index, nested] of value.entries()) {
+        const found = findCredentials(nested, [...path, String(index)]);
+        if (found) {
+            return found;
+        }
+    }
+    return null;
+}
+async function parseJsonBody(response) {
+    const text = await response.text();
+    if (!text) {
+        return null;
+    }
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return null;
+    }
+}
+function splitSetCookie(header) {
+    if (!header) {
+        return [];
+    }
+    return header.split(/,(?=\s*[^;=]+=[^;]+)/g);
+}
+function extractSurfsharkErrorCode(body, fallback) {
+    return body?.error?.code ?? body?.code ?? fallback;
+}
+function getString(record, key) {
+    const value = record[key];
+    return typeof value === 'string' ? value : null;
+}
+function getNumber(record, key) {
+    const value = record[key];
+    return typeof value === 'number' ? value : null;
+}
+//# sourceMappingURL=surfshark-account-client.js.map

package/dist/adapters/surfshark-account-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"surfshark-account-client.js","sourceRoot":"","sources":["../../src/adapters/surfshark-account-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,IAAI,KAAK,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,wBAAwB,EAA2B,MAAM,kBAAkB,CAAC;AAoCrF,MAAM,SAAS;IACI,OAAO,GAAG,IAAI,GAAG,EAAkB,CAAC;IAErD,cAAc,CAAC,OAAgB;QAC7B,MAAM,YAAY,GAAI,OAAuD,CAAC,YAAY,CAAC;QAC3F,MAAM,MAAM,GACV,OAAO,YAAY,KAAK,UAAU;YAChC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC;YAC5B,CAAC,CAAC,cAAc,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;QAEhD,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,SAAS;YACX,CAAC;YAED,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACzC,IAAI,cAAc,GAAG,CAAC,EAAE,CAAC;gBACvB,SAAS;YACX,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,IAAI,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAC1D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,MAAM;QACJ,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACzF,CAAC;CACF;AAED,MAAM,OAAO,sBAAsB;IAGJ;IAFZ,GAAG,GAAG,IAAI,SAAS,EAAE,CAAC;IAEvC,YAA6B,UAAU,0BAA0B;QAApC,YAAO,GAAP,OAAO,CAA6B;IAAG,CAAC;IAErE,KAAK,CAAC,cAAc,CAAC,KAAa,EAAE,QAAgB;QAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAqB,aAAa,EAAE;YACnE,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,QAAQ,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE;SAC3C,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,SAAS,GAAG,yBAAyB,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;YACxE,IAAI,SAAS,KAAK,GAAG,EAAE,CAAC;gBACtB,OAAO;oBACL,aAAa,EAAE,KAAK;oBACpB,iBAAiB,EAAE,IAAI;oBACvB,WAAW,EAAE,IAAI;oBACjB,OAAO,EAAE,yDAAyD;iBACnE,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,aAAa,EAAE,KAAK;gBACpB,iBAAiB,EAAE,KAAK;gBACxB,WAAW,EAAE,IAAI;gBACjB,OAAO,EAAE,8CAA8C,MAAM,CAAC,MAAM,mCAAmC;aACxG,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,kCAAkC,EAAE,CAAC;QACpE,OAAO;YACL,aAAa,EAAE,IAAI;YACnB,iBAAiB,EAAE,KAAK;YACxB,WAAW;YACX,OAAO,EAAE,WAAW;gBAClB,CAAC,CAAC,+EAA+E;gBACjF,CAAC,CAAC,0HAA0H;SAC/H,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,wBAAwB;QAC5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAC/B,2CAA2C,EAC3C;YACE,MAAM,EAAE,MAAM;SACf,CACF,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC/B,MAAM,IAAI,YAAY,CACpB,aAAa,EACb,4DAA4D,MAAM,CAAC,MAAM,EAAE,CAC5E,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC5C,MAAM,IAAI,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC5C,MAAM,YAAY,GAChB,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;QAEpF,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACpC,MAAM,IAAI,YAAY,CACpB,aAAa,EACb,iFAAiF,CAClF,CAAC;QACJ,CAAC;QAED,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE;YACxB,IAAI;YACJ,mBAAmB,EAAE,YAAY;SAClC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,0BAA0B,CAC9B,SAA6B,EAC7B,UAA2D,EAAE;QAE7D,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,KAAK,CAAC;QACvD,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,SAAS,CAAC,mBAAmB,GAAG,KAAK,CAAC;QAC7E,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAExC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAqB,kBAAkB,EAAE;gBACxE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE;aAC/B,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;gBACd,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,kCAAkC,EAAE,CAAC;gBACpE,OAAO;oBACL,SAAS,EAAE,IAAI;oBACf,WAAW;oBACX,OAAO,EAAE,WAAW;wBAClB,CAAC,CAAC,4EAA4E;wBAC9E,CAAC,CAAC,uHAAuH;iBAC5H,CAAC;YACJ,CAAC;YAED,MAAM,KAAK,CAAC,cAAc,CAAC,CAAC;QAC9B,CAAC;QAED,OAAO;YACL,SAAS,EAAE,KAAK;YAChB,WAAW,EAAE,IAAI;YACjB,OAAO,EAAE,iDAAiD;SAC3D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,kCAAkC;QACtC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAA0B,iCAAiC,EAAE;YAC5F,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,yBAAyB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAChD,CAAC;IAEO,KAAK,CAAC,OAAO,CACnB,IAAY,EACZ,OAAmD;QAEnD,MAAM,OAAO,GAA2B;YACtC,MAAM,EAAE,kBAAkB;YAC1B,YAAY,EAAE,cAAc;SAC7B,CAAC;QAEF,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC/B,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;QAC/C,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;QACvC,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC;QAChC,CAAC;QAED,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE;gBAClD,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO;gBACP,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7E,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CAAC,eAAe,EAAE,wCAAwC,EAAE;gBAChF,KAAK,EAAE,KAAK;aACb,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,IAAI,GAAG,MAAM,aAAa,CAAI,QAAQ,CAAC,CAAC;QAC9C,OAAO;YACL,EAAE,EAAE,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;YAC1C,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,IAAI;SACL,CAAC;IACJ,CAAC;CACF;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAc;IACtD,OAAO,eAAe,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,eAAe,CAAC,KAAc,EAAE,IAAc;IACrD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,MAAM,GAAG,KAAgC,CAAC;QAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9C,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,MAAM,4BAA4B,GAAG,uCAAuC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE5F,IACE,4BAA4B;YAC5B,OAAO,QAAQ,KAAK,QAAQ;YAC5B,OAAO,QAAQ,KAAK,QAAQ,EAC5B,CAAC;YACD,MAAM,MAAM,GAAG,wBAAwB,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC1E,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,OAAO,MAAM,CAAC,IAAI,CAAC;YACrB,CAAC;QACH,CAAC;QAED,KAAK,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACnD,MAAM,KAAK,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC;YACtD,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,eAAe,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChE,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,aAAa,CAAI,QAAkB;IAChD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAM,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,MAAqB;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,yBAAyB,CAAC,IAA+B,EAAE,QAAgB;IAClF,OAAO,IAAI,EAAE,KAAK,EAAE,IAAI,IAAI,IAAI,EAAE,IAAI,IAAI,QAAQ,CAAC;AACrD,CAAC;AAED,SAAS,SAAS,CAAC,MAA+B,EAAE,GAAW;IAC7D,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAClD,CAAC;AAED,SAAS,SAAS,CAAC,MAA+B,EAAE,GAAW;IAC7D,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;AAClD,CAAC"}

package/dist/adapters/surfshark-config-client.d.ts

@@ -0,0 +1,6 @@
+export declare const SURFSHARK_OPENVPN_CONFIG_URL = "https://surfshark.com/api/v1/server/configurations";
+export declare class SurfsharkConfigClient {
+    private readonly url;
+    constructor(url?: string);
+    fetchOpenVpnConfigurations(): Promise<Uint8Array>;
+}

package/dist/adapters/surfshark-config-client.js

@@ -0,0 +1,29 @@
+import { SurfCliError } from '../core/errors.js';
+export const SURFSHARK_OPENVPN_CONFIG_URL = 'https://surfshark.com/api/v1/server/configurations';
+export class SurfsharkConfigClient {
+    url;
+    constructor(url = SURFSHARK_OPENVPN_CONFIG_URL) {
+        this.url = url;
+    }
+    async fetchOpenVpnConfigurations() {
+        let response;
+        try {
+            response = await fetch(this.url, {
+                headers: {
+                    Accept: 'application/zip, application/octet-stream',
+                    'User-Agent': 'surf-cli/0.1'
+                }
+            });
+        }
+        catch (error) {
+            throw new SurfCliError('NETWORK_ERROR', 'Could not download Surfshark OpenVPN configurations.', {
+                cause: error
+            });
+        }
+        if (!response.ok) {
+            throw new SurfCliError('NETWORK_ERROR', `Surfshark OpenVPN configuration download failed with status ${response.status}.`);
+        }
+        return new Uint8Array(await response.arrayBuffer());
+    }
+}
+//# sourceMappingURL=surfshark-config-client.js.map

package/dist/adapters/surfshark-config-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"surfshark-config-client.js","sourceRoot":"","sources":["../../src/adapters/surfshark-config-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAEjD,MAAM,CAAC,MAAM,4BAA4B,GAAG,oDAAoD,CAAC;AAEjG,MAAM,OAAO,qBAAqB;IACH;IAA7B,YAA6B,MAAM,4BAA4B;QAAlC,QAAG,GAAH,GAAG,CAA+B;IAAG,CAAC;IAEnE,KAAK,CAAC,0BAA0B;QAC9B,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC/B,OAAO,EAAE;oBACP,MAAM,EAAE,2CAA2C;oBACnD,YAAY,EAAE,cAAc;iBAC7B;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,YAAY,CACpB,eAAe,EACf,sDAAsD,EACtD;gBACE,KAAK,EAAE,KAAK;aACb,CACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,YAAY,CACpB,eAAe,EACf,+DAA+D,QAAQ,CAAC,MAAM,GAAG,CAClF,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,UAAU,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;IACtD,CAAC;CACF"}

package/dist/adapters/xdg-paths.d.ts

@@ -0,0 +1,14 @@
+export interface AppPaths {
+    configDir: string;
+    cacheDir: string;
+    stateDir: string;
+    runtimeDir: string;
+    openVpnConfigDir: string;
+    stateFile: string;
+    pidFile: string;
+    statusFile: string;
+    authFile: string;
+    logFile: string;
+}
+export declare function getAppPaths(): AppPaths;
+export declare function ensureAppDirectories(paths?: AppPaths): Promise<void>;

package/dist/adapters/xdg-paths.js

@@ -0,0 +1,46 @@
+import os from 'node:os';
+import path from 'node:path';
+import { mkdir } from 'node:fs/promises';
+const APP_DIR_NAME = 'surf-cli';
+function absoluteEnvPath(name, fallback) {
+    const value = process.env[name];
+    if (value && path.isAbsolute(value)) {
+        return value;
+    }
+    return fallback;
+}
+function currentUidSuffix() {
+    const getuid = process.getuid;
+    return typeof getuid === 'function' ? String(getuid()) : String(process.pid);
+}
+export function getAppPaths() {
+    const home = os.homedir();
+    const configHome = absoluteEnvPath('XDG_CONFIG_HOME', path.join(home, '.config'));
+    const cacheHome = absoluteEnvPath('XDG_CACHE_HOME', path.join(home, '.cache'));
+    const stateHome = absoluteEnvPath('XDG_STATE_HOME', path.join(home, '.local', 'state'));
+    const runtimeHome = absoluteEnvPath('XDG_RUNTIME_DIR', path.join(os.tmpdir(), `${APP_DIR_NAME}-${currentUidSuffix()}`));
+    const configDir = path.join(configHome, APP_DIR_NAME);
+    const cacheDir = path.join(cacheHome, APP_DIR_NAME);
+    const stateDir = path.join(stateHome, APP_DIR_NAME);
+    const runtimeDir = path.join(runtimeHome, APP_DIR_NAME);
+    return {
+        configDir,
+        cacheDir,
+        stateDir,
+        runtimeDir,
+        openVpnConfigDir: path.join(cacheDir, 'openvpn-configs'),
+        stateFile: path.join(stateDir, 'state.json'),
+        pidFile: path.join(runtimeDir, 'openvpn.pid'),
+        statusFile: path.join(runtimeDir, 'openvpn.status'),
+        authFile: path.join(runtimeDir, 'openvpn.auth'),
+        logFile: path.join(stateDir, 'openvpn.log')
+    };
+}
+export async function ensureAppDirectories(paths = getAppPaths()) {
+    await mkdir(paths.configDir, { recursive: true, mode: 0o700 });
+    await mkdir(paths.cacheDir, { recursive: true, mode: 0o700 });
+    await mkdir(paths.stateDir, { recursive: true, mode: 0o700 });
+    await mkdir(paths.runtimeDir, { recursive: true, mode: 0o700 });
+    await mkdir(paths.openVpnConfigDir, { recursive: true, mode: 0o700 });
+}
+//# sourceMappingURL=xdg-paths.js.map

package/dist/adapters/xdg-paths.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"xdg-paths.js","sourceRoot":"","sources":["../../src/adapters/xdg-paths.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAezC,MAAM,YAAY,GAAG,UAAU,CAAC;AAEhC,SAAS,eAAe,CAAC,IAAY,EAAE,QAAgB;IACrD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,KAAK,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACpC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,gBAAgB;IACvB,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9B,OAAO,OAAO,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,WAAW;IACzB,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1B,MAAM,UAAU,GAAG,eAAe,CAAC,iBAAiB,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;IAClF,MAAM,SAAS,GAAG,eAAe,CAAC,gBAAgB,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC/E,MAAM,SAAS,GAAG,eAAe,CAAC,gBAAgB,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IACxF,MAAM,WAAW,GAAG,eAAe,CACjC,iBAAiB,EACjB,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,EAAE,EAAE,GAAG,YAAY,IAAI,gBAAgB,EAAE,EAAE,CAAC,CAChE,CAAC;IAEF,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;IAExD,OAAO;QACL,SAAS;QACT,QAAQ;QACR,QAAQ;QACR,UAAU;QACV,gBAAgB,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,iBAAiB,CAAC;QACxD,SAAS,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC;QAC5C,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC;QAC7C,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,gBAAgB,CAAC;QACnD,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC;QAC/C,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,KAAK,GAAG,WAAW,EAAE;IAC9D,MAAM,KAAK,CAAC,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC/D,MAAM,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC9D,MAAM,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC9D,MAAM,KAAK,CAAC,KAAK,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAChE,MAAM,KAAK,CAAC,KAAK,CAAC,gBAAgB,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACxE,CAAC"}

package/dist/cli.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+import { Command } from 'commander';
+export declare function createProgram(): Command;

package/dist/cli.js

@@ -0,0 +1,81 @@
+#!/usr/bin/env node
+import { createRequire } from 'node:module';
+import { Command, CommanderError } from 'commander';
+import { isSurfCliError, toErrorMessage } from './core/errors.js';
+import { createAuthCommand } from './commands/auth.js';
+import { createServersCommand } from './commands/servers.js';
+import { createConnectCommand, createDisconnectCommand, createKillCommand, createStatusCommand } from './commands/vpn.js';
+import { createDoctorCommand } from './commands/doctor.js';
+import { VpnService } from './services/vpn-service.js';
+const require = createRequire(import.meta.url);
+const packageJson = require('../package.json');
+export function createProgram() {
+    const program = new Command();
+    program
+        .name('surf-cli')
+        .description('CLI for connecting to Surfshark with OpenVPN')
+        .version(packageJson.version)
+        .showHelpAfterError('(add --help for more information)')
+        .showSuggestionAfterError()
+        .exitOverride();
+    program.addCommand(createAuthCommand());
+    program.addCommand(createServersCommand());
+    program.addCommand(createConnectCommand());
+    program.addCommand(createDisconnectCommand());
+    program.addCommand(createKillCommand());
+    program.addCommand(createStatusCommand());
+    program.addCommand(createDoctorCommand());
+    return program;
+}
+async function main() {
+    const cleanup = installSignalHandlers();
+    try {
+        await createProgram().parseAsync(process.argv);
+    }
+    catch (error) {
+        if (error instanceof CommanderError) {
+            if (error.exitCode !== 0) {
+                process.exitCode = error.exitCode;
+            }
+            return;
+        }
+        if (isSurfCliError(error)) {
+            console.error(`${error.code}: ${toErrorMessage(error)}`);
+            process.exitCode = error.exitCode;
+            return;
+        }
+        console.error(toErrorMessage(error));
+        process.exitCode = 1;
+    }
+    finally {
+        cleanup();
+    }
+}
+function installSignalHandlers() {
+    let handling = false;
+    const handler = (signal) => {
+        if (handling)
+            return;
+        handling = true;
+        // Best-effort disconnect; don't block exit if it fails
+        const vpnService = new VpnService();
+        vpnService
+            .disconnect()
+            .catch(() => {
+            // Ignore errors during signal cleanup
+        })
+            .finally(() => {
+            // Re-raise the signal to exit with correct signal status
+            process.removeAllListeners(signal);
+            process.kill(process.pid, signal);
+        });
+    };
+    process.on('SIGINT', handler);
+    process.on('SIGTERM', handler);
+    return () => {
+        process.off('SIGINT', handler);
+        process.off('SIGTERM', handler);
+    };
+}
+await main();
+//# sourceMappingURL=cli.js.map

package/dist/cli.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClE,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EACL,oBAAoB,EACpB,uBAAuB,EACvB,iBAAiB,EACjB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAEvD,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,WAAW,GAAG,OAAO,CAAC,iBAAiB,CAAwB,CAAC;AAEtE,MAAM,UAAU,aAAa;IAC3B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;IAC9B,OAAO;SACJ,IAAI,CAAC,UAAU,CAAC;SAChB,WAAW,CAAC,8CAA8C,CAAC;SAC3D,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC;SAC5B,kBAAkB,CAAC,mCAAmC,CAAC;SACvD,wBAAwB,EAAE;SAC1B,YAAY,EAAE,CAAC;IAElB,OAAO,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,UAAU,CAAC,oBAAoB,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,UAAU,CAAC,oBAAoB,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,UAAU,CAAC,uBAAuB,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,UAAU,CAAC,mBAAmB,EAAE,CAAC,CAAC;IAC1C,OAAO,CAAC,UAAU,CAAC,mBAAmB,EAAE,CAAC,CAAC;IAE1C,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,qBAAqB,EAAE,CAAC;IACxC,IAAI,CAAC;QACH,MAAM,aAAa,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,cAAc,EAAE,CAAC;YACpC,IAAI,KAAK,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBACzB,OAAO,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;YACpC,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,cAAc,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YACzD,OAAO,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;YAClC,OAAO;QACT,CAAC;QAED,OAAO,CAAC,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC;QACrC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;IACvB,CAAC;YAAS,CAAC;QACT,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB;IAC5B,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,MAAM,OAAO,GAAG,CAAC,MAAsB,EAAE,EAAE;QACzC,IAAI,QAAQ;YAAE,OAAO;QACrB,QAAQ,GAAG,IAAI,CAAC;QAEhB,uDAAuD;QACvD,MAAM,UAAU,GAAG,IAAI,UAAU,EAAE,CAAC;QACpC,UAAU;aACP,UAAU,EAAE;aACZ,KAAK,CAAC,GAAG,EAAE;YACV,sCAAsC;QACxC,CAAC,CAAC;aACD,OAAO,CAAC,GAAG,EAAE;YACZ,yDAAyD;YACzD,OAAO,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC;YACnC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;IAEF,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9B,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAE/B,OAAO,GAAG,EAAE;QACV,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC/B,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAClC,CAAC,CAAC;AACJ,CAAC;AAED,MAAM,IAAI,EAAE,CAAC"}

package/dist/commands/auth.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+import { AuthService } from '../services/auth-service.js';
+export declare function createAuthCommand(authService?: AuthService): Command;

package/dist/commands/auth.js

@@ -0,0 +1,118 @@
+import { Command } from 'commander';
+import { input, password as passwordPrompt, select } from '@inquirer/prompts';
+import { AuthService } from '../services/auth-service.js';
+import { SurfCliError } from '../core/errors.js';
+import { promptForManualCredentials } from './prompt.js';
+export function createAuthCommand(authService = new AuthService()) {
+    const auth = new Command('auth').description('Manage Surfshark OpenVPN service credentials');
+    auth
+        .command('login')
+        .description('Log in or store Surfshark OpenVPN service credentials')
+        .option('--manual', 'enter OpenVPN service credentials manually')
+        .option('--email', 'try experimental Surfshark account email/password login first')
+        .option('--code', 'try experimental Surfshark app code login first')
+        .action(async (options) => {
+        const mode = await resolveLoginMode(options);
+        if (mode === 'manual') {
+            await saveManual(authService);
+            return;
+        }
+        if (mode === 'email') {
+            await loginWithEmail(authService);
+            return;
+        }
+        await loginWithCode(authService);
+    });
+    auth
+        .command('status')
+        .description('Show credential store status')
+        .option('--json', 'print machine-readable JSON')
+        .action(async (options) => {
+        const storeStatus = await authService.credentialStoreStatus();
+        const hasCredentials = !!(await authService.getCredentials().catch(() => null));
+        const payload = { hasCredentials, credentialStore: storeStatus };
+        if (options.json) {
+            console.log(JSON.stringify(payload, null, 2));
+            return;
+        }
+        console.log(`Credential store: ${storeStatus.backend} (${storeStatus.available ? 'available' : 'unavailable'})`);
+        console.log(`OpenVPN credentials: ${hasCredentials ? 'configured' : 'not configured'}`);
+        if (storeStatus.message) {
+            console.error(storeStatus.message);
+        }
+    });
+    auth
+        .command('logout')
+        .description('Delete stored Surfshark OpenVPN service credentials')
+        .action(async () => {
+        await authService.clearCredentials();
+        console.log('Stored Surfshark OpenVPN service credentials were deleted.');
+    });
+    return auth;
+}
+async function resolveLoginMode(options) {
+    const selected = [options.manual, options.email, options.code].filter(Boolean).length;
+    if (selected > 1) {
+        throw new SurfCliError('INVALID_USAGE', 'Choose only one login mode: --manual, --email, or --code.');
+    }
+    if (options.manual)
+        return 'manual';
+    if (options.email)
+        return 'email';
+    if (options.code)
+        return 'code';
+    if (!process.stdin.isTTY || !process.stdout.isTTY) {
+        return 'manual';
+    }
+    return select({
+        message: 'How would you like to configure Surfshark credentials?',
+        choices: [
+            {
+                name: 'Manual OpenVPN service credentials (recommended)',
+                value: 'manual'
+            },
+            {
+                name: 'Experimental account email/password login, then manual fallback',
+                value: 'email'
+            },
+            {
+                name: 'Experimental app code login, then manual fallback',
+                value: 'code'
+            }
+        ]
+    });
+}
+async function saveManual(authService) {
+    const credentials = await promptForManualCredentials();
+    await authService.saveManualCredentials(credentials);
+    console.log('Surfshark OpenVPN service credentials were stored in the OS keyring.');
+}
+async function loginWithEmail(authService) {
+    if (!process.stdin.isTTY || !process.stdout.isTTY) {
+        throw new SurfCliError('INVALID_USAGE', 'Email login requires an interactive terminal.');
+    }
+    const email = await input({ message: 'Surfshark account email' });
+    const password = await passwordPrompt({ message: 'Surfshark account password', mask: '*' });
+    const outcome = await authService.loginWithEmail(email, password);
+    console.error(outcome.message);
+    if (outcome.credentials) {
+        console.log('Surfshark OpenVPN service credentials were stored in the OS keyring.');
+        return;
+    }
+    console.error('Falling back to manual OpenVPN service credential entry.');
+    await saveManual(authService);
+}
+async function loginWithCode(authService) {
+    const challenge = await authService.createLoginCodeChallenge();
+    console.log(`Surfshark login code: ${challenge.code}`);
+    console.error('Open a logged-in Surfshark app and enter this code from Settings > My account > Enter login code.');
+    const outcome = await authService.waitForLoginCodeActivation(challenge);
+    console.error(outcome.message);
+    if (outcome.credentials) {
+        console.log('Surfshark OpenVPN service credentials were stored in the OS keyring.');
+        return;
+    }
+    console.error('Falling back to manual OpenVPN service credential entry.');
+    await saveManual(authService);
+}
+//# sourceMappingURL=auth.js.map

package/dist/commands/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/commands/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,KAAK,EAAE,QAAQ,IAAI,cAAc,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AACjD,OAAO,EAAE,0BAA0B,EAAE,MAAM,aAAa,CAAC;AAUzD,MAAM,UAAU,iBAAiB,CAAC,WAAW,GAAG,IAAI,WAAW,EAAE;IAC/D,MAAM,IAAI,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC,WAAW,CAAC,8CAA8C,CAAC,CAAC;IAE7F,IAAI;SACD,OAAO,CAAC,OAAO,CAAC;SAChB,WAAW,CAAC,uDAAuD,CAAC;SACpE,MAAM,CAAC,UAAU,EAAE,4CAA4C,CAAC;SAChE,MAAM,CAAC,SAAS,EAAE,+DAA+D,CAAC;SAClF,MAAM,CAAC,QAAQ,EAAE,iDAAiD,CAAC;SACnE,MAAM,CAAC,KAAK,EAAE,OAAqB,EAAE,EAAE;QACtC,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,MAAM,UAAU,CAAC,WAAW,CAAC,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,IAAI,IAAI,KAAK,OAAO,EAAE,CAAC;YACrB,MAAM,cAAc,CAAC,WAAW,CAAC,CAAC;YAClC,OAAO;QACT,CAAC;QAED,MAAM,aAAa,CAAC,WAAW,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEL,IAAI;SACD,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,8BAA8B,CAAC;SAC3C,MAAM,CAAC,QAAQ,EAAE,6BAA6B,CAAC;SAC/C,MAAM,CAAC,KAAK,EAAE,OAA2B,EAAE,EAAE;QAC5C,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,qBAAqB,EAAE,CAAC;QAC9D,MAAM,cAAc,GAAG,CAAC,CAAC,CAAC,MAAM,WAAW,CAAC,cAAc,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAChF,MAAM,OAAO,GAAG,EAAE,cAAc,EAAE,eAAe,EAAE,WAAW,EAAE,CAAC;QACjE,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,OAAO,CAAC,GAAG,CACT,qBAAqB,WAAW,CAAC,OAAO,KAAK,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,GAAG,CACpG,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,wBAAwB,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,gBAAgB,EAAE,CAAC,CAAC;QACxF,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,IAAI;SACD,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,qDAAqD,CAAC;SAClE,MAAM,CAAC,KAAK,IAAI,EAAE;QACjB,MAAM,WAAW,CAAC,gBAAgB,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,4DAA4D,CAAC,CAAC;IAC5E,CAAC,CAAC,CAAC;IAEL,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,OAAqB;IACnD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IACtF,IAAI,QAAQ,GAAG,CAAC,EAAE,CAAC;QACjB,MAAM,IAAI,YAAY,CACpB,eAAe,EACf,2DAA2D,CAC5D,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,MAAM;QAAE,OAAO,QAAQ,CAAC;IACpC,IAAI,OAAO,CAAC,KAAK;QAAE,OAAO,OAAO,CAAC;IAClC,IAAI,OAAO,CAAC,IAAI;QAAE,OAAO,MAAM,CAAC;IAEhC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO,MAAM,CAAY;QACvB,OAAO,EAAE,wDAAwD;QACjE,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,kDAAkD;gBACxD,KAAK,EAAE,QAAQ;aAChB;YACD;gBACE,IAAI,EAAE,iEAAiE;gBACvE,KAAK,EAAE,OAAO;aACf;YACD;gBACE,IAAI,EAAE,mDAAmD;gBACzD,KAAK,EAAE,MAAM;aACd;SACF;KACF,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,WAAwB;IAChD,MAAM,WAAW,GAAG,MAAM,0BAA0B,EAAE,CAAC;IACvD,MAAM,WAAW,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,sEAAsE,CAAC,CAAC;AACtF,CAAC;AAED,KAAK,UAAU,cAAc,CAAC,WAAwB;IACpD,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClD,MAAM,IAAI,YAAY,CAAC,eAAe,EAAE,+CAA+C,CAAC,CAAC;IAC3F,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC,CAAC;IAClE,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,EAAE,OAAO,EAAE,4BAA4B,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;IAC5F,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,cAAc,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;IAClE,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE/B,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,sEAAsE,CAAC,CAAC;QACpF,OAAO;IACT,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC1E,MAAM,UAAU,CAAC,WAAW,CAAC,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,WAAwB;IACnD,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC;IAC/D,OAAO,CAAC,GAAG,CAAC,yBAAyB,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC;IACvD,OAAO,CAAC,KAAK,CACX,mGAAmG,CACpG,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,0BAA0B,CAAC,SAAS,CAAC,CAAC;IACxE,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAE/B,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,sEAAsE,CAAC,CAAC;QACpF,OAAO;IACT,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC1E,MAAM,UAAU,CAAC,WAAW,CAAC,CAAC;AAChC,CAAC"}

package/dist/commands/doctor.d.ts

@@ -0,0 +1,3 @@
+import { Command } from 'commander';
+import { DoctorService } from '../services/doctor-service.js';
+export declare function createDoctorCommand(doctorService?: DoctorService): Command;

package/dist/commands/doctor.js

@@ -0,0 +1,21 @@
+import { Command } from 'commander';
+import { DoctorService } from '../services/doctor-service.js';
+export function createDoctorCommand(doctorService = new DoctorService()) {
+    return new Command('doctor')
+        .description('Check local prerequisites for surf-cli')
+        .option('--json', 'print machine-readable JSON')
+        .action(async (options) => {
+        const checks = await doctorService.run();
+        if (options.json) {
+            console.log(JSON.stringify(checks, null, 2));
+            return;
+        }
+        for (const check of checks) {
+            console.log(`${check.ok ? '✓' : '✗'} ${check.name}: ${check.message}`);
+        }
+        if (checks.some((check) => !check.ok)) {
+            process.exitCode = 3;
+        }
+    });
+}
+//# sourceMappingURL=doctor.js.map

package/dist/commands/doctor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"doctor.js","sourceRoot":"","sources":["../../src/commands/doctor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAE9D,MAAM,UAAU,mBAAmB,CAAC,aAAa,GAAG,IAAI,aAAa,EAAE;IACrE,OAAO,IAAI,OAAO,CAAC,QAAQ,CAAC;SACzB,WAAW,CAAC,wCAAwC,CAAC;SACrD,MAAM,CAAC,QAAQ,EAAE,6BAA6B,CAAC;SAC/C,MAAM,CAAC,KAAK,EAAE,OAA2B,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,GAAG,EAAE,CAAC;QACzC,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;YACtC,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;QACvB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/commands/prompt.d.ts

@@ -0,0 +1,4 @@
+import type { OpenVpnCredentials, ServerProfile } from '../core/types.js';
+export declare function assertInteractive(message: string): void;
+export declare function promptForManualCredentials(): Promise<OpenVpnCredentials>;
+export declare function promptForServer(profiles: ServerProfile[]): Promise<ServerProfile>;

package/dist/commands/prompt.js

@@ -0,0 +1,35 @@
+import { input, password as passwordPrompt, search } from '@inquirer/prompts';
+import { SurfCliError } from '../core/errors.js';
+export function assertInteractive(message) {
+    if (!process.stdin.isTTY || !process.stdout.isTTY) {
+        throw new SurfCliError('INVALID_USAGE', message);
+    }
+}
+export async function promptForManualCredentials() {
+    assertInteractive('Manual credential entry requires an interactive terminal.');
+    const username = await input({ message: 'Surfshark OpenVPN service username' });
+    const password = await passwordPrompt({
+        message: 'Surfshark OpenVPN service password',
+        mask: '*'
+    });
+    return { username, password };
+}
+export async function promptForServer(profiles) {
+    assertInteractive('Server selection requires an interactive terminal. Pass a server name explicitly.');
+    const allChoices = profiles.map((profile) => ({
+        name: `${profile.locationCode} (${profile.protocol.toUpperCase()})`,
+        value: profile
+    }));
+    return search({
+        message: 'Search Surfshark server',
+        source: (term) => {
+            if (!term)
+                return allChoices;
+            const query = term.toLowerCase();
+            return allChoices.filter((choice) => choice.name.toLowerCase().includes(query) ||
+                choice.value.id.toLowerCase().includes(query) ||
+                choice.value.host.toLowerCase().includes(query));
+        }
+    });
+}
+//# sourceMappingURL=prompt.js.map