@ait-co/console-cli 0.1.20 → 0.1.21

package/dist/cli.mjs

@@ -340,6 +340,33 @@ async function fetchCerts(workspaceId, miniAppId, cookies, opts = {}) {
 		return c;
 	});
 }
+async function issueCert(workspaceId, miniAppId, name, cookies, opts = {}) {
+	const raw = await requestConsoleApi({
+		url: `${BASE$4}/workspaces/${workspaceId}/mini-app/${miniAppId}/cert/issue`,
+		method: "POST",
+		body: { name },
+		cookies,
+		...opts.fetchImpl ? { fetchImpl: opts.fetchImpl } : {}
+	});
+	if (raw === null || typeof raw !== "object") throw new Error(`Unexpected issue-cert shape for app=${miniAppId}: not an object`);
+	const rec = raw;
+	const privateKey = typeof rec.privateKey === "string" ? rec.privateKey : null;
+	const publicKey = typeof rec.publicKey === "string" ? rec.publicKey : null;
+	if (privateKey === null || publicKey === null) throw new Error(`Unexpected issue-cert shape for app=${miniAppId}: missing privateKey/publicKey`);
+	return {
+		privateKey,
+		publicKey
+	};
+}
+async function revokeCert(workspaceId, miniAppId, certId, cookies, opts = {}) {
+	await requestConsoleApi({
+		url: `${BASE$4}/workspaces/${workspaceId}/mini-app/${miniAppId}/certs/${encodeURIComponent(certId)}/disable`,
+		method: "POST",
+		body: {},
+		cookies,
+		...opts.fetchImpl ? { fetchImpl: opts.fetchImpl } : {}
+	});
+}
 async function fetchShareRewards(params, cookies, opts = {}) {
 	const qs = new URLSearchParams();
 	qs.set("search", params.search ?? "");
@@ -1579,7 +1606,26 @@ const EMAIL_REGEX = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))
 function isValidEmail(v) {
 	return EMAIL_REGEX.test(v.toLowerCase());
 }
-const TITLE_EN_REGEX = /^[A-Za-z0-9 :]+$/;
+const TITLE_KO_REGEX = /^[가-힣A-Za-z0-9 :·?]+$/;
+const TITLE_EN_REGEX = /^[A-Za-z0-9 :·?]+$/;
+const TITLE_KO_MAX_CODEPOINTS_NO_SPACE = 10;
+const TITLE_EN_MAX_CODEPOINTS_NO_SPACE = 15;
+function codePointsExcludingSpaces(v) {
+	return [...v].filter((ch) => ch !== " ").length;
+}
+function isTitleCaseWord(word) {
+	const chars = [...word];
+	const firstLetterIdx = chars.findIndex((ch) => /[A-Za-z]/.test(ch));
+	if (firstLetterIdx === -1) return true;
+	for (let i = 0; i < chars.length; i++) {
+		const ch = chars[i];
+		if (ch === void 0 || !/[A-Za-z]/.test(ch)) continue;
+		const expectUpper = i === firstLetterIdx;
+		if (expectUpper && ch !== ch.toUpperCase()) return false;
+		if (!expectUpper && ch !== ch.toLowerCase()) return false;
+	}
+	return true;
+}
 const DETAIL_DESCRIPTION_MAX_CODEPOINTS = 500;
 function isValidHttpUrl(v) {
 	try {
@@ -1591,8 +1637,17 @@ function isValidHttpUrl(v) {
 }
 function validateManifest(raw, configDir) {
 	const titleKo = requireString(raw, "titleKo");
+	if (!TITLE_KO_REGEX.test(titleKo)) throw new ManifestError("invalid-config", `titleKo may only contain Korean/English letters, digits, spaces, and ":·?" (got "${titleKo}"; server-side rule, errorCode: miniApp.InvalidTitle)`, "titleKo");
+	const titleKoLen = codePointsExcludingSpaces(titleKo);
+	if (titleKoLen > TITLE_KO_MAX_CODEPOINTS_NO_SPACE) throw new ManifestError("invalid-config", `titleKo must be ${TITLE_KO_MAX_CODEPOINTS_NO_SPACE} characters or fewer excluding spaces (got ${titleKoLen}; server-side rule, errorCode: miniApp.InvalidTitle)`, "titleKo");
 	const titleEn = requireString(raw, "titleEn");
-	if (!TITLE_EN_REGEX.test(titleEn)) throw new ManifestError("invalid-config", `titleEn may only contain English letters, digits, spaces, and colons (got "${titleEn}")`, "titleEn");
+	if (!TITLE_EN_REGEX.test(titleEn)) throw new ManifestError("invalid-config", `titleEn may only contain English letters, digits, spaces, and ":·?" (got "${titleEn}"; server-side rule, errorCode: miniApp.InvalidTitleEn)`, "titleEn");
+	const titleEnLen = codePointsExcludingSpaces(titleEn);
+	if (titleEnLen > TITLE_EN_MAX_CODEPOINTS_NO_SPACE) throw new ManifestError("invalid-config", `titleEn must be ${TITLE_EN_MAX_CODEPOINTS_NO_SPACE} characters or fewer excluding spaces (got ${titleEnLen}; server-side rule, errorCode: miniApp.InvalidTitleEn)`, "titleEn");
+	for (const word of titleEn.split(" ")) {
+		if (word.length === 0) continue;
+		if (!isTitleCaseWord(word)) throw new ManifestError("invalid-config", `titleEn word "${word}" must be title-case (first letter uppercase, rest lowercase); server-side rule, errorCode: miniApp.InvalidTitleEn`, "titleEn");
+	}
 	const appName = requireString(raw, "appName");
 	const csEmail = requireString(raw, "csEmail");
 	if (!isValidEmail(csEmail)) throw new ManifestError("invalid-config", `csEmail is not a valid email address (got ${csEmail})`, "csEmail");
@@ -1927,14 +1982,22 @@ function emitDryRun(json, workspaceId, payload) {
 		process.stdout.write(`${JSON.stringify(payload, null, 2)}\n`);
 	}
 }
+function consoleUrlFor(workspaceId, appId) {
+	return `https://apps-in-toss.toss.im/console/workspace/${workspaceId}/mini-app/${appId}`;
+}
 function emitSuccess(json, workspaceId, result) {
+	const consoleUrl = result.miniAppId !== void 0 ? consoleUrlFor(workspaceId, result.miniAppId) : null;
 	if (json) emitJson({
 		ok: true,
 		workspaceId,
 		appId: result.miniAppId ?? null,
-		reviewState: result.reviewState ?? null
+		reviewState: result.reviewState ?? null,
+		consoleUrl
 	});
-	else process.stdout.write(`Registered mini-app ${result.miniAppId ?? "(id unknown)"} in workspace ${workspaceId} (reviewState=${result.reviewState ?? "unknown"}).\n`);
+	else {
+		process.stdout.write(`Registered mini-app ${result.miniAppId ?? "(id unknown)"} in workspace ${workspaceId} (reviewState=${result.reviewState ?? "unknown"}).\n`);
+		if (consoleUrl !== null) process.stdout.write(`🔗 console: ${consoleUrl}\n`);
+	}
 }
 async function emitFailureAndExit(json, err) {
 	return emitFailureFromError(json, err);
@@ -3175,75 +3238,257 @@ const bundlesCommand = defineCommand({
 		})
 	}
 });
+const certsLsCommand = defineCommand({
+	meta: {
+		name: "ls",
+		description: "List mTLS certificates issued for a mini-app."
+	},
+	args: {
+		id: {
+			type: "positional",
+			description: "Mini-app ID.",
+			required: true
+		},
+		workspace: {
+			type: "string",
+			description: "Workspace ID. Defaults to the selected workspace."
+		},
+		json: {
+			type: "boolean",
+			description: "Emit machine-readable JSON.",
+			default: false
+		}
+	},
+	async run({ args }) {
+		const appId = parseAppId(args.id);
+		if (appId === null) {
+			if (args.json) emitJson({
+				ok: false,
+				reason: "invalid-id",
+				message: `app id must be a positive integer (got ${JSON.stringify(args.id)})`
+			});
+			else process.stderr.write(`app certs ls: invalid id ${JSON.stringify(args.id)}\n`);
+			return exitAfterFlush(ExitCode.Usage);
+		}
+		const ctx = await resolveWorkspaceContext(args);
+		if (!ctx) return;
+		const { session, workspaceId } = ctx;
+		try {
+			const certs = await fetchCerts(workspaceId, appId, session.cookies);
+			if (args.json) {
+				emitJson({
+					ok: true,
+					workspaceId,
+					appId,
+					certs
+				});
+				return exitAfterFlush(ExitCode.Ok);
+			}
+			if (certs.length === 0) {
+				process.stdout.write(`App ${appId} (ws ${workspaceId}): no mTLS certs\n`);
+				return exitAfterFlush(ExitCode.Ok);
+			}
+			process.stdout.write(`App ${appId} (ws ${workspaceId}): ${certs.length} cert(s)\n`);
+			for (const c of certs) {
+				const id = typeof c.id === "string" || typeof c.id === "number" ? c.id : typeof c.certId === "string" || typeof c.certId === "number" ? c.certId : "-";
+				const cn = typeof c.commonName === "string" ? c.commonName : "-";
+				const createdAt = typeof c.createdAt === "string" ? c.createdAt : "";
+				const expiresAt = typeof c.expiresAt === "string" ? c.expiresAt : typeof c.validUntil === "string" ? c.validUntil : "";
+				process.stdout.write(`${id}\t${cn}\t${createdAt}\t${expiresAt}\n`);
+			}
+			return exitAfterFlush(ExitCode.Ok);
+		} catch (err) {
+			return emitFailureFromError(args.json, err);
+		}
+	}
+});
+const CERT_NAME_RE = /^[A-Za-z0-9_-]+$/;
+function parseCertName(raw) {
+	if (typeof raw !== "string" || raw.length === 0) return { error: "--name is required (cert display name)" };
+	if (!CERT_NAME_RE.test(raw)) return { error: "--name must contain only ASCII letters, digits, `-`, or `_` (no spaces, no Korean, no special chars)" };
+	return { value: raw };
+}
 const certsCommand = defineCommand({
 	meta: {
 		name: "certs",
 		description: "Inspect mTLS certificates for a mini-app."
 	},
-	subCommands: { ls: defineCommand({
-		meta: {
-			name: "ls",
-			description: "List mTLS certificates issued for a mini-app."
-		},
-		args: {
-			id: {
-				type: "positional",
-				description: "Mini-app ID.",
-				required: true
+	subCommands: {
+		ls: certsLsCommand,
+		issue: defineCommand({
+			meta: {
+				name: "issue",
+				description: "Issue a new mTLS certificate for a mini-app."
 			},
-			workspace: {
-				type: "string",
-				description: "Workspace ID. Defaults to the selected workspace."
+			args: {
+				id: {
+					type: "positional",
+					description: "Mini-app ID.",
+					required: true
+				},
+				workspace: {
+					type: "string",
+					description: "Workspace ID. Defaults to the selected workspace."
+				},
+				name: {
+					type: "string",
+					description: "Cert display name. ASCII letters/digits/`-`/`_` only."
+				},
+				out: {
+					type: "string",
+					description: "Directory to write `<name>.crt` and `<name>.key` (mode 0600)."
+				},
+				"print-key": {
+					type: "boolean",
+					description: "Include the private key in the response (default: cert only).",
+					default: false
+				},
+				json: {
+					type: "boolean",
+					description: "Emit machine-readable JSON.",
+					default: false
+				}
 			},
-			json: {
-				type: "boolean",
-				description: "Emit machine-readable JSON.",
-				default: false
-			}
-		},
-		async run({ args }) {
-			const appId = parseAppId(args.id);
-			if (appId === null) {
-				if (args.json) emitJson({
-					ok: false,
-					reason: "invalid-id",
-					message: `app id must be a positive integer (got ${JSON.stringify(args.id)})`
-				});
-				else process.stderr.write(`app certs ls: invalid id ${JSON.stringify(args.id)}\n`);
-				return exitAfterFlush(ExitCode.Usage);
-			}
-			const ctx = await resolveWorkspaceContext(args);
-			if (!ctx) return;
-			const { session, workspaceId } = ctx;
-			try {
-				const certs = await fetchCerts(workspaceId, appId, session.cookies);
-				if (args.json) {
-					emitJson({
-						ok: true,
-						workspaceId,
-						appId,
-						certs
+			async run({ args }) {
+				const appId = parseAppId(args.id);
+				if (appId === null) {
+					if (args.json) emitJson({
+						ok: false,
+						reason: "invalid-id",
+						message: `app id must be a positive integer (got ${JSON.stringify(args.id)})`
 					});
-					return exitAfterFlush(ExitCode.Ok);
+					else process.stderr.write(`app certs issue: invalid id ${JSON.stringify(args.id)}\n`);
+					return exitAfterFlush(ExitCode.Usage);
+				}
+				const nameResult = parseCertName(args.name);
+				if ("error" in nameResult) {
+					if (args.json) emitJson({
+						ok: false,
+						reason: "invalid-name",
+						message: nameResult.error
+					});
+					else process.stderr.write(`app certs issue: ${nameResult.error}\n`);
+					return exitAfterFlush(ExitCode.Usage);
 				}
-				if (certs.length === 0) {
-					process.stdout.write(`App ${appId} (ws ${workspaceId}): no mTLS certs\n`);
+				const name = nameResult.value;
+				const ctx = await resolveWorkspaceContext(args);
+				if (!ctx) return;
+				const { session, workspaceId } = ctx;
+				try {
+					const result = await issueCert(workspaceId, appId, name, session.cookies);
+					let savedTo;
+					if (typeof args.out === "string" && args.out.length > 0) {
+						const dir = resolve(args.out);
+						try {
+							await mkdir(dir, { recursive: true });
+						} catch (err) {
+							const message = err instanceof Error ? err.message : String(err);
+							if (args.json) emitJson({
+								ok: false,
+								reason: "invalid-out-dir",
+								message: `--out: cannot create ${JSON.stringify(args.out)}: ${message}`
+							});
+							else process.stderr.write(`app certs issue: cannot create --out directory ${JSON.stringify(args.out)}: ${message}\n`);
+							return exitAfterFlush(ExitCode.Usage);
+						}
+						const certPath = resolve(dir, `${name}.crt`);
+						const keyPath = resolve(dir, `${name}.key`);
+						await writeFile(certPath, result.publicKey, { mode: 384 });
+						await writeFile(keyPath, result.privateKey, { mode: 384 });
+						savedTo = {
+							publicKey: certPath,
+							privateKey: keyPath
+						};
+					}
+					if (args.json) {
+						const includeKey = args["print-key"] === true || savedTo === void 0;
+						emitJson({
+							ok: true,
+							workspaceId,
+							appId,
+							name,
+							publicKey: result.publicKey,
+							...includeKey ? { privateKey: result.privateKey } : {},
+							...savedTo ? { savedTo } : {}
+						});
+						return exitAfterFlush(ExitCode.Ok);
+					}
+					if (savedTo) process.stdout.write(`App ${appId} (ws ${workspaceId}): issued cert "${name}"\n  cert: ${savedTo.publicKey}\n  key:  ${savedTo.privateKey}\n`);
+					else process.stdout.write(`App ${appId} (ws ${workspaceId}): issued cert "${name}"\n${result.publicKey}` + (result.publicKey.endsWith("\n") ? "" : "\n") + "Private key not shown. Re-run with --out <dir> or --json --print-key to capture it.\n");
 					return exitAfterFlush(ExitCode.Ok);
+				} catch (err) {
+					return emitFailureFromError(args.json, err);
+				}
+			}
+		}),
+		revoke: defineCommand({
+			meta: {
+				name: "revoke",
+				description: "Revoke (disable) an mTLS certificate."
+			},
+			args: {
+				certId: {
+					type: "positional",
+					description: "Cert ID (from `app certs ls`).",
+					required: true
+				},
+				app: {
+					type: "string",
+					description: "Mini-app ID the cert belongs to."
+				},
+				workspace: {
+					type: "string",
+					description: "Workspace ID. Defaults to the selected workspace."
+				},
+				json: {
+					type: "boolean",
+					description: "Emit machine-readable JSON.",
+					default: false
 				}
-				process.stdout.write(`App ${appId} (ws ${workspaceId}): ${certs.length} cert(s)\n`);
-				for (const c of certs) {
-					const id = typeof c.id === "string" || typeof c.id === "number" ? c.id : typeof c.certId === "string" || typeof c.certId === "number" ? c.certId : "-";
-					const cn = typeof c.commonName === "string" ? c.commonName : "-";
-					const createdAt = typeof c.createdAt === "string" ? c.createdAt : "";
-					const expiresAt = typeof c.expiresAt === "string" ? c.expiresAt : typeof c.validUntil === "string" ? c.validUntil : "";
-					process.stdout.write(`${id}\t${cn}\t${createdAt}\t${expiresAt}\n`);
+			},
+			async run({ args }) {
+				const certId = typeof args.certId === "string" ? args.certId.trim() : "";
+				if (certId.length === 0) {
+					if (args.json) emitJson({
+						ok: false,
+						reason: "missing-cert-id",
+						message: "certId positional is required"
+					});
+					else process.stderr.write("app certs revoke: certId is required\n");
+					return exitAfterFlush(ExitCode.Usage);
+				}
+				const appId = parseAppId(args.app);
+				if (appId === null) {
+					if (args.json) emitJson({
+						ok: false,
+						reason: "invalid-id",
+						message: `--app must be a positive integer (got ${JSON.stringify(args.app)})`
+					});
+					else process.stderr.write(`app certs revoke: invalid --app ${JSON.stringify(args.app)}\n`);
+					return exitAfterFlush(ExitCode.Usage);
+				}
+				const ctx = await resolveWorkspaceContext(args);
+				if (!ctx) return;
+				const { session, workspaceId } = ctx;
+				try {
+					await revokeCert(workspaceId, appId, certId, session.cookies);
+					if (args.json) {
+						emitJson({
+							ok: true,
+							workspaceId,
+							appId,
+							certId
+						});
+						return exitAfterFlush(ExitCode.Ok);
+					}
+					process.stdout.write(`App ${appId} (ws ${workspaceId}): revoked cert ${certId}\n`);
+					return exitAfterFlush(ExitCode.Ok);
+				} catch (err) {
+					return emitFailureFromError(args.json, err);
 				}
-				return exitAfterFlush(ExitCode.Ok);
-			} catch (err) {
-				return emitFailureFromError(args.json, err);
 			}
-		}
-	}) }
+		})
+	}
 });
 const VALID_TIME_UNITS = [
 	"DAY",
@@ -5561,7 +5806,7 @@ function resolveVersion() {
 		if (typeof injected === "string" && injected.length > 0) return injected;
 	} catch {}
 	try {
-		return "0.1.20";
+		return "0.1.21";
 	} catch {}
 	return "0.0.0-dev";
 }