@alchemy/cli 0.5.1 → 0.6.0

package/dist/{chunk-LYUW7O6X.js → chunk-UMKDYHMO.js}

@@ -2,25 +2,39 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   AUTH_PORT,
-  getLoginUrl,
-  performBrowserLogin,
-  revokeToken
-} from "./chunk-IGD4NIK7.js";
+  exchangeCodeForToken,
+  openBrowser,
+  prepareBrowserLogin,
+  revokeToken,
+  waitForCallback
+} from "./chunk-FFMNT74F.js";
+import {
+  isInteractiveAllowed
+} from "./chunk-KDMIWPZH.js";
 import {
   AdminClient,
+  resolveAuthToken
+} from "./chunk-ATX65U7J.js";
+import {
+  deleteCredentials,
+  getCredentials,
+  getStorageBackend,
+  saveCredentials
+} from "./chunk-JQRGILIS.js";
+import {
   bold,
   brand,
-  configPath,
   dim,
   green,
-  isInteractiveAllowed,
+  promptAutocomplete,
+  promptText,
+  withSpinner
+} from "./chunk-NBDWF4ZQ.js";
+import {
   load,
   maskIf,
-  promptSelect,
-  resolveAuthToken,
-  save,
-  withSpinner
-} from "./chunk-T2XSNZE3.js";
+  save
+} from "./chunk-BAAQ7ELR.js";
 import {
   CLIError,
   ErrorCode,
@@ -32,11 +46,12 @@ import {
 
 // src/commands/auth.ts
 function registerAuth(program) {
-  const cmd = program.command("auth").description("Authenticate with your Alchemy account");
-  cmd.command("login", { isDefault: true }).description("Log in via browser").option("--force", "Force re-authentication even if a valid token exists").action(async (opts) => {
+  const cmd = program.command("auth").description("Authenticate with your Alchemy account").option("-y, --yes", "Skip confirmation prompt and open browser immediately");
+  cmd.command("login", { isDefault: true }).description("Log in via browser").option("--force", "Force re-authentication even if a valid token exists").option("-y, --yes", "Skip confirmation prompt and open browser immediately").action(async (opts) => {
+    const yes = opts.yes || cmd.opts().yes;
     try {
       if (!opts.force) {
-        const existing = resolveAuthToken();
+        const existing = await resolveAuthToken();
         if (existing) {
           printHuman(
             `  ${green("\u2713")} Already authenticated
@@ -49,39 +64,89 @@ function registerAuth(program) {
         }
       }
       if (opts.force) {
-        const cfg2 = load();
-        if (cfg2.auth_token) {
-          await revokeToken(cfg2.auth_token);
-          save({ ...cfg2, auth_token: void 0, auth_token_expires_at: void 0 });
+        const existingCreds = await getCredentials();
+        const tokenToRevoke = existingCreds?.auth_token;
+        if (!tokenToRevoke) {
+          const cfg2 = load();
+          if (cfg2.auth_token) {
+            await revokeToken(cfg2.auth_token);
+            save({ ...cfg2, auth_token: void 0, auth_token_expires_at: void 0 });
+          }
+        } else {
+          await revokeToken(tokenToRevoke);
         }
+        await deleteCredentials();
       }
+      const prepared = prepareBrowserLogin();
+      const callbackPromise = waitForCallback(AUTH_PORT);
       if (!isJSONMode()) {
         console.log("");
         console.log(`  ${brand("\u25C6")} ${bold("Alchemy Authentication")}`);
         console.log(`  ${dim("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500")}`);
         console.log("");
-        console.log(`  Opening browser to log in...`);
-        console.log(`  ${dim(getLoginUrl(AUTH_PORT))}`);
+        console.log(`  ${dim(prepared.authorizeUrl)}`);
         console.log("");
-        console.log(`  ${dim("Waiting for authentication...")}`);
       }
-      const result = await performBrowserLogin();
-      const cfg = load();
-      save({
-        ...cfg,
+      let browserOpened = false;
+      if (!yes && !isJSONMode() && isInteractiveAllowed(program)) {
+        const promptResult = await Promise.race([
+          promptText({
+            message: "Press Enter to open browser, or paste the URL above to log in manually",
+            cancelMessage: "Login cancelled."
+          }),
+          callbackPromise.then(() => "callback_received")
+        ]);
+        if (promptResult === null) return;
+        if (promptResult !== "callback_received") {
+          if (!isJSONMode()) {
+            console.log(`  Opening browser to log in...`);
+            console.log(`  ${dim("Waiting for authentication...")}`);
+          }
+          openBrowser(prepared.authorizeUrl);
+          browserOpened = true;
+        }
+      }
+      if (!browserOpened && yes) {
+        if (!isJSONMode()) {
+          console.log(`  Opening browser to log in...`);
+          console.log(`  ${dim("Waiting for authentication...")}`);
+        }
+        openBrowser(prepared.authorizeUrl);
+      }
+      const callback = await callbackPromise;
+      if (callback.state !== prepared.state) {
+        callback.sendError("State mismatch \u2014 possible CSRF attack.");
+        throw new Error("OAuth state mismatch. Authentication aborted.");
+      }
+      let result;
+      try {
+        result = await exchangeCodeForToken(callback.code, AUTH_PORT, {
+          codeVerifier: prepared.codeVerifier
+        });
+        callback.sendSuccess();
+      } catch (err) {
+        callback.sendError("Failed to complete authentication. Please try again.");
+        throw err;
+      }
+      await saveCredentials({
         auth_token: result.token,
         auth_token_expires_at: result.expiresAt
       });
+      const cfg = load();
+      if (cfg.auth_token) {
+        save({ ...cfg, auth_token: void 0, auth_token_expires_at: void 0 });
+      }
       const expiresAt = result.expiresAt;
+      const backend = await getStorageBackend();
       printHuman(
         `  ${green("\u2713")} Logged in successfully
-  ${dim("Token saved to")} ${configPath()}
+  ${dim("Credentials stored in")} ${backend}
   ${dim("Expires:")} ${expiresAt}
 `,
         {
           status: "authenticated",
           expiresAt,
-          configPath: configPath()
+          storageBackend: backend
         }
       );
       if (isInteractiveAllowed(program)) {
@@ -94,11 +159,13 @@ function registerAuth(program) {
       );
     }
   });
-  cmd.command("status").description("Show current authentication status").action(() => {
+  cmd.command("status").description("Show current authentication status").action(async () => {
     try {
+      const creds = await getCredentials();
       const cfg = load();
-      const validToken = resolveAuthToken(cfg);
-      if (!cfg.auth_token) {
+      const validToken = await resolveAuthToken(cfg);
+      const hasToken = creds?.auth_token || cfg.auth_token;
+      if (!hasToken) {
         printHuman(
           `  ${dim("Not authenticated. Run")} alchemy auth ${dim("to log in.")}
 `,
@@ -114,15 +181,20 @@ function registerAuth(program) {
         );
         return;
       }
+      const expiresAt = creds?.auth_token_expires_at || cfg.auth_token_expires_at || "unknown";
+      const backend = await getStorageBackend();
+      const storedIn = creds?.auth_token ? backend : "config file (legacy)";
       printHuman(
         `  ${green("\u2713")} Authenticated
   ${dim("Token:")} ${maskIf(validToken)}
-  ${dim("Expires:")} ${cfg.auth_token_expires_at || "unknown"}
+  ${dim("Storage:")} ${storedIn}
+  ${dim("Expires:")} ${expiresAt}
 `,
         {
           authenticated: true,
           expired: false,
-          expiresAt: cfg.auth_token_expires_at
+          expiresAt,
+          storageBackend: storedIn
         }
       );
     } catch (err) {
@@ -131,14 +203,17 @@ function registerAuth(program) {
   });
   cmd.command("logout").description("Clear saved authentication token").action(async () => {
     try {
+      const creds = await getCredentials();
       const cfg = load();
+      const activeToken = creds?.auth_token || cfg.auth_token;
       let revokeResult;
-      if (cfg.auth_token) {
-        revokeResult = await revokeToken(cfg.auth_token);
+      if (activeToken) {
+        revokeResult = await revokeToken(activeToken);
       }
-      const { auth_token: _, auth_token_expires_at: __, ...rest } = cfg;
+      await deleteCredentials();
+      const { auth_token: _, auth_token_expires_at: __, app: ___, ...rest } = cfg;
       save(rest);
-      if (!cfg.auth_token) {
+      if (!activeToken) {
         printHuman(
           `  ${dim("No active session.")}
 `,
@@ -196,8 +271,9 @@ async function selectAppAfterAuth(authToken) {
     console.log(`  ${green("\u2713")} Auto-selected app: ${bold(selectedApp.name)}`);
   } else {
     console.log("");
-    const appId = await promptSelect({
+    const appId = await promptAutocomplete({
       message: "Select an app",
+      placeholder: "Type to search by name",
       options: apps.map((app) => ({
         value: app.id,
         label: app.name,

package/dist/credential-storage-T6FFW7DG.js

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
+import {
+  deleteCredentials,
+  getCredentials,
+  getStorageBackend,
+  saveCredentials
+} from "./chunk-JQRGILIS.js";
+export {
+  deleteCredentials,
+  getCredentials,
+  getStorageBackend,
+  saveCredentials
+};