@alchemy/cli 0.6.1 → 0.7.0-alpha.5

package/dist/{chunk-FFMNT74F.js → chunk-HSKKIATB.js}

@@ -2,7 +2,7 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   getBaseDomain
-} from "./chunk-56ZVYB4G.js";
+} from "./chunk-QEDAULQ2.js";
 
 // src/lib/auth.ts
 import { createHash, randomBytes } from "crypto";
@@ -130,7 +130,7 @@ ${SHARED_STYLE}
 // src/lib/auth.ts
 var AUTH_PORT = 16424;
 var AUTH_CALLBACK_PATH = "/callback";
-var OAUTH_CLIENT_ID = "alchemy-cli";
+var DEFAULT_EXPIRES_IN_SECONDS = 90 * 24 * 60 * 60;
 function getAuthBaseUrl() {
   return process.env.ALCHEMY_AUTH_URL || `https://auth.${getBaseDomain()}`;
 }
@@ -140,40 +140,56 @@ function generateCodeVerifier() {
 function deriveCodeChallenge(verifier) {
   return createHash("sha256").update(verifier).digest("base64url");
 }
-function generateState() {
-  return randomBytes(32).toString("base64url");
-}
-function getAuthorizeUrl(port, codeChallenge, state) {
+function getLoginUrl(port, codeChallenge) {
   const base = getAuthBaseUrl();
-  const url = new URL(`${base}/oauth/authorize`);
-  url.searchParams.set("response_type", "code");
-  url.searchParams.set("client_id", OAUTH_CLIENT_ID);
-  url.searchParams.set("redirect_uri", `http://localhost:${port}${AUTH_CALLBACK_PATH}`);
-  url.searchParams.set("code_challenge", codeChallenge);
-  url.searchParams.set("code_challenge_method", "S256");
-  url.searchParams.set("state", state);
-  return url.toString();
-}
-function prepareBrowserLogin(port = AUTH_PORT) {
-  const codeVerifier = generateCodeVerifier();
-  const codeChallenge = deriveCodeChallenge(codeVerifier);
-  const state = generateState();
-  return {
-    authorizeUrl: getAuthorizeUrl(port, codeChallenge, state),
-    codeVerifier,
-    state
-  };
+  const redirect = encodeURIComponent(`http://localhost:${port}${AUTH_CALLBACK_PATH}`);
+  let url = `${base}/login?redirectUrl=${redirect}&_t=${Date.now()}`;
+  if (codeChallenge) {
+    url += `&code_challenge=${encodeURIComponent(codeChallenge)}`;
+  }
+  return url;
 }
 function openBrowser(url) {
   const cmd = platform() === "darwin" ? "open" : platform() === "win32" ? "start" : "xdg-open";
   execFile(cmd, [url]);
 }
+function closeServer(args) {
+  const { server, sockets } = args;
+  return new Promise((resolve) => {
+    server.close(() => resolve());
+    for (const socket of sockets) {
+      socket.destroy();
+    }
+  });
+}
+async function sendCallbackResponse(args) {
+  const { server, sockets, req, res, statusCode, body } = args;
+  req.socket.setKeepAlive(false);
+  res.shouldKeepAlive = false;
+  res.writeHead(statusCode, {
+    "Content-Type": "text/html",
+    Connection: "close"
+  });
+  await new Promise((resolve) => {
+    res.end(body, () => resolve());
+  });
+  await closeServer({ server, sockets });
+}
 function waitForCallback(port, timeoutMs = 12e4) {
-  return new Promise((resolve, reject) => {
+  let cancelFn;
+  const promise = new Promise((resolve, reject) => {
+    const sockets = /* @__PURE__ */ new Set();
     const timer = setTimeout(() => {
       server.close();
+      for (const socket of sockets) {
+        socket.destroy();
+      }
       reject(new Error("Authentication timed out. Please try again."));
     }, timeoutMs);
+    cancelFn = () => {
+      clearTimeout(timer);
+      closeServer({ server, sockets });
+    };
     const server = createServer((req, res) => {
       const url = new URL(req.url || "/", `http://localhost:${port}`);
       if (url.pathname !== AUTH_CALLBACK_PATH) {
@@ -185,35 +201,52 @@ function waitForCallback(port, timeoutMs = 12e4) {
       if (error) {
         const description = url.searchParams.get("error_description") || error;
         clearTimeout(timer);
-        res.writeHead(200, { "Content-Type": "text/html" });
-        res.end(authErrorHtml(description));
-        server.close();
-        reject(new Error(`Authentication failed: ${description}`));
+        void sendCallbackResponse({
+          server,
+          sockets,
+          req,
+          res,
+          statusCode: 200,
+          body: authErrorHtml(description)
+        }).finally(() => {
+          reject(new Error(`Authentication failed: ${description}`));
+        });
         return;
       }
       const code = url.searchParams.get("code");
       if (!code) {
         clearTimeout(timer);
-        res.writeHead(400);
-        res.end("Missing auth code");
-        server.close();
-        reject(new Error("Authentication callback missing auth code."));
+        void sendCallbackResponse({
+          server,
+          sockets,
+          req,
+          res,
+          statusCode: 400,
+          body: "Missing auth code"
+        }).finally(() => {
+          reject(new Error("Authentication callback missing auth code."));
+        });
         return;
       }
       clearTimeout(timer);
       resolve({
         code,
-        state: url.searchParams.get("state"),
-        sendSuccess: () => {
-          res.writeHead(200, { "Content-Type": "text/html" });
-          res.end(AUTH_SUCCESS_HTML);
-          server.close();
-        },
-        sendError: (message) => {
-          res.writeHead(500, { "Content-Type": "text/html" });
-          res.end(authErrorHtml(message));
-          server.close();
-        }
+        sendSuccess: () => sendCallbackResponse({
+          server,
+          sockets,
+          req,
+          res,
+          statusCode: 200,
+          body: AUTH_SUCCESS_HTML
+        }),
+        sendError: (message) => sendCallbackResponse({
+          server,
+          sockets,
+          req,
+          res,
+          statusCode: 500,
+          body: authErrorHtml(message)
+        })
       });
     });
     server.on("error", (err) => {
@@ -229,60 +262,75 @@ function waitForCallback(port, timeoutMs = 12e4) {
         reject(err);
       }
     });
+    server.on("connection", (socket) => {
+      sockets.add(socket);
+      socket.on("close", () => {
+        sockets.delete(socket);
+      });
+    });
     server.listen(port, "127.0.0.1");
     server.unref();
   });
+  return { promise, cancel: () => cancelFn() };
 }
 async function exchangeCodeForToken(code, port, options) {
   const baseUrl = getAuthBaseUrl();
   const redirectUri = `http://localhost:${port}${AUTH_CALLBACK_PATH}`;
-  const body = new URLSearchParams({
-    grant_type: "authorization_code",
+  const body = {
     code,
-    redirect_uri: redirectUri,
-    client_id: OAUTH_CLIENT_ID,
-    code_verifier: options.codeVerifier
-  });
-  const response = await fetch(`${baseUrl}/oauth/token`, {
+    redirect_uri: redirectUri
+  };
+  if (options?.expiresInSeconds) {
+    body.expires_in_seconds = options.expiresInSeconds;
+  }
+  if (options?.codeVerifier) {
+    body.code_verifier = options.codeVerifier;
+  }
+  const response = await fetch(`${baseUrl}/api/cli/token`, {
     method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body: body.toString()
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
   });
   if (!response.ok) {
     const errBody = await response.json().catch(() => ({}));
-    const errMsg = errBody.error_description || errBody.error || `Token exchange failed (HTTP ${response.status})`;
-    throw new Error(errMsg);
+    throw new Error(
+      errBody.error || `Token exchange failed (HTTP ${response.status})`
+    );
   }
   const data = await response.json();
-  if (!data.access_token) {
-    throw new Error("Token exchange response missing access_token");
+  if (!data.authToken) {
+    throw new Error("Token exchange response missing authToken");
   }
-  const expiresAt = new Date(Date.now() + data.expires_in * 1e3).toISOString();
-  return { token: data.access_token, expiresAt };
+  return { token: data.authToken, expiresAt: data.expiresAt };
+}
+function prepareLogin(port = AUTH_PORT) {
+  const codeVerifier = generateCodeVerifier();
+  const codeChallenge = deriveCodeChallenge(codeVerifier);
+  const loginUrl = getLoginUrl(port, codeChallenge);
+  const handle = waitForCallback(port);
+  return { loginUrl, callbackPromise: handle.promise, codeVerifier, port, cancel: handle.cancel };
 }
-async function performBrowserLogin(prepared, options) {
-  const port = options?.port ?? AUTH_PORT;
-  const { authorizeUrl, codeVerifier, state } = prepared ?? prepareBrowserLogin(port);
-  const callbackPromise = waitForCallback(port);
+async function completeLogin(prepared, options) {
   if (!options?.skipBrowserOpen) {
-    openBrowser(authorizeUrl);
-  }
-  const callback = await callbackPromise;
-  if (callback.state !== state) {
-    callback.sendError("State mismatch \u2014 possible CSRF attack.");
-    throw new Error("OAuth state mismatch. Authentication aborted.");
+    openBrowser(prepared.loginUrl);
   }
+  const callback = await prepared.callbackPromise;
   try {
-    const result = await exchangeCodeForToken(callback.code, port, {
-      codeVerifier
+    const result = await exchangeCodeForToken(callback.code, prepared.port, {
+      expiresInSeconds: options?.expiresInSeconds ?? DEFAULT_EXPIRES_IN_SECONDS,
+      codeVerifier: prepared.codeVerifier
     });
-    callback.sendSuccess();
+    await callback.sendSuccess();
     return result;
   } catch (err) {
-    callback.sendError("Failed to complete authentication. Please try again.");
+    await callback.sendError("Failed to complete authentication. Please try again.");
     throw err;
   }
 }
+async function performBrowserLogin(port = AUTH_PORT, options) {
+  const prepared = prepareLogin(port);
+  return completeLogin(prepared, { expiresInSeconds: options?.expiresInSeconds });
+}
 async function revokeToken(token) {
   const baseUrl = getAuthBaseUrl();
   try {
@@ -307,12 +355,13 @@ async function revokeToken(token) {
 
 export {
   AUTH_PORT,
-  OAUTH_CLIENT_ID,
-  getAuthorizeUrl,
-  prepareBrowserLogin,
+  DEFAULT_EXPIRES_IN_SECONDS,
+  getLoginUrl,
   openBrowser,
   waitForCallback,
   exchangeCodeForToken,
+  prepareLogin,
+  completeLogin,
   performBrowserLogin,
   revokeToken
 };

package/dist/{chunk-KDMIWPZH.js → chunk-HYCRHNPX.js}

@@ -2,7 +2,7 @@
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
   isJSONMode
-} from "./chunk-56ZVYB4G.js";
+} from "./chunk-QEDAULQ2.js";
 
 // src/lib/interaction.ts
 import { stdin, stdout } from "process";

package/dist/chunk-MUT4TFQ5.js

@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
+import {
+  isInteractiveAllowed
+} from "./chunk-HYCRHNPX.js";
+import {
+  resolveAuthToken
+} from "./chunk-PKAN5FKD.js";
+
+// src/lib/onboarding.ts
+function hasAPIKey(cfg) {
+  return Boolean(cfg.api_key?.trim());
+}
+function hasAccessKeyAndApp(cfg) {
+  return Boolean(cfg.access_key?.trim() && cfg.app?.id && cfg.app.apiKey);
+}
+function hasX402Wallet(cfg) {
+  return cfg.x402 === true && Boolean(cfg.wallet_key_file?.trim());
+}
+function hasAuthToken(cfg) {
+  return resolveAuthToken(cfg) !== void 0;
+}
+function getSetupMethod(cfg) {
+  if (hasAPIKey(cfg)) return "api_key";
+  if (hasAccessKeyAndApp(cfg)) return "access_key_app";
+  if (hasX402Wallet(cfg)) return "x402_wallet";
+  if (hasAuthToken(cfg)) return "auth_token";
+  return null;
+}
+function isSetupComplete(cfg) {
+  return getSetupMethod(cfg) !== null;
+}
+function getSetupStatus(cfg) {
+  const satisfiedBy = getSetupMethod(cfg);
+  if (satisfiedBy) {
+    return {
+      complete: true,
+      satisfiedBy,
+      missing: [],
+      nextCommands: []
+    };
+  }
+  return {
+    complete: false,
+    satisfiedBy: null,
+    missing: ["Provide one auth path: alchemy auth OR api-key OR access-key+app OR SIWx wallet"],
+    nextCommands: [
+      "alchemy auth",
+      "alchemy config set app",
+      "alchemy config set access-key <key> && alchemy config set app <app-id>",
+      "alchemy wallet connect --mode local --chain evm && alchemy config set x402 true"
+    ]
+  };
+}
+function shouldRunOnboarding(program, cfg) {
+  return isInteractiveAllowed(program) && !isSetupComplete(cfg);
+}
+
+export {
+  getSetupMethod,
+  isSetupComplete,
+  getSetupStatus,
+  shouldRunOnboarding
+};

package/dist/{chunk-UMKDYHMO.js → chunk-NT3G6BKD.js}

@@ -1,26 +1,17 @@
 #!/usr/bin/env node
 if(process.argv.includes("--no-color"))process.env.NO_COLOR="1";
 import {
-  AUTH_PORT,
-  exchangeCodeForToken,
-  openBrowser,
-  prepareBrowserLogin,
-  revokeToken,
-  waitForCallback
-} from "./chunk-FFMNT74F.js";
+  completeLogin,
+  prepareLogin,
+  revokeToken
+} from "./chunk-HSKKIATB.js";
 import {
   isInteractiveAllowed
-} from "./chunk-KDMIWPZH.js";
+} from "./chunk-HYCRHNPX.js";
 import {
   AdminClient,
   resolveAuthToken
-} from "./chunk-ATX65U7J.js";
-import {
-  deleteCredentials,
-  getCredentials,
-  getStorageBackend,
-  saveCredentials
-} from "./chunk-JQRGILIS.js";
+} from "./chunk-PKAN5FKD.js";
 import {
   bold,
   brand,
@@ -29,12 +20,13 @@ import {
   promptAutocomplete,
   promptText,
   withSpinner
-} from "./chunk-NBDWF4ZQ.js";
+} from "./chunk-A6L3WCJN.js";
 import {
+  configPath,
   load,
   maskIf,
   save
-} from "./chunk-BAAQ7ELR.js";
+} from "./chunk-B3R6PRAL.js";
 import {
   CLIError,
   ErrorCode,
@@ -42,7 +34,7 @@ import {
   exitWithError,
   isJSONMode,
   printHuman
-} from "./chunk-56ZVYB4G.js";
+} from "./chunk-QEDAULQ2.js";
 
 // src/commands/auth.ts
 function registerAuth(program) {
@@ -51,7 +43,7 @@ function registerAuth(program) {
     const yes = opts.yes || cmd.opts().yes;
     try {
       if (!opts.force) {
-        const existing = await resolveAuthToken();
+        const existing = resolveAuthToken();
         if (existing) {
           printHuman(
             `  ${green("\u2713")} Already authenticated
@@ -64,108 +56,79 @@ function registerAuth(program) {
         }
       }
       if (opts.force) {
-        const existingCreds = await getCredentials();
-        const tokenToRevoke = existingCreds?.auth_token;
-        if (!tokenToRevoke) {
-          const cfg2 = load();
-          if (cfg2.auth_token) {
-            await revokeToken(cfg2.auth_token);
-            save({ ...cfg2, auth_token: void 0, auth_token_expires_at: void 0 });
-          }
-        } else {
-          await revokeToken(tokenToRevoke);
+        const cfg2 = load();
+        if (cfg2.auth_token) {
+          await revokeToken(cfg2.auth_token);
+          save({ ...cfg2, auth_token: void 0, auth_token_expires_at: void 0 });
         }
-        await deleteCredentials();
       }
-      const prepared = prepareBrowserLogin();
-      const callbackPromise = waitForCallback(AUTH_PORT);
+      const prepared = prepareLogin();
       if (!isJSONMode()) {
         console.log("");
         console.log(`  ${brand("\u25C6")} ${bold("Alchemy Authentication")}`);
         console.log(`  ${dim("\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500")}`);
         console.log("");
-        console.log(`  ${dim(prepared.authorizeUrl)}`);
+        console.log(`  ${dim(prepared.loginUrl)}`);
         console.log("");
       }
-      let browserOpened = false;
+      const promptAbort = new AbortController();
+      let earlyAuth = false;
+      prepared.callbackPromise.then(() => {
+        earlyAuth = true;
+        promptAbort.abort();
+      }).catch(() => {
+      });
       if (!yes && !isJSONMode() && isInteractiveAllowed(program)) {
-        const promptResult = await Promise.race([
-          promptText({
-            message: "Press Enter to open browser, or paste the URL above to log in manually",
-            cancelMessage: "Login cancelled."
-          }),
-          callbackPromise.then(() => "callback_received")
-        ]);
-        if (promptResult === null) return;
-        if (promptResult !== "callback_received") {
-          if (!isJSONMode()) {
-            console.log(`  Opening browser to log in...`);
-            console.log(`  ${dim("Waiting for authentication...")}`);
-          }
-          openBrowser(prepared.authorizeUrl);
-          browserOpened = true;
-        }
-      }
-      if (!browserOpened && yes) {
-        if (!isJSONMode()) {
-          console.log(`  Opening browser to log in...`);
-          console.log(`  ${dim("Waiting for authentication...")}`);
+        const answer = await promptText({
+          message: "Press Enter to open browser, or paste the link above to authenticate",
+          cancelMessage: "Login cancelled.",
+          abortSignal: promptAbort.signal
+        });
+        if (answer === null) {
+          prepared.cancel();
+          return;
         }
-        openBrowser(prepared.authorizeUrl);
       }
-      const callback = await callbackPromise;
-      if (callback.state !== prepared.state) {
-        callback.sendError("State mismatch \u2014 possible CSRF attack.");
-        throw new Error("OAuth state mismatch. Authentication aborted.");
-      }
-      let result;
-      try {
-        result = await exchangeCodeForToken(callback.code, AUTH_PORT, {
-          codeVerifier: prepared.codeVerifier
-        });
-        callback.sendSuccess();
-      } catch (err) {
-        callback.sendError("Failed to complete authentication. Please try again.");
-        throw err;
+      if (!earlyAuth && !isJSONMode()) {
+        console.log(`  Opening browser to log in...`);
+        console.log(`  ${dim("Waiting for authentication...")}`);
       }
-      await saveCredentials({
+      const result = await completeLogin(prepared, {
+        skipBrowserOpen: earlyAuth
+      });
+      const cfg = load();
+      const hasConfiguredApp = Boolean(cfg.app);
+      save({
+        ...cfg,
         auth_token: result.token,
         auth_token_expires_at: result.expiresAt
       });
-      const cfg = load();
-      if (cfg.auth_token) {
-        save({ ...cfg, auth_token: void 0, auth_token_expires_at: void 0 });
-      }
       const expiresAt = result.expiresAt;
-      const backend = await getStorageBackend();
       printHuman(
         `  ${green("\u2713")} Logged in successfully
-  ${dim("Credentials stored in")} ${backend}
+  ${dim("Token saved to")} ${configPath()}
   ${dim("Expires:")} ${expiresAt}
 `,
         {
           status: "authenticated",
           expiresAt,
-          storageBackend: backend
+          configPath: configPath()
         }
       );
-      if (isInteractiveAllowed(program)) {
+      if (isInteractiveAllowed(program) && !hasConfiguredApp) {
         await selectAppAfterAuth(result.token);
       }
-      process.exit(0);
     } catch (err) {
       exitWithError(
         err instanceof CLIError ? err : new CLIError(ErrorCode.AUTH_REQUIRED, String(err.message))
       );
     }
   });
-  cmd.command("status").description("Show current authentication status").action(async () => {
+  cmd.command("status").description("Show current authentication status").action(() => {
     try {
-      const creds = await getCredentials();
       const cfg = load();
-      const validToken = await resolveAuthToken(cfg);
-      const hasToken = creds?.auth_token || cfg.auth_token;
-      if (!hasToken) {
+      const validToken = resolveAuthToken(cfg);
+      if (!cfg.auth_token) {
         printHuman(
           `  ${dim("Not authenticated. Run")} alchemy auth ${dim("to log in.")}
 `,
@@ -181,20 +144,15 @@ function registerAuth(program) {
         );
         return;
       }
-      const expiresAt = creds?.auth_token_expires_at || cfg.auth_token_expires_at || "unknown";
-      const backend = await getStorageBackend();
-      const storedIn = creds?.auth_token ? backend : "config file (legacy)";
       printHuman(
         `  ${green("\u2713")} Authenticated
   ${dim("Token:")} ${maskIf(validToken)}
-  ${dim("Storage:")} ${storedIn}
-  ${dim("Expires:")} ${expiresAt}
+  ${dim("Expires:")} ${cfg.auth_token_expires_at || "unknown"}
 `,
         {
           authenticated: true,
           expired: false,
-          expiresAt,
-          storageBackend: storedIn
+          expiresAt: cfg.auth_token_expires_at
         }
       );
     } catch (err) {
@@ -203,17 +161,14 @@ function registerAuth(program) {
   });
   cmd.command("logout").description("Clear saved authentication token").action(async () => {
     try {
-      const creds = await getCredentials();
       const cfg = load();
-      const activeToken = creds?.auth_token || cfg.auth_token;
       let revokeResult;
-      if (activeToken) {
-        revokeResult = await revokeToken(activeToken);
+      if (cfg.auth_token) {
+        revokeResult = await revokeToken(cfg.auth_token);
       }
-      await deleteCredentials();
-      const { auth_token: _, auth_token_expires_at: __, app: ___, ...rest } = cfg;
+      const { auth_token: _, auth_token_expires_at: __, ...rest } = cfg;
       save(rest);
-      if (!activeToken) {
+      if (!cfg.auth_token) {
         printHuman(
           `  ${dim("No active session.")}
 `,