@andocorp/cli 0.1.3 → 0.3.0

package/dist/auth-commands.js

@@ -0,0 +1,362 @@
+import { ColorTheme, DEFAULT_ANDO_BASE_URL, MemberType, SidebarFolderFilterMode, SidebarFolderSortMode, WorkspaceRole, } from "@andocorp/sdk";
+import { getStringFlag } from "./args.js";
+import { CliLoginRequestError, clearPendingCliLoginSession } from "./cli-login.js";
+import { revokeCliLoginApiKey } from "./cli-login-revoke.js";
+import { createAndoCliClient } from "./client.js";
+import { clearSavedConfig, inspectSavedConfig, readSavedConfigMetadata, } from "./config.js";
+import { readSavedConfigsForLogout, } from "./config-logout-credentials.js";
+import { printJson } from "./output.js";
+import { getConfiguredApiHost, getConfiguredBaseUrl, getConfiguredRealtimeHost, ensureConfig, } from "./session.js";
+const PUBLIC_API_PROBE_DATE = new Date("2026-05-29T12:00:00.000Z");
+function getEnvApiKey() {
+    const value = process.env["ANDO_API_KEY"];
+    return value == null || value.trim() === "" ? null : value.trim();
+}
+function getFlagApiKey(parsedArgs) {
+    const value = getStringFlag(parsedArgs, "api-key");
+    return value == null || value.trim() === "" ? null : value.trim();
+}
+function getExplicitApiKey(parsedArgs) {
+    return getFlagApiKey(parsedArgs) ?? getEnvApiKey();
+}
+function formatCheck(ok) {
+    return ok ? "OK" : "--";
+}
+function formatError(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+function isLegacyGetMeUnavailable(error) {
+    return (error instanceof Error &&
+        error.message.includes("/auth/me failed") &&
+        error.message.includes("404"));
+}
+function createPublicApiProbeMe() {
+    return {
+        id: "public-api-key",
+        stytch_member_id: null,
+        email: null,
+        display_name: "Public API key",
+        profile_image_url: null,
+        profile_image_file_id: null,
+        top_level_sidebar_item_ids: [],
+        sidebar_folders: [],
+        sidebar_conversations_preferences: {
+            collapse_threads: "reading",
+            filter_mode: SidebarFolderFilterMode.ALL,
+            hide_read_thread_trees: false,
+            inactive_after: "never",
+            sort_mode: SidebarFolderSortMode.MANUAL,
+        },
+        title: null,
+        time_zone: null,
+        workspace_id: "public-api-workspace",
+        member_type: MemberType.HUMAN,
+        workspace_role: WorkspaceRole.MEMBER,
+        total_unread_count: 0,
+        e164: null,
+        from_e164: null,
+        linq_chat_id: null,
+        archived_at: null,
+        last_active_at: PUBLIC_API_PROBE_DATE,
+        last_caught_up_at: PUBLIC_API_PROBE_DATE,
+        onboarding_completed_at: null,
+        summary_text: null,
+        last_summary_at: null,
+        buffer_text: null,
+        updated_at: PUBLIC_API_PROBE_DATE,
+        created_at: PUBLIC_API_PROBE_DATE,
+        color_theme: ColorTheme.AUTO,
+        show_thread_trees: false,
+        profile_image_file: null,
+        workspace: {
+            id: "public-api-workspace",
+            stytch_organization_id: "public-api-organization",
+            name: "Public API workspace",
+            slug: "public-api-workspace",
+            image_url: null,
+            icon_image_file_id: null,
+            description: null,
+            invite_link_id: "public-api-invite",
+            created_at: PUBLIC_API_PROBE_DATE,
+            updated_at: PUBLIC_API_PROBE_DATE,
+            workspace_invite_link: {
+                id: "public-api-invite",
+                workspace_id: "public-api-workspace",
+                slug: "public-api-workspace",
+                code: "PUBLICAPI",
+                created_at: PUBLIC_API_PROBE_DATE,
+            },
+        },
+    };
+}
+async function probePublicApiAuth(config) {
+    const client = createAndoCliClient(config);
+    const subscription = await client.realtime.subscribeMember();
+    await subscription.close();
+    return createPublicApiProbeMe();
+}
+function getAuthSource(parsedArgs, inspection) {
+    if (getFlagApiKey(parsedArgs) != null) {
+        return {
+            source: "flag",
+        };
+    }
+    if (getEnvApiKey() != null) {
+        return {
+            source: "env",
+        };
+    }
+    if (inspection.hasCredential && inspection.credentialStorage != null) {
+        return {
+            source: inspection.credentialStorage,
+            account: inspection.credentialAccount,
+        };
+    }
+    if (inspection.hasLegacyCredential) {
+        return {
+            source: "legacy_config",
+        };
+    }
+    return {
+        source: "missing",
+        account: inspection.credentialAccount,
+        error: inspection.credentialError,
+    };
+}
+async function defaultGetMe(config) {
+    const client = createAndoCliClient(config);
+    try {
+        return await client.getMe();
+    }
+    catch (error) {
+        if (isLegacyGetMeUnavailable(error)) {
+            return await probePublicApiAuth(config);
+        }
+        throw error;
+    }
+    finally {
+        await client.close();
+    }
+}
+async function loadDoctorConfig(parsedArgs, dependencies) {
+    if (dependencies.loadConfig != null) {
+        return await dependencies.loadConfig();
+    }
+    const explicitApiKey = getExplicitApiKey(parsedArgs);
+    if (explicitApiKey != null) {
+        return buildExplicitApiKeyConfig(parsedArgs, explicitApiKey, await readOptionalSavedConfigMetadata(dependencies));
+    }
+    return await ensureConfig({ command: "doctor", parsedArgs });
+}
+function buildExplicitApiKeyConfig(parsedArgs, apiKey, savedConfig) {
+    return {
+        apiKey,
+        apiHost: getConfiguredApiHost(parsedArgs, savedConfig?.apiHost ?? null),
+        baseUrl: getConfiguredBaseUrl(parsedArgs, savedConfig?.baseUrl ?? null),
+        realtimeHost: getConfiguredRealtimeHost(parsedArgs, savedConfig?.realtimeHost ?? null),
+    };
+}
+async function readOptionalSavedConfigMetadata(dependencies) {
+    try {
+        return await (dependencies.readSavedConfigMetadata ?? readSavedConfigMetadata)();
+    }
+    catch {
+        return null;
+    }
+}
+async function buildDoctorReport(parsedArgs, dependencies) {
+    const inspection = await (dependencies.inspectSavedConfig ?? inspectSavedConfig)();
+    const auth = getAuthSource(parsedArgs, inspection);
+    let api = {
+        status: "skipped",
+        message: "No API key found. Run `ando login` or set ANDO_API_KEY.",
+    };
+    if (auth.source !== "missing") {
+        try {
+            const config = await loadDoctorConfig(parsedArgs, dependencies);
+            const me = await (dependencies.getMe ?? defaultGetMe)(config);
+            api = {
+                status: "ok",
+                memberId: me.id,
+                memberLabel: me.display_name ?? me.email ?? me.id,
+                workspaceId: me.workspace.id,
+                workspaceLabel: me.workspace.name,
+            };
+        }
+        catch (error) {
+            api = {
+                status: "failed",
+                message: formatError(error),
+            };
+        }
+    }
+    return {
+        api,
+        auth,
+        config: {
+            error: inspection.configError,
+            path: inspection.configPath,
+            present: inspection.hasConfig,
+        },
+    };
+}
+async function loadWhoamiContext(parsedArgs, dependencies) {
+    if (dependencies.loadConfig != null) {
+        const [config, savedConfig] = await Promise.all([
+            dependencies.loadConfig(),
+            (dependencies.readSavedConfigMetadata ?? readSavedConfigMetadata)(),
+        ]);
+        return { config, savedConfig };
+    }
+    const explicitApiKey = getExplicitApiKey(parsedArgs);
+    if (explicitApiKey != null) {
+        const savedConfig = await readOptionalSavedConfigMetadata(dependencies);
+        return {
+            config: buildExplicitApiKeyConfig(parsedArgs, explicitApiKey, savedConfig),
+            savedConfig,
+        };
+    }
+    const [config, savedConfig] = await Promise.all([
+        ensureConfig({ command: "whoami", parsedArgs }),
+        (dependencies.readSavedConfigMetadata ?? readSavedConfigMetadata)(),
+    ]);
+    return { config, savedConfig };
+}
+async function buildWhoamiReport(parsedArgs, dependencies) {
+    const { config, savedConfig } = await loadWhoamiContext(parsedArgs, dependencies);
+    const me = await (dependencies.getMe ?? defaultGetMe)(config);
+    return {
+        member: {
+            id: me.id,
+            displayName: me.display_name ?? undefined,
+            email: me.email ?? undefined,
+        },
+        saved: {
+            defaultWorkspaceId: savedConfig?.defaultWorkspaceId,
+            defaultWorkspaceMembershipId: savedConfig?.defaultWorkspaceMembershipId,
+        },
+        workspace: {
+            id: me.workspace.id,
+            name: me.workspace.name,
+        },
+    };
+}
+function formatAuthSource(auth) {
+    switch (auth.source) {
+        case "flag":
+            return "--api-key";
+        case "env":
+            return "ANDO_API_KEY";
+        case "file":
+            return `file${auth.account == null ? "" : ` (${auth.account})`}`;
+        case "keyring":
+            return `keyring${auth.account == null ? "" : ` (${auth.account})`}`;
+        case "legacy_config":
+            return "legacy config";
+        case "missing":
+            return auth.error == null ? "missing" : `missing (${auth.error})`;
+    }
+}
+function formatMemberLabel(member) {
+    return member.displayName ?? member.email ?? member.id;
+}
+function writeDoctorReport(stdout, report) {
+    const configOk = report.config.present && report.config.error == null;
+    stdout.write(`Config             ${formatCheck(configOk)}  ${report.config.path}${report.config.error == null ? "" : ` (${report.config.error})`}\n`);
+    stdout.write(`Credential         ${formatCheck(report.auth.source !== "missing")}  ${formatAuthSource(report.auth)}\n`);
+    if (report.api.status === "ok") {
+        stdout.write(`API authenticated  OK  ${report.api.memberLabel} (${report.api.memberId})\n`);
+        stdout.write(`Workspace          OK  ${report.api.workspaceLabel} (${report.api.workspaceId})\n`);
+        return;
+    }
+    stdout.write(`API authenticated  --  ${report.api.message}\n`);
+}
+function writeWhoamiReport(stdout, report) {
+    stdout.write(`Member             ${formatMemberLabel(report.member)} (${report.member.id})\n`);
+    if (report.member.email != null) {
+        stdout.write(`Email              ${report.member.email}\n`);
+    }
+    stdout.write(`Workspace          ${report.workspace.name} (${report.workspace.id})\n`);
+    if (report.saved.defaultWorkspaceId != null) {
+        stdout.write(`Saved workspace    ${report.saved.defaultWorkspaceId}\n`);
+    }
+    if (report.saved.defaultWorkspaceMembershipId != null) {
+        stdout.write(`Saved membership   ${report.saved.defaultWorkspaceMembershipId}\n`);
+    }
+}
+async function readSavedConfigsForLogoutCommand(dependencies) {
+    try {
+        if (dependencies.readSavedConfigsForLogout != null) {
+            return await dependencies.readSavedConfigsForLogout();
+        }
+        if (dependencies.readSavedConfig != null) {
+            const savedConfig = await dependencies.readSavedConfig();
+            return savedConfig == null
+                ? []
+                : [
+                    {
+                        ...savedConfig,
+                        revokeOnLogout: savedConfig.credentialSource === "browser_login",
+                    },
+                ];
+        }
+        return await readSavedConfigsForLogout();
+    }
+    catch {
+        return [];
+    }
+}
+async function revokeSavedCliCredential(config, dependencies, stdout) {
+    if (!config.revokeOnLogout) {
+        return;
+    }
+    try {
+        const result = await (dependencies.revokeCliLoginApiKey ?? revokeCliLoginApiKey)({
+            apiKey: config.apiKey,
+            baseUrl: config.baseUrl ?? DEFAULT_ANDO_BASE_URL,
+        });
+        stdout.write(result.revoked
+            ? "Revoked remote CLI credential.\n"
+            : "Remote CLI credential was already revoked.\n");
+    }
+    catch (error) {
+        if (error instanceof CliLoginRequestError) {
+            if (error.errorCode === "invalid_api_key") {
+                stdout.write("Remote CLI credential was already invalid.\n");
+                return;
+            }
+            if (error.errorCode === "unsupported_api_key_type") {
+                stdout.write("Remote CLI credential does not support revocation.\n");
+                return;
+            }
+        }
+        throw error;
+    }
+}
+export async function runDoctor(parsedArgs, dependencies = {}) {
+    const report = await buildDoctorReport(parsedArgs, dependencies);
+    if (parsedArgs.flags.has("json")) {
+        printJson(report);
+        return;
+    }
+    writeDoctorReport(dependencies.stdout ?? process.stdout, report);
+}
+export async function runWhoami(parsedArgs, dependencies = {}) {
+    const report = await buildWhoamiReport(parsedArgs, dependencies);
+    if (parsedArgs.flags.has("json")) {
+        printJson(report);
+        return;
+    }
+    writeWhoamiReport(dependencies.stdout ?? process.stdout, report);
+}
+export async function runLogout(dependencies = {}) {
+    const stdout = dependencies.stdout ?? process.stdout;
+    const savedConfigs = await readSavedConfigsForLogoutCommand(dependencies);
+    for (const savedConfig of savedConfigs) {
+        await revokeSavedCliCredential(savedConfig, dependencies, stdout);
+    }
+    const result = await (dependencies.clearSavedConfig ?? clearSavedConfig)();
+    await (dependencies.clearPendingCliLoginSession ?? clearPendingCliLoginSession)();
+    stdout.write(`Removed CLI auth config at ${result.configPath}\n`);
+    stdout.write("Logged out.\n");
+}

package/dist/cli-helpers.js

@@ -0,0 +1,67 @@
+const CHANNEL_CONVERSATION_TYPE = 0;
+function isChannel(membership) {
+    return membership.conversation.type === CHANNEL_CONVERSATION_TYPE;
+}
+function normalizeForMatch(value) {
+    return value.trim().toLowerCase();
+}
+function getConversationName(membership) {
+    const conversation = membership.conversation;
+    return conversation.name ?? "";
+}
+export function compareByRecentActivity(left, right) {
+    const leftDate = new Date(left.conversation.last_message_at ?? left.conversation.updated_at).getTime();
+    const rightDate = new Date(right.conversation.last_message_at ?? right.conversation.updated_at).getTime();
+    return rightDate - leftDate;
+}
+export function resolveConversation(memberships, options) {
+    const filtered = memberships
+        .filter((membership) => {
+        if (!options.allowChannels && isChannel(membership)) {
+            return false;
+        }
+        if (!options.allowDms && !isChannel(membership)) {
+            return false;
+        }
+        return true;
+    })
+        .sort(compareByRecentActivity);
+    const normalizedQuery = normalizeForMatch(options.query);
+    const exactMatch = filtered.find((membership) => {
+        return (membership.conversation.id === options.query ||
+            normalizeForMatch(getConversationName(membership)) === normalizedQuery);
+    }) ?? null;
+    if (exactMatch != null) {
+        return exactMatch;
+    }
+    const partialMatches = filtered.filter((membership) => {
+        const fields = [
+            membership.conversation.id,
+            getConversationName(membership),
+            getConversationLabel(membership),
+        ];
+        return fields.some((value) => normalizeForMatch(value).includes(normalizedQuery));
+    });
+    if (partialMatches.length === 1) {
+        const [partialMatch] = partialMatches;
+        if (partialMatch == null) {
+            throw new Error(`No conversation matched "${options.query}".`);
+        }
+        return partialMatch;
+    }
+    if (partialMatches.length === 0) {
+        throw new Error(`No conversation matched "${options.query}".`);
+    }
+    throw new Error(`Conversation "${options.query}" is ambiguous: ${partialMatches
+        .slice(0, 8)
+        .map((membership) => getConversationLabel(membership))
+        .join(", ")}`);
+}
+function getConversationLabel(membership) {
+    const prefix = membership.conversation.type === CHANNEL_CONVERSATION_TYPE ? "#" : "@";
+    const name = getConversationName(membership);
+    if (name.length > 0) {
+        return `${prefix}${name}`;
+    }
+    return `${prefix}${membership.conversation.id}`;
+}

package/dist/cli-login-browser.js

@@ -0,0 +1,60 @@
+import { spawn } from "node:child_process";
+const BROWSER_LAUNCH_TIMEOUT_MS = 5_000;
+export async function sleep(ms) {
+    await new Promise((resolve) => {
+        setTimeout(resolve, Math.max(0, ms));
+    });
+}
+export async function openBrowser(url, platform = process.platform, launchProcess = spawn) {
+    const { args, command } = getBrowserLauncher(platform, url);
+    await new Promise((resolve, reject) => {
+        const child = launchProcess(command, args, {
+            detached: true,
+            stdio: "ignore",
+        });
+        waitForBrowserLauncher(child, command, resolve, reject);
+    });
+}
+function getBrowserLauncher(platform, url) {
+    if (platform === "darwin") {
+        return { args: [url], command: "open" };
+    }
+    if (platform === "win32") {
+        return { args: ["url.dll,FileProtocolHandler", url], command: "rundll32" };
+    }
+    return { args: [url], command: "xdg-open" };
+}
+function waitForBrowserLauncher(child, command, resolve, reject) {
+    let settled = false;
+    const settle = (callback) => {
+        if (settled) {
+            return;
+        }
+        settled = true;
+        clearTimeout(timeout);
+        child.off("error", onError);
+        child.off("close", onClose);
+        callback();
+    };
+    const onError = (error) => {
+        settle(() => reject(error));
+    };
+    const onClose = (code, signal) => {
+        settle(() => {
+            if (code === 0) {
+                resolve();
+                return;
+            }
+            reject(new Error(`${command} failed to open the browser` +
+                (code == null
+                    ? ` with signal ${signal ?? "unknown"}`
+                    : ` with exit code ${code}`)));
+        });
+    };
+    const timeout = setTimeout(() => {
+        settle(() => reject(new Error(`${command} did not finish opening the browser in time.`)));
+    }, BROWSER_LAUNCH_TIMEOUT_MS);
+    child.once("error", onError);
+    child.once("close", onClose);
+    child.unref();
+}

package/dist/cli-login-errors.js

@@ -0,0 +1,10 @@
+export class CliLoginRequestError extends Error {
+    errorCode;
+    terminal;
+    constructor(message, params = {}) {
+        super(message);
+        this.name = "CliLoginRequestError";
+        this.errorCode = params.errorCode;
+        this.terminal = params.terminal ?? false;
+    }
+}

package/dist/cli-login-paths.js

@@ -0,0 +1,8 @@
+import path from "node:path";
+import { getConfigPath, getConfigReadPaths } from "./config-paths.js";
+export function getPendingCliLoginPath(configPath = getConfigPath()) {
+    return path.join(path.dirname(configPath), "cli-login.json");
+}
+export function getPendingCliLoginPaths() {
+    return getConfigReadPaths().map(getPendingCliLoginPath);
+}

package/dist/cli-login-revoke.js

@@ -0,0 +1,100 @@
+import { CliLoginRequestError } from "./cli-login-errors.js";
+import { DEFAULT_CLI_REQUEST_TIMEOUT_MS } from "./timeouts.js";
+const REVOKE_CLI_LOGIN_API_KEY_PATH = "/auth/cli-login/revoke";
+export async function revokeCliLoginApiKey(params) {
+    const response = await postCliLoginRevokeJson({
+        apiKey: params.apiKey,
+        baseUrl: params.baseUrl,
+        fetchFn: params.fetchFn,
+    });
+    if (response.status === 200) {
+        return parseRevokeCliLoginApiKeyResponse(response.body);
+    }
+    throwRevokeResponseError(response.body);
+}
+function buildCliLoginRevokeUrl(baseUrl) {
+    return `${baseUrl.replace(/\/+$/, "")}${REVOKE_CLI_LOGIN_API_KEY_PATH}`;
+}
+async function postCliLoginRevokeJson(params) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => {
+        controller.abort();
+    }, DEFAULT_CLI_REQUEST_TIMEOUT_MS);
+    try {
+        const fetchFn = params.fetchFn ?? globalThis.fetch.bind(globalThis);
+        const response = await fetchFn(buildCliLoginRevokeUrl(params.baseUrl), {
+            headers: {
+                Accept: "application/json",
+                Authorization: `Bearer ${params.apiKey}`,
+            },
+            method: "POST",
+            signal: controller.signal,
+        });
+        const bodyText = await response.text();
+        return {
+            body: bodyText.trim() === "" ? null : parseRevokeJson(bodyText),
+            status: response.status,
+        };
+    }
+    catch (error) {
+        if (error instanceof Error && error.name === "AbortError") {
+            throw new Error(`[ando-cli] login request timed out after ${DEFAULT_CLI_REQUEST_TIMEOUT_MS}ms`, { cause: error });
+        }
+        throw error;
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+function parseRevokeJson(bodyText) {
+    try {
+        return JSON.parse(bodyText);
+    }
+    catch {
+        throw new CliLoginRequestError("Malformed CLI login response: invalid JSON.", {
+            terminal: true,
+        });
+    }
+}
+function parseRevokeCliLoginApiKeyResponse(body) {
+    const response = getRecord(body);
+    const data = getRecord(response["data"]);
+    if (response["success"] !== true) {
+        throwMalformedRevokeResponse("revoke response missing data");
+    }
+    const apiKeyId = getNonEmptyString(data, "api_key_id");
+    const revoked = data["revoked"];
+    if (apiKeyId == null || typeof revoked !== "boolean") {
+        throwMalformedRevokeResponse("revoke response missing required fields");
+    }
+    return {
+        apiKeyId,
+        revoked,
+    };
+}
+function throwRevokeResponseError(body) {
+    const response = getRecord(body);
+    const errorCode = getNonEmptyString(response, "error_code");
+    const errorMessage = getNonEmptyString(response, "error_message");
+    if (errorCode == null) {
+        throwMalformedRevokeResponse("error response missing error_code");
+    }
+    throw new CliLoginRequestError(`${errorMessage ?? "CLI login failed."} (${errorCode})`, {
+        errorCode,
+        terminal: errorCode === "invalid_api_key" || errorCode === "unsupported_api_key_type",
+    });
+}
+function throwMalformedRevokeResponse(reason) {
+    throw new CliLoginRequestError(`Malformed CLI login response: ${reason}.`, {
+        terminal: true,
+    });
+}
+function getRecord(value) {
+    return value != null && typeof value === "object" && !Array.isArray(value)
+        ? value
+        : {};
+}
+function getNonEmptyString(record, key) {
+    const value = record[key];
+    return typeof value === "string" && value.trim() !== "" ? value : null;
+}