npm - @blinkdotnew/cli - Versions diffs - 0.4.2 → 0.5.0 - Mend

@blinkdotnew/cli 0.4.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -190,35 +190,24 @@ blink usage                             # Usage breakdown
 blink usage --period month              # Monthly summary
 ```
-### Personal Access Tokens
-```bash
-blink tokens list                       # List all PATs
-blink tokens create --name "CI key"     # Create a new token (shown once)
-blink tokens revoke tok_xxx --yes       # Revoke a token
-```
 ## Authentication
-Three ways to authenticate, checked in this order:
-1. **`--token` flag** — per-command override
-2. **`BLINK_API_KEY` env var** — for CI/CD and coding agents
-3. **Config file** — saved by `blink login --interactive` at `~/.config/blink/config.toml`
-Get your API key at [blink.new/settings?tab=api-keys](https://blink.new/settings?tab=api-keys).
+Get your workspace API key from [blink.new/settings?tab=api-keys](https://blink.new/settings?tab=api-keys) (starts with `blnk_ak_`).
 ```bash
-# Interactive — saves to config file
+# Opens the API keys page in your browser, then prompts for the key
+blink login
 blink login --interactive
-# Environment variable — for CI/agents
+# Or set the env var directly (CI/agents)
 export BLINK_API_KEY=blnk_ak_...
-# Per-command
-blink deploy ./dist --prod --token blnk_ak_...
 ```
+Auth is resolved in this order:
+1. **`--token` flag** — per-command override
+2. **`BLINK_API_KEY` env var** — for CI/CD and coding agents
+3. **Config file** — saved by `blink login --interactive` at `~/.config/blink/config.toml`
 ## Project Context
 Commands that operate on a project resolve it in this order:

package/dist/cli.js CHANGED Viewed

@@ -2074,12 +2074,113 @@ After linking, most commands work without specifying a project_id:
 // src/commands/auth.ts
 import chalk10 from "chalk";
+import { createServer } from "http";
+var TIMEOUT_MS = 12e4;
+function getBaseUrl() {
+  return process.env.BLINK_APP_URL || "https://blink.new";
+}
+function generateState() {
+  return Math.random().toString(36).slice(2) + Date.now().toString(36);
+}
+function findFreePort() {
+  return new Promise((resolve, reject) => {
+    const srv = createServer();
+    srv.listen(0, "127.0.0.1", () => {
+      const port = srv.address().port;
+      srv.close(() => resolve(port));
+    });
+    srv.on("error", reject);
+  });
+}
+function callbackHtml() {
+  return `<!DOCTYPE html><html><head><meta charset="utf-8"><title>Blink CLI</title>
+<style>body{font-family:system-ui,sans-serif;display:flex;justify-content:center;align-items:center;min-height:100vh;margin:0;background:#fafafa;color:#111}
+.card{text-align:center;padding:3rem;border-radius:12px;background:#fff;box-shadow:0 1px 3px rgba(0,0,0,.08)}
+h1{font-size:1.5rem;margin:0 0 .5rem}p{color:#666;margin:0}</style></head>
+<body><div class="card"><h1>\u2713 CLI authorized</h1><p>You can close this tab.</p></div></body></html>`;
+}
+function parseCallback(url) {
+  const params = new URL(url, "http://localhost").searchParams;
+  const key = params.get("key");
+  const workspace_id = params.get("workspace_id");
+  const workspace_name = params.get("workspace_name");
+  const email = params.get("email");
+  if (!key || !workspace_id || !workspace_name || !email) return null;
+  return { key, workspace_id, workspace_name, email };
+}
+function startCallbackServer(port, expectedState) {
+  let resolveCb;
+  let rejectCb;
+  const promise = new Promise((res, rej) => {
+    resolveCb = res;
+    rejectCb = rej;
+  });
+  const server = createServer((req, res) => {
+    if (!req.url?.startsWith("/callback")) {
+      res.writeHead(404).end();
+      return;
+    }
+    const state = new URL(req.url, "http://localhost").searchParams.get("state");
+    if (state !== expectedState) {
+      res.writeHead(403).end("State mismatch");
+      rejectCb(new Error("State mismatch \u2014 possible CSRF. Try again."));
+      return;
+    }
+    const result = parseCallback(req.url);
+    if (!result) {
+      res.writeHead(400).end("Missing parameters");
+      rejectCb(new Error("Incomplete callback \u2014 missing parameters."));
+      return;
+    }
+    res.writeHead(200, { "Content-Type": "text/html" }).end(callbackHtml());
+    resolveCb(result);
+  });
+  server.listen(port, "127.0.0.1");
+  return { promise, close: () => server.close() };
+}
+async function openBrowserLogin(port, state) {
+  const url = `${getBaseUrl()}/auth/cli?port=${port}&state=${state}`;
+  const open = await import("open").then((m) => m.default).catch(() => null);
+  if (open) await open(url).catch(() => {
+  });
+  console.log(chalk10.dim(`  ${url}
+`));
+}
+async function waitForCallback(promise) {
+  return Promise.race([
+    promise,
+    new Promise(
+      (_, reject) => setTimeout(() => reject(new Error("Timed out after 120s \u2014 no callback received.")), TIMEOUT_MS)
+    )
+  ]);
+}
+async function browserLogin() {
+  const state = generateState();
+  const port = await findFreePort();
+  const { promise, close } = startCallbackServer(port, state);
+  console.log(chalk10.bold("\n  Opening browser to authorize...\n"));
+  await openBrowserLogin(port, state);
+  const result = await waitForCallback(promise).finally(close);
+  writeConfig({ api_key: result.key, workspace_id: result.workspace_id });
+  console.log(chalk10.green("\u2713") + ` Logged in as ${chalk10.bold(result.email)} (${result.workspace_name})`);
+}
+async function interactiveLogin() {
+  const { password } = await import("@clack/prompts");
+  const apiKey = await password({ message: "Paste your API key (blnk_ak_...):" });
+  if (!apiKey?.startsWith("blnk_ak_")) {
+    console.error("Error: API key must start with blnk_ak_");
+    process.exit(1);
+  }
+  writeConfig({ api_key: apiKey });
+  console.log(chalk10.green("\u2713") + " Saved to ~/.config/blink/config.toml");
+}
 function registerAuthCommands(program2) {
   program2.command("login").description("Authenticate with your Blink API key").option("--interactive", "Prompt for API key (for headless/SSH/CI environments)").addHelpText("after", `
 Get your API key at: blink.new \u2192 Settings \u2192 API Keys  (starts with blnk_ak_)
 Examples:
-  $ blink login --interactive          Saves key to ~/.config/blink/config.toml
+  $ blink login                     Opens browser for one-click auth
+  $ blink login --interactive       Paste key manually (headless/SSH/CI)
   $ export BLINK_API_KEY=blnk_ak_...  Alternative: set env var directly (no login needed)
 In Blink Claw agents: BLINK_API_KEY is already set \u2014 login is not needed.
@@ -2089,28 +2190,8 @@ For CI/GitHub Actions: set BLINK_API_KEY as a secret, skip login entirely.
       console.log(chalk10.green("\u2713") + " Already authenticated via BLINK_API_KEY env var.");
       return;
     }
-    const url = "https://blink.new/settings?tab=api-keys";
-    if (!opts.interactive) {
-      console.log(chalk10.bold("\n  Open this page to get your API key:\n"));
-      console.log(`  ${chalk10.cyan(url)}
-`);
-      const open = await import("open").then((m) => m.default).catch(() => null);
-      if (open) {
-        await open(url).catch(() => {
-        });
-        console.log(chalk10.dim("  (opened in browser)"));
-      }
-      console.log(chalk10.dim("  Then run: blink login --interactive\n"));
-      return;
-    }
-    const { password } = await import("@clack/prompts");
-    const apiKey = await password({ message: "Paste your API key (blnk_ak_...):" });
-    if (!apiKey?.startsWith("blnk_ak_")) {
-      console.error("Error: API key must start with blnk_ak_");
-      process.exit(1);
-    }
-    writeConfig({ api_key: apiKey });
-    console.log(chalk10.green("\u2713") + " Saved to ~/.config/blink/config.toml");
+    if (opts.interactive) return interactiveLogin();
+    return browserLogin();
   });
   program2.command("logout").description("Remove stored credentials").action(() => {
     clearConfig();
@@ -2119,7 +2200,7 @@ For CI/GitHub Actions: set BLINK_API_KEY as a secret, skip login entirely.
   program2.command("whoami").description("Show current authentication status and key info").action(async () => {
     const token = resolveToken();
     if (!token) {
-      console.error("Error: Not authenticated. Run `blink login --interactive` or set BLINK_API_KEY.");
+      console.error("Error: Not authenticated. Run `blink login` or set BLINK_API_KEY.");
       process.exit(1);
     }
     if (isJsonMode()) {
@@ -3706,12 +3787,12 @@ var pkg = require2("../package.json");
 var program = new Command();
 program.name("blink").description("Blink platform CLI \u2014 build, deploy, and manage AI-powered apps").version(pkg.version).option("--token <key>", "Override API token for this command").option("--json", "Machine-readable JSON output (no colors, great for scripting)").option("-y, --yes", "Skip confirmation prompts").option("--debug", "Verbose request logging").option("--profile <name>", "Use named config profile from ~/.config/blink/config.toml").addHelpText("after", `
 Auth:
-  API key lives at blink.new \u2192 Settings \u2192 API Keys (starts with blnk_ak_)
-  $ blink login --interactive          Save your API key to ~/.config/blink/config.toml
-  $ export BLINK_API_KEY=blnk_ak_...  Or set env var directly (used in CI/agents)
+  $ blink login                        Opens blink.new to copy your API key
+  $ blink login --interactive          Paste and save key to ~/.config/blink/config.toml
+  $ export BLINK_API_KEY=blnk_ak_...  Or set env var directly (CI/agents)
 Quick Start:
-  $ blink login --interactive          Authenticate
+  $ blink login                        Get your workspace API key
   $ blink link                         Link current dir to a project (interactive picker)
   $ npm run build && blink deploy ./dist --prod   Build then deploy to production
@@ -3836,11 +3917,6 @@ Billing:
   $ blink credits                              Check credit balance
   $ blink usage                                Usage breakdown
-Tokens (Personal Access Tokens):
-  $ blink tokens list                          List PATs
-  $ blink tokens create --name "CI"            Create PAT (shown once!)
-  $ blink tokens revoke <id> --yes             Revoke a PAT
 Init:
   $ blink init                                 Create project + link to current dir
   $ blink init --name "My App"                 Create with custom name

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@blinkdotnew/cli",
-  "version": "0.4.2",
+  "version": "0.5.0",
   "description": "Blink CLI — full-stack cloud infrastructure from your terminal. Deploy, database, auth, storage, backend, domains, and more.",
   "bin": {
     "blink": "dist/cli.js"

package/src/cli.ts CHANGED Viewed

@@ -28,6 +28,8 @@ import { registerInitCommands } from './commands/init.js'
 import { registerWorkspaceCommands } from './commands/workspace.js'
 import { registerVersionCommands } from './commands/versions.js'
 import { registerBillingCommands } from './commands/billing.js'
+// PAT tokens are deprecated in favor of workspace API keys (blnk_ak_*).
+// The tokens command is kept for backward compat but hidden from help.
 import { registerTokenCommands } from './commands/tokens.js'
 const require = createRequire(import.meta.url)
@@ -46,12 +48,12 @@ program
   .option('--profile <name>', 'Use named config profile from ~/.config/blink/config.toml')
   .addHelpText('after', `
 Auth:
-  API key lives at blink.new → Settings → API Keys (starts with blnk_ak_)
-  $ blink login --interactive          Save your API key to ~/.config/blink/config.toml
-  $ export BLINK_API_KEY=blnk_ak_...  Or set env var directly (used in CI/agents)
+  $ blink login                        Opens blink.new to copy your API key
+  $ blink login --interactive          Paste and save key to ~/.config/blink/config.toml
+  $ export BLINK_API_KEY=blnk_ak_...  Or set env var directly (CI/agents)
 Quick Start:
-  $ blink login --interactive          Authenticate
+  $ blink login                        Get your workspace API key
   $ blink link                         Link current dir to a project (interactive picker)
   $ npm run build && blink deploy ./dist --prod   Build then deploy to production
@@ -176,11 +178,6 @@ Billing:
   $ blink credits                              Check credit balance
   $ blink usage                                Usage breakdown
-Tokens (Personal Access Tokens):
-  $ blink tokens list                          List PATs
-  $ blink tokens create --name "CI"            Create PAT (shown once!)
-  $ blink tokens revoke <id> --yes             Revoke a PAT
 Init:
   $ blink init                                 Create project + link to current dir
   $ blink init --name "My App"                 Create with custom name

package/src/commands/auth.ts CHANGED Viewed

@@ -1,9 +1,132 @@
 import { Command } from 'commander'
-import { appRequest } from '../lib/api-app.js'
-import { requireToken, resolveToken } from '../lib/auth.js'
+import { resolveToken } from '../lib/auth.js'
 import { writeConfig, clearConfig } from '../lib/config.js'
 import { printJson, isJsonMode } from '../lib/output.js'
 import chalk from 'chalk'
+import { createServer, type IncomingMessage, type ServerResponse } from 'node:http'
+import type { AddressInfo } from 'node:net'
+const TIMEOUT_MS = 120_000
+interface CallbackResult {
+  key: string
+  workspace_id: string
+  workspace_name: string
+  email: string
+}
+function getBaseUrl(): string {
+  return process.env.BLINK_APP_URL || 'https://blink.new'
+}
+function generateState(): string {
+  return Math.random().toString(36).slice(2) + Date.now().toString(36)
+}
+function findFreePort(): Promise<number> {
+  return new Promise((resolve, reject) => {
+    const srv = createServer()
+    srv.listen(0, '127.0.0.1', () => {
+      const port = (srv.address() as AddressInfo).port
+      srv.close(() => resolve(port))
+    })
+    srv.on('error', reject)
+  })
+}
+function callbackHtml(): string {
+  return `<!DOCTYPE html><html><head><meta charset="utf-8"><title>Blink CLI</title>
+<style>body{font-family:system-ui,sans-serif;display:flex;justify-content:center;align-items:center;min-height:100vh;margin:0;background:#fafafa;color:#111}
+.card{text-align:center;padding:3rem;border-radius:12px;background:#fff;box-shadow:0 1px 3px rgba(0,0,0,.08)}
+h1{font-size:1.5rem;margin:0 0 .5rem}p{color:#666;margin:0}</style></head>
+<body><div class="card"><h1>✓ CLI authorized</h1><p>You can close this tab.</p></div></body></html>`
+}
+function parseCallback(url: string): CallbackResult | null {
+  const params = new URL(url, 'http://localhost').searchParams
+  const key = params.get('key')
+  const workspace_id = params.get('workspace_id')
+  const workspace_name = params.get('workspace_name')
+  const email = params.get('email')
+  if (!key || !workspace_id || !workspace_name || !email) return null
+  return { key, workspace_id, workspace_name, email }
+}
+function startCallbackServer(
+  port: number,
+  expectedState: string,
+): { promise: Promise<CallbackResult>; close: () => void } {
+  let resolveCb: (v: CallbackResult) => void
+  let rejectCb: (e: Error) => void
+  const promise = new Promise<CallbackResult>((res, rej) => { resolveCb = res; rejectCb = rej })
+  const server = createServer((req: IncomingMessage, res: ServerResponse) => {
+    if (!req.url?.startsWith('/callback')) {
+      res.writeHead(404).end()
+      return
+    }
+    const state = new URL(req.url, 'http://localhost').searchParams.get('state')
+    if (state !== expectedState) {
+      res.writeHead(403).end('State mismatch')
+      rejectCb(new Error('State mismatch — possible CSRF. Try again.'))
+      return
+    }
+    const result = parseCallback(req.url)
+    if (!result) {
+      res.writeHead(400).end('Missing parameters')
+      rejectCb(new Error('Incomplete callback — missing parameters.'))
+      return
+    }
+    res.writeHead(200, { 'Content-Type': 'text/html' }).end(callbackHtml())
+    resolveCb(result)
+  })
+  server.listen(port, '127.0.0.1')
+  return { promise, close: () => server.close() }
+}
+async function openBrowserLogin(port: number, state: string) {
+  const url = `${getBaseUrl()}/auth/cli?port=${port}&state=${state}`
+  const open = await import('open').then(m => m.default).catch(() => null)
+  if (open) await open(url).catch(() => {})
+  console.log(chalk.dim(`  ${url}\n`))
+}
+async function waitForCallback(
+  promise: Promise<CallbackResult>,
+): Promise<CallbackResult> {
+  return Promise.race([
+    promise,
+    new Promise<never>((_, reject) =>
+      setTimeout(() => reject(new Error('Timed out after 120s — no callback received.')), TIMEOUT_MS),
+    ),
+  ])
+}
+async function browserLogin() {
+  const state = generateState()
+  const port = await findFreePort()
+  const { promise, close } = startCallbackServer(port, state)
+  console.log(chalk.bold('\n  Opening browser to authorize...\n'))
+  await openBrowserLogin(port, state)
+  const result = await waitForCallback(promise).finally(close)
+  writeConfig({ api_key: result.key, workspace_id: result.workspace_id })
+  console.log(chalk.green('✓') + ` Logged in as ${chalk.bold(result.email)} (${result.workspace_name})`)
+}
+async function interactiveLogin() {
+  const { password } = await import('@clack/prompts')
+  const apiKey = await password({ message: 'Paste your API key (blnk_ak_...):' }) as string
+  if (!apiKey?.startsWith('blnk_ak_')) {
+    console.error('Error: API key must start with blnk_ak_')
+    process.exit(1)
+  }
+  writeConfig({ api_key: apiKey })
+  console.log(chalk.green('✓') + ' Saved to ~/.config/blink/config.toml')
+}
 export function registerAuthCommands(program: Command) {
   program.command('login')
@@ -13,7 +136,8 @@ export function registerAuthCommands(program: Command) {
 Get your API key at: blink.new → Settings → API Keys  (starts with blnk_ak_)
 Examples:
-  $ blink login --interactive          Saves key to ~/.config/blink/config.toml
+  $ blink login                     Opens browser for one-click auth
+  $ blink login --interactive       Paste key manually (headless/SSH/CI)
   $ export BLINK_API_KEY=blnk_ak_...  Alternative: set env var directly (no login needed)
 In Blink Claw agents: BLINK_API_KEY is already set — login is not needed.
@@ -24,28 +148,8 @@ For CI/GitHub Actions: set BLINK_API_KEY as a secret, skip login entirely.
         console.log(chalk.green('✓') + ' Already authenticated via BLINK_API_KEY env var.')
         return
       }
-      const url = 'https://blink.new/settings?tab=api-keys'
-      if (!opts.interactive) {
-        console.log(chalk.bold('\n  Open this page to get your API key:\n'))
-        console.log(`  ${chalk.cyan(url)}\n`)
-        const open = await import('open').then(m => m.default).catch(() => null)
-        if (open) {
-          await open(url).catch(() => {})
-          console.log(chalk.dim('  (opened in browser)'))
-        }
-        console.log(chalk.dim('  Then run: blink login --interactive\n'))
-        return
-      }
-      const { password } = await import('@clack/prompts')
-      const apiKey = await password({ message: 'Paste your API key (blnk_ak_...):' }) as string
-      if (!apiKey?.startsWith('blnk_ak_')) {
-        console.error('Error: API key must start with blnk_ak_')
-        process.exit(1)
-      }
-      writeConfig({ api_key: apiKey })
-      console.log(chalk.green('✓') + ' Saved to ~/.config/blink/config.toml')
+      if (opts.interactive) return interactiveLogin()
+      return browserLogin()
     })
   program.command('logout')
@@ -60,7 +164,7 @@ For CI/GitHub Actions: set BLINK_API_KEY as a secret, skip login entirely.
     .action(async () => {
       const token = resolveToken()
       if (!token) {
-        console.error('Error: Not authenticated. Run `blink login --interactive` or set BLINK_API_KEY.')
+        console.error('Error: Not authenticated. Run `blink login` or set BLINK_API_KEY.')
         process.exit(1)
       }