@boltic/cli 1.0.44-dev1.1 → 1.0.44-dev1.2

package/api/integration.js

@@ -3,7 +3,6 @@ import FormData from "form-data";
 import fs from "fs";
 import https from "https";
 import { handleError } from "../helper/error.js";
-import { getSecret } from "../helper/secure-storage.js";
 import { logApi } from "../helper/verbose.js";
 
 const getHttpsAgentForUrl = (baseUrl) => {
@@ -23,33 +22,20 @@ const getHttpsAgentForUrl = (baseUrl) => {
 	return undefined;
 };
 
-const buildAuthHeaders = async (token, session) => {
-	const pat = await getSecret("pat");
-
-	// If PAT exists, prefer PAT-based auth and do not send bearer/session
-	if (pat && pat.trim()) {
-		return {
-			"x-boltic-token": pat.trim(),
-		};
-	}
-
-	// Fallback to existing Bearer + Cookie auth
-	const headers = {};
-	if (token) {
-		headers.Authorization = `Bearer ${token}`;
-	}
+// When session is absent the token is a PAT → use x-boltic-token header.
+// When session is present the token is a bearer token → use Authorization + Cookie.
+const buildAuthHeaders = (token, session) => {
 	if (session) {
+		const headers = {};
+		if (token) headers.Authorization = `Bearer ${token}`;
 		headers.Cookie = session;
+		return headers;
 	}
-	return headers;
+	return token ? { "x-boltic-token": token } : {};
 };
 
-const ensureAuthenticatedOrExit = async (accountId, token, session) => {
-	const pat = await getSecret("pat");
-	const hasPatAuth = pat && pat.trim() && accountId;
-	const hasSessionAuth = token && session && accountId;
-
-	if (!hasPatAuth && !hasSessionAuth) {
+const ensureAuthenticatedOrExit = (accountId, token) => {
+	if (!token || !accountId) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -61,8 +47,8 @@ const ensureAuthenticatedOrExit = async (accountId, token, session) => {
 
 const getIntegrationGroups = async (apiUrl, accountId, token, session) => {
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const axiosOptions = {
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integration-groups`,
@@ -87,8 +73,8 @@ const getIntegrationGroups = async (apiUrl, accountId, token, session) => {
 
 const listAllIntegrations = async (apiUrl, token, accountId, session) => {
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const axiosOptions = {
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations`,
@@ -119,8 +105,8 @@ const saveIntegration = async (
 	integration
 ) => {
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "post",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations`,
@@ -140,8 +126,8 @@ const saveIntegration = async (
 const editIntegration = async (apiUrl, token, accountId, session, payload) => {
 	const { id } = payload;
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "post",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations/${id}/edit`,
@@ -167,8 +153,8 @@ const updateIntegration = async (
 	integration
 ) => {
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const { id, ...rest } = integration;
 		const response = await axios({
 			method: "patch",
@@ -194,8 +180,8 @@ const getIntegrationById = async (
 	integrationId
 ) => {
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations/${integrationId}`,
@@ -219,8 +205,8 @@ const getAuthenticationByIntegrationId = async (
 	integrationId
 ) => {
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}integrations/${integrationId}/authentication`,
@@ -243,14 +229,7 @@ const getWebhooksByIntegrationId = async (
 	session,
 	integrationId
 ) => {
-	if (!token || !session || !accountId) {
-		console.error(
-			"\x1b[31mError:\x1b[0m Authentication credentials are required."
-		);
-		console.log("\n🔹 Please log in first using:");
-		console.log("\x1b[32m$ boltic login\x1b[0m\n");
-		process.exit(1); // Exit the CLI with an error code
-	}
+	ensureAuthenticatedOrExit(accountId, token);
 
 	try {
 		const response = await axios({
@@ -258,8 +237,7 @@ const getWebhooksByIntegrationId = async (
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}integrations/${integrationId}/webhooks`,
 			headers: {
 				"Content-Type": "application/json",
-				Authorization: `Bearer ${token}`,
-				Cookie: session,
+				...buildAuthHeaders(token, session),
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		});
@@ -277,8 +255,8 @@ const getConfigurationByIntegrationId = async (
 	integrationId
 ) => {
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}integrations/${integrationId}/configuration`,
@@ -302,8 +280,8 @@ const syncIntegration = async (
 	integration
 ) => {
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "post",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations/${integration.integration_id}/deploy`,
@@ -328,15 +306,14 @@ const sendIntegrationForReview = async (
 	integration
 ) => {
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
+		ensureAuthenticatedOrExit(accountId, token);
 		const response = await axios({
 			method: "post",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integration-reviews`,
 			data: integration,
 			headers: {
 				"Content-Type": "application/json",
-				Authorization: `Bearer ${token}`,
-				Cookie: session,
+				...buildAuthHeaders(token, session),
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		});
@@ -349,8 +326,8 @@ const sendIntegrationForReview = async (
 const purgeCache = async (apiUrl, token, accountId, session, integration) => {
 	const { integration_id } = integration;
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "post",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations/${integration_id}/cache`,
@@ -369,8 +346,8 @@ const purgeCache = async (apiUrl, token, accountId, session, integration) => {
 
 const pullIntegration = async (apiUrl, token, accountId, session, id) => {
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations/${id}/pull`,
@@ -399,8 +376,8 @@ const uploadFileToCloud = async (
 	}
 
 	try {
-		await ensureAuthenticatedOrExit(accountId, token, session);
-		const authHeaders = await buildAuthHeaders(token, session);
+		ensureAuthenticatedOrExit(accountId, token);
+		const authHeaders = buildAuthHeaders(token, session);
 		const form = new FormData();
 		form.append("files", fs.createReadStream(filePath));
 

package/api/serverless.js

@@ -22,6 +22,31 @@ const getHttpsAgentForUrl = (baseUrl) => {
 	return undefined;
 };
 
+// When session is absent the token is a PAT → use x-boltic-token header.
+// When session is present the token is a bearer token → use Authorization + Cookie.
+const buildAuthHeaders = (token, session) => {
+	if (session) {
+		const headers = {};
+		if (token) headers.Authorization = `Bearer ${token}`;
+		headers.Cookie = session;
+		return headers;
+	}
+	return token ? { "x-boltic-token": token } : {};
+};
+
+// Returns true when the user has sufficient credentials for any auth method.
+// Pass accountId when the endpoint requires it; omit (undefined) when it doesn't.
+// Passing null means "required but missing" → returns false.
+const isAuthenticated = (token, session, accountId) => {
+	if (accountId !== undefined) {
+		// PAT auth: token + accountId (no session needed)
+		// Bearer auth: token + session + accountId
+		return !!(token && accountId);
+	}
+	// For endpoints that don't need accountId: PAT needs just token, bearer needs token+session
+	return !!token;
+};
+
 const listAllServerless = async (
 	apiUrl,
 	token,
@@ -29,7 +54,7 @@ const listAllServerless = async (
 	session,
 	query = null
 ) => {
-	if (!token || !session || !accountId) {
+	if (!isAuthenticated(token, session, accountId)) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -56,8 +81,7 @@ const listAllServerless = async (
 			params,
 			headers: {
 				"Content-Type": "application/json",
-				Authorization: `Bearer ${token}`,
-				Cookie: session,
+				...buildAuthHeaders(token, session),
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		};
@@ -75,7 +99,7 @@ const listAllServerless = async (
 };
 
 const pullServerless = async (apiUrl, token, accountId, session, id) => {
-	if (!token || !session || !accountId) {
+	if (!isAuthenticated(token, session, accountId)) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -91,8 +115,7 @@ const pullServerless = async (apiUrl, token, accountId, session, id) => {
 			url,
 			headers: {
 				"Content-Type": "application/json",
-				Authorization: `Bearer ${token}`,
-				Cookie: session,
+				...buildAuthHeaders(token, session),
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		});
@@ -104,7 +127,7 @@ const pullServerless = async (apiUrl, token, accountId, session, id) => {
 };
 
 const publishServerless = async (apiUrl, token, session, payload) => {
-	if (!token || !session) {
+	if (!isAuthenticated(token, session)) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -119,8 +142,7 @@ const publishServerless = async (apiUrl, token, session, payload) => {
 			url: `${apiUrl}/service/panel/serverless/v1.0/apps`,
 			headers: {
 				"Content-Type": "application/json",
-				Authorization: `Bearer ${token}`,
-				Cookie: session,
+				...buildAuthHeaders(token, session),
 			},
 			data: payload,
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
@@ -142,7 +164,7 @@ const updateServerless = async (
 	serverlessId,
 	payload
 ) => {
-	if (!token || !session) {
+	if (!isAuthenticated(token, session)) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -157,8 +179,7 @@ const updateServerless = async (
 			url: `${apiUrl}/service/panel/serverless/v1.0/apps/${serverlessId}`,
 			headers: {
 				"Content-Type": "application/json",
-				Authorization: `Bearer ${token}`,
-				Cookie: session,
+				...buildAuthHeaders(token, session),
 			},
 			data: payload,
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
@@ -181,7 +202,7 @@ const getServerlessBuilds = async (
 	serverlessId,
 	options = {}
 ) => {
-	if (!token || !session || !accountId) {
+	if (!isAuthenticated(token, session, accountId)) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -201,8 +222,7 @@ const getServerlessBuilds = async (
 			},
 			headers: {
 				"Content-Type": "application/json",
-				Authorization: `Bearer ${token}`,
-				Cookie: session,
+				...buildAuthHeaders(token, session),
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		};
@@ -223,7 +243,7 @@ const getServerlessLogs = async (
 	serverlessId,
 	options = {}
 ) => {
-	if (!token || !session || !accountId) {
+	if (!isAuthenticated(token, session, accountId)) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -252,8 +272,7 @@ const getServerlessLogs = async (
 			params,
 			headers: {
 				"Content-Type": "application/json",
-				Authorization: `Bearer ${token}`,
-				Cookie: session,
+				...buildAuthHeaders(token, session),
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		};
@@ -274,7 +293,7 @@ const getBuildLogs = async (
 	serverlessId,
 	buildId
 ) => {
-	if (!token || !session || !accountId) {
+	if (!isAuthenticated(token, session, accountId)) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -294,8 +313,7 @@ const getBuildLogs = async (
 			},
 			headers: {
 				"Content-Type": "application/json",
-				Authorization: `Bearer ${token}`,
-				Cookie: session,
+				...buildAuthHeaders(token, session),
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		};

package/commands/login.js

@@ -234,17 +234,17 @@ async function handlePatLogin(patFromArg, accountIdFromArg) {
 	// If both values are provided via CLI flags, do not prompt at all.
 	if (pat && accountId) {
 		try {
-			await storeSecret("pat", pat);
+			await storeSecret("token", pat);
 			await storeSecret("account_id", accountId);
 			console.log(
 				chalk.green(
-					"\n✅ PAT token and Account ID stored securely. They will be used for future organization-related requests.\n"
+					"\n✅ Token and Account ID stored securely. They will be used for future organization-related requests.\n"
 				)
 			);
 		} catch (error) {
 			console.error(
 				chalk.red(
-					`\n❌ Failed to store PAT credentials: ${error.message || error}\n`
+					`\n❌ Failed to store credentials: ${error.message || error}\n`
 				)
 			);
 		}
@@ -271,7 +271,7 @@ async function handlePatLogin(patFromArg, accountIdFromArg) {
 	}
 
 	try {
-		await storeSecret("pat", pat);
+		await storeSecret("token", pat);
 		await storeSecret("account_id", accountId);
 		console.log(
 			chalk.green(

package/commands/serverless.js

@@ -267,7 +267,7 @@ async function handleCreate(args = []) {
  */
 async function checkServerlessExists(name) {
 	const env = await getCurrentEnv();
-	if (!env || !env.token || !env.session) {
+	if (!env || !env.token) {
 		return null; // Can't check without auth, let the create call handle auth error
 	}
 
@@ -379,7 +379,7 @@ async function handleCodeTypeCreate(
 
 	// Get authentication credentials
 	const env = await getCurrentEnv();
-	if (!env || !env.token || !env.session) {
+	if (!env || !env.token) {
 		console.error(chalk.red("\n❌ Not authenticated. Please login first."));
 		console.log(chalk.yellow("   Run: boltic login"));
 		return;
@@ -523,7 +523,7 @@ async function handleGitTypeCreate(
 
 	// Get authentication credentials first
 	const env = await getCurrentEnv();
-	if (!env || !env.token || !env.session) {
+	if (!env || !env.token) {
 		console.error(chalk.red("\n❌ Not authenticated. Please login first."));
 		console.log(chalk.yellow("   Run: boltic login"));
 		// Cleanup the created directory
@@ -2350,7 +2350,7 @@ async function handleStatus(args = []) {
 				lastStatus = status;
 			} else if (iteration % 3 === 0) {
 				// Show a dot every 3 iterations to indicate it's still polling
-				process.stdout.write(chalk.dim(".\n"));
+				process.stdout.write(chalk.dim("."));
 			}
 
 			// Check if we've reached a terminal state

package/helper/secure-storage.js

@@ -2,8 +2,21 @@ import keytar from "keytar";
 
 const SERVICE_NAME = "boltic-cli";
 
+// Mapping from credential keys to environment variable names.
+// In CI/headless environments where keytar (OS keychain) is unavailable,
+// these env vars are used as a fallback so commands like `boltic serverless publish`
+// work without an interactive keychain daemon.
+const ENV_VAR_MAP = {
+	token: "BOLTIC_TOKEN",
+	account_id: "BOLTIC_ACCOUNT_ID",
+	session: "BOLTIC_SESSION",
+	environment: "BOLTIC_ENVIRONMENT",
+};
+
 /**
- * Store a secret value securely using keytar
+ * Store a secret value securely using keytar.
+ * In CI/headless environments where keytar is unavailable, logs a warning
+ * instead of throwing so that env-var-based auth can still be used.
  * @param {string} key - The key under which to store the secret
  * @param {string} value - The secret value to store
  * @returns {Promise<void>}
@@ -12,23 +25,31 @@ export const storeSecret = async (key, value) => {
 	try {
 		await keytar.setPassword(SERVICE_NAME, key, value);
 	} catch (error) {
-		console.error(`Error storing secret for ${key}:`, error.message);
-		throw error;
+		// In headless/CI environments the OS keychain daemon is not available.
+		// Warn instead of throwing so callers can still rely on env var fallback.
+		console.warn(
+			`Warning: Could not store '${key}' in system keychain: ${error.message}`
+		);
+		console.warn(
+			`In CI environments, set credentials via environment variables (e.g. BOLTIC_TOKEN, BOLTIC_ACCOUNT_ID).`
+		);
 	}
 };
 
 /**
- * Retrieve a secret value using keytar
+ * Retrieve a secret value. Tries keytar first; falls back to env vars
+ * (BOLTIC_TOKEN, BOLTIC_PAT, BOLTIC_ACCOUNT_ID, etc.) when keytar is unavailable.
  * @param {string} key - The key of the secret to retrieve
  * @returns {Promise<string|null>} The secret value or null if not found
  */
 export const getSecret = async (key) => {
 	try {
-		return await keytar.getPassword(SERVICE_NAME, key);
-	} catch (error) {
-		console.error(`Error retrieving secret for ${key}:`, error.message);
-		return null;
+		const val = await keytar.getPassword(SERVICE_NAME, key);
+		if (val !== null) return val;
+	} catch {
+		// keytar unavailable (CI/headless) — fall through to env var
 	}
+	return process.env[ENV_VAR_MAP[key]] || null;
 };
 
 /**
@@ -46,17 +67,26 @@ export const deleteSecret = async (key) => {
 };
 
 /**
- * Retrieve all secrets stored using keytar
- * @returns {Promise<Array<{account: string, password: string}>|null>} An array of secret objects or null if an error occurs
+ * Retrieve all secrets. Tries keytar first; falls back to env vars when
+ * keytar is unavailable (e.g. GitHub Actions, Docker containers).
+ * @returns {Promise<Array<{account: string, password: string}>|null>}
  */
-
 export const getAllSecrets = async () => {
 	try {
-		return await keytar.findCredentials(SERVICE_NAME);
-	} catch (error) {
-		console.error(`Error retrieving all secrets:`, error.message);
-		return null;
+		const keytarSecrets = await keytar.findCredentials(SERVICE_NAME);
+		if (keytarSecrets && keytarSecrets.length > 0) return keytarSecrets;
+	} catch {
+		// keytar unavailable (CI/headless) — fall through to env vars
+	}
+
+	// Build credential list from env vars
+	const secrets = [];
+	for (const [key, envVar] of Object.entries(ENV_VAR_MAP)) {
+		if (process.env[envVar]) {
+			secrets.push({ account: key, password: process.env[envVar] });
+		}
 	}
+	return secrets.length > 0 ? secrets : null;
 };
 
 export const deleteAllSecrets = async () => {

package/helper/serverless.js

@@ -14,10 +14,10 @@ import ora from "ora";
 // Supported languages and their versions
 export const SUPPORTED_LANGUAGES = ["nodejs", "python", "golang", "java"];
 export const LANGUAGE_VERSIONS = {
-	nodejs: "24",
+	nodejs: "20",
 	python: "3",
-	golang: "1.24",
-	java: "21",
+	golang: "1.22",
+	java: "17",
 };
 
 // Handler mapping per language
@@ -935,7 +935,7 @@ public class AutogenIndex {
 function getGoModContent(appName) {
 	return `module ${appName}
 
-go 1.24
+go 1.22
 `;
 }
 
@@ -963,7 +963,7 @@ function getJavaPomXmlContent(appName) {
     <description>Boltic Serverless Function</description>
     
     <properties>
-        <java.version>21</java.version>
+        <java.version>17</java.version>
     </properties>
     
     <dependencies>
@@ -1440,7 +1440,7 @@ export function displayPublishSuccessMessage(name, response) {
 export function getPulledBolticYamlContent(serverlessData) {
 	const config = serverlessData.Config;
 	const runtime = config.Runtime || "code";
-	const language = config.CodeOpts?.Language || "nodejs/24";
+	const language = config.CodeOpts?.Language || "nodejs/20";
 	const handler =
 		HANDLER_MAPPING[language.split("/")[0]] || "handler.handler";
 

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@boltic/cli",
-	"version": "1.0.44-dev1.1",
+	"version": "1.0.44-dev1.2",
 	"description": "Professional CLI for interacting with the Boltic platform — create, manage, and publish integrations, serverless functions, workflows, MCPs, and more with enterprise-grade features and a seamless developer experience",
 	"main": "index.js",
 	"bin": {