@boltic/cli 1.0.44-dev1.3 → 1.0.44

package/api/integration.js

@@ -3,7 +3,8 @@ import FormData from "form-data";
 import fs from "fs";
 import https from "https";
 import { handleError } from "../helper/error.js";
-import { logApi } from "../helper/verbose.js";
+import { getSecret } from "../helper/secure-storage.js";
+import { logApi, logApiRequest, logApiResponse } from "../helper/verbose.js";
 
 const getHttpsAgentForUrl = (baseUrl) => {
 	try {
@@ -22,20 +23,33 @@ const getHttpsAgentForUrl = (baseUrl) => {
 	return undefined;
 };
 
-// When session is absent the token is a PAT → use x-boltic-token header.
-// When session is present the token is a bearer token → use Authorization + Cookie.
-const buildAuthHeaders = (token, session) => {
+const buildAuthHeaders = async (token, session) => {
+	const pat = await getSecret("pat");
+
+	// If PAT exists, prefer PAT-based auth and do not send bearer/session
+	if (pat && pat.trim()) {
+		return {
+			"x-boltic-token": pat.trim(),
+		};
+	}
+
+	// Fallback to existing Bearer + Cookie auth
+	const headers = {};
+	if (token) {
+		headers.Authorization = `Bearer ${token}`;
+	}
 	if (session) {
-		const headers = {};
-		if (token) headers.Authorization = `Bearer ${token}`;
 		headers.Cookie = session;
-		return headers;
 	}
-	return token ? { "x-boltic-token": token } : {};
+	return headers;
 };
 
-const ensureAuthenticatedOrExit = (accountId, token) => {
-	if (!token || !accountId) {
+const ensureAuthenticatedOrExit = async (accountId, token, session) => {
+	const pat = await getSecret("pat");
+	const hasPatAuth = pat && pat.trim() && accountId;
+	const hasSessionAuth = token && session && accountId;
+
+	if (!hasPatAuth && !hasSessionAuth) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -47,8 +61,8 @@ const ensureAuthenticatedOrExit = (accountId, token) => {
 
 const getIntegrationGroups = async (apiUrl, accountId, token, session) => {
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
 		const axiosOptions = {
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integration-groups`,
@@ -73,8 +87,8 @@ const getIntegrationGroups = async (apiUrl, accountId, token, session) => {
 
 const listAllIntegrations = async (apiUrl, token, accountId, session) => {
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
 		const axiosOptions = {
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations`,
@@ -105,8 +119,8 @@ const saveIntegration = async (
 	integration
 ) => {
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "post",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations`,
@@ -125,12 +139,14 @@ const saveIntegration = async (
 
 const editIntegration = async (apiUrl, token, accountId, session, payload) => {
 	const { id } = payload;
+	const url = `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations/${id}/edit`;
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
+		logApiRequest("post", url, payload);
 		const response = await axios({
 			method: "post",
-			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations/${id}/edit`,
+			url,
 			data: payload,
 			headers: {
 				"Content-Type": "application/json",
@@ -138,9 +154,10 @@ const editIntegration = async (apiUrl, token, accountId, session, payload) => {
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		});
-
+		logApiResponse(response.status, response.data);
 		return response.data.data;
 	} catch (error) {
+		logApiResponse(error.response?.status, error.response?.data);
 		handleError(error);
 	}
 };
@@ -153,8 +170,8 @@ const updateIntegration = async (
 	integration
 ) => {
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
 		const { id, ...rest } = integration;
 		const response = await axios({
 			method: "patch",
@@ -180,8 +197,8 @@ const getIntegrationById = async (
 	integrationId
 ) => {
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations/${integrationId}`,
@@ -205,8 +222,8 @@ const getAuthenticationByIntegrationId = async (
 	integrationId
 ) => {
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}integrations/${integrationId}/authentication`,
@@ -229,7 +246,14 @@ const getWebhooksByIntegrationId = async (
 	session,
 	integrationId
 ) => {
-	ensureAuthenticatedOrExit(accountId, token);
+	if (!token || !session || !accountId) {
+		console.error(
+			"\x1b[31mError:\x1b[0m Authentication credentials are required."
+		);
+		console.log("\n🔹 Please log in first using:");
+		console.log("\x1b[32m$ boltic login\x1b[0m\n");
+		process.exit(1); // Exit the CLI with an error code
+	}
 
 	try {
 		const response = await axios({
@@ -237,7 +261,8 @@ const getWebhooksByIntegrationId = async (
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}integrations/${integrationId}/webhooks`,
 			headers: {
 				"Content-Type": "application/json",
-				...buildAuthHeaders(token, session),
+				Authorization: `Bearer ${token}`,
+				Cookie: session,
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		});
@@ -255,8 +280,8 @@ const getConfigurationByIntegrationId = async (
 	integrationId
 ) => {
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}integrations/${integrationId}/configuration`,
@@ -280,8 +305,8 @@ const syncIntegration = async (
 	integration
 ) => {
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "post",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations/${integration.integration_id}/deploy`,
@@ -306,14 +331,15 @@ const sendIntegrationForReview = async (
 	integration
 ) => {
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
+		await ensureAuthenticatedOrExit(accountId, token, session);
 		const response = await axios({
 			method: "post",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integration-reviews`,
 			data: integration,
 			headers: {
 				"Content-Type": "application/json",
-				...buildAuthHeaders(token, session),
+				Authorization: `Bearer ${token}`,
+				Cookie: session,
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		});
@@ -326,8 +352,8 @@ const sendIntegrationForReview = async (
 const purgeCache = async (apiUrl, token, accountId, session, integration) => {
 	const { integration_id } = integration;
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "post",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations/${integration_id}/cache`,
@@ -346,8 +372,8 @@ const purgeCache = async (apiUrl, token, accountId, session, integration) => {
 
 const pullIntegration = async (apiUrl, token, accountId, session, id) => {
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
 		const response = await axios({
 			method: "get",
 			url: `${apiUrl}/service/panel/automation/v1.0/${accountId}/integrations/${id}/pull`,
@@ -376,8 +402,8 @@ const uploadFileToCloud = async (
 	}
 
 	try {
-		ensureAuthenticatedOrExit(accountId, token);
-		const authHeaders = buildAuthHeaders(token, session);
+		await ensureAuthenticatedOrExit(accountId, token, session);
+		const authHeaders = await buildAuthHeaders(token, session);
 		const form = new FormData();
 		form.append("files", fs.createReadStream(filePath));
 

package/api/serverless.js

@@ -22,31 +22,6 @@ const getHttpsAgentForUrl = (baseUrl) => {
 	return undefined;
 };
 
-// When session is absent the token is a PAT → use x-boltic-token header.
-// When session is present the token is a bearer token → use Authorization + Cookie.
-const buildAuthHeaders = (token, session) => {
-	if (session) {
-		const headers = {};
-		if (token) headers.Authorization = `Bearer ${token}`;
-		headers.Cookie = session;
-		return headers;
-	}
-	return token ? { "x-boltic-token": token } : {};
-};
-
-// Returns true when the user has sufficient credentials for any auth method.
-// Pass accountId when the endpoint requires it; omit (undefined) when it doesn't.
-// Passing null means "required but missing" → returns false.
-const isAuthenticated = (token, session, accountId) => {
-	if (accountId !== undefined) {
-		// PAT auth: token + accountId (no session needed)
-		// Bearer auth: token + session + accountId
-		return !!(token && accountId);
-	}
-	// For endpoints that don't need accountId: PAT needs just token, bearer needs token+session
-	return !!token;
-};
-
 const listAllServerless = async (
 	apiUrl,
 	token,
@@ -54,7 +29,7 @@ const listAllServerless = async (
 	session,
 	query = null
 ) => {
-	if (!isAuthenticated(token, session, accountId)) {
+	if (!token || !session || !accountId) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -81,7 +56,8 @@ const listAllServerless = async (
 			params,
 			headers: {
 				"Content-Type": "application/json",
-				...buildAuthHeaders(token, session),
+				Authorization: `Bearer ${token}`,
+				Cookie: session,
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		};
@@ -99,7 +75,7 @@ const listAllServerless = async (
 };
 
 const pullServerless = async (apiUrl, token, accountId, session, id) => {
-	if (!isAuthenticated(token, session, accountId)) {
+	if (!token || !session || !accountId) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -115,7 +91,8 @@ const pullServerless = async (apiUrl, token, accountId, session, id) => {
 			url,
 			headers: {
 				"Content-Type": "application/json",
-				...buildAuthHeaders(token, session),
+				Authorization: `Bearer ${token}`,
+				Cookie: session,
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		});
@@ -127,7 +104,7 @@ const pullServerless = async (apiUrl, token, accountId, session, id) => {
 };
 
 const publishServerless = async (apiUrl, token, session, payload) => {
-	if (!isAuthenticated(token, session)) {
+	if (!token || !session) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -142,7 +119,8 @@ const publishServerless = async (apiUrl, token, session, payload) => {
 			url: `${apiUrl}/service/panel/serverless/v1.0/apps`,
 			headers: {
 				"Content-Type": "application/json",
-				...buildAuthHeaders(token, session),
+				Authorization: `Bearer ${token}`,
+				Cookie: session,
 			},
 			data: payload,
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
@@ -164,7 +142,7 @@ const updateServerless = async (
 	serverlessId,
 	payload
 ) => {
-	if (!isAuthenticated(token, session)) {
+	if (!token || !session) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -179,7 +157,8 @@ const updateServerless = async (
 			url: `${apiUrl}/service/panel/serverless/v1.0/apps/${serverlessId}`,
 			headers: {
 				"Content-Type": "application/json",
-				...buildAuthHeaders(token, session),
+				Authorization: `Bearer ${token}`,
+				Cookie: session,
 			},
 			data: payload,
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
@@ -202,7 +181,7 @@ const getServerlessBuilds = async (
 	serverlessId,
 	options = {}
 ) => {
-	if (!isAuthenticated(token, session, accountId)) {
+	if (!token || !session || !accountId) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -222,7 +201,8 @@ const getServerlessBuilds = async (
 			},
 			headers: {
 				"Content-Type": "application/json",
-				...buildAuthHeaders(token, session),
+				Authorization: `Bearer ${token}`,
+				Cookie: session,
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		};
@@ -243,7 +223,7 @@ const getServerlessLogs = async (
 	serverlessId,
 	options = {}
 ) => {
-	if (!isAuthenticated(token, session, accountId)) {
+	if (!token || !session || !accountId) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -272,7 +252,8 @@ const getServerlessLogs = async (
 			params,
 			headers: {
 				"Content-Type": "application/json",
-				...buildAuthHeaders(token, session),
+				Authorization: `Bearer ${token}`,
+				Cookie: session,
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		};
@@ -293,7 +274,7 @@ const getBuildLogs = async (
 	serverlessId,
 	buildId
 ) => {
-	if (!isAuthenticated(token, session, accountId)) {
+	if (!token || !session || !accountId) {
 		console.error(
 			"\x1b[31mError:\x1b[0m Authentication credentials are required."
 		);
@@ -313,7 +294,8 @@ const getBuildLogs = async (
 			},
 			headers: {
 				"Content-Type": "application/json",
-				...buildAuthHeaders(token, session),
+				Authorization: `Bearer ${token}`,
+				Cookie: session,
 			},
 			httpsAgent: getHttpsAgentForUrl(apiUrl),
 		};

package/commands/login.js

@@ -234,17 +234,17 @@ async function handlePatLogin(patFromArg, accountIdFromArg) {
 	// If both values are provided via CLI flags, do not prompt at all.
 	if (pat && accountId) {
 		try {
-			await storeSecret("token", pat);
+			await storeSecret("pat", pat);
 			await storeSecret("account_id", accountId);
 			console.log(
 				chalk.green(
-					"\n✅ Token and Account ID stored securely. They will be used for future organization-related requests.\n"
+					"\n✅ PAT token and Account ID stored securely. They will be used for future organization-related requests.\n"
 				)
 			);
 		} catch (error) {
 			console.error(
 				chalk.red(
-					`\n❌ Failed to store credentials: ${error.message || error}\n`
+					`\n❌ Failed to store PAT credentials: ${error.message || error}\n`
 				)
 			);
 		}
@@ -271,7 +271,7 @@ async function handlePatLogin(patFromArg, accountIdFromArg) {
 	}
 
 	try {
-		await storeSecret("token", pat);
+		await storeSecret("pat", pat);
 		await storeSecret("account_id", accountId);
 		console.log(
 			chalk.green(

package/commands/serverless.js

@@ -267,7 +267,7 @@ async function handleCreate(args = []) {
  */
 async function checkServerlessExists(name) {
 	const env = await getCurrentEnv();
-	if (!env || !env.token) {
+	if (!env || !env.token || !env.session) {
 		return null; // Can't check without auth, let the create call handle auth error
 	}
 
@@ -379,7 +379,7 @@ async function handleCodeTypeCreate(
 
 	// Get authentication credentials
 	const env = await getCurrentEnv();
-	if (!env || !env.token) {
+	if (!env || !env.token || !env.session) {
 		console.error(chalk.red("\n❌ Not authenticated. Please login first."));
 		console.log(chalk.yellow("   Run: boltic login"));
 		return;
@@ -523,7 +523,7 @@ async function handleGitTypeCreate(
 
 	// Get authentication credentials first
 	const env = await getCurrentEnv();
-	if (!env || !env.token) {
+	if (!env || !env.token || !env.session) {
 		console.error(chalk.red("\n❌ Not authenticated. Please login first."));
 		console.log(chalk.yellow("   Run: boltic login"));
 		// Cleanup the created directory

package/helper/error.js

@@ -6,10 +6,49 @@ const ErrorType = {
 	NETWORK_ERROR: "NETWORK_ERROR",
 	AUTH_ERROR: "AUTH_ERROR",
 	VALIDATION_ERROR: "VALIDATION_ERROR",
+	NOT_FOUND_ERROR: "NOT_FOUND_ERROR",
 	CONFIG_ERROR: "CONFIG_ERROR",
 	UNKNOWN_ERROR: "UNKNOWN_ERROR",
 };
 
+/**
+ * Extract the most meaningful error message from an API response body.
+ * Checks every known backend format before giving up.
+ */
+const extractApiMessage = (data) => {
+	if (!data) return null;
+	if (typeof data === "string") return data;
+
+	// Backend standard: { error: { message } }
+	if (data.error?.message) return data.error.message;
+
+	// Flat: { message }
+	if (typeof data.message === "string") return data.message;
+
+	// Validation array in meta: { error: { meta: { errors: [...] } } }
+	if (data.error?.meta?.errors?.length) {
+		return data.error.meta.errors
+			.map((e) =>
+				typeof e === "string" ? e : e.message || JSON.stringify(e)
+			)
+			.join("; ");
+	}
+
+	// Top-level errors array: { errors: [...] }
+	if (Array.isArray(data.errors) && data.errors.length) {
+		return data.errors
+			.map((e) =>
+				typeof e === "string" ? e : e.message || JSON.stringify(e)
+			)
+			.join("; ");
+	}
+
+	// Fallback: { detail } (some frameworks)
+	if (typeof data.detail === "string") return data.detail;
+
+	return null;
+};
+
 // Format error message based on error type and response
 const formatErrorMessage = (error) => {
 	if (!error)
@@ -21,14 +60,14 @@ const formatErrorMessage = (error) => {
 	// Handle API response errors
 	if (error.response) {
 		const { status, data } = error.response;
+		const apiMessage = extractApiMessage(data);
 
 		// Authentication errors
 		if (status === 401 || status === 403) {
 			return {
 				type: ErrorType.AUTH_ERROR,
 				message:
-					data.message ||
-					"Authentication failed. Please login again.",
+					apiMessage || "Authentication failed. Please login again.",
 			};
 		}
 
@@ -37,7 +76,25 @@ const formatErrorMessage = (error) => {
 			return {
 				type: ErrorType.VALIDATION_ERROR,
 				message:
-					data.message || "Invalid request. Please check your input.",
+					apiMessage || "Invalid request. Please check your input.",
+			};
+		}
+
+		// Not found errors
+		if (status === 404) {
+			return {
+				type: ErrorType.NOT_FOUND_ERROR,
+				message: apiMessage || "The requested resource was not found.",
+			};
+		}
+
+		// Conflict errors
+		if (status === 409) {
+			return {
+				type: ErrorType.API_ERROR,
+				message:
+					apiMessage ||
+					"A conflict occurred with the current state of the resource.",
 			};
 		}
 
@@ -46,7 +103,7 @@ const formatErrorMessage = (error) => {
 			return {
 				type: ErrorType.API_ERROR,
 				message:
-					error.response?.data?.error?.message ||
+					apiMessage ||
 					"Server error occurred. Please try again later.",
 			};
 		}
@@ -54,7 +111,7 @@ const formatErrorMessage = (error) => {
 		// Default API error
 		return {
 			type: ErrorType.API_ERROR,
-			message: data.message || `API Error: ${status}`,
+			message: apiMessage || `API Error: ${status}`,
 		};
 	}
 
@@ -67,6 +124,14 @@ const formatErrorMessage = (error) => {
 		};
 	}
 
+	// Timeout errors
+	if (error.code === "ECONNABORTED" || error.code === "ETIMEDOUT") {
+		return {
+			type: ErrorType.NETWORK_ERROR,
+			message: "Request timed out. Please try again.",
+		};
+	}
+
 	// Configuration errors
 	if (error.code === "ENOENT") {
 		return {
@@ -86,37 +151,32 @@ const formatErrorMessage = (error) => {
 const handleError = (error) => {
 	const formattedError = formatErrorMessage(error);
 
-	switch (formattedError.type) {
-		case ErrorType.AUTH_ERROR:
-			console.error(
-				chalk.red("\n❌ Authentication Error:"),
-				formattedError.message
-			);
-			break;
-		case ErrorType.API_ERROR:
-			console.error(chalk.red("\n❌ API Error:"), formattedError.message);
-			break;
-		case ErrorType.NETWORK_ERROR:
-			console.error(
-				chalk.red("\n❌ Network Error:"),
-				formattedError.message
-			);
-			break;
-		case ErrorType.VALIDATION_ERROR:
-			console.error(
-				chalk.red("\n❌ Validation Error:"),
-				formattedError.message
-			);
-			break;
-		case ErrorType.CONFIG_ERROR:
-			console.error(
-				chalk.red("\n❌ Configuration Error:"),
-				formattedError.message
-			);
-			break;
-		default:
-			console.error(chalk.red("\n❌ Error:"), formattedError.message);
+	const labels = {
+		[ErrorType.AUTH_ERROR]: "Authentication Error",
+		[ErrorType.API_ERROR]: "API Error",
+		[ErrorType.NETWORK_ERROR]: "Network Error",
+		[ErrorType.VALIDATION_ERROR]: "Validation Error",
+		[ErrorType.NOT_FOUND_ERROR]: "Not Found",
+		[ErrorType.CONFIG_ERROR]: "Configuration Error",
+		[ErrorType.UNKNOWN_ERROR]: "Error",
+	};
+
+	const label = labels[formattedError.type] || "Error";
+	console.error(chalk.red(`\n❌ ${label}:`), formattedError.message);
+
+	// Always show API response details for debugging when there is a response
+	if (error?.response) {
+		const { status, data, config } = error.response;
+		console.error(
+			chalk.gray(
+				`\n  ${config?.method?.toUpperCase() || "?"} ${config?.url || "?"} → ${status}`
+			)
+		);
+		if (data) {
+			console.error(chalk.gray(`  Response: ${JSON.stringify(data)}`));
+		}
 	}
+
 	process.exit(1);
 };
 

package/helper/secure-storage.js

@@ -1,86 +1,42 @@
-const SERVICE_NAME = "boltic-cli";
-
-// Mapping from credential keys to environment variable names.
-// In CI/headless environments where keytar (OS keychain) is unavailable,
-// these env vars are used as a fallback so commands like `boltic serverless publish`
-// work without an interactive keychain daemon.
-const ENV_VAR_MAP = {
-	token: "BOLTIC_TOKEN",
-	account_id: "BOLTIC_ACCOUNT_ID",
-	session: "BOLTIC_SESSION",
-	environment: "BOLTIC_ENVIRONMENT",
-};
+import keytar from "keytar";
 
-// Lazy-load keytar via dynamic import so that a missing native dependency
-// (e.g. libsecret on Linux CI runners) is caught at call time rather than
-// crashing the process at startup with ERR_DLOPEN_FAILED.
-// The result is cached after the first attempt.
-let _keytar;
-let _keytarAttempted = false;
-
-const getKeytar = async () => {
-	if (_keytarAttempted) return _keytar;
-	_keytarAttempted = true;
-	try {
-		_keytar = (await import("keytar")).default;
-	} catch {
-		// Native library not available (e.g. libsecret missing on CI runners).
-		_keytar = null;
-	}
-	return _keytar;
-};
+const SERVICE_NAME = "boltic-cli";
 
 /**
- * Store a secret value securely using keytar.
- * In CI/headless environments where keytar is unavailable, logs a warning
- * instead of throwing so that env-var-based auth can still be used.
+ * Store a secret value securely using keytar
+ * @param {string} key - The key under which to store the secret
+ * @param {string} value - The secret value to store
+ * @returns {Promise<void>}
  */
 export const storeSecret = async (key, value) => {
-	const keytar = await getKeytar();
-	if (!keytar) {
-		console.warn(
-			`Warning: System keychain is unavailable. Could not store '${key}'.`
-		);
-		console.warn(
-			`In CI environments, set credentials via environment variables (e.g. BOLTIC_TOKEN, BOLTIC_ACCOUNT_ID).`
-		);
-		return;
-	}
 	try {
 		await keytar.setPassword(SERVICE_NAME, key, value);
 	} catch (error) {
-		console.warn(
-			`Warning: Could not store '${key}' in system keychain: ${error.message}`
-		);
-		console.warn(
-			`In CI environments, set credentials via environment variables (e.g. BOLTIC_TOKEN, BOLTIC_ACCOUNT_ID).`
-		);
+		console.error(`Error storing secret for ${key}:`, error.message);
+		throw error;
 	}
 };
 
 /**
- * Retrieve a secret value. Tries keytar first; falls back to env vars
- * (BOLTIC_TOKEN, BOLTIC_ACCOUNT_ID, etc.) when keytar is unavailable.
+ * Retrieve a secret value using keytar
+ * @param {string} key - The key of the secret to retrieve
+ * @returns {Promise<string|null>} The secret value or null if not found
  */
 export const getSecret = async (key) => {
-	const keytar = await getKeytar();
-	if (keytar) {
-		try {
-			const val = await keytar.getPassword(SERVICE_NAME, key);
-			if (val !== null) return val;
-		} catch {
-			// keytar failed — fall through to env var
-		}
+	try {
+		return await keytar.getPassword(SERVICE_NAME, key);
+	} catch (error) {
+		console.error(`Error retrieving secret for ${key}:`, error.message);
+		return null;
 	}
-	return process.env[ENV_VAR_MAP[key]] || null;
 };
 
 /**
- * Delete a secret value using keytar.
+ * Delete a secret value using keytar
+ * @param {string} key - The key of the secret to delete
+ * @returns {Promise<boolean>} True if deletion was successful
  */
 export const deleteSecret = async (key) => {
-	const keytar = await getKeytar();
-	if (!keytar) return false;
 	try {
 		return await keytar.deletePassword(SERVICE_NAME, key);
 	} catch (error) {
@@ -90,28 +46,17 @@ export const deleteSecret = async (key) => {
 };
 
 /**
- * Retrieve all secrets. Tries keytar first; falls back to env vars when
- * keytar is unavailable (e.g. GitHub Actions, Docker containers).
+ * Retrieve all secrets stored using keytar
+ * @returns {Promise<Array<{account: string, password: string}>|null>} An array of secret objects or null if an error occurs
  */
-export const getAllSecrets = async () => {
-	const keytar = await getKeytar();
-	if (keytar) {
-		try {
-			const keytarSecrets = await keytar.findCredentials(SERVICE_NAME);
-			if (keytarSecrets && keytarSecrets.length > 0) return keytarSecrets;
-		} catch {
-			// keytar failed — fall through to env vars
-		}
-	}
 
-	// Build credential list from env vars
-	const secrets = [];
-	for (const [key, envVar] of Object.entries(ENV_VAR_MAP)) {
-		if (process.env[envVar]) {
-			secrets.push({ account: key, password: process.env[envVar] });
-		}
+export const getAllSecrets = async () => {
+	try {
+		return await keytar.findCredentials(SERVICE_NAME);
+	} catch (error) {
+		console.error(`Error retrieving all secrets:`, error.message);
+		return null;
 	}
-	return secrets.length > 0 ? secrets : null;
 };
 
 export const deleteAllSecrets = async () => {

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@boltic/cli",
-	"version": "1.0.44-dev1.3",
+	"version": "1.0.44",
 	"description": "Professional CLI for interacting with the Boltic platform — create, manage, and publish integrations, serverless functions, workflows, MCPs, and more with enterprise-grade features and a seamless developer experience",
 	"main": "index.js",
 	"bin": {
@@ -40,6 +40,7 @@
 	"scripts": {
 		"start": "node index.js",
 		"dev": "nodemon index.js",
+		"dev:debug": "nodemon --inspect index.js",
 		"test": "jest",
 		"test:watch": "jest --watch",
 		"test:coverage": "jest --coverage",