@cantinasecurity/apex-cli 0.1.0

package/dist/mcp.js

@@ -0,0 +1,487 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import path from "node:path";
+import { z } from "zod";
+import { getMe, logout, startDeviceLogin, waitForDeviceLoginApproval } from "./auth.js";
+import { ApexApiClient, formatApiError } from "./api-client.js";
+import { commandCancelScan, commandConnect, commandCredits, commandDoctor, commandExportFindings, commandFindings, commandScan, commandScans, commandStatus, commandWorkspace, commandWorkspaceUse, commandWorkspaces, } from "./commands.js";
+import { CLI_HELP_TEXT } from "./help.js";
+import { APEX_CLI_VERSION } from "./version.js";
+const MCP_WORKFLOW_GUIDE = `Use Apex through these tools instead of shelling out to the CLI.
+
+Suggested workflow:
+1. Call apex-auth-status.
+2. If unauthenticated, call apex-auth-start and ask the user to approve the device login URL, then call apex-auth-wait.
+3. Call apex-doctor for the target repository cwd.
+4. If the directory is not bound to the right workspace, call apex-workspaces and apex-workspace-use.
+5. Start and monitor scans with apex-scan, apex-status, apex-scans, apex-findings, and apex-export-findings.
+
+Notes:
+- Pass cwd explicitly for repository-specific operations.
+- Tool calls are always non-interactive and never auto-open a browser.
+- Doctor reports whether Apex will use remote materialization or a local snapshot upload for each source.`;
+const WORKSPACE_BINDING_ERROR = "This directory is not bound to an Apex workspace yet. Run `apex workspaces` to list workspace names, prefixes, and IDs, then bind one with `apex workspace use \"<workspace name>\"`, or run `apex scan` to create or resolve one automatically.";
+const MISSING_PROVIDER_CONNECTIONS_ERROR = "Missing provider connections. Re-run interactively or pre-connect providers.";
+const MULTIPLE_ACTIVE_SCANS_ERROR = "Multiple active scans are running. Run `apex scans` to list scan IDs, then re-run `apex cancel-scan <scan-id>`.";
+const DUPLICATE_SCAN_FORCE_GUIDANCE = "Re-run with --force to start another scan.";
+const MULTIPLE_COMPANIES_ERROR = "Multiple companies available. Re-run with --company <id-or-handle>.";
+function resolveCwd(cwd) {
+    return path.resolve(cwd && cwd.trim().length > 0 ? cwd : process.cwd());
+}
+function buildFlags(options) {
+    const flags = {
+        "non-interactive": true,
+        "no-open": true,
+    };
+    if (options.company) {
+        flags.company = options.company;
+    }
+    if (options.workspaceName) {
+        flags["workspace-name"] = options.workspaceName;
+    }
+    if (options.scanId) {
+        flags.scan = options.scanId;
+    }
+    if (options.format) {
+        flags.format = options.format;
+    }
+    if (options.output) {
+        flags.output = options.output;
+    }
+    if (options.mode) {
+        flags.mode = options.mode;
+    }
+    if (options.sourceMode) {
+        flags["source-mode"] = options.sourceMode;
+    }
+    if (options.force === true) {
+        flags.force = true;
+    }
+    if (options.repoPaths && options.repoPaths.length > 0) {
+        flags.repo = options.repoPaths;
+    }
+    if (typeof options.limit === "number") {
+        flags.limit = String(options.limit);
+    }
+    return flags;
+}
+function formatToolText(summary, value) {
+    return `${summary}\n\n${JSON.stringify(value, null, 2)}`;
+}
+function successResult(summary, value) {
+    return {
+        content: [
+            {
+                type: "text",
+                text: formatToolText(summary, value),
+            },
+        ],
+        structuredContent: value,
+    };
+}
+function formatMcpErrorMessage(toolName, error) {
+    const message = formatApiError(error);
+    if (message === WORKSPACE_BINDING_ERROR) {
+        return "No workspace is bound to this directory. Call `apex-workspace-use` to bind an existing workspace, or call `apex-scan` to create or resolve one first.";
+    }
+    if (message === MISSING_PROVIDER_CONNECTIONS_ERROR) {
+        return "Missing provider connections. Call `apex-connect-provider` for each missing provider, complete the browser flow, then retry `apex-scan`.";
+    }
+    if (message === MULTIPLE_COMPANIES_ERROR) {
+        return "Multiple companies are available. Retry this tool with the `company` input set to the desired company handle or ID.";
+    }
+    if (toolName === "apex-cancel-scan" &&
+        message === MULTIPLE_ACTIVE_SCANS_ERROR) {
+        return "Multiple active scans are running. Call `apex-scans` to list active scan IDs, then retry `apex-cancel-scan` with the `scanId` input.";
+    }
+    if (toolName === "apex-scan" &&
+        message.includes(DUPLICATE_SCAN_FORCE_GUIDANCE)) {
+        return message.replace(DUPLICATE_SCAN_FORCE_GUIDANCE, "Retry `apex-scan` with `force: true` to start another scan.");
+    }
+    return message;
+}
+function errorResult(toolName, error) {
+    const message = formatMcpErrorMessage(toolName, error);
+    return {
+        content: [
+            {
+                type: "text",
+                text: message,
+            },
+        ],
+        structuredContent: {
+            ok: false,
+            error: message,
+        },
+        isError: true,
+    };
+}
+async function runTool(toolName, action, summary) {
+    try {
+        const value = await action();
+        return successResult(summary(value), value);
+    }
+    catch (error) {
+        return errorResult(toolName, error);
+    }
+}
+async function requireAuthenticated(client) {
+    const me = await getMe(client);
+    if (!me) {
+        throw new Error("Not authenticated. Call `apex-auth-start`, ask the user to approve the device login, then call `apex-auth-wait`.");
+    }
+    return me;
+}
+function registerResources(server) {
+    server.registerResource("apex-cli-help", "apex://help/cli", {
+        title: "Apex CLI Help",
+        description: "Command reference for the Apex CLI.",
+        mimeType: "text/plain",
+    }, async (uri) => ({
+        contents: [
+            {
+                uri: uri.href,
+                text: CLI_HELP_TEXT,
+            },
+        ],
+    }));
+    server.registerResource("apex-mcp-workflow", "apex://help/mcp-workflow", {
+        title: "Apex MCP Workflow",
+        description: "Recommended workflow for driving Apex from an LLM via MCP tools.",
+        mimeType: "text/plain",
+    }, async (uri) => ({
+        contents: [
+            {
+                uri: uri.href,
+                text: MCP_WORKFLOW_GUIDE,
+            },
+        ],
+    }));
+}
+function registerTools(server) {
+    server.registerTool("apex-auth-status", {
+        title: "Apex Auth Status",
+        description: "Check whether Apex is already authenticated on this machine.",
+    }, async () => runTool("apex-auth-status", async () => {
+        const client = new ApexApiClient();
+        const me = await getMe(client);
+        const baseUrl = await client.getBaseUrl();
+        return {
+            authenticated: Boolean(me),
+            baseUrl,
+            me,
+        };
+    }, (value) => (value.authenticated ? "Apex is authenticated." : "Apex is not authenticated.")));
+    server.registerTool("apex-auth-start", {
+        title: "Start Apex Device Login",
+        description: "Start the Apex device login flow and return the verification URL and user code. This tool never opens a browser.",
+    }, async () => runTool("apex-auth-start", async () => {
+        const client = new ApexApiClient();
+        const login = await startDeviceLogin(client);
+        return {
+            authenticated: false,
+            ...login,
+        };
+    }, () => "Device login started. Ask the user to open the verification URL and enter the code."));
+    server.registerTool("apex-auth-wait", {
+        title: "Wait For Apex Login Approval",
+        description: "Poll a previously started Apex device login until it is approved, still pending, or expired.",
+        inputSchema: {
+            deviceCode: z.string().min(1),
+            intervalSeconds: z.number().int().nonnegative().optional(),
+            expiresAt: z.string().optional(),
+            timeoutSeconds: z.number().int().positive().max(1800).optional(),
+        },
+    }, async ({ deviceCode, intervalSeconds, expiresAt, timeoutSeconds }) => runTool("apex-auth-wait", async () => {
+        const client = new ApexApiClient();
+        const result = await waitForDeviceLoginApproval(client, {
+            deviceCode,
+            intervalSeconds,
+            expiresAt: expiresAt ?? null,
+            timeoutMs: timeoutSeconds ? timeoutSeconds * 1000 : undefined,
+        });
+        return {
+            authenticated: result.status === "approved",
+            ...result,
+        };
+    }, (value) => {
+        if (value.status === "approved") {
+            return "Device login approved.";
+        }
+        if (value.status === "expired") {
+            return "Device login expired before approval.";
+        }
+        return "Device login is still pending.";
+    }));
+    server.registerTool("apex-logout", {
+        title: "Log Out Of Apex",
+        description: "Clear the locally stored Apex session.",
+    }, async () => runTool("apex-logout", async () => {
+        const client = new ApexApiClient();
+        await logout(client);
+        return { ok: true };
+    }, () => "Logged out of Apex."));
+    server.registerTool("apex-doctor", {
+        title: "Run Apex Doctor",
+        description: "Validate auth, local source detection, workspace binding, and the planned remote-vs-local materialization strategy.",
+        inputSchema: {
+            cwd: z.string().optional(),
+            company: z.string().optional(),
+            workspaceName: z.string().optional(),
+            repoPaths: z.array(z.string()).optional(),
+            sourceMode: z.enum(["auto", "remote", "local"]).optional(),
+        },
+    }, async ({ cwd, company, workspaceName, repoPaths, sourceMode }) => runTool("apex-doctor", async () => {
+        const client = new ApexApiClient();
+        await requireAuthenticated(client);
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandDoctor(client, targetCwd, buildFlags({
+            company,
+            workspaceName,
+            repoPaths,
+            sourceMode,
+        }));
+        return {
+            cwd: targetCwd,
+            ...payload,
+        };
+    }, (value) => `Apex doctor completed for ${String(value.cwd)}.`));
+    server.registerTool("apex-credits", {
+        title: "Get Apex Credits",
+        description: "Show scan credits for the active or selected company.",
+        inputSchema: {
+            cwd: z.string().optional(),
+            company: z.string().optional(),
+        },
+    }, async ({ cwd, company }) => runTool("apex-credits", async () => {
+        const client = new ApexApiClient();
+        await requireAuthenticated(client);
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandCredits(client, targetCwd, buildFlags({
+            company,
+        }));
+        return {
+            cwd: targetCwd,
+            ...payload,
+        };
+    }, (value) => `Fetched Apex credits for ${String(value.cwd)}.`));
+    server.registerTool("apex-workspace", {
+        title: "Get Current Apex Workspace Binding",
+        description: "Show the current Apex workspace bound to a directory, if any.",
+        inputSchema: {
+            cwd: z.string().optional(),
+        },
+    }, async ({ cwd }) => runTool("apex-workspace", async () => {
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandWorkspace(targetCwd, buildFlags({}));
+        return {
+            cwd: targetCwd,
+            ...payload,
+        };
+    }, (value) => `Loaded workspace binding for ${String(value.cwd)}.`));
+    server.registerTool("apex-workspaces", {
+        title: "List Apex Workspaces",
+        description: "List workspaces available to the active or selected company.",
+        inputSchema: {
+            cwd: z.string().optional(),
+            company: z.string().optional(),
+        },
+    }, async ({ cwd, company }) => runTool("apex-workspaces", async () => {
+        const client = new ApexApiClient();
+        await requireAuthenticated(client);
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandWorkspaces(client, targetCwd, buildFlags({
+            company,
+        }));
+        return {
+            cwd: targetCwd,
+            ...payload,
+        };
+    }, (value) => `Listed Apex workspaces for ${String(value.cwd)}.`));
+    server.registerTool("apex-workspace-use", {
+        title: "Bind Directory To Apex Workspace",
+        description: "Bind a directory to an existing Apex workspace by id, prefix, or name.",
+        inputSchema: {
+            cwd: z.string().optional(),
+            company: z.string().optional(),
+            workspaceRef: z.string().min(1),
+        },
+    }, async ({ cwd, company, workspaceRef }) => runTool("apex-workspace-use", async () => {
+        const client = new ApexApiClient();
+        await requireAuthenticated(client);
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandWorkspaceUse(client, targetCwd, buildFlags({
+            company,
+        }), workspaceRef);
+        return {
+            cwd: targetCwd,
+            ...payload,
+        };
+    }, (value) => `Bound ${String(value.cwd)} to an Apex workspace.`));
+    server.registerTool("apex-scan", {
+        title: "Start Apex Scan",
+        description: "Start a new Apex scan for any local repository or directory. Pass cwd explicitly for reliable workspace resolution.",
+        inputSchema: {
+            cwd: z.string().optional(),
+            company: z.string().optional(),
+            workspaceName: z.string().optional(),
+            repoPaths: z.array(z.string()).optional(),
+            mode: z.enum(["standard", "ultra"]).optional(),
+            sourceMode: z.enum(["auto", "remote", "local"]).optional(),
+            force: z.boolean().optional(),
+        },
+    }, async ({ cwd, company, workspaceName, repoPaths, mode, sourceMode, force }) => runTool("apex-scan", async () => {
+        const client = new ApexApiClient();
+        await requireAuthenticated(client);
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandScan(client, targetCwd, buildFlags({
+            company,
+            workspaceName,
+            repoPaths,
+            mode,
+            sourceMode,
+            force,
+        }));
+        return {
+            cwd: targetCwd,
+            ...payload,
+        };
+    }, (value) => `Started an Apex scan for ${String(value.cwd)}.`));
+    server.registerTool("apex-status", {
+        title: "Get Apex Scan Status",
+        description: "Show progress for the most recent Apex scan in a directory.",
+        inputSchema: {
+            cwd: z.string().optional(),
+        },
+    }, async ({ cwd }) => runTool("apex-status", async () => {
+        const client = new ApexApiClient();
+        await requireAuthenticated(client);
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandStatus(client, targetCwd, buildFlags({}));
+        return {
+            cwd: targetCwd,
+            ...payload,
+        };
+    }, (value) => `Fetched scan status for ${String(value.cwd)}.`));
+    server.registerTool("apex-scans", {
+        title: "List Apex Scans",
+        description: "List scans for the Apex workspace bound to a directory.",
+        inputSchema: {
+            cwd: z.string().optional(),
+        },
+    }, async ({ cwd }) => runTool("apex-scans", async () => {
+        const client = new ApexApiClient();
+        await requireAuthenticated(client);
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandScans(client, targetCwd, buildFlags({}));
+        return {
+            cwd: targetCwd,
+            ...payload,
+        };
+    }, (value) => `Listed scans for ${String(value.cwd)}.`));
+    server.registerTool("apex-cancel-scan", {
+        title: "Cancel Apex Scan",
+        description: "Cancel a running Apex scan in the bound workspace.",
+        inputSchema: {
+            cwd: z.string().optional(),
+            scanId: z.string().optional(),
+        },
+    }, async ({ cwd, scanId }) => runTool("apex-cancel-scan", async () => {
+        const client = new ApexApiClient();
+        await requireAuthenticated(client);
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandCancelScan(client, targetCwd, buildFlags({}), scanId);
+        return {
+            cwd: targetCwd,
+            ...payload,
+        };
+    }, (value) => `Cancelled the selected Apex scan for ${String(value.cwd)}.`));
+    server.registerTool("apex-findings", {
+        title: "List Apex Findings",
+        description: "List findings for the latest or selected Apex scan in a directory.",
+        inputSchema: {
+            cwd: z.string().optional(),
+            scanId: z.string().optional(),
+            limit: z.number().int().positive().optional(),
+        },
+    }, async ({ cwd, scanId, limit }) => runTool("apex-findings", async () => {
+        const client = new ApexApiClient();
+        await requireAuthenticated(client);
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandFindings(client, targetCwd, buildFlags({
+            scanId,
+            limit,
+        }));
+        return {
+            cwd: targetCwd,
+            ...payload,
+        };
+    }, (value) => `Fetched Apex findings for ${String(value.cwd)}.`));
+    server.registerTool("apex-export-findings", {
+        title: "Export Apex Findings",
+        description: "Export findings for the latest or selected Apex scan to a file on disk.",
+        inputSchema: {
+            cwd: z.string().optional(),
+            scanId: z.string().optional(),
+            format: z.enum(["markdown", "json", "gitlab-sast"]).optional(),
+            output: z.string().optional(),
+        },
+    }, async ({ cwd, scanId, format, output }) => runTool("apex-export-findings", async () => {
+        const client = new ApexApiClient();
+        await requireAuthenticated(client);
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandExportFindings(client, targetCwd, buildFlags({
+            scanId,
+            format,
+            output,
+        }));
+        return {
+            cwd: targetCwd,
+            format: payload.format,
+            fileName: payload.fileName,
+            contentType: payload.contentType,
+            findingCount: payload.findingCount,
+            workspace: payload.workspace,
+            scan: payload.scan,
+            outputPath: payload.outputPath,
+        };
+    }, (value) => `Exported Apex findings for ${String(value.cwd)}.`));
+    server.registerTool("apex-connect-provider", {
+        title: "Get Apex Provider Connection URL",
+        description: "Return the browser URL a user needs to connect GitHub or GitLab access for Apex. This tool never opens a browser.",
+        inputSchema: {
+            cwd: z.string().optional(),
+            company: z.string().optional(),
+            provider: z.enum(["github", "gitlab"]),
+        },
+    }, async ({ cwd, company, provider }) => runTool("apex-connect-provider", async () => {
+        const client = new ApexApiClient();
+        await requireAuthenticated(client);
+        const targetCwd = resolveCwd(cwd);
+        const payload = await commandConnect(client, targetCwd, buildFlags({
+            company,
+        }), provider);
+        return {
+            cwd: targetCwd,
+            ...payload,
+        };
+    }, (value) => `Fetched the ${String(value.provider)} connection URL.`));
+}
+export async function runMcpServer() {
+    const server = new McpServer({
+        name: "apex-cli",
+        version: APEX_CLI_VERSION,
+    });
+    registerResources(server);
+    registerTools(server);
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+}
+export const testing = {
+    buildFlags,
+    formatMcpErrorMessage,
+    registerTools,
+    requireAuthenticated,
+    resolveCwd,
+    runTool,
+};

package/dist/output.js

@@ -0,0 +1,93 @@
+import { isJsonMode, isNonInteractive } from "./args.js";
+export function printJson(value) {
+    process.stdout.write(`${JSON.stringify(value, null, 2)}\n`);
+}
+export function logLine(message, flags) {
+    if (!isJsonMode(flags)) {
+        process.stderr.write(`${message}\n`);
+    }
+}
+function shouldShowLoadingIndicator(flags) {
+    return !isJsonMode(flags) && !isNonInteractive(flags) && process.stderr.isTTY === true;
+}
+export async function withLoadingIndicator(label, flags, action) {
+    if (!shouldShowLoadingIndicator(flags)) {
+        return action();
+    }
+    const frames = ["-", "\\", "|", "/"];
+    let frameIndex = 0;
+    const render = () => {
+        process.stderr.write(`\r\x1b[2K${frames[frameIndex % frames.length]} ${label}`);
+        frameIndex += 1;
+    };
+    render();
+    const timer = setInterval(render, 80);
+    timer.unref?.();
+    try {
+        return await action();
+    }
+    finally {
+        clearInterval(timer);
+        process.stderr.write("\r\x1b[2K");
+    }
+}
+function getShortSourceName(source) {
+    if (source.kind === "git_candidate" && source.repoUrl) {
+        return source.repoUrl
+            .replace(/^https?:\/\/[^/]+\//, "")
+            .replace(/\.git$/, "");
+    }
+    return source.displayName;
+}
+function getSourceRefLabel(source) {
+    if (source.kind !== "git_candidate") {
+        return "directory";
+    }
+    if (source.branch) {
+        return source.branch;
+    }
+    if (source.commitSha) {
+        return source.commitSha.slice(0, 7);
+    }
+    return source.repoUrl ? "detached" : "local snapshot";
+}
+export function printSourceList(sources) {
+    process.stdout.write("Sources:\n");
+    sources.forEach((source) => {
+        if (source.kind === "directory_candidate") {
+            process.stdout.write(`  - ${source.displayName} (directory)\n`);
+            return;
+        }
+        const providerLabel = source.provider ?? "git";
+        const dirtySuffix = source.dirty ? ", dirty" : "";
+        process.stdout.write(`  - ${getShortSourceName(source)} (${providerLabel}, ${getSourceRefLabel(source)}${dirtySuffix})\n`);
+    });
+    process.stdout.write("\n");
+}
+export function printCompanyDetails(session) {
+    process.stdout.write(`Company: ${session.company.name ?? session.company.id}\n`);
+    if (session.me.companies.length > 1) {
+        process.stdout.write("Available:\n");
+        session.me.companies.forEach((company) => {
+            const label = company.handle
+                ? `${company.name ?? company.id} (${company.handle})`
+                : (company.name ?? company.id);
+            process.stdout.write(`  - ${label}\n`);
+        });
+        process.stdout.write("Use /company <id|handle> to switch.\n");
+    }
+    process.stdout.write("\n");
+}
+export function printWorkspaceDetails(session) {
+    process.stdout.write(`This directory is bound to workspace: ${session.workspaceName}\n`);
+    process.stdout.write(`Workspace ID: ${session.binding.workspaceId}\n\n`);
+}
+export function printInteractiveSessionSummary(session) {
+    process.stdout.write("Apex CLI\n");
+    process.stdout.write(`Connected to ${session.baseUrl}\n`);
+    process.stdout.write(`Signed in as ${session.me.user.username ?? session.me.user.id}\n`);
+    process.stdout.write(`Company: ${session.company.name ?? session.company.handle ?? session.company.id}\n`);
+    process.stdout.write(`Workspace: ${session.workspaceName}\n`);
+    printSourceList(session.sources);
+    process.stdout.write("Type /scan to start a scan for this directory, /workspaces to browse workspace names, /workspace use \"<name>\" to switch, press Tab to autocomplete, /help for commands.\n\n");
+}

package/dist/prompt.js

@@ -0,0 +1,80 @@
+import readline from "node:readline/promises";
+import { stdin as input, stdout as output } from "node:process";
+function assertInteractive() {
+    if (!process.stdin.isTTY || !process.stdout.isTTY) {
+        throw new Error("Interactive input is required. Re-run without --non-interactive.");
+    }
+}
+export async function readLine(message, options = {}) {
+    assertInteractive();
+    const rl = readline.createInterface({
+        input,
+        output,
+        completer: options.completer
+            ? (line) => [options.completer?.(line) ?? [], line]
+            : undefined,
+    });
+    try {
+        return await rl.question(message);
+    }
+    finally {
+        rl.close();
+    }
+}
+export async function promptText(message, defaultValue = null) {
+    const suffix = defaultValue && defaultValue.length > 0 ? ` [${defaultValue}]` : "";
+    const answer = (await readLine(`${message}${suffix} `)).trim();
+    if (answer.length > 0) {
+        return answer;
+    }
+    return defaultValue ?? "";
+}
+export async function confirm(message, defaultValue = true) {
+    assertInteractive();
+    const rl = readline.createInterface({ input, output });
+    const suffix = defaultValue ? "[Y/n]" : "[y/N]";
+    try {
+        const answer = (await rl.question(`${message} ${suffix} `)).trim().toLowerCase();
+        if (!answer)
+            return defaultValue;
+        return answer === "y" || answer === "yes";
+    }
+    finally {
+        rl.close();
+    }
+}
+export async function chooseOne(message, options) {
+    assertInteractive();
+    if (options.length === 0) {
+        throw new Error("No options available");
+    }
+    const rl = readline.createInterface({ input, output });
+    try {
+        output.write(`${message}\n`);
+        options.forEach((option, index) => {
+            output.write(`  ${index + 1}. ${option.label}\n`);
+        });
+        output.write("Enter the number to continue.\n");
+        while (true) {
+            const answer = await rl.question("> ");
+            const selected = Number.parseInt(answer.trim(), 10);
+            if (Number.isInteger(selected) && selected >= 1 && selected <= options.length) {
+                return options[selected - 1];
+            }
+            output.write(`Please enter a number between 1 and ${options.length}.\n`);
+        }
+    }
+    finally {
+        rl.close();
+    }
+}
+export async function waitForEnter(message) {
+    assertInteractive();
+    const rl = readline.createInterface({ input, output });
+    try {
+        await rl.question(`${message}\n`);
+    }
+    finally {
+        rl.close();
+    }
+}