@cantinasecurity/apex-cli 0.1.0

package/dist/repo-discovery.js

@@ -0,0 +1,175 @@
+import { execFile } from "node:child_process";
+import { lstat, readdir, realpath } from "node:fs/promises";
+import path from "node:path";
+import { promisify } from "node:util";
+import { extractCanonicalRepoMetadata } from "./repo-url.js";
+const execFileAsync = promisify(execFile);
+const IGNORED_DIRECTORIES = new Set([
+    ".git",
+    ".next",
+    "node_modules",
+    "dist",
+    "build",
+    "coverage",
+    ".turbo",
+    ".cache",
+    ".pnpm-store",
+    "tmp",
+    "vendor",
+]);
+async function runGit(cwd, args) {
+    const { stdout } = await execFileAsync("git", ["-C", cwd, ...args], {
+        encoding: "utf8",
+    });
+    return stdout.trim();
+}
+async function isGitRepository(directory) {
+    try {
+        await runGit(directory, ["rev-parse", "--is-inside-work-tree"]);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function getGitTopLevel(directory) {
+    try {
+        const topLevel = await runGit(directory, ["rev-parse", "--show-toplevel"]);
+        if (topLevel.length === 0)
+            return null;
+        return realpath(topLevel).catch(() => path.resolve(topLevel));
+    }
+    catch {
+        return null;
+    }
+}
+async function resolveComparablePath(directory) {
+    return realpath(directory).catch(() => path.resolve(directory));
+}
+async function chooseRemote(directory) {
+    const output = await runGit(directory, ["remote", "-v"]).catch(() => "");
+    const lines = output.split("\n").map((line) => line.trim()).filter(Boolean);
+    if (lines.length === 0)
+        return null;
+    const remotes = lines
+        .map((line) => {
+        const match = line.match(/^([^\s]+)\s+([^\s]+)\s+\((fetch|push)\)$/);
+        if (!match)
+            return null;
+        return {
+            name: match[1],
+            url: match[2],
+            kind: match[3],
+        };
+    })
+        .filter((entry) => Boolean(entry));
+    const originFetch = remotes.find((remote) => remote.name === "origin" && remote.kind === "fetch");
+    if (originFetch)
+        return originFetch.url;
+    const firstFetch = remotes.find((remote) => remote.kind === "fetch");
+    if (firstFetch)
+        return firstFetch.url;
+    return remotes[0]?.url ?? null;
+}
+async function ensureDirectoryCandidate(cwd, directory) {
+    const stats = await lstat(directory).catch(() => null);
+    if (!stats) {
+        throw new Error(`Path does not exist: ${path.relative(cwd, directory) || "."}`);
+    }
+    if (stats.isDirectory()) {
+        return directory;
+    }
+    if (stats.isFile()) {
+        return path.dirname(directory);
+    }
+    throw new Error(`Path is not a directory: ${path.relative(cwd, directory) || "."}`);
+}
+function normalizeSelectedRoots(cwd, selectedPaths) {
+    const resolved = selectedPaths
+        .map((selectedPath) => path.resolve(cwd, selectedPath))
+        .filter((value, index, array) => array.indexOf(value) === index)
+        .sort((left, right) => left.length - right.length);
+    const disjoint = [];
+    for (const candidate of resolved) {
+        const covered = disjoint.some((existing) => {
+            if (existing === candidate)
+                return true;
+            const relative = path.relative(existing, candidate);
+            return relative.length > 0 && !relative.startsWith("..") && !path.isAbsolute(relative);
+        });
+        if (!covered) {
+            disjoint.push(candidate);
+        }
+    }
+    return disjoint;
+}
+export async function findGitRepositoryRoots(cwd) {
+    const discovered = new Set();
+    async function walk(directory) {
+        const entries = await readdir(directory, { withFileTypes: true }).catch(() => []);
+        const hasGitMarker = entries.some((entry) => entry.name === ".git");
+        if (hasGitMarker && (await isGitRepository(directory))) {
+            discovered.add(directory);
+        }
+        for (const entry of entries) {
+            if (!entry.isDirectory())
+                continue;
+            if (IGNORED_DIRECTORIES.has(entry.name))
+                continue;
+            await walk(path.join(directory, entry.name));
+        }
+    }
+    await walk(cwd);
+    return Array.from(discovered).sort((left, right) => left.length - right.length);
+}
+async function inspectGitRepository(rootCwd, directory) {
+    const remoteUrl = await chooseRemote(directory);
+    const metadata = remoteUrl ? extractCanonicalRepoMetadata(remoteUrl) : null;
+    const branchName = await runGit(directory, ["rev-parse", "--abbrev-ref", "HEAD"]).catch(() => "HEAD");
+    const commitSha = await runGit(directory, ["rev-parse", "HEAD"]).catch(() => null);
+    const dirtyOutput = await runGit(directory, ["status", "--porcelain"]).catch(() => "");
+    const relativePath = path.relative(rootCwd, directory) || ".";
+    const detached = !branchName || branchName === "HEAD";
+    return {
+        kind: "git_candidate",
+        path: relativePath,
+        absolutePath: directory,
+        displayName: path.basename(directory),
+        repoUrl: metadata?.repoUrl ?? remoteUrl,
+        provider: metadata?.provider ?? null,
+        branch: detached ? null : branchName,
+        commitSha: commitSha && commitSha.length > 0 ? commitSha : null,
+        dirty: dirtyOutput.length > 0,
+        isRoot: relativePath === ".",
+        sourceType: detached ? "commit" : "branch",
+    };
+}
+async function inspectSource(rootCwd, requestedDirectory) {
+    const directory = await ensureDirectoryCandidate(rootCwd, requestedDirectory);
+    const relativePath = path.relative(rootCwd, directory) || ".";
+    const gitTopLevel = await getGitTopLevel(directory);
+    const comparableDirectory = await resolveComparablePath(directory);
+    if (gitTopLevel && gitTopLevel === comparableDirectory) {
+        return inspectGitRepository(rootCwd, directory);
+    }
+    return {
+        kind: "directory_candidate",
+        path: relativePath,
+        absolutePath: directory,
+        displayName: path.basename(directory),
+        isRoot: relativePath === ".",
+    };
+}
+export async function discoverSources(cwd, selectedPaths = []) {
+    const discoveredRoots = selectedPaths.length > 0
+        ? normalizeSelectedRoots(cwd, selectedPaths)
+        : await findGitRepositoryRoots(cwd).then((gitRoots) => gitRoots.length > 0 ? gitRoots : [cwd]);
+    const sources = await Promise.all(discoveredRoots.map((root) => inspectSource(cwd, root)));
+    sources.sort((left, right) => left.path.localeCompare(right.path));
+    return { sources, scanned: discoveredRoots };
+}
+export function extractLegacyRepositories(sources) {
+    return sources.filter((source) => source.kind === "git_candidate" &&
+        typeof source.repoUrl === "string" &&
+        (source.provider === "github" || source.provider === "gitlab"));
+}

package/dist/repo-url.js

@@ -0,0 +1,134 @@
+function normalizeGitlabBaseUrl(value) {
+    try {
+        const url = new URL(value.trim());
+        if (!["http:", "https:"].includes(url.protocol)) {
+            return null;
+        }
+        url.hash = "";
+        url.search = "";
+        url.pathname = url.pathname.replace(/\/+$/, "");
+        return url.toString();
+    }
+    catch {
+        return null;
+    }
+}
+export function normalizeGithubRepoUrl(value) {
+    const trimmed = value.trim();
+    if (!trimmed)
+        return null;
+    const sshMatch = trimmed.match(/^git@github\.com:(.+)$/i);
+    if (sshMatch?.[1]) {
+        return normalizeGithubRepoUrl(`https://github.com/${sshMatch[1]}`);
+    }
+    if (trimmed.startsWith("http://") || trimmed.startsWith("https://")) {
+        try {
+            const url = new URL(trimmed);
+            if (url.hostname !== "github.com") {
+                return trimmed;
+            }
+            const parts = url.pathname.replace(/^\/+/, "").split("/").filter(Boolean);
+            if (parts.length < 2)
+                return null;
+            const owner = parts[0];
+            const repo = parts[1]?.replace(/\.git$/i, "");
+            if (!owner || !repo)
+                return null;
+            return `https://github.com/${owner}/${repo}.git`;
+        }
+        catch {
+            return null;
+        }
+    }
+    const [owner, repo] = trimmed.split("/");
+    if (!owner || !repo)
+        return null;
+    return `https://github.com/${owner}/${repo.replace(/\.git$/i, "")}.git`;
+}
+export function normalizeGitlabRepoUrl(value, baseUrl) {
+    const trimmed = value.trim();
+    if (!trimmed)
+        return null;
+    const sshMatch = trimmed.match(/^git@([^:]+):(.+)$/i);
+    if (sshMatch?.[1] && sshMatch[2]) {
+        return normalizeGitlabRepoUrl(`https://${sshMatch[1]}/${sshMatch[2]}`, baseUrl);
+    }
+    if (trimmed.startsWith("http://") || trimmed.startsWith("https://")) {
+        try {
+            const url = new URL(trimmed);
+            const path = url.pathname.replace(/^\/+/, "");
+            if (!path)
+                return null;
+            const cleanedPath = path.replace(/\.git$/i, "").split("/-/")[0];
+            if (!cleanedPath)
+                return null;
+            const normalizedBase = (normalizeGitlabBaseUrl(url.origin) ?? url.origin).replace(/\/+$/, "");
+            return `${normalizedBase}/${cleanedPath}.git`;
+        }
+        catch {
+            return null;
+        }
+    }
+    const rawBase = baseUrl ? normalizeGitlabBaseUrl(baseUrl) : null;
+    if (!rawBase)
+        return null;
+    const normalizedBase = rawBase.replace(/\/+$/, "");
+    const cleanedPath = trimmed.replace(/^\/+/, "").replace(/\.git$/i, "");
+    if (!cleanedPath)
+        return null;
+    return `${normalizedBase}/${cleanedPath}.git`;
+}
+export function resolveGitlabBaseUrlFromRepoUrl(repoUrl) {
+    try {
+        const url = new URL(repoUrl);
+        return normalizeGitlabBaseUrl(url.origin) ?? url.origin;
+    }
+    catch {
+        return null;
+    }
+}
+export function extractGitlabProjectPathFromRepoUrl(repoUrl) {
+    try {
+        const url = new URL(repoUrl);
+        const repoPath = url.pathname.replace(/^\/+/, "").replace(/\.git$/i, "");
+        const cleanedPath = repoPath.split("/-/")[0]?.trim();
+        return cleanedPath ? cleanedPath : null;
+    }
+    catch {
+        return null;
+    }
+}
+export function extractCanonicalRepoMetadata(value) {
+    const githubRepoUrl = normalizeGithubRepoUrl(value);
+    if (githubRepoUrl?.startsWith("https://github.com/")) {
+        try {
+            const url = new URL(githubRepoUrl);
+            const parts = url.pathname.replace(/^\/+/, "").replace(/\.git$/i, "").split("/");
+            const owner = parts[0];
+            const repo = parts[1];
+            if (!owner || !repo)
+                return null;
+            return {
+                provider: "github",
+                repoUrl: githubRepoUrl,
+                repoName: `${owner}/${repo}`,
+                baseUrl: null,
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+    const gitlabRepoUrl = normalizeGitlabRepoUrl(value, null);
+    if (!gitlabRepoUrl)
+        return null;
+    const projectPath = extractGitlabProjectPathFromRepoUrl(gitlabRepoUrl);
+    if (!projectPath)
+        return null;
+    return {
+        provider: "gitlab",
+        repoUrl: gitlabRepoUrl,
+        repoName: projectPath,
+        baseUrl: resolveGitlabBaseUrlFromRepoUrl(gitlabRepoUrl)?.replace(/\/+$/, "") ?? null,
+    };
+}

package/dist/scan.js

@@ -0,0 +1,186 @@
+import { ApiError } from "./api-client.js";
+const ACTIVE_SCAN_STATUSES = new Set([
+    "created",
+    "pending",
+    "queued",
+    "running",
+    "starting",
+    "in_progress",
+    "processing",
+]);
+function asRecord(value) {
+    return value && typeof value === "object" ? value : null;
+}
+function readString(...values) {
+    for (const value of values) {
+        if (typeof value === "string" && value.trim().length > 0) {
+            return value.trim();
+        }
+    }
+    return null;
+}
+function readTimestamp(record, ...keys) {
+    return readString(...keys.map((key) => record[key]));
+}
+function readNumber(...values) {
+    for (const value of values) {
+        if (typeof value === "number" && Number.isFinite(value)) {
+            return value;
+        }
+    }
+    return null;
+}
+function getScanListItems(payload) {
+    if (Array.isArray(payload)) {
+        return payload;
+    }
+    const record = asRecord(payload);
+    if (!record) {
+        return [];
+    }
+    if (Array.isArray(record.scans)) {
+        return record.scans;
+    }
+    if (Array.isArray(record.data)) {
+        return record.data;
+    }
+    return [];
+}
+function normalizeScanRecord(payload) {
+    const record = asRecord(payload);
+    if (!record) {
+        return null;
+    }
+    const scanId = readString(record.scanId, record.id, record.apexScanId, record.bedrockScanId, record.kernelScanId);
+    if (!scanId) {
+        return null;
+    }
+    return {
+        scanId,
+        kernelScanId: readString(record.kernelScanId, record.kernel_scan_id),
+        apexScanId: readString(record.apexScanId, record.apex_scan_id),
+        bedrockScanId: readString(record.bedrockScanId, record.bedrock_scan_id),
+        displayName: readString(record.displayName, record.display_name, record.name),
+        sequenceNumber: readNumber(record.sequenceNumber, record.sequence_number),
+        status: readString(record.status) ?? "unknown",
+        mode: readString(record.mode, record.scanType, record.scan_type),
+        scanUrl: readString(record.scanUrl, record.url, record.scan_url),
+        createdAt: readTimestamp(record, "createdAt", "created_at"),
+        startedAt: readTimestamp(record, "startedAt", "started_at"),
+        updatedAt: readTimestamp(record, "updatedAt", "updated_at"),
+        finishedAt: readTimestamp(record, "finishedAt", "finished_at", "completedAt", "completed_at", "cancelledAt", "cancelled_at"),
+    };
+}
+async function requestWithFallbacks(client, attempts) {
+    let lastApiError = null;
+    for (const attempt of attempts) {
+        try {
+            return await client.request(attempt.path, attempt.options);
+        }
+        catch (error) {
+            if (error instanceof ApiError && [404, 405].includes(error.status)) {
+                lastApiError = error;
+                continue;
+            }
+            throw error;
+        }
+    }
+    if (lastApiError) {
+        throw lastApiError;
+    }
+    throw new Error("No scan routes were available.");
+}
+export function getTrackedScanId(scan) {
+    const trackedScanId = readString(scan.apexScanId, scan.bedrockScanId, scan.scanId, scan.kernelScanId);
+    if (!trackedScanId) {
+        throw new Error("Scan response did not include an Apex scan id.");
+    }
+    return trackedScanId;
+}
+export function getScanDisplayId(scan) {
+    return scan.apexScanId ?? scan.bedrockScanId ?? scan.scanId;
+}
+export function getScanDisplayLabel(scan) {
+    const displayId = getScanDisplayId(scan);
+    return scan.displayName ? `${scan.displayName} [${displayId}]` : displayId;
+}
+export function normalizeWorkspaceScans(payload) {
+    return getScanListItems(payload)
+        .map((item) => normalizeScanRecord(item))
+        .filter((scan) => scan !== null)
+        .sort((left, right) => {
+        const leftTime = Date.parse(left.startedAt ?? left.createdAt ?? left.updatedAt ?? left.finishedAt ?? "") || 0;
+        const rightTime = Date.parse(right.startedAt ?? right.createdAt ?? right.updatedAt ?? right.finishedAt ?? "") || 0;
+        return rightTime - leftTime;
+    });
+}
+export function isActiveScanStatus(status) {
+    return status ? ACTIVE_SCAN_STATUSES.has(status.trim().toLowerCase()) : false;
+}
+export function findMostRelevantActiveScan(scans) {
+    return scans.find((scan) => isActiveScanStatus(scan.status)) ?? null;
+}
+export function matchesScanId(scan, scanId) {
+    return [scan.scanId, scan.apexScanId, scan.bedrockScanId, scan.kernelScanId].includes(scanId);
+}
+export function selectDefaultScanToCancel(scans, lastScanId) {
+    const activeScans = scans.filter((scan) => isActiveScanStatus(scan.status));
+    if (activeScans.length === 1) {
+        return activeScans[0];
+    }
+    if (activeScans.length > 1) {
+        return null;
+    }
+    if (lastScanId) {
+        return scans.find((scan) => matchesScanId(scan, lastScanId)) ?? null;
+    }
+    return scans[0] ?? null;
+}
+export async function fetchWorkspaceScans(client, workspaceId) {
+    const encodedWorkspaceId = encodeURIComponent(workspaceId);
+    const payload = await requestWithFallbacks(client, [
+        { path: `/api/cli/v1/local-workspaces/${encodedWorkspaceId}/scans` },
+        { path: `/api/cli/v1/scans?workspaceId=${encodedWorkspaceId}` },
+        { path: `/api/workspaces/${encodedWorkspaceId}/scans` },
+        { path: `/api/scans?workspaceId=${encodedWorkspaceId}` },
+    ]);
+    return normalizeWorkspaceScans(payload);
+}
+export async function cancelScan(client, scanId) {
+    const encodedScanId = encodeURIComponent(scanId);
+    const payload = await requestWithFallbacks(client, [
+        { path: `/api/cli/v1/scans/${encodedScanId}/cancel`, options: { method: "POST" } },
+        {
+            path: `/api/cli/v1/scans/${encodedScanId}`,
+            options: { method: "POST", json: { action: "cancel" } },
+        },
+        { path: `/api/scans/${encodedScanId}/cancel`, options: { method: "POST" } },
+        {
+            path: `/api/scans/${encodedScanId}`,
+            options: { method: "POST", json: { action: "cancel" } },
+        },
+    ]);
+    const direct = normalizeScanRecord(payload);
+    if (direct) {
+        return direct;
+    }
+    const nested = normalizeScanRecord(asRecord(payload)?.scan);
+    if (nested) {
+        return nested;
+    }
+    return {
+        scanId,
+        kernelScanId: null,
+        apexScanId: null,
+        bedrockScanId: null,
+        displayName: null,
+        sequenceNumber: null,
+        status: "cancelled",
+        mode: null,
+        scanUrl: null,
+        createdAt: null,
+        startedAt: null,
+        updatedAt: null,
+        finishedAt: null,
+    };
+}

package/dist/session.js

@@ -0,0 +1,188 @@
+import path from "node:path";
+import { getFlagList, getFlagString, isJsonMode, isNonInteractive } from "./args.js";
+import { login } from "./auth.js";
+import { ApiError } from "./api-client.js";
+import { openInBrowser } from "./browser.js";
+import { loadConfig } from "./config.js";
+import { chooseOne, confirm, promptText, waitForEnter } from "./prompt.js";
+import { discoverSources, extractLegacyRepositories } from "./repo-discovery.js";
+import { loadWorkspaceBinding } from "./workspace-binding.js";
+export function createWorkspaceBinding(result, currentBinding) {
+    if (!result.resolve.workspaceId) {
+        throw new Error("Workspace resolution did not return a workspaceId.");
+    }
+    const preservedBinding = currentBinding?.workspaceId === result.resolve.workspaceId ? currentBinding : null;
+    return {
+        version: 1,
+        companyId: result.company.id,
+        workspaceId: result.resolve.workspaceId,
+        workspaceName: result.workspaceName,
+        createdAt: preservedBinding?.createdAt ?? new Date().toISOString(),
+        lastSyncedAt: new Date().toISOString(),
+        lastScanId: preservedBinding?.lastScanId ?? null,
+        lastScanUrl: preservedBinding?.lastScanUrl ?? null,
+    };
+}
+export async function chooseCompany(me, flags, binding) {
+    const requested = getFlagString(flags, "company");
+    const config = await loadConfig();
+    const defaultRef = requested ?? binding?.companyId ?? config.defaultCompanyId ?? null;
+    if (defaultRef) {
+        const matched = me.companies.find((company) => company.id === defaultRef ||
+            (company.handle ?? "").toLowerCase() === defaultRef.toLowerCase());
+        if (matched) {
+            return matched;
+        }
+        if (requested) {
+            throw new Error(`Unknown company: ${requested}`);
+        }
+    }
+    if (me.companies.length === 1) {
+        return me.companies[0];
+    }
+    if (isNonInteractive(flags)) {
+        throw new Error("Multiple companies available. Re-run with --company <id-or-handle>.");
+    }
+    const selected = await chooseOne("Select the Apex company to use for this directory:", me.companies.map((company) => ({
+        label: company.handle
+            ? `${company.name ?? company.id} (${company.handle})`
+            : (company.name ?? company.id),
+        company,
+    })));
+    return selected.company;
+}
+async function chooseWorkspaceName(cwd, flags, binding) {
+    const explicit = getFlagString(flags, "workspace-name");
+    if (explicit) {
+        return explicit;
+    }
+    if (binding?.workspaceName) {
+        return binding.workspaceName;
+    }
+    const suggested = path.basename(cwd);
+    if (isNonInteractive(flags)) {
+        return suggested;
+    }
+    const chosen = await promptText("Workspace name to use in Apex for this directory (press Enter to use the current folder name)", suggested);
+    return chosen.trim().length > 0 ? chosen.trim() : suggested;
+}
+function getSourceMode(flags) {
+    const value = getFlagString(flags, "source-mode");
+    return value === "remote" || value === "local" ? value : "auto";
+}
+export async function ensureAuthenticated(client, flags) {
+    return login(client, {
+        noOpen: flags["no-open"] === true,
+        quiet: isJsonMode(flags),
+    });
+}
+export async function resolveWorkspace(client, cwd, me, flags) {
+    const selection = await selectWorkspaceTarget(cwd, me, flags);
+    return resolveWorkspaceSelection(client, selection);
+}
+export async function selectWorkspaceTarget(cwd, me, flags) {
+    const binding = await loadWorkspaceBinding(cwd);
+    const company = await chooseCompany(me, flags, binding);
+    const workspaceName = await chooseWorkspaceName(cwd, flags, binding);
+    const sourceSelection = getFlagList(flags, "repo");
+    const discovered = await discoverSources(cwd, sourceSelection);
+    if (discovered.sources.length === 0) {
+        throw new Error("No local sources were found.");
+    }
+    return {
+        company,
+        workspaceName,
+        binding,
+        sources: discovered.sources,
+        legacyRepositories: extractLegacyRepositories(discovered.sources),
+        sourceMode: getSourceMode(flags),
+    };
+}
+export async function resolveWorkspaceSelection(client, selection) {
+    const resolve = await client.request("/api/cli/v2/local-workspaces/resolve", {
+        method: "POST",
+        json: {
+            companyId: selection.company.id,
+            workspaceId: selection.binding?.workspaceId ?? null,
+            workspaceName: selection.workspaceName,
+            sourceMode: selection.sourceMode,
+            sources: selection.sources.map((source) => source.kind === "git_candidate"
+                ? {
+                    path: source.path,
+                    displayName: source.displayName,
+                    kind: "git_candidate",
+                    repoUrl: source.repoUrl,
+                    provider: source.provider,
+                    branch: source.branch,
+                    commitSha: source.commitSha,
+                    dirty: source.dirty,
+                }
+                : {
+                    path: source.path,
+                    displayName: source.displayName,
+                    kind: "directory_candidate",
+                }),
+        },
+    });
+    return {
+        company: selection.company,
+        workspaceName: selection.workspaceName,
+        binding: selection.binding,
+        sources: selection.sources,
+        legacyRepositories: selection.legacyRepositories,
+        resolve,
+    };
+}
+export async function resolveWorkspaceSelectionLegacy(client, selection, workspaceIdOverride) {
+    if (selection.legacyRepositories.length !== selection.sources.length) {
+        throw new Error("This scan requires explicit local-source handling and cannot use the legacy remote-only flow.");
+    }
+    return client.request("/api/cli/v1/local-workspaces/resolve", {
+        method: "POST",
+        json: {
+            companyId: selection.company.id,
+            workspaceId: workspaceIdOverride ?? selection.binding?.workspaceId ?? null,
+            workspaceName: selection.workspaceName,
+            dryRun: false,
+            repositories: selection.legacyRepositories.map((repository) => ({
+                path: repository.path,
+                repoUrl: repository.repoUrl,
+                provider: repository.provider,
+                branch: repository.branch,
+                commitSha: repository.commitSha,
+                sourceType: repository.sourceType,
+            })),
+        },
+    });
+}
+export async function resolveWorkspaceAllowingMissingConnections(client, cwd, me, flags) {
+    const selection = await selectWorkspaceTarget(cwd, me, flags);
+    try {
+        return await resolveWorkspaceSelection(client, selection);
+    }
+    catch (error) {
+        if (error instanceof ApiError && error.status === 409) {
+            throw error;
+        }
+        throw error;
+    }
+}
+export async function remediateMissingConnections(missing, flags) {
+    if (missing.length === 0) {
+        return;
+    }
+    if (isNonInteractive(flags)) {
+        throw new Error("Missing provider connections. Re-run interactively or pre-connect providers.");
+    }
+    for (const item of missing) {
+        if (!item.connectUrl) {
+            continue;
+        }
+        const shouldOpen = await confirm(`Open the browser flow to connect ${item.provider} for ${item.repoUrl}?`);
+        if (!shouldOpen) {
+            throw new Error("Provider connection remediation was cancelled.");
+        }
+        await openInBrowser(item.connectUrl);
+    }
+    await waitForEnter("Finish the provider connection flow in your browser, then press Enter to retry.");
+}