@centry-digital/bukku-cli 2.0.0

package/build/commands/wrapper.d.ts

@@ -0,0 +1,23 @@
+import type { Command } from 'commander';
+import { BukkuClient } from 'core';
+/**
+ * Context passed to commands wrapped by withAuth.
+ */
+export interface CommandContext {
+    client: BukkuClient;
+    opts: Record<string, unknown>;
+    auth: {
+        apiToken: string;
+        companySubdomain: string;
+    };
+}
+/**
+ * Wrap a command handler with auth resolution and error handling.
+ *
+ * Resolves credentials via 3-tier precedence (flags > env > rc),
+ * creates a BukkuClient, and passes it to the handler.
+ *
+ * Must use a regular function (not arrow) to preserve Commander's `this` context.
+ */
+export declare function withAuth(handler: (ctx: CommandContext) => Promise<void>): (this: Command, ...args: unknown[]) => Promise<void>;
+//# sourceMappingURL=wrapper.d.ts.map

package/build/commands/wrapper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wrapper.d.ts","sourceRoot":"","sources":["../../src/commands/wrapper.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,MAAM,CAAC;AAInC;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,WAAW,CAAC;IACpB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE,CAAC;CACtD;AAED;;;;;;;GAOG;AACH,wBAAgB,QAAQ,CACtB,OAAO,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,GAC9C,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CA6DtD"}

package/build/commands/wrapper.js

@@ -0,0 +1,60 @@
+import { BukkuClient } from 'core';
+import { resolveAuth, AuthMissingError } from '../config/auth.js';
+import { outputError, ExitCode } from '../output/error.js';
+/**
+ * Wrap a command handler with auth resolution and error handling.
+ *
+ * Resolves credentials via 3-tier precedence (flags > env > rc),
+ * creates a BukkuClient, and passes it to the handler.
+ *
+ * Must use a regular function (not arrow) to preserve Commander's `this` context.
+ */
+export function withAuth(handler) {
+    return async function () {
+        const mergedOpts = this.optsWithGlobals();
+        let auth;
+        try {
+            auth = await resolveAuth({
+                apiToken: mergedOpts.apiToken,
+                companySubdomain: mergedOpts.companySubdomain,
+            });
+        }
+        catch (err) {
+            if (err instanceof AuthMissingError) {
+                outputError({
+                    error: 'Authentication required. Set credentials via --api-token flag, BUKKU_API_TOKEN env var, or bukku config set',
+                    code: 'AUTH_MISSING',
+                    details: null,
+                }, ExitCode.AUTH);
+            }
+            throw err;
+        }
+        const client = new BukkuClient({
+            apiToken: auth.apiToken,
+            companySubdomain: auth.companySubdomain,
+        });
+        try {
+            await handler({ client, opts: mergedOpts, auth });
+        }
+        catch (err) {
+            if (err instanceof Response) {
+                let body = {};
+                try {
+                    body = (await err.json());
+                }
+                catch {
+                    // response body not parseable
+                }
+                outputError({
+                    error: body['message'] || 'API error',
+                    code: 'API_ERROR',
+                    details: body['errors'] || null,
+                }, ExitCode.API);
+            }
+            outputError({
+                error: err instanceof Error ? err.message : 'Unknown error',
+                code: 'GENERAL_ERROR',
+            }, ExitCode.GENERAL);
+        }
+    };
+}

package/build/config/auth.d.ts

@@ -0,0 +1,23 @@
+export interface ResolvedAuth {
+    apiToken: string;
+    companySubdomain: string;
+    source: Record<string, 'flags' | 'env' | 'rc'>;
+}
+export declare class AuthMissingError extends Error {
+    readonly code = "AUTH_MISSING";
+    readonly missingFields: string[];
+    constructor(missingFields: string[]);
+}
+/**
+ * Resolve auth credentials with 3-tier precedence: flags > env > rc.
+ */
+export declare function resolveAuth(flags: {
+    apiToken?: string;
+    companySubdomain?: string;
+}): Promise<ResolvedAuth>;
+/**
+ * Mask an API token for display.
+ * Shows first 4 + ... + last 4 chars if length >= 8, otherwise ****.
+ */
+export declare function maskToken(token: string): string;
+//# sourceMappingURL=auth.d.ts.map

package/build/config/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/config/auth.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,gBAAgB,EAAE,MAAM,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC;CAChD;AAED,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,IAAI,kBAAkB;IAC/B,QAAQ,CAAC,aAAa,EAAE,MAAM,EAAE,CAAC;gBAErB,aAAa,EAAE,MAAM,EAAE;CAKpC;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,KAAK,EAAE;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,GAAG,OAAO,CAAC,YAAY,CAAC,CA4CxB;AAED;;;GAGG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAK/C"}

package/build/config/auth.js

@@ -0,0 +1,69 @@
+import { readRc } from './rc.js';
+export class AuthMissingError extends Error {
+    code = 'AUTH_MISSING';
+    missingFields;
+    constructor(missingFields) {
+        super(`Missing required auth: ${missingFields.join(', ')}. Set via --api-token/--company-subdomain flags, BUKKU_API_TOKEN/BUKKU_COMPANY_SUBDOMAIN env vars, or ~/.bukkurc config file.`);
+        this.name = 'AuthMissingError';
+        this.missingFields = missingFields;
+    }
+}
+/**
+ * Resolve auth credentials with 3-tier precedence: flags > env > rc.
+ */
+export async function resolveAuth(flags) {
+    const rc = await readRc();
+    const source = {};
+    // Resolve apiToken: flags > env > rc
+    let apiToken;
+    if (flags.apiToken) {
+        apiToken = flags.apiToken;
+        source['apiToken'] = 'flags';
+    }
+    else if (process.env['BUKKU_API_TOKEN']) {
+        apiToken = process.env['BUKKU_API_TOKEN'];
+        source['apiToken'] = 'env';
+    }
+    else if (rc['api_token']) {
+        apiToken = rc['api_token'];
+        source['apiToken'] = 'rc';
+    }
+    // Resolve companySubdomain: flags > env > rc
+    let companySubdomain;
+    if (flags.companySubdomain) {
+        companySubdomain = flags.companySubdomain;
+        source['companySubdomain'] = 'flags';
+    }
+    else if (process.env['BUKKU_COMPANY_SUBDOMAIN']) {
+        companySubdomain = process.env['BUKKU_COMPANY_SUBDOMAIN'];
+        source['companySubdomain'] = 'env';
+    }
+    else if (rc['company_subdomain']) {
+        companySubdomain = rc['company_subdomain'];
+        source['companySubdomain'] = 'rc';
+    }
+    // Check for missing fields
+    const missing = [];
+    if (!apiToken)
+        missing.push('apiToken');
+    if (!companySubdomain)
+        missing.push('companySubdomain');
+    if (missing.length > 0) {
+        throw new AuthMissingError(missing);
+    }
+    return {
+        apiToken: apiToken,
+        companySubdomain: companySubdomain,
+        source,
+    };
+}
+/**
+ * Mask an API token for display.
+ * Shows first 4 + ... + last 4 chars if length >= 8, otherwise ****.
+ */
+export function maskToken(token) {
+    if (token.length >= 8) {
+        return token.slice(0, 4) + '...' + token.slice(-4);
+    }
+    return '****';
+}

package/build/config/rc.d.ts

@@ -0,0 +1,20 @@
+export declare const RC_PATH: string;
+/**
+ * Read ~/.bukkurc INI-format file into a key-value record.
+ * Returns empty object if file doesn't exist.
+ */
+export declare function readRc(): Promise<Record<string, string>>;
+/**
+ * Write a key-value pair to ~/.bukkurc.
+ * Merges with existing content and sets 0o600 permissions.
+ */
+export declare function writeRc(key: string, value: string): Promise<void>;
+/**
+ * Check that ~/.bukkurc has 0o600 permissions.
+ * Returns ok=true if file doesn't exist or on Windows.
+ */
+export declare function checkPermissions(): Promise<{
+    ok: boolean;
+    mode: string;
+}>;
+//# sourceMappingURL=rc.d.ts.map

package/build/config/rc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rc.d.ts","sourceRoot":"","sources":["../../src/config/rc.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,OAAO,QAA8B,CAAC;AAEnD;;;GAGG;AACH,wBAAsB,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAsB9D;AAED;;;GAGG;AACH,wBAAsB,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAMvE;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAgB/E"}

package/build/config/rc.js

@@ -0,0 +1,65 @@
+import { readFile, writeFile, stat } from 'node:fs/promises';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+export const RC_PATH = join(homedir(), '.bukkurc');
+/**
+ * Read ~/.bukkurc INI-format file into a key-value record.
+ * Returns empty object if file doesn't exist.
+ */
+export async function readRc() {
+    let content;
+    try {
+        content = await readFile(RC_PATH, 'utf-8');
+    }
+    catch (err) {
+        if (err.code === 'ENOENT') {
+            return {};
+        }
+        throw err;
+    }
+    const result = {};
+    for (const line of content.split('\n')) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#'))
+            continue;
+        const eqIndex = trimmed.indexOf('=');
+        if (eqIndex === -1)
+            continue;
+        const key = trimmed.slice(0, eqIndex).trim();
+        const value = trimmed.slice(eqIndex + 1).trim();
+        if (key)
+            result[key] = value;
+    }
+    return result;
+}
+/**
+ * Write a key-value pair to ~/.bukkurc.
+ * Merges with existing content and sets 0o600 permissions.
+ */
+export async function writeRc(key, value) {
+    const existing = await readRc();
+    existing[key] = value;
+    const lines = Object.entries(existing).map(([k, v]) => `${k} = ${v}`);
+    await writeFile(RC_PATH, lines.join('\n') + '\n', { mode: 0o600 });
+}
+/**
+ * Check that ~/.bukkurc has 0o600 permissions.
+ * Returns ok=true if file doesn't exist or on Windows.
+ */
+export async function checkPermissions() {
+    if (process.platform === 'win32') {
+        return { ok: true, mode: '0600' };
+    }
+    try {
+        const st = await stat(RC_PATH);
+        const mode = st.mode & 0o777;
+        const modeStr = '0' + mode.toString(8);
+        return { ok: mode === 0o600, mode: modeStr };
+    }
+    catch (err) {
+        if (err.code === 'ENOENT') {
+            return { ok: true, mode: '0000' };
+        }
+        throw err;
+    }
+}

package/build/index.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=index.d.ts.map

package/build/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}