@cognite/dune 0.1.2 → 0.2.1

package/bin/auth/client-credentials.js

@@ -0,0 +1,240 @@
+/**
+ * Extract cluster name from BASE_URL
+ * @param {string} url - Full URL like "https://aw-dub-gp-001.cognitedata.com"
+ * @returns {string} Cluster name like "aw-dub-gp-001"
+ */
+function extractClusterFromUrl(url) {
+  if (!url) return "";
+
+  try {
+    const urlObj = new URL(url);
+    const hostname = urlObj.hostname;
+    // Remove .cognitedata.com suffix
+    return hostname.replace(/\.cognitedata\.com$/, "");
+  } catch (error) {
+    // Fallback to simple string manipulation
+    let cluster = url.replace(/^https?:\/\//, "");
+    cluster = cluster.split("/")[0]; // Remove path
+    cluster = cluster.split(":")[0]; // Remove port
+    cluster = cluster.replace(/\.cognitedata\.com$/, "");
+    return cluster;
+  }
+}
+
+/**
+ * Client Credentials Authentication
+ *
+ * Handles authentication using OAuth2 client credentials flow for CI/CD environments.
+ * Supports both CDF and Entra ID authentication providers.
+ */
+
+// biome-ignore lint/complexity/noStaticOnlyClass: <explanation>
+export class ClientCredentialsAuth {
+  /**
+   * Get access token using client credentials (CDF provider)
+   * @param {string} clientId - OAuth client ID
+   * @param {string} clientSecret - OAuth client secret
+   * @returns {Promise<string>} Access token
+   */
+  static async getTokenCdf(clientId, clientSecret) {
+    if (!clientId || !clientSecret) {
+      throw new Error("CLIENT_ID and CLIENT_SECRET must be provided");
+    }
+
+    const credentials = Buffer.from(`${clientId}:${clientSecret}`).toString("base64");
+    const header = `Basic ${credentials}`;
+
+    console.log("🔑 Authenticating with CDF client credentials...");
+
+    try {
+      const response = await fetch("https://auth.cognite.com/oauth2/token", {
+        method: "POST",
+        headers: {
+          Authorization: header,
+          "Content-Type": "application/x-www-form-urlencoded",
+        },
+        body: new URLSearchParams({
+          grant_type: "client_credentials",
+        }),
+      });
+
+      if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(
+          `Authentication failed: ${response.status} ${response.statusText}\n${errorText}`
+        );
+      }
+
+      const data = await response.json();
+
+      if (!data.access_token) {
+        throw new Error("No access token returned from authentication");
+      }
+
+      return data.access_token;
+    } catch (error) {
+      throw new Error(`Failed to authenticate with CDF: ${error.message}`);
+    }
+  }
+
+  /**
+   * Get access token using client credentials (Entra ID provider)
+   * @param {string} clientId - OAuth client ID
+   * @param {string} clientSecret - OAuth client secret
+   * @param {string} tokenUrl - Token endpoint URL
+   * @param {string} scope - OAuth scope
+   * @returns {Promise<string>} Access token
+   */
+  static async getTokenEntra(clientId, clientSecret, tokenUrl, scope) {
+    if (!clientId || !clientSecret || !tokenUrl || !scope) {
+      throw new Error(
+        "CLIENT_ID, CLIENT_SECRET, TOKEN_URL, and SCOPES must be provided for Entra ID"
+      );
+    }
+
+    console.log("🔑 Authenticating with Entra ID client credentials...");
+
+    try {
+      const response = await fetch(tokenUrl, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+        },
+        body: new URLSearchParams({
+          client_id: clientId,
+          client_secret: clientSecret,
+          scope: scope,
+          grant_type: "client_credentials",
+        }),
+      });
+
+      if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(
+          `Authentication failed: ${response.status} ${response.statusText}\n${errorText}`
+        );
+      }
+
+      const data = await response.json();
+
+      if (!data.access_token) {
+        throw new Error("No access token returned from authentication");
+      }
+
+      return data.access_token;
+    } catch (error) {
+      throw new Error(`Failed to authenticate with Entra ID: ${error.message}`);
+    }
+  }
+
+  /**
+   * Get access token using the configured provider
+   * @param {Object} config - Authentication configuration
+   * @param {string} config.provider - Provider type ('cdf' or 'entra')
+   * @param {string} config.clientId - OAuth client ID
+   * @param {string} config.clientSecret - OAuth client secret
+   * @param {string} [config.tenantId] - Tenant ID (required for Entra)
+   * @param {string} [config.tokenUrl] - Token URL (optional for Entra, will be auto-generated)
+   * @param {string} [config.scopes] - OAuth scopes (optional for Entra, will be auto-generated)
+   * @param {string} [config.cluster] - CDF cluster (used for auto-generating scope)
+   * @returns {Promise<string>} Access token
+   */
+  static async getToken(config) {
+    const provider = (config.provider || "cdf").toLowerCase();
+
+    if (provider === "cdf") {
+      return ClientCredentialsAuth.getTokenCdf(config.clientId, config.clientSecret);
+    }
+    if (provider === "entra") {
+      const tokenUrl = ClientCredentialsAuth.buildEntraTokenUrl(config.tenantId, config.tokenUrl);
+      const scope = ClientCredentialsAuth.buildEntraScope(config.cluster, config.scopes);
+
+      return ClientCredentialsAuth.getTokenEntra(
+        config.clientId,
+        config.clientSecret,
+        tokenUrl,
+        scope
+      );
+    }
+    throw new Error(`Unsupported provider: ${provider}. Supported providers: 'cdf', 'entra'`);
+  }
+
+  /**
+   * Build Entra ID token URL
+   * @param {string} tenantId - Tenant ID
+   * @param {string} [tokenUrl] - Optional token URL override
+   * @returns {string} Token URL
+   */
+  static buildEntraTokenUrl(tenantId, tokenUrl) {
+    if (tokenUrl) {
+      return tokenUrl;
+    }
+
+    if (!tenantId) {
+      throw new Error("TENANT_ID is required for Entra ID authentication (or provide TOKEN_URL)");
+    }
+
+    return `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`;
+  }
+
+  /**
+   * Build Entra ID scope
+   * @param {string} cluster - CDF cluster name (e.g., "aw-dub-gp-001")
+   * @param {string} [scopes] - Optional scopes override
+   * @returns {string} Scope
+   */
+  static buildEntraScope(cluster, scopes) {
+    if (scopes) return scopes;
+
+    if (!cluster) {
+      throw new Error(
+        "Cluster information is required to auto-generate scopes (or provide SCOPES)"
+      );
+    }
+
+    return `https://${cluster}.cognitedata.com/.default`;
+  }
+
+  /**
+   * Load credentials from environment variables
+   * @returns {Object} Configuration object with provider and credentials
+   */
+  static loadFromEnv() {
+    const provider = (process.env.PROVIDER || "cdf").toLowerCase();
+    const clientId = process.env.CLIENT_ID;
+    const clientSecret = process.env.CLIENT_SECRET;
+
+    if (!clientId || !clientSecret) {
+      throw new Error(
+        "Missing required environment variables: CLIENT_ID and CLIENT_SECRET must be set"
+      );
+    }
+
+    const config = {
+      provider,
+      clientId,
+      clientSecret,
+    };
+
+    // Load provider-specific configuration
+    if (provider === "entra") {
+      config.tenantId = process.env.TENANT_ID;
+      config.tokenUrl = process.env.TOKEN_URL;
+      config.scopes = process.env.SCOPES;
+
+      // Validate required fields
+      if (!config.tenantId && !config.tokenUrl) {
+        throw new Error("For Entra ID provider, either TENANT_ID or TOKEN_URL must be set");
+      }
+
+      // Extract cluster from BASE_URL for scope generation
+      if (process.env.BASE_URL) {
+        config.cluster = extractClusterFromUrl(process.env.BASE_URL);
+      } else if (!config.scopes) {
+        throw new Error("For Entra ID provider, either BASE_URL or SCOPES must be set");
+      }
+    }
+
+    return config;
+  }
+}

package/bin/auth/oauth-client.js

@@ -0,0 +1,92 @@
+/**
+ * OAuth 2.0 / OIDC Client
+ *
+ * Handles OAuth 2.0 authentication flow with PKCE for CDF.
+ */
+
+export class OAuthClient {
+  /**
+   * @param {Object} config - OAuth configuration
+   * @param {string} config.clientId - OAuth client ID
+   * @param {string} config.authority - OAuth authority URL
+   * @param {string} config.redirectUri - OAuth redirect URI
+   */
+  constructor(config) {
+    this.config = config;
+  }
+
+  /**
+   * Fetch OpenID Connect configuration from authority
+   * @returns {Promise<Object>} OpenID configuration including endpoints
+   * @throws {Error} If configuration fetch fails
+   */
+  async fetchOpenIdConfiguration() {
+    const url = `${this.config.authority}/.well-known/openid-configuration`;
+    const response = await fetch(url);
+
+    if (!response.ok) {
+      throw new Error(`Failed to fetch OpenID configuration: ${response.statusText}`);
+    }
+
+    return response.json();
+  }
+
+  /**
+   * Exchange authorization code for access tokens
+   * @param {string} tokenEndpoint - Token endpoint URL
+   * @param {string} code - Authorization code
+   * @param {string} codeVerifier - PKCE code verifier
+   * @returns {Promise<Object>} Token response with access_token
+   * @throws {Error} If token exchange fails
+   */
+  async exchangeCodeForTokens(tokenEndpoint, code, codeVerifier) {
+    const params = new URLSearchParams({
+      grant_type: "authorization_code",
+      client_id: this.config.clientId,
+      code: code,
+      redirect_uri: this.config.redirectUri,
+      code_verifier: codeVerifier,
+    });
+
+    const response = await fetch(tokenEndpoint, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+      },
+      body: params.toString(),
+    });
+
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Token exchange failed: ${error}`);
+    }
+
+    return response.json();
+  }
+
+  /**
+   * Build authorization URL with PKCE parameters
+   * @param {string} authorizationEndpoint - Authorization endpoint URL
+   * @param {string} codeChallenge - PKCE code challenge
+   * @param {string} state - CSRF protection state
+   * @param {string} [organization] - Optional organization hint
+   * @returns {string} Complete authorization URL
+   */
+  buildAuthorizationUrl(authorizationEndpoint, codeChallenge, state, organization) {
+    const params = new URLSearchParams({
+      client_id: this.config.clientId,
+      redirect_uri: this.config.redirectUri,
+      response_type: "code",
+      scope: "openid profile email",
+      state: state,
+      code_challenge: codeChallenge,
+      code_challenge_method: "S256",
+    });
+
+    if (organization) {
+      params.append("organization_hint", organization);
+    }
+
+    return `${authorizationEndpoint}?${params.toString()}`;
+  }
+}

package/bin/cli.js

@@ -18,11 +18,25 @@ async function main() {
     try {
       const enquirer = await import("enquirer");
 
+      // Track the app name from prompts
+      let appName = null;
+
       await runner(hygenArgs, {
         templates: defaultTemplates,
         cwd: process.cwd(),
         logger: new Logger(console.log.bind(console)),
-        createPrompter: () => enquirer.default,
+        createPrompter: () => {
+          // Wrap enquirer to capture the app name
+          return {
+            prompt: async (prompts) => {
+              const result = await enquirer.default.prompt(prompts);
+              if (result.name) {
+                appName = result.name;
+              }
+              return result;
+            },
+          };
+        },
         exec: async (action, body) => {
           const { execa } = await import("execa");
           const opts = body && body.length > 0 ? { input: body } : {};
@@ -30,10 +44,32 @@ async function main() {
         },
         debug: !!process.env.DEBUG,
       });
+
+      // Print success message with next steps
+      console.log(`
+✅ App created successfully!
+
+To open in Cursor:
+  cursor ${appName || "your-app"}
+Or:
+  cd ${appName || "your-app"}
+  pnpm install
+  pnpm dev
+
+To deploy your app:
+  cd ${appName || "your-app"}
+  npx @cognite/dune deploy:interactive
+`);
     } catch (error) {
       console.error("Error:", error.message);
       process.exit(1);
     }
+  } else if (command === "deploy") {
+    const { handleDeploy } = await import("./deploy-command.js");
+    await handleDeploy(args.slice(1));
+  } else if (command === "deploy:interactive") {
+    const { handleDeployInteractive } = await import("./deploy-interactive-command.js");
+    await handleDeployInteractive(args.slice(1));
   } else if (command === "help" || command === "--help" || command === "-h") {
     console.log(`
 @cognite/dune - Build and deploy React apps to Cognite Data Fusion
@@ -42,12 +78,16 @@ Usage:
   npx @cognite/dune [command]
 
 Commands:
-  create, new    Create a new Dune application (default)
-  help           Show this help message
+  create, new        Create a new Dune application (default)
+  deploy             Build and deploy using environment credentials
+  deploy:interactive Build and deploy with browser-based login
+  help               Show this help message
 
 Examples:
-  npx @cognite/dune              # Create a new app (interactive)
-  npx @cognite/dune create       # Create a new app (interactive)
+  npx @cognite/dune                    # Create a new app (interactive)
+  npx @cognite/dune create             # Create a new app (interactive)
+  npx @cognite/dune deploy             # Deploy with env credentials
+  npx @cognite/dune deploy:interactive # Deploy with browser login
 
 For programmatic usage:
   import { DuneAuthProvider, useDune } from "@cognite/dune/auth"

package/bin/deploy-command.js

@@ -0,0 +1,246 @@
+import { execSync } from "node:child_process";
+import { existsSync, readFileSync, unlinkSync } from "node:fs";
+import { resolve } from "node:path";
+
+/**
+ * Generate Fusion app URL
+ */
+function generateFusionUrl(deployment, appExternalId, versionTag) {
+  const { org, project, baseUrl } = deployment;
+  const cluster = baseUrl?.split("//")[1];
+
+  if (!org || !project || !cluster) {
+    return null;
+  }
+
+  return `https://${org}.fusion.cognite.com/${project}/streamlit-apps/dune/${appExternalId}-${versionTag}?cluster=${cluster}&workspace=industrial-tools`;
+}
+
+/**
+ * Load app.json from a directory
+ */
+function loadAppConfig(appDir) {
+  const configPath = resolve(appDir, "app.json");
+  if (!existsSync(configPath)) {
+    return null;
+  }
+  try {
+    return JSON.parse(readFileSync(configPath, "utf-8"));
+  } catch (error) {
+    console.error(`Error parsing app.json: ${error.message}`);
+    return null;
+  }
+}
+
+/**
+ * Load .env file from a directory
+ */
+function loadEnvFile(dir) {
+  const envPath = resolve(dir, ".env");
+  if (existsSync(envPath)) {
+    console.log(`Loading environment variables from ${envPath}`);
+    const envContent = readFileSync(envPath, "utf-8");
+    envContent.split("\n").forEach((line) => {
+      const trimmedLine = line.trim();
+      if (!trimmedLine || trimmedLine.startsWith("#")) {
+        return;
+      }
+      const match = trimmedLine.match(/^([^=]+)=(.*)$/);
+      if (match) {
+        const key = match[1].trim();
+        const value = match[2].trim().replace(/^["']|["']$/g, "");
+        process.env[key] = value;
+      }
+    });
+  }
+}
+
+/**
+ * Detect the package manager being used
+ */
+function detectPackageManager(appDir) {
+  if (existsSync(resolve(appDir, "pnpm-lock.yaml"))) return "pnpm";
+  if (existsSync(resolve(appDir, "yarn.lock"))) return "yarn";
+  if (existsSync(resolve(appDir, "bun.lockb"))) return "bun";
+  return "npm";
+}
+
+/**
+ * Build the app
+ */
+function buildApp(appDir, verbose = true) {
+  const pm = detectPackageManager(appDir);
+  console.log(`📦 Building app with ${pm}...`);
+
+  execSync(`${pm} run build`, {
+    cwd: appDir,
+    stdio: verbose ? "inherit" : "pipe",
+  });
+
+  console.log("✅ Build successful");
+}
+
+/**
+ * Print deploy help message
+ */
+function printHelp() {
+  console.log(`
+Deploy your Dune app to Cognite Data Fusion
+
+Usage:
+  npx @cognite/dune deploy [options]
+
+Options:
+  --deployment, -d <target>   Deployment target (index or project name)
+  --skip-build                Skip the build step
+  --help, -h                  Show this help message
+
+Environment:
+  The deploy command requires authentication credentials to be set via
+  environment variables. Set the secret specified in deploySecretName
+  in your app.json, or use a .env file.
+
+Examples:
+  npx @cognite/dune deploy                      # Deploy to first deployment target
+  npx @cognite/dune deploy -d 1                 # Deploy to second deployment target
+  npx @cognite/dune deploy -d my-project        # Deploy to project by name
+  npx @cognite/dune deploy --skip-build         # Deploy without rebuilding
+`);
+}
+
+/**
+ * Deploy command handler
+ */
+export async function handleDeploy(args) {
+  // Check for help first, before any other operations
+  if (args.includes("--help") || args.includes("-h")) {
+    printHelp();
+    process.exit(0);
+  }
+
+  const cwd = process.cwd();
+
+  // Load .env file if present
+  loadEnvFile(cwd);
+
+  // Load app.json
+  const appConfig = loadAppConfig(cwd);
+  if (!appConfig) {
+    console.error("❌ No app.json found in current directory");
+    console.error("Make sure you're running this command from your app's root directory.");
+    process.exit(1);
+  }
+
+  if (!appConfig.deployments || appConfig.deployments.length === 0) {
+    console.error("❌ No deployments configured in app.json");
+    process.exit(1);
+  }
+
+  // Parse arguments
+  let deploymentIndex = 0;
+  let skipBuild = false;
+
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+    if (arg === "--deployment" || arg === "-d") {
+      const value = args[++i];
+      if (value === undefined) {
+        console.error("❌ --deployment requires a value (index or project name)");
+        process.exit(1);
+      }
+      // Try to parse as index first
+      const idx = Number.parseInt(value, 10);
+      if (!Number.isNaN(idx)) {
+        deploymentIndex = idx;
+      } else {
+        // Search by project name
+        const found = appConfig.deployments.findIndex(
+          (d) => d.project === value || `${d.org}/${d.project}` === value
+        );
+        if (found === -1) {
+          console.error(`❌ No deployment found for project: ${value}`);
+          console.log("Available deployments:");
+          appConfig.deployments.forEach((d, i) => {
+            console.log(`  ${i}: ${d.org}/${d.project}`);
+          });
+          process.exit(1);
+        }
+        deploymentIndex = found;
+      }
+    } else if (arg === "--skip-build") {
+      skipBuild = true;
+    }
+  }
+
+  // Validate deployment index
+  if (deploymentIndex < 0 || deploymentIndex >= appConfig.deployments.length) {
+    console.error(`❌ Invalid deployment index: ${deploymentIndex}`);
+    console.log(`Available deployments (0-${appConfig.deployments.length - 1}):`);
+    appConfig.deployments.forEach((d, i) => {
+      console.log(`  ${i}: ${d.org}/${d.project}`);
+    });
+    process.exit(1);
+  }
+
+  const deployment = appConfig.deployments[deploymentIndex];
+
+  console.log("\n🚀 Dune Deploy");
+  console.log("================");
+  console.log(`App: ${appConfig.name} (${appConfig.externalId})`);
+  console.log(`Version: ${appConfig.versionTag}`);
+  console.log(`Target: ${deployment.org}/${deployment.project}`);
+  console.log();
+
+  // Build the app
+  if (!skipBuild) {
+    try {
+      buildApp(cwd);
+    } catch (error) {
+      console.error("❌ Build failed:", error.message);
+      process.exit(1);
+    }
+  }
+
+  // Import deploy function and deploy
+  try {
+    const { deploy } = await import("../dist/deploy/index.js");
+
+    console.log(`\n📤 Deploying to ${deployment.org}/${deployment.project}...`);
+
+    await deploy(
+      deployment,
+      {
+        externalId: appConfig.externalId,
+        name: appConfig.name,
+        description: appConfig.description,
+        versionTag: appConfig.versionTag,
+      },
+      cwd
+    );
+
+    console.log(
+      `\n✅ Successfully deployed ${appConfig.name} to ${deployment.org}/${deployment.project}`
+    );
+
+    if (deployment.published) {
+      console.log("🌐 App is published and available to all users");
+    } else {
+      console.log("🔒 App is deployed in draft mode");
+    }
+
+    // Generate and display the app URL
+    const appUrl = generateFusionUrl(deployment, appConfig.externalId, appConfig.versionTag);
+    if (appUrl) {
+      console.log(`\n🔗 Open your app:\n   ${appUrl}`);
+    }
+
+    process.exit(0);
+  } catch (error) {
+    console.error("\n❌ Deployment failed:", error.message);
+    if (error.message.includes("secret not found")) {
+      console.log(`\nMake sure the environment variable "${deployment.deploySecretName}" is set.`);
+      console.log("You can set it in a .env file in your app's root directory.");
+    }
+    process.exit(1);
+  }
+}