@dishantlangayan/sc-cli-core 0.1.1 → 0.2.0

package/lib/auth/auth-encryption.d.ts

@@ -0,0 +1,40 @@
+import { type BrokerAuthStorage, type EncryptedData } from './auth-types.js';
+/**
+ * Encryption utility for broker authentication storage
+ * Uses AES-256-GCM for authenticated encryption
+ */
+export declare class BrokerAuthEncryption {
+    private static readonly ALGORITHM;
+    private static readonly DIGEST;
+    private static readonly ITERATIONS;
+    private static readonly IV_LENGTH;
+    private static readonly KEY_LENGTH;
+    private static readonly SALT_LENGTH;
+    private static readonly TAG_LENGTH;
+    /**
+     * Decrypt broker storage data
+     * @param encryptedData - Encrypted data to decrypt
+     * @param key - Decryption key
+     * @returns Decrypted broker storage
+     */
+    static decrypt(encryptedData: EncryptedData, key: Buffer): Promise<BrokerAuthStorage>;
+    /**
+     * Derive encryption key from password using PBKDF2
+     * @param password - User password
+     * @param salt - Salt for key derivation
+     * @returns Derived encryption key
+     */
+    static deriveKey(password: string, salt: Buffer): Promise<Buffer>;
+    /**
+     * Encrypt broker storage data
+     * @param data - Broker storage to encrypt
+     * @param key - Encryption key
+     * @returns Encrypted data with metadata
+     */
+    static encrypt(data: BrokerAuthStorage, key: Buffer): Promise<EncryptedData>;
+    /**
+     * Generate cryptographically secure random salt
+     * @returns Random salt buffer
+     */
+    static generateSalt(): Buffer;
+}

package/lib/auth/auth-encryption.js

@@ -0,0 +1,106 @@
+import { createCipheriv, createDecipheriv, pbkdf2, randomBytes } from 'node:crypto';
+import { promisify } from 'node:util';
+import { BrokerAuthError, BrokerAuthErrorCode } from './auth-types.js';
+const pbkdf2Async = promisify(pbkdf2);
+/**
+ * Encryption utility for broker authentication storage
+ * Uses AES-256-GCM for authenticated encryption
+ */
+export class BrokerAuthEncryption {
+    static ALGORITHM = 'aes-256-gcm';
+    static DIGEST = 'sha256';
+    static ITERATIONS = 100_000; // OWASP recommended minimum for PBKDF2
+    static IV_LENGTH = 16;
+    static KEY_LENGTH = 32; // 256 bits
+    static SALT_LENGTH = 32;
+    static TAG_LENGTH = 16;
+    /**
+     * Decrypt broker storage data
+     * @param encryptedData - Encrypted data to decrypt
+     * @param key - Decryption key
+     * @returns Decrypted broker storage
+     */
+    static async decrypt(encryptedData, key) {
+        try {
+            // Parse metadata and buffers
+            const iv = Buffer.from(encryptedData.iv, 'base64');
+            const authTag = Buffer.from(encryptedData.authTag, 'base64');
+            // Create decipher
+            const decipher = createDecipheriv(this.ALGORITHM, key, iv);
+            decipher.setAuthTag(authTag);
+            // Decrypt data
+            let decrypted = decipher.update(encryptedData.encryptedContent, 'base64', 'utf8');
+            decrypted += decipher.final('utf8');
+            // Parse JSON
+            const storage = JSON.parse(decrypted);
+            return storage;
+        }
+        catch (error) {
+            throw new BrokerAuthError('Failed to decrypt broker storage. The password may be incorrect or the file may be corrupted.', BrokerAuthErrorCode.DECRYPTION_FAILED, error);
+        }
+    }
+    /**
+     * Derive encryption key from password using PBKDF2
+     * @param password - User password
+     * @param salt - Salt for key derivation
+     * @returns Derived encryption key
+     */
+    static async deriveKey(password, salt) {
+        try {
+            if (!password || password.length === 0) {
+                throw new BrokerAuthError('Password cannot be empty', BrokerAuthErrorCode.INVALID_PASSWORD);
+            }
+            return await pbkdf2Async(password, salt, this.ITERATIONS, this.KEY_LENGTH, this.DIGEST);
+        }
+        catch (error) {
+            if (error instanceof BrokerAuthError) {
+                throw error;
+            }
+            throw new BrokerAuthError('Failed to derive encryption key', BrokerAuthErrorCode.ENCRYPTION_FAILED, error);
+        }
+    }
+    /**
+     * Encrypt broker storage data
+     * @param data - Broker storage to encrypt
+     * @param key - Encryption key
+     * @returns Encrypted data with metadata
+     */
+    static async encrypt(data, key) {
+        try {
+            // Generate random IV
+            const iv = randomBytes(this.IV_LENGTH);
+            // Create cipher
+            const cipher = createCipheriv(this.ALGORITHM, key, iv);
+            // Encrypt data
+            const plaintext = JSON.stringify(data);
+            let encrypted = cipher.update(plaintext, 'utf8', 'base64');
+            encrypted += cipher.final('base64');
+            // Get authentication tag
+            const authTag = cipher.getAuthTag();
+            // Generate new salt for next key derivation
+            const salt = this.generateSalt();
+            return {
+                authTag: authTag.toString('base64'),
+                encryptedContent: encrypted,
+                iv: iv.toString('base64'),
+                metadata: {
+                    algorithm: this.ALGORITHM,
+                    iterations: this.ITERATIONS,
+                    keyDerivation: 'pbkdf2',
+                    saltLength: this.SALT_LENGTH,
+                },
+                salt: salt.toString('base64'),
+            };
+        }
+        catch (error) {
+            throw new BrokerAuthError('Failed to encrypt broker storage', BrokerAuthErrorCode.ENCRYPTION_FAILED, error);
+        }
+    }
+    /**
+     * Generate cryptographically secure random salt
+     * @returns Random salt buffer
+     */
+    static generateSalt() {
+        return randomBytes(this.SALT_LENGTH);
+    }
+}

package/lib/auth/auth-manager.d.ts

@@ -0,0 +1,95 @@
+import { ScConnection } from '../util/sc-connection.js';
+import { type BrokerAuth } from './auth-types.js';
+/**
+ * Manager for broker authentication storage
+ * Handles encrypted storage of broker credentials
+ */
+export declare class BrokerAuthManager {
+    private static instance;
+    private readonly configDir;
+    private readonly configFile;
+    private currentPassword;
+    private encryptionKey;
+    private storage;
+    private constructor();
+    /**
+     * Get singleton instance
+     */
+    static getInstance(): BrokerAuthManager;
+    /**
+     * Add a new broker configuration
+     * @param broker - Broker authentication configuration
+     */
+    addBroker(broker: BrokerAuth): Promise<void>;
+    /**
+     * Check if broker exists
+     * @param name - Broker name
+     * @returns true if broker exists
+     */
+    brokerExists(name: string): Promise<boolean>;
+    /**
+     * Clear all broker configurations
+     */
+    clearAll(): Promise<void>;
+    /**
+     * Create ScConnection instance from stored broker config
+     * @param brokerName - Name of the broker to connect to
+     * @param timeout - Optional timeout override
+     * @returns Configured ScConnection instance
+     */
+    createConnection(brokerName: string, timeout?: number): Promise<ScConnection>;
+    /**
+     * Get all broker configurations
+     * @returns Array of all broker configurations
+     */
+    getAllBrokers(): Promise<BrokerAuth[]>;
+    /**
+     * Get broker configuration by name
+     * @param name - Broker name/alias
+     * @returns Broker configuration or null if not found
+     */
+    getBroker(name: string): Promise<BrokerAuth | null>;
+    /**
+     * Initialize the auth manager with encryption key
+     * @param password - Password to derive encryption key
+     */
+    initialize(password: string): Promise<void>;
+    /**
+     * List all broker names
+     * @returns Array of broker names
+     */
+    listBrokers(): Promise<string[]>;
+    /**
+     * Remove broker configuration
+     * @param name - Broker name to remove
+     */
+    removeBroker(name: string): Promise<void>;
+    /**
+     * Update existing broker configuration
+     * @param name - Broker name to update
+     * @param updates - Partial updates to apply
+     */
+    updateBroker(name: string, updates: Partial<Omit<BrokerAuth, 'name'>>): Promise<void>;
+    /**
+     * Ensure manager is initialized
+     */
+    private ensureInitialized;
+    /**
+     * Check if config file exists
+     */
+    private fileExists;
+    /**
+     * Load storage from encrypted file
+     * @param password - Password to decrypt
+     */
+    private loadStorage;
+    /**
+     * Save storage to encrypted file
+     */
+    private saveStorage;
+    /**
+     * Validate broker configuration
+     * @param broker - Broker to validate
+     */
+    private validateBroker;
+}

package/lib/auth/auth-manager.js

@@ -0,0 +1,293 @@
+import { mkdir, readFile, rename, unlink, writeFile } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { ScConnection } from '../util/sc-connection.js';
+import { BrokerAuthEncryption } from './auth-encryption.js';
+import { AuthType, BrokerAuthError, BrokerAuthErrorCode, } from './auth-types.js';
+/**
+ * Manager for broker authentication storage
+ * Handles encrypted storage of broker credentials
+ */
+export class BrokerAuthManager {
+    static instance = null;
+    configDir;
+    configFile;
+    currentPassword = null;
+    encryptionKey = null;
+    storage = null;
+    constructor() {
+        const homeDirectory = homedir();
+        this.configDir = join(homeDirectory, '.sc');
+        this.configFile = join(this.configDir, 'brokers.json');
+    }
+    /**
+     * Get singleton instance
+     */
+    static getInstance() {
+        if (!BrokerAuthManager.instance) {
+            BrokerAuthManager.instance = new BrokerAuthManager();
+        }
+        return BrokerAuthManager.instance;
+    }
+    /**
+     * Add a new broker configuration
+     * @param broker - Broker authentication configuration
+     */
+    async addBroker(broker) {
+        this.ensureInitialized();
+        // Validate broker
+        this.validateBroker(broker);
+        // Check if broker already exists
+        const existing = this.storage.brokers.find((b) => b.name === broker.name);
+        if (existing) {
+            throw new BrokerAuthError(`Broker '${broker.name}' already exists`, BrokerAuthErrorCode.BROKER_ALREADY_EXISTS);
+        }
+        // Add broker
+        this.storage.brokers.push(broker);
+        // Save to file
+        await this.saveStorage();
+    }
+    /**
+     * Check if broker exists
+     * @param name - Broker name
+     * @returns true if broker exists
+     */
+    async brokerExists(name) {
+        this.ensureInitialized();
+        return this.storage.brokers.some((b) => b.name === name);
+    }
+    /**
+     * Clear all broker configurations
+     */
+    async clearAll() {
+        this.ensureInitialized();
+        this.storage.brokers = [];
+        await this.saveStorage();
+    }
+    /**
+     * Create ScConnection instance from stored broker config
+     * @param brokerName - Name of the broker to connect to
+     * @param timeout - Optional timeout override
+     * @returns Configured ScConnection instance
+     */
+    async createConnection(brokerName, timeout = 10_000) {
+        this.ensureInitialized();
+        const broker = await this.getBroker(brokerName);
+        if (!broker) {
+            throw new BrokerAuthError(`Broker '${brokerName}' not found`, BrokerAuthErrorCode.BROKER_NOT_FOUND);
+        }
+        const baseURL = `${broker.sempEndpoint}:${broker.sempPort}`;
+        const accessToken = broker.authType === AuthType.OAUTH ? broker.accessToken : broker.encodedCredentials;
+        const isBasic = broker.authType === AuthType.BASIC;
+        return new ScConnection(baseURL, accessToken, timeout, isBasic);
+    }
+    /**
+     * Get all broker configurations
+     * @returns Array of all broker configurations
+     */
+    async getAllBrokers() {
+        this.ensureInitialized();
+        return [...this.storage.brokers];
+    }
+    /**
+     * Get broker configuration by name
+     * @param name - Broker name/alias
+     * @returns Broker configuration or null if not found
+     */
+    async getBroker(name) {
+        this.ensureInitialized();
+        const broker = this.storage.brokers.find((b) => b.name === name);
+        return broker ?? null;
+    }
+    /**
+     * Initialize the auth manager with encryption key
+     * @param password - Password to derive encryption key
+     */
+    async initialize(password) {
+        try {
+            // Store password for re-encryption
+            this.currentPassword = password;
+            // Try to load existing storage
+            const fileExists = await this.fileExists();
+            if (fileExists) {
+                // Load existing file and derive key from stored salt
+                await this.loadStorage(password);
+            }
+            else {
+                // Create new storage with new salt
+                const salt = BrokerAuthEncryption.generateSalt();
+                this.encryptionKey = await BrokerAuthEncryption.deriveKey(password, salt);
+                this.storage = {
+                    brokers: [],
+                    version: '1.0.0',
+                };
+            }
+        }
+        catch (error) {
+            if (error instanceof BrokerAuthError) {
+                throw error;
+            }
+            throw new BrokerAuthError('Failed to initialize broker auth manager', BrokerAuthErrorCode.NOT_INITIALIZED, error);
+        }
+    }
+    /**
+     * List all broker names
+     * @returns Array of broker names
+     */
+    async listBrokers() {
+        this.ensureInitialized();
+        return this.storage.brokers.map((b) => b.name);
+    }
+    /**
+     * Remove broker configuration
+     * @param name - Broker name to remove
+     */
+    async removeBroker(name) {
+        this.ensureInitialized();
+        const index = this.storage.brokers.findIndex((b) => b.name === name);
+        if (index === -1) {
+            throw new BrokerAuthError(`Broker '${name}' not found`, BrokerAuthErrorCode.BROKER_NOT_FOUND);
+        }
+        // Remove broker
+        this.storage.brokers.splice(index, 1);
+        // Save to file
+        await this.saveStorage();
+    }
+    /**
+     * Update existing broker configuration
+     * @param name - Broker name to update
+     * @param updates - Partial updates to apply
+     */
+    async updateBroker(name, updates) {
+        this.ensureInitialized();
+        const index = this.storage.brokers.findIndex((b) => b.name === name);
+        if (index === -1) {
+            throw new BrokerAuthError(`Broker '${name}' not found`, BrokerAuthErrorCode.BROKER_NOT_FOUND);
+        }
+        // Merge updates
+        const updated = {
+            ...this.storage.brokers[index],
+            ...updates,
+            name, // Ensure name doesn't change
+        };
+        // Validate updated broker
+        this.validateBroker(updated);
+        // Update broker
+        this.storage.brokers[index] = updated;
+        // Save to file
+        await this.saveStorage();
+    }
+    /**
+     * Ensure manager is initialized
+     */
+    ensureInitialized() {
+        if (!this.encryptionKey || !this.storage) {
+            throw new BrokerAuthError('BrokerAuthManager not initialized. Call initialize() first.', BrokerAuthErrorCode.NOT_INITIALIZED);
+        }
+    }
+    /**
+     * Check if config file exists
+     */
+    async fileExists() {
+        try {
+            await readFile(this.configFile);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Load storage from encrypted file
+     * @param password - Password to decrypt
+     */
+    async loadStorage(password) {
+        try {
+            const fileContent = await readFile(this.configFile, 'utf8');
+            const encryptedData = JSON.parse(fileContent);
+            // Derive key from password and stored salt
+            const salt = Buffer.from(encryptedData.salt, 'base64');
+            this.encryptionKey = await BrokerAuthEncryption.deriveKey(password, salt);
+            // Decrypt storage
+            this.storage = await BrokerAuthEncryption.decrypt(encryptedData, this.encryptionKey);
+        }
+        catch (error) {
+            if (error instanceof BrokerAuthError) {
+                throw error;
+            }
+            throw new BrokerAuthError('Failed to load broker storage', BrokerAuthErrorCode.FILE_READ_ERROR, error);
+        }
+    }
+    /**
+     * Save storage to encrypted file
+     */
+    async saveStorage() {
+        try {
+            if (!this.currentPassword) {
+                throw new BrokerAuthError('Password not set', BrokerAuthErrorCode.NOT_INITIALIZED);
+            }
+            // Ensure directory exists
+            await mkdir(this.configDir, { mode: 0o700, recursive: true });
+            // Encrypt data
+            const encrypted = await BrokerAuthEncryption.encrypt(this.storage, this.encryptionKey);
+            // Re-derive key with new salt for next save
+            const newSalt = Buffer.from(encrypted.salt, 'base64');
+            this.encryptionKey = await BrokerAuthEncryption.deriveKey(this.currentPassword, newSalt);
+            // Write to temp file first (atomic write)
+            const jsonData = JSON.stringify(encrypted, null, 2);
+            const tempFile = `${this.configFile}.tmp`;
+            await writeFile(tempFile, jsonData, { mode: 0o600 });
+            // Atomic rename
+            await rename(tempFile, this.configFile);
+            // Set restrictive permissions (Unix only)
+            if (process.platform !== 'win32') {
+                // Already set via writeFile mode option
+            }
+        }
+        catch (error) {
+            // Clean up temp file if it exists
+            try {
+                await unlink(`${this.configFile}.tmp`);
+            }
+            catch {
+                // Ignore cleanup errors
+            }
+            if (error instanceof BrokerAuthError) {
+                throw error;
+            }
+            throw new BrokerAuthError('Failed to save broker storage', BrokerAuthErrorCode.FILE_WRITE_ERROR, error);
+        }
+    }
+    /**
+     * Validate broker configuration
+     * @param broker - Broker to validate
+     */
+    validateBroker(broker) {
+        // Validate name
+        if (!broker.name || broker.name.trim() === '') {
+            throw new BrokerAuthError('Broker name is required', BrokerAuthErrorCode.INVALID_NAME);
+        }
+        // Validate endpoint
+        if (!broker.sempEndpoint || !(broker.sempEndpoint.startsWith('http://') || broker.sempEndpoint.startsWith('https://'))) {
+            throw new BrokerAuthError('SEMP endpoint must start with http:// or https://', BrokerAuthErrorCode.INVALID_ENDPOINT);
+        }
+        // Validate port
+        if (broker.sempPort < 1 || broker.sempPort > 65_535) {
+            throw new BrokerAuthError('SEMP port must be between 1 and 65535', BrokerAuthErrorCode.INVALID_PORT);
+        }
+        // Validate auth-specific fields
+        if (broker.authType === AuthType.OAUTH) {
+            if (!broker.accessToken || !broker.clientId) {
+                throw new BrokerAuthError('OAuth brokers require accessToken and clientId', BrokerAuthErrorCode.INVALID_OAUTH_CONFIG);
+            }
+        }
+        else if (broker.authType === AuthType.BASIC) {
+            if (!broker.encodedCredentials) {
+                throw new BrokerAuthError('Basic auth brokers require encodedCredentials', BrokerAuthErrorCode.INVALID_BASIC_CONFIG);
+            }
+        }
+        else {
+            throw new BrokerAuthError('Invalid auth type', BrokerAuthErrorCode.INVALID_AUTH_TYPE);
+        }
+    }
+}

package/lib/auth/auth-types.d.ts

@@ -0,0 +1,89 @@
+/**
+ * Authentication types supported by the broker auth system
+ */
+export declare enum AuthType {
+    BASIC = "basic",
+    OAUTH = "oauth"
+}
+/**
+ * Base broker authentication configuration
+ */
+export interface BrokerAuthBase {
+    authType: AuthType;
+    name: string;
+    sempEndpoint: string;
+    sempPort: number;
+}
+/**
+ * OAuth broker authentication configuration
+ */
+export interface OAuthBrokerAuth extends BrokerAuthBase {
+    accessToken: string;
+    authType: AuthType.OAUTH;
+    clientId: string;
+    refreshToken: string;
+}
+/**
+ * Basic authentication broker configuration
+ */
+export interface BasicBrokerAuth extends BrokerAuthBase {
+    authType: AuthType.BASIC;
+    encodedCredentials: string;
+}
+/**
+ * Union type for broker authentication
+ */
+export type BrokerAuth = BasicBrokerAuth | OAuthBrokerAuth;
+/**
+ * Storage format for broker configurations
+ */
+export interface BrokerAuthStorage {
+    brokers: BrokerAuth[];
+    version: string;
+}
+/**
+ * Encryption metadata stored alongside encrypted data
+ */
+export interface EncryptionMetadata {
+    algorithm: string;
+    iterations: number;
+    keyDerivation: string;
+    saltLength: number;
+}
+/**
+ * Encrypted data structure
+ */
+export interface EncryptedData {
+    authTag: string;
+    encryptedContent: string;
+    iv: string;
+    metadata: EncryptionMetadata;
+    salt: string;
+}
+/**
+ * Error codes for broker auth operations
+ */
+export declare enum BrokerAuthErrorCode {
+    BROKER_ALREADY_EXISTS = "BROKER_ALREADY_EXISTS",
+    BROKER_NOT_FOUND = "BROKER_NOT_FOUND",
+    DECRYPTION_FAILED = "DECRYPTION_FAILED",
+    ENCRYPTION_FAILED = "ENCRYPTION_FAILED",
+    FILE_READ_ERROR = "FILE_READ_ERROR",
+    FILE_WRITE_ERROR = "FILE_WRITE_ERROR",
+    INVALID_AUTH_TYPE = "INVALID_AUTH_TYPE",
+    INVALID_BASIC_CONFIG = "INVALID_BASIC_CONFIG",
+    INVALID_ENDPOINT = "INVALID_ENDPOINT",
+    INVALID_NAME = "INVALID_NAME",
+    INVALID_OAUTH_CONFIG = "INVALID_OAUTH_CONFIG",
+    INVALID_PASSWORD = "INVALID_PASSWORD",
+    INVALID_PORT = "INVALID_PORT",
+    NOT_INITIALIZED = "NOT_INITIALIZED"
+}
+/**
+ * Custom error class for broker authentication operations
+ */
+export declare class BrokerAuthError extends Error {
+    readonly code: BrokerAuthErrorCode;
+    readonly cause?: Error | undefined;
+    constructor(message: string, code: BrokerAuthErrorCode, cause?: Error | undefined);
+}

package/lib/auth/auth-types.js

@@ -0,0 +1,41 @@
+/**
+ * Authentication types supported by the broker auth system
+ */
+export var AuthType;
+(function (AuthType) {
+    AuthType["BASIC"] = "basic";
+    AuthType["OAUTH"] = "oauth";
+})(AuthType || (AuthType = {}));
+/**
+ * Error codes for broker auth operations
+ */
+export var BrokerAuthErrorCode;
+(function (BrokerAuthErrorCode) {
+    BrokerAuthErrorCode["BROKER_ALREADY_EXISTS"] = "BROKER_ALREADY_EXISTS";
+    BrokerAuthErrorCode["BROKER_NOT_FOUND"] = "BROKER_NOT_FOUND";
+    BrokerAuthErrorCode["DECRYPTION_FAILED"] = "DECRYPTION_FAILED";
+    BrokerAuthErrorCode["ENCRYPTION_FAILED"] = "ENCRYPTION_FAILED";
+    BrokerAuthErrorCode["FILE_READ_ERROR"] = "FILE_READ_ERROR";
+    BrokerAuthErrorCode["FILE_WRITE_ERROR"] = "FILE_WRITE_ERROR";
+    BrokerAuthErrorCode["INVALID_AUTH_TYPE"] = "INVALID_AUTH_TYPE";
+    BrokerAuthErrorCode["INVALID_BASIC_CONFIG"] = "INVALID_BASIC_CONFIG";
+    BrokerAuthErrorCode["INVALID_ENDPOINT"] = "INVALID_ENDPOINT";
+    BrokerAuthErrorCode["INVALID_NAME"] = "INVALID_NAME";
+    BrokerAuthErrorCode["INVALID_OAUTH_CONFIG"] = "INVALID_OAUTH_CONFIG";
+    BrokerAuthErrorCode["INVALID_PASSWORD"] = "INVALID_PASSWORD";
+    BrokerAuthErrorCode["INVALID_PORT"] = "INVALID_PORT";
+    BrokerAuthErrorCode["NOT_INITIALIZED"] = "NOT_INITIALIZED";
+})(BrokerAuthErrorCode || (BrokerAuthErrorCode = {}));
+/**
+ * Custom error class for broker authentication operations
+ */
+export class BrokerAuthError extends Error {
+    code;
+    cause;
+    constructor(message, code, cause) {
+        super(message);
+        this.code = code;
+        this.cause = cause;
+        this.name = 'BrokerAuthError';
+    }
+}

package/lib/auth/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Broker authentication management module
+ * Provides encrypted storage for SEMP broker credentials
+ */
+export { BrokerAuthEncryption } from './auth-encryption.js';
+export { BrokerAuthManager } from './auth-manager.js';
+export { AuthType, type BasicBrokerAuth, type BrokerAuth, type BrokerAuthBase, BrokerAuthError, BrokerAuthErrorCode, type BrokerAuthStorage, type EncryptedData, type EncryptionMetadata, type OAuthBrokerAuth, } from './auth-types.js';

package/lib/auth/index.js

@@ -0,0 +1,7 @@
+/**
+ * Broker authentication management module
+ * Provides encrypted storage for SEMP broker credentials
+ */
+export { BrokerAuthEncryption } from './auth-encryption.js';
+export { BrokerAuthManager } from './auth-manager.js';
+export { AuthType, BrokerAuthError, BrokerAuthErrorCode, } from './auth-types.js';

package/lib/config/env-vars.d.ts

@@ -1,7 +1,8 @@
 export declare enum EnvironmentVariable {
     'SC_ACCESS_TOKEN' = "SC_ACCESS_TOKEN",
     'SC_API_VERSION' = "SC_API_VERSION",
-    'SC_BASE_URL' = "SC_BASE_URL"
+    'SC_BASE_URL' = "SC_BASE_URL",
+    'SEMP_API_VERSION' = "SEMP_API_VERSION"
 }
 export declare const DefaultBaseUrl = "https://api.solace.cloud";
 /**

package/lib/config/env-vars.js

@@ -3,6 +3,7 @@ export var EnvironmentVariable;
     EnvironmentVariable["SC_ACCESS_TOKEN"] = "SC_ACCESS_TOKEN";
     EnvironmentVariable["SC_API_VERSION"] = "SC_API_VERSION";
     EnvironmentVariable["SC_BASE_URL"] = "SC_BASE_URL";
+    EnvironmentVariable["SEMP_API_VERSION"] = "SEMP_API_VERSION";
 })(EnvironmentVariable || (EnvironmentVariable = {}));
 export const DefaultBaseUrl = 'https://api.solace.cloud';
 /**

package/lib/exported.d.ts

@@ -1,3 +1,4 @@
+export { AuthType, type BasicBrokerAuth, type BrokerAuth, BrokerAuthError, BrokerAuthErrorCode, BrokerAuthManager, type OAuthBrokerAuth, } from './auth/index.js';
 export { EnvironmentVariable, envVars } from './config/env-vars.js';
 export { ScCommand } from './sc-command.js';
 export { ScConnection } from './util/sc-connection.js';

package/lib/exported.js

@@ -1,3 +1,4 @@
+export { AuthType, BrokerAuthError, BrokerAuthErrorCode, BrokerAuthManager, } from './auth/index.js';
 export { EnvironmentVariable, envVars } from './config/env-vars.js';
 export { ScCommand } from './sc-command.js';
 export { ScConnection } from './util/sc-connection.js';

package/lib/util/sc-connection.d.ts

@@ -2,7 +2,7 @@ import { AxiosRequestConfig } from 'axios';
 export declare class ScConnection {
     private axiosInstance;
     private endpointUrl;
-    constructor(baseURL?: string, accessToken?: string, timeout?: number);
+    constructor(baseURL?: string, accessToken?: string, timeout?: number, basic?: boolean);
     delete<T>(url: string, config?: AxiosRequestConfig): Promise<T>;
     get<T>(url: string, config?: AxiosRequestConfig): Promise<T>;
     patch<T>(url: string, data?: unknown, config?: AxiosRequestConfig): Promise<T>;

package/lib/util/sc-connection.js

@@ -3,13 +3,16 @@ import { DefaultBaseUrl, EnvironmentVariable, envVars } from '../config/env-vars
 export class ScConnection {
     axiosInstance;
     endpointUrl = '';
-    constructor(baseURL = envVars.getString(EnvironmentVariable.SC_BASE_URL, DefaultBaseUrl), accessToken = envVars.getString(EnvironmentVariable.SC_ACCESS_TOKEN, ''), timeout = 10_000) {
+    constructor(baseURL = envVars.getString(EnvironmentVariable.SC_BASE_URL, DefaultBaseUrl), accessToken = envVars.getString(EnvironmentVariable.SC_ACCESS_TOKEN, ''), timeout = 10_000, basic = false) {
         const apiVersion = envVars.getString(EnvironmentVariable.SC_API_VERSION, 'v2');
-        this.endpointUrl = this.joinPaths(baseURL, `/api/${apiVersion}`);
+        const sempApiVersion = envVars.getString(EnvironmentVariable.SEMP_API_VERSION, 'v2');
+        this.endpointUrl = basic
+            ? this.joinPaths(baseURL, `/SEMP/${sempApiVersion}`)
+            : this.joinPaths(baseURL, `/api/${apiVersion}`);
         this.axiosInstance = axios.create({
             baseURL: this.endpointUrl,
             headers: {
-                Authorization: `Bearer ${accessToken}`,
+                Authorization: basic ? `Basic ${accessToken}` : `Bearer ${accessToken}`,
                 'Content-Type': 'application/json',
             },
             timeout,

package/package.json

@@ -1,9 +1,15 @@
 {
   "name": "@dishantlangayan/sc-cli-core",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "description": "Base library for the Solace Cloud CLI and plugins",
   "license": "Apache-2.0",
   "author": "Dishant Langayan",
+  "keywords": [
+    "oclif",
+    "solace",
+    "cli",
+    "sc"
+  ],
   "type": "module",
   "exports": {
     "./ScCommand.js": "./lib/ScCommand.js",
@@ -28,10 +34,12 @@
     "@oclif/prettier-config": "^0.2.1",
     "@oclif/test": "^4.1.16",
     "@types/chai": "^5.2.3",
+    "@types/chai-as-promised": "^8.0.2",
     "@types/mocha": "^10.0.10",
     "@types/node": "^25.0.3",
     "@types/sinon": "^21.0.0",
     "chai": "^6.2.2",
+    "chai-as-promised": "^8.0.2",
     "eslint": "^9",
     "eslint-config-oclif": "^6.0.137",
     "eslint-config-prettier": "^10",