@dishantlangayan/sc-cli-core 0.3.1 → 0.5.0

package/README.md

@@ -20,8 +20,13 @@ The ScCommand abstract class extends [@oclif/core's Command class](https://githu
 ## ScConnection Class
 The ScConnection class provide abstraction functions for Solace Cloud API REST calls. It handles the access token and base URL for each REST call, avoiding the need to set these on each Command.
 
+## OrgManager
+The OrgManager class provides utility functions to store and retrieve Solace Cloud authentication information from user's home directory: `~/.sc/` or `%USERPROFILE%\sc\`. The implementation uses AES-256-GCM for authenticated encryption and provides machine-bound encryption that combines OS-level security (keychain) with machine-specific identifiers, making credentials non-transferable between machines.
+
+Supports changing of the Solace Cloud REST API base url using the environment variable `SC_BASE_URL` and API version using `SC_API_VERSION`.
+
 ## BrokerAuthManager
-The BrokerAuthManager class provides utility functions to store and retrieve broker SEMP management authentication information from user's home directory: `~/.sc/` or `%USERPROFILE%\sc\`. The implementation uses AES-256-GCM for authenticated encryption and provides machine-bound encryption that combines OS-level security (keychain) with machine-specific identifiers, making credentials non-transferable between machines.
+The BrokerAuthManager class provides utility functions to store and retrieve broker SEMP management authentication information similar to the `OrgManager` class. It supports Basic and OAuth authentication schemes.
 
 # Contributing
 Contributions are encouraged! Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us.

package/lib/auth/auth-encryption.d.ts

@@ -12,12 +12,12 @@ export declare class BrokerAuthEncryption {
     private static readonly SALT_LENGTH;
     private static readonly TAG_LENGTH;
     /**
-     * Decrypt broker storage data
+     * Decrypt storage data
      * @param encryptedData - Encrypted data to decrypt
      * @param key - Decryption key
-     * @returns Decrypted broker storage
+     * @returns Decrypted storage
      */
-    static decrypt(encryptedData: EncryptedData, key: Buffer): Promise<BrokerAuthStorage>;
+    static decrypt<T = BrokerAuthStorage>(encryptedData: EncryptedData, key: Buffer): Promise<T>;
     /**
      * Derive encryption key from password using PBKDF2
      * @param password - User password
@@ -26,12 +26,12 @@ export declare class BrokerAuthEncryption {
      */
     static deriveKey(password: string, salt: Buffer): Promise<Buffer>;
     /**
-     * Encrypt broker storage data
-     * @param data - Broker storage to encrypt
+     * Encrypt storage data
+     * @param data - Storage to encrypt
      * @param key - Encryption key
      * @returns Encrypted data with metadata
      */
-    static encrypt(data: BrokerAuthStorage, key: Buffer): Promise<EncryptedData>;
+    static encrypt<T = BrokerAuthStorage>(data: T, key: Buffer): Promise<EncryptedData>;
     /**
      * Generate cryptographically secure random salt
      * @returns Random salt buffer

package/lib/auth/auth-encryption.js

@@ -15,10 +15,10 @@ export class BrokerAuthEncryption {
     static SALT_LENGTH = 32;
     static TAG_LENGTH = 16;
     /**
-     * Decrypt broker storage data
+     * Decrypt storage data
      * @param encryptedData - Encrypted data to decrypt
      * @param key - Decryption key
-     * @returns Decrypted broker storage
+     * @returns Decrypted storage
      */
     static async decrypt(encryptedData, key) {
         try {
@@ -60,8 +60,8 @@ export class BrokerAuthEncryption {
         }
     }
     /**
-     * Encrypt broker storage data
-     * @param data - Broker storage to encrypt
+     * Encrypt storage data
+     * @param data - Storage to encrypt
      * @param key - Encryption key
      * @returns Encrypted data with metadata
      */

package/lib/auth/auth-manager.js

@@ -85,8 +85,11 @@ export class BrokerAuthManager {
         }
         const baseURL = `${broker.sempEndpoint}:${broker.sempPort}`;
         const accessToken = broker.authType === AuthType.OAUTH ? broker.accessToken : broker.encodedCredentials;
-        const isBasic = broker.authType === AuthType.BASIC;
-        return new ScConnection(baseURL, accessToken, timeout, isBasic);
+        return new ScConnection(baseURL, accessToken, {
+            apiType: 'semp',
+            authType: broker.authType === AuthType.BASIC ? 'basic' : 'bearer',
+            timeout,
+        });
     }
     /**
      * Get all broker configurations

package/lib/auth/index.d.ts

@@ -1,7 +1,9 @@
 /**
- * Broker authentication management module
- * Provides encrypted storage for SEMP broker credentials
+ * Authentication management module
+ * Provides encrypted storage for broker and organization credentials
  */
 export { BrokerAuthEncryption } from './auth-encryption.js';
 export { BrokerAuthManager } from './auth-manager.js';
 export { AuthType, type BasicBrokerAuth, type BrokerAuth, type BrokerAuthBase, BrokerAuthError, BrokerAuthErrorCode, type BrokerAuthStorage, type EncryptedData, type EncryptionMetadata, type OAuthBrokerAuth, } from './auth-types.js';
+export { OrgManager } from './org-manager.js';
+export { type OrgConfig, OrgError, OrgErrorCode, type OrgStorage } from './org-types.js';

package/lib/auth/index.js

@@ -1,7 +1,9 @@
 /**
- * Broker authentication management module
- * Provides encrypted storage for SEMP broker credentials
+ * Authentication management module
+ * Provides encrypted storage for broker and organization credentials
  */
 export { BrokerAuthEncryption } from './auth-encryption.js';
 export { BrokerAuthManager } from './auth-manager.js';
 export { AuthType, BrokerAuthError, BrokerAuthErrorCode, } from './auth-types.js';
+export { OrgManager } from './org-manager.js';
+export { OrgError, OrgErrorCode } from './org-types.js';

package/lib/auth/keychain.js

@@ -65,7 +65,6 @@ export class KeychainService {
      */
     loadMachineId() {
         // Use require for CommonJS module (node-machine-id)
-        // eslint-disable-next-line @typescript-eslint/no-require-imports
         return require('node-machine-id');
     }
 }

package/lib/auth/org-manager.d.ts

@@ -0,0 +1,112 @@
+import { ScConnection } from '../util/sc-connection.js';
+import { KeychainService } from './keychain.js';
+import { type OrgConfig } from './org-types.js';
+/**
+ * Manager for organization storage
+ * Handles encrypted storage of Solace Cloud organization credentials
+ */
+export declare class OrgManager {
+    private static instance;
+    private readonly configDir;
+    private readonly configFile;
+    private encryptionKey;
+    private readonly keychainService;
+    private machineId;
+    private masterKey;
+    private storage;
+    private constructor();
+    /**
+     * Get singleton instance
+     * @param keychainService - Optional keychain service for testing
+     */
+    static getInstance(keychainService?: KeychainService): OrgManager;
+    /**
+     * Add a new organization configuration
+     * @param org - Organization configuration
+     */
+    addOrg(org: OrgConfig): Promise<void>;
+    /**
+     * Clear all organization configurations
+     */
+    clearAll(): Promise<void>;
+    /**
+     * Create ScConnection instance from stored org config
+     * @param identifier - Organization ID or alias
+     * @param timeout - Optional timeout override (default: 10000ms)
+     * @returns Configured ScConnection instance
+     */
+    createConnection(identifier: string, timeout?: number): Promise<ScConnection>;
+    /**
+     * Get all organization configurations
+     * @returns Array of all organization configurations
+     */
+    getAllOrgs(): Promise<OrgConfig[]>;
+    /**
+     * Get the default organization
+     * @returns Default organization or null if no default is set
+     */
+    getDefaultOrg(): Promise<null | OrgConfig>;
+    /**
+     * Get organization configuration by orgId or alias
+     * @param identifier - Organization ID or alias
+     * @returns Organization configuration or null if not found
+     */
+    getOrg(identifier: string): Promise<null | OrgConfig>;
+    /**
+     * Initialize the org manager with encryption key derived from OS keychain and machine ID
+     */
+    initialize(): Promise<void>;
+    /**
+     * List all organization identifiers (orgId or alias if available)
+     * @returns Array of organization identifiers
+     */
+    listOrgs(): Promise<string[]>;
+    /**
+     * Check if organization exists
+     * @param identifier - Organization ID or alias
+     * @returns true if organization exists
+     */
+    orgExists(identifier: string): Promise<boolean>;
+    /**
+     * Remove organization configuration
+     * @param identifier - Organization ID or alias to remove
+     */
+    removeOrg(identifier: string): Promise<void>;
+    /**
+     * Set an organization as the default
+     * @param identifier - Organization ID or alias to set as default
+     */
+    setDefaultOrg(identifier: string): Promise<void>;
+    /**
+     * Update existing organization configuration
+     * @param identifier - Organization ID or alias to update
+     * @param updates - Partial updates to apply
+     */
+    updateOrg(identifier: string, updates: Partial<Omit<OrgConfig, 'orgId'>>): Promise<void>;
+    /**
+     * Ensure manager is initialized
+     */
+    private ensureInitialized;
+    /**
+     * Check if config file exists
+     */
+    private fileExists;
+    /**
+     * Load storage from encrypted file
+     * @param combinedKey - Combined master key and machine ID for decryption
+     */
+    private loadStorage;
+    /**
+     * Save storage to encrypted file
+     */
+    private saveStorage;
+    /**
+     * Unset the default flag on all organizations
+     */
+    private unsetAllDefaults;
+    /**
+     * Validate organization configuration
+     * @param org - Organization to validate
+     */
+    private validateOrg;
+}

package/lib/auth/org-manager.js

@@ -0,0 +1,380 @@
+import { mkdir, readFile, rename, unlink, writeFile } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { DefaultBaseUrl, EnvironmentVariable, envVars } from '../config/env-vars.js';
+import { ScConnection } from '../util/sc-connection.js';
+import { BrokerAuthEncryption } from './auth-encryption.js';
+import { KeychainService } from './keychain.js';
+import { OrgError, OrgErrorCode } from './org-types.js';
+const SERVICE_NAME = 'local';
+const KEY_NAME = 'sc-cli';
+/**
+ * Manager for organization storage
+ * Handles encrypted storage of Solace Cloud organization credentials
+ */
+export class OrgManager {
+    static instance = null;
+    configDir;
+    configFile;
+    encryptionKey = null;
+    keychainService;
+    machineId = null;
+    masterKey = null;
+    storage = null;
+    constructor(keychainService) {
+        const homeDirectory = homedir();
+        this.configDir = join(homeDirectory, '.sc');
+        this.configFile = join(this.configDir, 'orgs.json');
+        this.keychainService = keychainService ?? new KeychainService();
+    }
+    /**
+     * Get singleton instance
+     * @param keychainService - Optional keychain service for testing
+     */
+    static getInstance(keychainService) {
+        if (!OrgManager.instance) {
+            OrgManager.instance = new OrgManager(keychainService);
+        }
+        return OrgManager.instance;
+    }
+    /**
+     * Add a new organization configuration
+     * @param org - Organization configuration
+     */
+    async addOrg(org) {
+        this.ensureInitialized();
+        // Validate organization
+        this.validateOrg(org);
+        // Check if organization already exists (by orgId or alias)
+        const existingByOrgId = this.storage.orgs.find((o) => o.orgId === org.orgId);
+        if (existingByOrgId) {
+            throw new OrgError(`Organization '${org.orgId}' already exists`, OrgErrorCode.ORG_ALREADY_EXISTS);
+        }
+        if (org.alias) {
+            const existingByAlias = this.storage.orgs.find((o) => o.alias === org.alias);
+            if (existingByAlias) {
+                throw new OrgError(`Organization with alias '${org.alias}' already exists`, OrgErrorCode.ORG_ALREADY_EXISTS);
+            }
+        }
+        // If this org is being set as default, unset any existing default
+        if (org.isDefault) {
+            this.unsetAllDefaults();
+        }
+        // Add organization
+        this.storage.orgs.push(org);
+        // Save to file
+        await this.saveStorage();
+    }
+    /**
+     * Clear all organization configurations
+     */
+    async clearAll() {
+        this.ensureInitialized();
+        this.storage.orgs = [];
+        await this.saveStorage();
+    }
+    /**
+     * Create ScConnection instance from stored org config
+     * @param identifier - Organization ID or alias
+     * @param timeout - Optional timeout override (default: 10000ms)
+     * @returns Configured ScConnection instance
+     */
+    async createConnection(identifier, timeout = 10_000) {
+        this.ensureInitialized();
+        const org = await this.getOrg(identifier);
+        if (!org) {
+            throw new OrgError(`Organization '${identifier}' not found`, OrgErrorCode.ORG_NOT_FOUND);
+        }
+        // Get base URL: org config → env var → default
+        const baseURL = org.baseUrl ?? envVars.getString(EnvironmentVariable.SC_BASE_URL, DefaultBaseUrl);
+        // Get API version: org config → env var → default 'v2'
+        const apiVersion = org.apiVersion ?? envVars.getString(EnvironmentVariable.SC_API_VERSION, 'v2');
+        return new ScConnection(baseURL, org.accessToken, {
+            apiType: 'cloud',
+            apiVersion,
+            authType: 'bearer',
+            timeout,
+        });
+    }
+    /**
+     * Get all organization configurations
+     * @returns Array of all organization configurations
+     */
+    async getAllOrgs() {
+        this.ensureInitialized();
+        return [...this.storage.orgs];
+    }
+    /**
+     * Get the default organization
+     * @returns Default organization or null if no default is set
+     */
+    async getDefaultOrg() {
+        this.ensureInitialized();
+        const org = this.storage.orgs.find((o) => o.isDefault === true);
+        return org ?? null;
+    }
+    /**
+     * Get organization configuration by orgId or alias
+     * @param identifier - Organization ID or alias
+     * @returns Organization configuration or null if not found
+     */
+    async getOrg(identifier) {
+        this.ensureInitialized();
+        const org = this.storage.orgs.find((o) => o.orgId === identifier || o.alias === identifier);
+        return org ?? null;
+    }
+    /**
+     * Initialize the org manager with encryption key derived from OS keychain and machine ID
+     */
+    async initialize() {
+        try {
+            // Get machine ID
+            this.machineId = this.keychainService.getMachineId();
+            // Get or create master key from OS keychain
+            this.masterKey = await this.keychainService.getPassword(KEY_NAME, SERVICE_NAME);
+            if (!this.masterKey) {
+                // Generate new master key and store in OS keychain
+                this.masterKey = this.keychainService.generateMasterKey();
+                await this.keychainService.setPassword(KEY_NAME, SERVICE_NAME, this.masterKey);
+            }
+            // Combine master key with machine ID for encryption
+            const combinedKey = `${this.masterKey}:${this.machineId}`;
+            // Try to load existing storage
+            const fileExists = await this.fileExists();
+            if (fileExists) {
+                // Load existing file and derive key from stored salt
+                await this.loadStorage(combinedKey);
+            }
+            else {
+                // Create new storage with new salt
+                const salt = BrokerAuthEncryption.generateSalt();
+                this.encryptionKey = await BrokerAuthEncryption.deriveKey(combinedKey, salt);
+                this.storage = {
+                    orgs: [],
+                    version: '1.0.0',
+                };
+            }
+        }
+        catch (error) {
+            if (error instanceof OrgError) {
+                throw error;
+            }
+            throw new OrgError('Failed to initialize org manager', OrgErrorCode.NOT_INITIALIZED, error);
+        }
+    }
+    /**
+     * List all organization identifiers (orgId or alias if available)
+     * @returns Array of organization identifiers
+     */
+    async listOrgs() {
+        this.ensureInitialized();
+        return this.storage.orgs.map((o) => o.alias ?? o.orgId);
+    }
+    /**
+     * Check if organization exists
+     * @param identifier - Organization ID or alias
+     * @returns true if organization exists
+     */
+    async orgExists(identifier) {
+        this.ensureInitialized();
+        return this.storage.orgs.some((o) => o.orgId === identifier || o.alias === identifier);
+    }
+    /**
+     * Remove organization configuration
+     * @param identifier - Organization ID or alias to remove
+     */
+    async removeOrg(identifier) {
+        this.ensureInitialized();
+        const index = this.storage.orgs.findIndex((o) => o.orgId === identifier || o.alias === identifier);
+        if (index === -1) {
+            throw new OrgError(`Organization '${identifier}' not found`, OrgErrorCode.ORG_NOT_FOUND);
+        }
+        // Remove organization
+        this.storage.orgs.splice(index, 1);
+        // Save to file
+        await this.saveStorage();
+    }
+    /**
+     * Set an organization as the default
+     * @param identifier - Organization ID or alias to set as default
+     */
+    async setDefaultOrg(identifier) {
+        this.ensureInitialized();
+        const index = this.storage.orgs.findIndex((o) => o.orgId === identifier || o.alias === identifier);
+        if (index === -1) {
+            throw new OrgError(`Organization '${identifier}' not found`, OrgErrorCode.ORG_NOT_FOUND);
+        }
+        // Unset all existing defaults
+        this.unsetAllDefaults();
+        // Set this org as default
+        this.storage.orgs[index].isDefault = true;
+        // Save to file
+        await this.saveStorage();
+    }
+    /**
+     * Update existing organization configuration
+     * @param identifier - Organization ID or alias to update
+     * @param updates - Partial updates to apply
+     */
+    async updateOrg(identifier, updates) {
+        this.ensureInitialized();
+        const index = this.storage.orgs.findIndex((o) => o.orgId === identifier || o.alias === identifier);
+        if (index === -1) {
+            throw new OrgError(`Organization '${identifier}' not found`, OrgErrorCode.ORG_NOT_FOUND);
+        }
+        const currentOrg = this.storage.orgs[index];
+        // Check if new alias conflicts with another org
+        if (updates.alias && updates.alias !== currentOrg.alias) {
+            const conflictingOrg = this.storage.orgs.find((o) => o.alias === updates.alias && o.orgId !== currentOrg.orgId);
+            if (conflictingOrg) {
+                throw new OrgError(`Organization with alias '${updates.alias}' already exists`, OrgErrorCode.ORG_ALREADY_EXISTS);
+            }
+        }
+        // If setting this org as default, unset any existing default
+        if (updates.isDefault === true) {
+            this.unsetAllDefaults();
+        }
+        // Merge updates
+        const updated = {
+            ...currentOrg,
+            ...updates,
+        };
+        // Validate updated organization
+        this.validateOrg(updated);
+        // Update organization
+        this.storage.orgs[index] = updated;
+        // Save to file
+        await this.saveStorage();
+    }
+    /**
+     * Ensure manager is initialized
+     */
+    ensureInitialized() {
+        if (!this.encryptionKey || !this.storage) {
+            throw new OrgError('OrgManager not initialized. Call initialize() first.', OrgErrorCode.NOT_INITIALIZED);
+        }
+    }
+    /**
+     * Check if config file exists
+     */
+    async fileExists() {
+        try {
+            await readFile(this.configFile);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Load storage from encrypted file
+     * @param combinedKey - Combined master key and machine ID for decryption
+     */
+    async loadStorage(combinedKey) {
+        try {
+            const fileContent = await readFile(this.configFile, 'utf8');
+            const encryptedData = JSON.parse(fileContent);
+            // Derive key from combined key and stored salt
+            const salt = Buffer.from(encryptedData.salt, 'base64');
+            this.encryptionKey = await BrokerAuthEncryption.deriveKey(combinedKey, salt);
+            // Decrypt storage
+            this.storage = await BrokerAuthEncryption.decrypt(encryptedData, this.encryptionKey);
+        }
+        catch (error) {
+            if (error instanceof OrgError) {
+                throw error;
+            }
+            throw new OrgError('Failed to load organization storage', OrgErrorCode.FILE_READ_ERROR, error);
+        }
+    }
+    /**
+     * Save storage to encrypted file
+     */
+    async saveStorage() {
+        try {
+            if (!this.masterKey || !this.machineId) {
+                throw new OrgError('Org manager not initialized', OrgErrorCode.NOT_INITIALIZED);
+            }
+            // Ensure directory exists
+            await mkdir(this.configDir, { mode: 0o700, recursive: true });
+            // Generate new salt and derive key for THIS save
+            const combinedKey = `${this.masterKey}:${this.machineId}`;
+            const newSalt = BrokerAuthEncryption.generateSalt();
+            const newKey = await BrokerAuthEncryption.deriveKey(combinedKey, newSalt);
+            // Encrypt data with the new key
+            const encrypted = await BrokerAuthEncryption.encrypt(this.storage, newKey);
+            // Update the salt in encrypted data to match the salt we used for key derivation
+            encrypted.salt = newSalt.toString('base64');
+            // Store the new key for next operation
+            this.encryptionKey = newKey;
+            // Write to temp file first (atomic write)
+            const jsonData = JSON.stringify(encrypted, null, 2);
+            const tempFile = `${this.configFile}.tmp`;
+            await writeFile(tempFile, jsonData, { mode: 0o600 });
+            // Atomic rename
+            await rename(tempFile, this.configFile);
+            // Set restrictive permissions (Unix only)
+            if (process.platform !== 'win32') {
+                // Already set via writeFile mode option
+            }
+        }
+        catch (error) {
+            // Clean up temp file if it exists
+            try {
+                await unlink(`${this.configFile}.tmp`);
+            }
+            catch {
+                // Ignore cleanup errors
+            }
+            if (error instanceof OrgError) {
+                throw error;
+            }
+            throw new OrgError('Failed to save organization storage', OrgErrorCode.FILE_WRITE_ERROR, error);
+        }
+    }
+    /**
+     * Unset the default flag on all organizations
+     */
+    unsetAllDefaults() {
+        for (const org of this.storage.orgs) {
+            org.isDefault = false;
+        }
+    }
+    /**
+     * Validate organization configuration
+     * @param org - Organization to validate
+     */
+    validateOrg(org) {
+        // Validate orgId
+        if (!org.orgId || org.orgId.trim() === '') {
+            throw new OrgError('Organization ID is required', OrgErrorCode.INVALID_ORG_ID);
+        }
+        // Validate accessToken
+        if (!org.accessToken || org.accessToken.trim() === '') {
+            throw new OrgError('Access token is required', OrgErrorCode.INVALID_ACCESS_TOKEN);
+        }
+        // Validate alias if provided
+        if (org.alias !== undefined && org.alias.trim() === '') {
+            throw new OrgError('Alias cannot be empty if provided', OrgErrorCode.INVALID_ORG_ID);
+        }
+        // Validate apiVersion if provided
+        if (org.apiVersion !== undefined && org.apiVersion.trim() === '') {
+            throw new OrgError('API version cannot be empty if provided', OrgErrorCode.INVALID_API_VERSION);
+        }
+        // Validate baseUrl if provided
+        if (org.baseUrl !== undefined) {
+            // Must not be empty or whitespace
+            if (org.baseUrl.trim() === '') {
+                throw new OrgError('Base URL cannot be empty if provided', OrgErrorCode.INVALID_BASE_URL);
+            }
+            // Must start with http:// or https://
+            if (!(org.baseUrl.startsWith('http://') || org.baseUrl.startsWith('https://'))) {
+                throw new OrgError('Base URL must start with http:// or https://', OrgErrorCode.INVALID_BASE_URL);
+            }
+            // Should not end with trailing slash
+            if (org.baseUrl.endsWith('/')) {
+                throw new OrgError('Base URL should not end with a slash', OrgErrorCode.INVALID_BASE_URL);
+            }
+        }
+    }
+}

package/lib/auth/org-types.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Organization configuration
+ */
+export interface OrgConfig {
+    accessToken: string;
+    alias?: string;
+    apiVersion?: string;
+    baseUrl?: string;
+    isDefault?: boolean;
+    orgId: string;
+}
+/**
+ * Storage format for organization configurations
+ */
+export interface OrgStorage {
+    orgs: OrgConfig[];
+    version: string;
+}
+/**
+ * Error codes for organization operations
+ */
+export declare enum OrgErrorCode {
+    DECRYPTION_FAILED = "DECRYPTION_FAILED",
+    ENCRYPTION_FAILED = "ENCRYPTION_FAILED",
+    FILE_READ_ERROR = "FILE_READ_ERROR",
+    FILE_WRITE_ERROR = "FILE_WRITE_ERROR",
+    INVALID_ACCESS_TOKEN = "INVALID_ACCESS_TOKEN",
+    INVALID_API_VERSION = "INVALID_API_VERSION",
+    INVALID_BASE_URL = "INVALID_BASE_URL",
+    INVALID_ORG_ID = "INVALID_ORG_ID",
+    NOT_INITIALIZED = "NOT_INITIALIZED",
+    ORG_ALREADY_EXISTS = "ORG_ALREADY_EXISTS",
+    ORG_NOT_FOUND = "ORG_NOT_FOUND"
+}
+/**
+ * Custom error class for organization operations
+ */
+export declare class OrgError extends Error {
+    readonly code: OrgErrorCode;
+    readonly cause?: Error | undefined;
+    constructor(message: string, code: OrgErrorCode, cause?: Error | undefined);
+}

package/lib/auth/org-types.js

@@ -0,0 +1,30 @@
+/**
+ * Error codes for organization operations
+ */
+export var OrgErrorCode;
+(function (OrgErrorCode) {
+    OrgErrorCode["DECRYPTION_FAILED"] = "DECRYPTION_FAILED";
+    OrgErrorCode["ENCRYPTION_FAILED"] = "ENCRYPTION_FAILED";
+    OrgErrorCode["FILE_READ_ERROR"] = "FILE_READ_ERROR";
+    OrgErrorCode["FILE_WRITE_ERROR"] = "FILE_WRITE_ERROR";
+    OrgErrorCode["INVALID_ACCESS_TOKEN"] = "INVALID_ACCESS_TOKEN";
+    OrgErrorCode["INVALID_API_VERSION"] = "INVALID_API_VERSION";
+    OrgErrorCode["INVALID_BASE_URL"] = "INVALID_BASE_URL";
+    OrgErrorCode["INVALID_ORG_ID"] = "INVALID_ORG_ID";
+    OrgErrorCode["NOT_INITIALIZED"] = "NOT_INITIALIZED";
+    OrgErrorCode["ORG_ALREADY_EXISTS"] = "ORG_ALREADY_EXISTS";
+    OrgErrorCode["ORG_NOT_FOUND"] = "ORG_NOT_FOUND";
+})(OrgErrorCode || (OrgErrorCode = {}));
+/**
+ * Custom error class for organization operations
+ */
+export class OrgError extends Error {
+    code;
+    cause;
+    constructor(message, code, cause) {
+        super(message);
+        this.code = code;
+        this.cause = cause;
+        this.name = 'OrgError';
+    }
+}

package/lib/config/env-vars.d.ts

@@ -1,8 +1,7 @@
 export declare enum EnvironmentVariable {
     'SC_ACCESS_TOKEN' = "SC_ACCESS_TOKEN",
     'SC_API_VERSION' = "SC_API_VERSION",
-    'SC_BASE_URL' = "SC_BASE_URL",
-    'SEMP_API_VERSION' = "SEMP_API_VERSION"
+    'SC_BASE_URL' = "SC_BASE_URL"
 }
 export declare const DefaultBaseUrl = "https://api.solace.cloud";
 /**

package/lib/config/env-vars.js

@@ -3,7 +3,6 @@ export var EnvironmentVariable;
     EnvironmentVariable["SC_ACCESS_TOKEN"] = "SC_ACCESS_TOKEN";
     EnvironmentVariable["SC_API_VERSION"] = "SC_API_VERSION";
     EnvironmentVariable["SC_BASE_URL"] = "SC_BASE_URL";
-    EnvironmentVariable["SEMP_API_VERSION"] = "SEMP_API_VERSION";
 })(EnvironmentVariable || (EnvironmentVariable = {}));
 export const DefaultBaseUrl = 'https://api.solace.cloud';
 /**

package/lib/exported.d.ts

@@ -1,6 +1,6 @@
-export { AuthType, type BasicBrokerAuth, type BrokerAuth, BrokerAuthError, BrokerAuthErrorCode, BrokerAuthManager, type OAuthBrokerAuth, } from './auth/index.js';
+export { AuthType, type BasicBrokerAuth, type BrokerAuth, BrokerAuthError, BrokerAuthErrorCode, BrokerAuthManager, type OAuthBrokerAuth, type OrgConfig, OrgError, OrgErrorCode, OrgManager, type OrgStorage, } from './auth/index.js';
 export { EnvironmentVariable, envVars } from './config/env-vars.js';
 export { ScCommand } from './sc-command.js';
-export { ScConnection } from './util/sc-connection.js';
+export { type ApiType, type HttpAuthType, ScConnection, type ScConnectionOptions } from './util/sc-connection.js';
 export { sleep } from './util/util.js';
 export * from './ux/table.js';

package/lib/exported.js

@@ -1,4 +1,4 @@
-export { AuthType, BrokerAuthError, BrokerAuthErrorCode, BrokerAuthManager, } from './auth/index.js';
+export { AuthType, BrokerAuthError, BrokerAuthErrorCode, BrokerAuthManager, OrgError, OrgErrorCode, OrgManager, } from './auth/index.js';
 export { EnvironmentVariable, envVars } from './config/env-vars.js';
 export { ScCommand } from './sc-command.js';
 export { ScConnection } from './util/sc-connection.js';

package/lib/sc-command.d.ts

@@ -1,4 +1,6 @@
 import { Command, Interfaces } from '@oclif/core';
+import { BrokerAuthManager } from './auth/auth-manager.js';
+import { OrgManager } from './auth/org-manager.js';
 export type Flags<T extends typeof Command> = Interfaces.InferredFlags<(typeof ScCommand)['baseFlags'] & T['flags']>;
 export type Args<T extends typeof Command> = Interfaces.InferredArgs<T['args']>;
 /**
@@ -14,9 +16,21 @@ export declare abstract class ScCommand<T extends typeof Command> extends Comman
     static enableJsonFlag: boolean;
     protected args: Args<T>;
     protected flags: Flags<T>;
+    private _brokerAuthManager?;
+    private _orgManager?;
     protected catch(err: Error & {
         exitCode?: number;
     }): Promise<unknown>;
     protected finally(_: Error | undefined): Promise<unknown>;
+    /**
+     * Get BrokerAuthManager instance with lazy initialization
+     * @returns Initialized BrokerAuthManager instance
+     */
+    protected getBrokerAuthManager(): Promise<BrokerAuthManager>;
+    /**
+     * Get OrgManager instance with lazy initialization
+     * @returns Initialized OrgManager instance
+     */
+    protected getOrgManager(): Promise<OrgManager>;
     init(): Promise<void>;
 }

package/lib/sc-command.js

@@ -1,4 +1,6 @@
 import { Command, Flags } from '@oclif/core';
+import { BrokerAuthManager } from './auth/auth-manager.js';
+import { OrgManager } from './auth/org-manager.js';
 import { DefaultBaseUrl, EnvironmentVariable, envVars } from './config/env-vars.js';
 /**
  * A base command that provided common functionality for all sc commands.
@@ -20,6 +22,8 @@ export class ScCommand extends Command {
     static enableJsonFlag = true;
     args;
     flags;
+    _brokerAuthManager;
+    _orgManager;
     async catch(err) {
         // add any custom logic to handle errors from the command
         // or simply return the parent class error handling
@@ -29,6 +33,28 @@ export class ScCommand extends Command {
         // called after run and catch regardless of whether or not the command errored
         return super.finally(_);
     }
+    /**
+     * Get BrokerAuthManager instance with lazy initialization
+     * @returns Initialized BrokerAuthManager instance
+     */
+    async getBrokerAuthManager() {
+        if (!this._brokerAuthManager) {
+            this._brokerAuthManager = BrokerAuthManager.getInstance();
+            await this._brokerAuthManager.initialize();
+        }
+        return this._brokerAuthManager;
+    }
+    /**
+     * Get OrgManager instance with lazy initialization
+     * @returns Initialized OrgManager instance
+     */
+    async getOrgManager() {
+        if (!this._orgManager) {
+            this._orgManager = OrgManager.getInstance();
+            await this._orgManager.initialize();
+        }
+        return this._orgManager;
+    }
     async init() {
         await super.init();
         const { args, flags } = await this.parse({

package/lib/util/sc-connection.d.ts

@@ -1,8 +1,16 @@
 import { AxiosRequestConfig } from 'axios';
+export type HttpAuthType = 'basic' | 'bearer';
+export type ApiType = 'cloud' | 'semp';
+export interface ScConnectionOptions {
+    apiType?: ApiType;
+    apiVersion?: string;
+    authType?: HttpAuthType;
+    timeout?: number;
+}
 export declare class ScConnection {
     private axiosInstance;
     private endpointUrl;
-    constructor(baseURL?: string, accessToken?: string, timeout?: number, basic?: boolean);
+    constructor(baseURL: string, accessToken: string, options?: ScConnectionOptions);
     delete<T>(url: string, config?: AxiosRequestConfig): Promise<T>;
     get<T>(url: string, config?: AxiosRequestConfig): Promise<T>;
     patch<T>(url: string, data?: unknown, config?: AxiosRequestConfig): Promise<T>;

package/lib/util/sc-connection.js

@@ -1,23 +1,33 @@
 import axios from 'axios';
-import { DefaultBaseUrl, EnvironmentVariable, envVars } from '../config/env-vars.js';
 export class ScConnection {
     axiosInstance;
     endpointUrl = '';
-    constructor(baseURL = envVars.getString(EnvironmentVariable.SC_BASE_URL, DefaultBaseUrl), accessToken = envVars.getString(EnvironmentVariable.SC_ACCESS_TOKEN, ''), timeout = 10_000, basic = false) {
-        const apiVersion = envVars.getString(EnvironmentVariable.SC_API_VERSION, 'v2');
-        const sempApiVersion = envVars.getString(EnvironmentVariable.SEMP_API_VERSION, 'v2');
-        this.endpointUrl = basic
-            ? this.joinPaths(baseURL, `/SEMP/${sempApiVersion}`)
-            : this.joinPaths(baseURL, `/api/${apiVersion}`);
+    constructor(baseURL, accessToken, options) {
+        // Validate required parameters
+        if (!baseURL || baseURL.trim() === '') {
+            throw new Error('baseURL is required and cannot be empty');
+        }
+        if (!accessToken || accessToken.trim() === '') {
+            throw new Error('accessToken is required and cannot be empty');
+        }
+        // Extract options with defaults
+        const { apiType = 'cloud', apiVersion = 'v2', authType = 'bearer', timeout = 10_000 } = options ?? {};
+        // Build endpoint URL based on apiType
+        // For SEMP: use baseURL directly (version specified in actual API calls)
+        // For cloud: append /api/{version}
+        const apiPath = apiType === 'semp' ? '' : `/api/${apiVersion}`;
+        this.endpointUrl = apiPath ? this.joinPaths(baseURL, apiPath) : baseURL;
+        // Build authorization header based on authType
+        const authHeader = authType === 'basic' ? `Basic ${accessToken}` : `Bearer ${accessToken}`;
         this.axiosInstance = axios.create({
             baseURL: this.endpointUrl,
             headers: {
-                Authorization: basic ? `Basic ${accessToken}` : `Bearer ${accessToken}`,
+                Authorization: authHeader,
                 'Content-Type': 'application/json',
             },
             timeout,
         });
-        // Add interceptors if needed
+        // Add interceptors
         this.axiosInstance.interceptors.response.use((response) => response, (error) => {
             console.error('API Error:', error.response?.data || error.message);
             return Promise.reject(error);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dishantlangayan/sc-cli-core",
-  "version": "0.3.1",
+  "version": "0.5.0",
   "description": "Base library for the Solace Cloud CLI and plugins",
   "license": "Apache-2.0",
   "author": "Dishant Langayan",