npm - @docyrus/cli - Versions diffs - 0.1.0 - Mend

@docyrus/cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,793 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync } from 'fs';
+import { join } from 'path';
+import { homedir, hostname, userInfo } from 'os';
+import { randomBytes, createDecipheriv, createCipheriv, scryptSync, createHash } from 'crypto';
+import { AuthenticationError as AuthenticationError$1, RestApiClient } from '@docyrus/api-client';
+import { createServer } from 'http';
+import { URL } from 'url';
+import open from 'open';
+import Conf from 'conf';
+// src/storage/file-storage.ts
+// src/config/constants.ts
+var DOCYRUS_API_URL = "https://alpha-api.docyrus.com";
+var OAUTH_CLIENT_ID = "90565525-8283-4881-82a9-8613eb82ae27";
+var OAUTH_SCOPES = "offline_access Read.All Users.Read Users.Read.All DS.Read.All".split(" ");
+var OAUTH_CALLBACK_PORT_MIN = 9876;
+var OAUTH_CALLBACK_PORT_MAX = 9899;
+var OAUTH_REDIRECT_URI = (port) => `http://localhost:${port}/callback`;
+var OAUTH_TIMEOUT_MS = 5 * 60 * 1e3;
+var KEYCHAIN_SERVICE = "docyrus-cli";
+var CONFIG_DIR = ".docyrus";
+var CREDENTIALS_FILE = "credentials.enc";
+var TOKEN_KEYS = {
+  ACCESS_TOKEN: "accessToken",
+  REFRESH_TOKEN: "refreshToken",
+  USER_EMAIL: "userEmail",
+  GITHUB_TOKEN: "githubToken"
+  // For private template access - persists after logout
+};
+var CLI_NAME = "docyrus";
+var CLI_VERSION = "0.0.1";
+// src/utils/platform.ts
+function getHomeDir() {
+  return homedir();
+}
+function getConfigDir() {
+  return join(getHomeDir(), CONFIG_DIR);
+}
+var ALGORITHM = "aes-256-gcm";
+var KEY_LENGTH = 32;
+var IV_LENGTH = 16;
+var AUTH_TAG_LENGTH = 16;
+var SALT_LENGTH = 32;
+function getMachineId() {
+  const parts = [
+    hostname(),
+    userInfo().username,
+    process.platform,
+    process.arch
+  ];
+  return createHash("sha256").update(parts.join("-")).digest("hex");
+}
+function deriveKey(salt) {
+  const machineId = getMachineId();
+  return scryptSync(machineId, salt, KEY_LENGTH);
+}
+function encrypt(data) {
+  const salt = randomBytes(SALT_LENGTH);
+  const key = deriveKey(salt);
+  const iv = randomBytes(IV_LENGTH);
+  const cipher = createCipheriv(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH });
+  const encrypted = Buffer.concat([cipher.update(data, "utf8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return [
+    salt.toString("base64"),
+    iv.toString("base64"),
+    authTag.toString("base64"),
+    encrypted.toString("base64")
+  ].join(":");
+}
+function decrypt(encryptedData) {
+  const parts = encryptedData.split(":");
+  if (parts.length !== 4) {
+    throw new Error("Invalid encrypted data format");
+  }
+  const [
+    saltB64,
+    ivB64,
+    authTagB64,
+    dataB64
+  ] = parts;
+  const salt = Buffer.from(saltB64, "base64");
+  const iv = Buffer.from(ivB64, "base64");
+  const authTag = Buffer.from(authTagB64, "base64");
+  const encrypted = Buffer.from(dataB64, "base64");
+  const key = deriveKey(salt);
+  const decipher = createDecipheriv(ALGORITHM, key, iv, { authTagLength: AUTH_TAG_LENGTH });
+  decipher.setAuthTag(authTag);
+  const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
+  return decrypted.toString("utf8");
+}
+// src/storage/file-storage.ts
+var FileStorage = class {
+  filePath;
+  constructor() {
+    const configDir = getConfigDir();
+    this.filePath = join(configDir, CREDENTIALS_FILE);
+  }
+  ensureConfigDir() {
+    const configDir = getConfigDir();
+    if (!existsSync(configDir)) {
+      mkdirSync(configDir, { recursive: true, mode: 448 });
+    }
+  }
+  readData() {
+    if (!existsSync(this.filePath)) {
+      return {};
+    }
+    try {
+      const encrypted = readFileSync(this.filePath, "utf8");
+      const decrypted = decrypt(encrypted);
+      return JSON.parse(decrypted);
+    } catch {
+      return {};
+    }
+  }
+  writeData(data) {
+    this.ensureConfigDir();
+    const json = JSON.stringify(data);
+    const encrypted = encrypt(json);
+    writeFileSync(this.filePath, encrypted, { mode: 384 });
+  }
+  async get(key) {
+    const data = this.readData();
+    return data[key] ?? null;
+  }
+  async set(key, value) {
+    const data = this.readData();
+    data[key] = value;
+    this.writeData(data);
+  }
+  async delete(key) {
+    const data = this.readData();
+    delete data[key];
+    if (Object.keys(data).length === 0) {
+      this.clear();
+    } else {
+      this.writeData(data);
+    }
+  }
+  async clear() {
+    if (existsSync(this.filePath)) {
+      unlinkSync(this.filePath);
+    }
+  }
+  async has(key) {
+    const data = this.readData();
+    return key in data;
+  }
+};
+// src/storage/keychain-storage.ts
+var keytar = null;
+async function getKeytar() {
+  if (keytar !== null) {
+    return keytar;
+  }
+  try {
+    keytar = await import('keytar');
+    return keytar;
+  } catch {
+    keytar = null;
+    return null;
+  }
+}
+var KeychainStorage = class {
+  service;
+  constructor(service = KEYCHAIN_SERVICE) {
+    this.service = service;
+  }
+  async isAvailable() {
+    const kt = await getKeytar();
+    if (!kt) return false;
+    try {
+      await kt.findCredentials(this.service);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async get(key) {
+    const kt = await getKeytar();
+    if (!kt) return null;
+    try {
+      return await kt.getPassword(this.service, key);
+    } catch {
+      return null;
+    }
+  }
+  async set(key, value) {
+    const kt = await getKeytar();
+    if (!kt) return false;
+    try {
+      await kt.setPassword(this.service, key, value);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async delete(key) {
+    const kt = await getKeytar();
+    if (!kt) return false;
+    try {
+      return await kt.deletePassword(this.service, key);
+    } catch {
+      return false;
+    }
+  }
+  async clear() {
+    const kt = await getKeytar();
+    if (!kt) return;
+    try {
+      const credentials = await kt.findCredentials(this.service);
+      for (const cred of credentials) {
+        await kt.deletePassword(this.service, cred.account);
+      }
+    } catch {
+    }
+  }
+};
+// src/storage/cli-token-manager.ts
+var CliTokenManager = class {
+  keychain;
+  fileStorage;
+  keychainAvailable = null;
+  constructor() {
+    this.keychain = new KeychainStorage();
+    this.fileStorage = new FileStorage();
+  }
+  async useKeychain() {
+    if (this.keychainAvailable === null) {
+      this.keychainAvailable = await this.keychain.isAvailable();
+    }
+    return this.keychainAvailable;
+  }
+  async getToken() {
+    if (await this.useKeychain()) {
+      const token = await this.keychain.get(TOKEN_KEYS.ACCESS_TOKEN);
+      if (token) return token;
+    }
+    return await this.fileStorage.get(TOKEN_KEYS.ACCESS_TOKEN);
+  }
+  async setToken(token) {
+    if (await this.useKeychain()) {
+      const success = await this.keychain.set(TOKEN_KEYS.ACCESS_TOKEN, token);
+      if (success) return;
+    }
+    await this.fileStorage.set(TOKEN_KEYS.ACCESS_TOKEN, token);
+  }
+  async clearToken() {
+    await this.keychain.delete(TOKEN_KEYS.ACCESS_TOKEN);
+    await this.fileStorage.delete(TOKEN_KEYS.ACCESS_TOKEN);
+  }
+  async getRefreshToken() {
+    if (await this.useKeychain()) {
+      const token = await this.keychain.get(TOKEN_KEYS.REFRESH_TOKEN);
+      if (token) return token;
+    }
+    return await this.fileStorage.get(TOKEN_KEYS.REFRESH_TOKEN);
+  }
+  async setRefreshToken(token) {
+    if (await this.useKeychain()) {
+      const success = await this.keychain.set(TOKEN_KEYS.REFRESH_TOKEN, token);
+      if (success) return;
+    }
+    await this.fileStorage.set(TOKEN_KEYS.REFRESH_TOKEN, token);
+  }
+  async clearRefreshToken() {
+    await this.keychain.delete(TOKEN_KEYS.REFRESH_TOKEN);
+    await this.fileStorage.delete(TOKEN_KEYS.REFRESH_TOKEN);
+  }
+  async getUserEmail() {
+    if (await this.useKeychain()) {
+      const email = await this.keychain.get(TOKEN_KEYS.USER_EMAIL);
+      if (email) return email;
+    }
+    return await this.fileStorage.get(TOKEN_KEYS.USER_EMAIL);
+  }
+  async setUserEmail(email) {
+    if (await this.useKeychain()) {
+      const success = await this.keychain.set(TOKEN_KEYS.USER_EMAIL, email);
+      if (success) return;
+    }
+    await this.fileStorage.set(TOKEN_KEYS.USER_EMAIL, email);
+  }
+  // GitHub token for private template access (persists after logout)
+  async getGithubToken() {
+    if (await this.useKeychain()) {
+      const token = await this.keychain.get(TOKEN_KEYS.GITHUB_TOKEN);
+      if (token) return token;
+    }
+    return await this.fileStorage.get(TOKEN_KEYS.GITHUB_TOKEN);
+  }
+  async setGithubToken(token) {
+    if (await this.useKeychain()) {
+      const success = await this.keychain.set(TOKEN_KEYS.GITHUB_TOKEN, token);
+      if (success) return;
+    }
+    await this.fileStorage.set(TOKEN_KEYS.GITHUB_TOKEN, token);
+  }
+  async clearAll() {
+    const githubToken = await this.getGithubToken();
+    await this.keychain.clear();
+    await this.fileStorage.clear();
+    if (githubToken) {
+      await this.setGithubToken(githubToken);
+    }
+  }
+  async isLoggedIn() {
+    const token = await this.getToken();
+    return token !== null;
+  }
+};
+var instance = null;
+function getTokenManager() {
+  if (!instance) {
+    instance = new CliTokenManager();
+  }
+  return instance;
+}
+// src/utils/errors.ts
+var CliError = class extends Error {
+  exitCode;
+  suggestion;
+  constructor(message, exitCode = 1, suggestion) {
+    super(message);
+    this.name = "CliError";
+    this.exitCode = exitCode;
+    this.suggestion = suggestion;
+  }
+};
+var AuthenticationError = class extends CliError {
+  constructor(message = "Authentication failed", suggestion) {
+    super(message, 1, suggestion || "Please check your credentials and try again.");
+    this.name = "AuthenticationError";
+  }
+};
+var NetworkError = class extends CliError {
+  constructor(message = "Network request failed", suggestion) {
+    super(message, 1, suggestion || "Please check your internet connection and try again.");
+    this.name = "NetworkError";
+  }
+};
+var TimeoutError = class extends CliError {
+  constructor(message = "Operation timed out") {
+    super(message, 1, "Please try again.");
+    this.name = "TimeoutError";
+  }
+};
+var OAuthError = class extends CliError {
+  constructor(message, suggestion) {
+    super(message, 1, suggestion || "Please try again or use email/password login.");
+    this.name = "OAuthError";
+  }
+};
+// src/auth/credential-auth.ts
+function getApiClient() {
+  return new RestApiClient({ baseURL: DOCYRUS_API_URL });
+}
+async function loginWithCredentials(credentials) {
+  const client = getApiClient();
+  try {
+    const response = await client.post("/v1/auth/token", {
+      email: credentials.email,
+      password: credentials.password
+    });
+    const tokens = {
+      accessToken: response.data.access_token,
+      refreshToken: response.data.refresh_token,
+      expiresIn: response.data.expires_in
+    };
+    if (tokens.expiresIn) {
+      tokens.expiresAt = Date.now() + tokens.expiresIn * 1e3;
+    }
+    return {
+      tokens,
+      user: response.data.user
+    };
+  } catch (error) {
+    if (error instanceof AuthenticationError$1) {
+      throw new AuthenticationError("Invalid email or password.");
+    }
+    if (error instanceof Error && error.message.includes("fetch")) {
+      throw new NetworkError();
+    }
+    throw error;
+  }
+}
+async function getUserInfo(accessToken) {
+  const client = new RestApiClient({ baseURL: DOCYRUS_API_URL });
+  await client.setAccessToken(accessToken);
+  try {
+    const response = await client.get("/v1/users/me");
+    return response.data;
+  } catch (error) {
+    if (error instanceof AuthenticationError$1) {
+      throw new AuthenticationError("Session expired. Please log in again.");
+    }
+    throw error;
+  }
+}
+async function refreshAccessToken(refreshToken) {
+  const tokenUrl = `${DOCYRUS_API_URL}/v1/oauth2/token`;
+  try {
+    const response = await fetch(tokenUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        grant_type: "refresh_token",
+        client_id: OAUTH_CLIENT_ID,
+        refresh_token: refreshToken
+      }).toString()
+    });
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      throw new AuthenticationError(
+        errorData.error_description || "Failed to refresh token"
+      );
+    }
+    const data = await response.json();
+    const tokens = {
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token || refreshToken,
+      expiresIn: data.expires_in,
+      tokenType: data.token_type
+    };
+    if (tokens.expiresIn) {
+      tokens.expiresAt = Date.now() + tokens.expiresIn * 1e3;
+    }
+    return tokens;
+  } catch (error) {
+    if (error instanceof AuthenticationError) {
+      throw error;
+    }
+    if (error instanceof Error && error.message.includes("fetch")) {
+      throw new NetworkError();
+    }
+    throw new AuthenticationError("Session expired. Please log in again.");
+  }
+}
+var SUCCESS_HTML = `
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Authentication Successful - Docyrus CLI</title>
+  <style>
+    * { box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      margin: 0;
+      background: linear-gradient(to bottom right, #f8fafc, #f1f5f9);
+    }
+    .container {
+      width: 100%;
+      max-width: 400px;
+      padding: 32px;
+      background: white;
+      border-radius: 16px;
+      box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.15);
+      text-align: center;
+    }
+    .logo {
+      margin-bottom: 24px;
+    }
+    .logo svg {
+      height: 40px;
+      width: auto;
+    }
+    h1 {
+      margin: 0 0 8px;
+      font-size: 20px;
+      font-weight: 600;
+      color: #1e293b;
+    }
+    p {
+      margin: 0;
+      color: #64748b;
+      font-size: 14px;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="logo">
+      <svg viewBox="0 0 1325.62 253.55" xmlns="http://www.w3.org/2000/svg">
+        <path fill="#dc2626" d="M169.13,133.22l-.07.06v29.48c0,7.81-6.35,14.17-14.16,14.17h-29.48c-2.54,0-4.9-.68-6.96-1.85l-33.13,33.14c2.16,3.21,3.43,7.09,3.43,11.21,0,5.53-2.22,10.54-5.84,14.17-3.62,3.62-8.64,5.84-14.17,5.84s-10.55-2.22-14.17-5.84c-3.62-3.63-5.84-8.64-5.84-14.17,0-11.06,8.96-20.08,20.07-20.08,4.22,0,8.09,1.29,11.3,3.48l33.11-33.11c-1.22-2.07-1.91-4.46-1.91-7.02v-29.48c0-3.24,1.11-6.26,2.97-8.65l-27.31-37.16H19.96V15.5h71.85v65.82l28.44,38.71c1.62-.65,3.39-.98,5.23-.98h29.48c7.81,0,14.17,6.36,14.17,14.17Z"/>
+        <path fill="#1c1c1c" d="M241.24,60.57h48.58c12.19,0,23,2.42,32.44,7.25,9.44,4.83,16.77,11.61,21.98,20.34,5.21,8.73,7.82,18.75,7.82,30.05s-2.61,21.32-7.82,30.05c-5.22,8.73-12.54,15.51-21.98,20.34-9.44,4.83-20.25,7.25-32.44,7.25h-48.58V60.57ZM288.83,161.51c9.33,0,17.54-1.81,24.62-5.43,7.08-3.62,12.54-8.7,16.38-15.23,3.84-6.53,5.76-14.08,5.76-22.64s-1.92-16.11-5.76-22.64c-3.84-6.53-9.3-11.61-16.38-15.23-7.08-3.62-15.29-5.43-24.62-5.43h-31.12v86.61h31.12Z"/>
+        <path fill="#1c1c1c" d="M430.77,169.5c-9.33-5.1-16.66-12.16-21.98-21.16-5.33-9-7.99-19.04-7.99-30.13s2.66-21.13,7.99-30.13c5.32-9,12.65-16.06,21.98-21.16,9.33-5.1,19.81-7.66,31.45-7.66s21.96,2.55,31.29,7.66c9.33,5.1,16.63,12.13,21.9,21.08,5.27,8.95,7.9,19.02,7.9,30.22s-2.63,21.27-7.9,30.22c-5.27,8.95-12.57,15.97-21.9,21.08-9.33,5.1-19.76,7.66-31.29,7.66s-22.12-2.55-31.45-7.66ZM485.03,156.74c6.75-3.84,12.07-9.14,15.97-15.89,3.9-6.75,5.85-14.3,5.85-22.64s-1.95-15.89-5.85-22.64c-3.9-6.75-9.22-12.05-15.97-15.89-6.75-3.84-14.35-5.76-22.81-5.76s-16.11,1.92-22.97,5.76c-6.86,3.84-12.24,9.14-16.14,15.89-3.9,6.75-5.85,14.3-5.85,22.64s1.95,15.89,5.85,22.64c3.9,6.75,9.28,12.05,16.14,15.89,6.86,3.84,14.52,5.76,22.97,5.76s16.06-1.92,22.81-5.76Z"/>
+        <path fill="#1c1c1c" d="M601.78,169.5c-9.28-5.1-16.55-12.13-21.82-21.08-5.27-8.95-7.9-19.02-7.9-30.22s2.63-21.27,7.9-30.22c5.27-8.95,12.57-15.97,21.9-21.08,9.33-5.1,19.76-7.66,31.29-7.66,9,0,17.23,1.51,24.7,4.53,7.46,3.02,13.83,7.49,19.1,13.42l-10.7,10.37c-8.67-9.11-19.49-13.67-32.44-13.67-8.56,0-16.3,1.92-23.22,5.76-6.92,3.84-12.32,9.14-16.22,15.89-3.9,6.75-5.85,14.3-5.85,22.64s1.95,15.89,5.85,22.64c3.9,6.75,9.3,12.05,16.22,15.89,6.92,3.84,14.66,5.76,23.22,5.76,12.84,0,23.66-4.61,32.44-13.83l10.7,10.37c-5.27,5.93-11.67,10.43-19.18,13.5-7.52,3.07-15.78,4.61-24.78,4.61-11.53,0-21.93-2.55-31.2-7.66Z"/>
+        <path fill="#1c1c1c" d="M775.59,135.99v39.85h-16.3v-40.18l-45.78-75.09h17.62l36.89,60.76,37.05-60.76h16.3l-45.78,75.42Z"/>
+        <path fill="#1c1c1c" d="M946.01,175.84l-24.87-35.4c-3.07.22-5.49.33-7.25.33h-28.49v35.07h-16.47V60.57h44.95c14.93,0,26.68,3.57,35.24,10.7,8.56,7.14,12.84,16.96,12.84,29.48,0,8.89-2.2,16.47-6.59,22.72-4.39,6.26-10.65,10.81-18.77,13.67l27.33,38.7h-17.95ZM937.29,120.02c5.49-4.5,8.23-10.92,8.23-19.27s-2.75-14.74-8.23-19.18c-5.49-4.45-13.45-6.67-23.88-6.67h-27.99v51.87h27.99c10.43,0,18.39-2.25,23.88-6.75Z"/>
+        <path fill="#1c1c1c" d="M1033.45,163.98c-8.56-8.78-12.84-21.41-12.84-37.87V60.57h16.47v64.88c0,24.7,10.81,37.05,32.44,37.05,10.54,0,18.61-3.05,24.21-9.14s8.4-15.4,8.4-27.91V60.57h15.97v65.54c0,16.58-4.28,29.23-12.84,37.96-8.56,8.73-20.53,13.09-35.9,13.09s-27.33-4.39-35.9-13.17Z"/>
+        <path fill="#1c1c1c" d="M1193.26,173.12c-8.07-2.69-14.41-6.18-19.02-10.46l6.09-12.84c4.39,3.95,10.02,7.16,16.88,9.63,6.86,2.47,13.91,3.7,21.16,3.7,9.55,0,16.69-1.62,21.41-4.86,4.72-3.24,7.08-7.55,7.08-12.93,0-3.95-1.29-7.16-3.87-9.63-2.58-2.47-5.76-4.36-9.55-5.68s-9.14-2.8-16.05-4.45c-8.67-2.08-15.67-4.17-21-6.26-5.33-2.08-9.88-5.29-13.67-9.63-3.79-4.34-5.68-10.18-5.68-17.54,0-6.15,1.62-11.69,4.86-16.63,3.24-4.94,8.15-8.89,14.74-11.86,6.59-2.96,14.76-4.45,24.54-4.45,6.81,0,13.5.88,20.09,2.63,6.59,1.76,12.24,4.28,16.96,7.57l-5.43,13.17c-4.83-3.07-9.99-5.41-15.48-7-5.49-1.59-10.87-2.39-16.14-2.39-9.33,0-16.33,1.7-21,5.1-4.67,3.4-7,7.8-7,13.17,0,3.95,1.32,7.16,3.95,9.63,2.63,2.47,5.9,4.39,9.8,5.76,3.9,1.37,9.19,2.83,15.89,4.36,8.67,2.09,15.64,4.17,20.91,6.26,5.27,2.09,9.8,5.27,13.58,9.55,3.79,4.28,5.68,10.04,5.68,17.29,0,6.04-1.65,11.55-4.94,16.55-3.29,5-8.29,8.95-14.99,11.86-6.7,2.91-14.93,4.36-24.7,4.36-8.67,0-17.04-1.34-25.11-4.03Z"/>
+      </svg>
+    </div>
+    <h1>Authentication Successful</h1>
+    <p>You can close this tab and return to the CLI.</p>
+  </div>
+</body>
+</html>
+`;
+var ERROR_HTML = (message) => `
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Authentication Failed - Docyrus CLI</title>
+  <style>
+    * { box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      margin: 0;
+      background: linear-gradient(to bottom right, #f8fafc, #f1f5f9);
+    }
+    .container {
+      width: 100%;
+      max-width: 400px;
+      padding: 32px;
+      background: white;
+      border-radius: 16px;
+      box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.15);
+      text-align: center;
+    }
+    .logo {
+      margin-bottom: 24px;
+    }
+    .logo svg {
+      height: 40px;
+      width: auto;
+    }
+    h1 {
+      margin: 0 0 8px;
+      font-size: 20px;
+      font-weight: 600;
+      color: #1e293b;
+    }
+    p {
+      margin: 0;
+      color: #64748b;
+      font-size: 14px;
+    }
+    .error-message {
+      margin-top: 16px;
+      padding: 12px;
+      background: #fef2f2;
+      border-radius: 8px;
+      color: #dc2626;
+      font-size: 13px;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="logo">
+      <svg viewBox="0 0 1325.62 253.55" xmlns="http://www.w3.org/2000/svg">
+        <path fill="#dc2626" d="M169.13,133.22l-.07.06v29.48c0,7.81-6.35,14.17-14.16,14.17h-29.48c-2.54,0-4.9-.68-6.96-1.85l-33.13,33.14c2.16,3.21,3.43,7.09,3.43,11.21,0,5.53-2.22,10.54-5.84,14.17-3.62,3.62-8.64,5.84-14.17,5.84s-10.55-2.22-14.17-5.84c-3.62-3.63-5.84-8.64-5.84-14.17,0-11.06,8.96-20.08,20.07-20.08,4.22,0,8.09,1.29,11.3,3.48l33.11-33.11c-1.22-2.07-1.91-4.46-1.91-7.02v-29.48c0-3.24,1.11-6.26,2.97-8.65l-27.31-37.16H19.96V15.5h71.85v65.82l28.44,38.71c1.62-.65,3.39-.98,5.23-.98h29.48c7.81,0,14.17,6.36,14.17,14.17Z"/>
+        <path fill="#1c1c1c" d="M241.24,60.57h48.58c12.19,0,23,2.42,32.44,7.25,9.44,4.83,16.77,11.61,21.98,20.34,5.21,8.73,7.82,18.75,7.82,30.05s-2.61,21.32-7.82,30.05c-5.22,8.73-12.54,15.51-21.98,20.34-9.44,4.83-20.25,7.25-32.44,7.25h-48.58V60.57ZM288.83,161.51c9.33,0,17.54-1.81,24.62-5.43,7.08-3.62,12.54-8.7,16.38-15.23,3.84-6.53,5.76-14.08,5.76-22.64s-1.92-16.11-5.76-22.64c-3.84-6.53-9.3-11.61-16.38-15.23-7.08-3.62-15.29-5.43-24.62-5.43h-31.12v86.61h31.12Z"/>
+        <path fill="#1c1c1c" d="M430.77,169.5c-9.33-5.1-16.66-12.16-21.98-21.16-5.33-9-7.99-19.04-7.99-30.13s2.66-21.13,7.99-30.13c5.32-9,12.65-16.06,21.98-21.16,9.33-5.1,19.81-7.66,31.45-7.66s21.96,2.55,31.29,7.66c9.33,5.1,16.63,12.13,21.9,21.08,5.27,8.95,7.9,19.02,7.9,30.22s-2.63,21.27-7.9,30.22c-5.27,8.95-12.57,15.97-21.9,21.08-9.33,5.1-19.76,7.66-31.29,7.66s-22.12-2.55-31.45-7.66ZM485.03,156.74c6.75-3.84,12.07-9.14,15.97-15.89,3.9-6.75,5.85-14.3,5.85-22.64s-1.95-15.89-5.85-22.64c-3.9-6.75-9.22-12.05-15.97-15.89-6.75-3.84-14.35-5.76-22.81-5.76s-16.11,1.92-22.97,5.76c-6.86,3.84-12.24,9.14-16.14,15.89-3.9,6.75-5.85,14.3-5.85,22.64s1.95,15.89,5.85,22.64c3.9,6.75,9.28,12.05,16.14,15.89,6.86,3.84,14.52,5.76,22.97,5.76s16.06-1.92,22.81-5.76Z"/>
+        <path fill="#1c1c1c" d="M601.78,169.5c-9.28-5.1-16.55-12.13-21.82-21.08-5.27-8.95-7.9-19.02-7.9-30.22s2.63-21.27,7.9-30.22c5.27-8.95,12.57-15.97,21.9-21.08,9.33-5.1,19.76-7.66,31.29-7.66,9,0,17.23,1.51,24.7,4.53,7.46,3.02,13.83,7.49,19.1,13.42l-10.7,10.37c-8.67-9.11-19.49-13.67-32.44-13.67-8.56,0-16.3,1.92-23.22,5.76-6.92,3.84-12.32,9.14-16.22,15.89-3.9,6.75-5.85,14.3-5.85,22.64s1.95,15.89,5.85,22.64c3.9,6.75,9.3,12.05,16.22,15.89,6.92,3.84,14.66,5.76,23.22,5.76,12.84,0,23.66-4.61,32.44-13.83l10.7,10.37c-5.27,5.93-11.67,10.43-19.18,13.5-7.52,3.07-15.78,4.61-24.78,4.61-11.53,0-21.93-2.55-31.2-7.66Z"/>
+        <path fill="#1c1c1c" d="M775.59,135.99v39.85h-16.3v-40.18l-45.78-75.09h17.62l36.89,60.76,37.05-60.76h16.3l-45.78,75.42Z"/>
+        <path fill="#1c1c1c" d="M946.01,175.84l-24.87-35.4c-3.07.22-5.49.33-7.25.33h-28.49v35.07h-16.47V60.57h44.95c14.93,0,26.68,3.57,35.24,10.7,8.56,7.14,12.84,16.96,12.84,29.48,0,8.89-2.2,16.47-6.59,22.72-4.39,6.26-10.65,10.81-18.77,13.67l27.33,38.7h-17.95ZM937.29,120.02c5.49-4.5,8.23-10.92,8.23-19.27s-2.75-14.74-8.23-19.18c-5.49-4.45-13.45-6.67-23.88-6.67h-27.99v51.87h27.99c10.43,0,18.39-2.25,23.88-6.75Z"/>
+        <path fill="#1c1c1c" d="M1033.45,163.98c-8.56-8.78-12.84-21.41-12.84-37.87V60.57h16.47v64.88c0,24.7,10.81,37.05,32.44,37.05,10.54,0,18.61-3.05,24.21-9.14s8.4-15.4,8.4-27.91V60.57h15.97v65.54c0,16.58-4.28,29.23-12.84,37.96-8.56,8.73-20.53,13.09-35.9,13.09s-27.33-4.39-35.9-13.17Z"/>
+        <path fill="#1c1c1c" d="M1193.26,173.12c-8.07-2.69-14.41-6.18-19.02-10.46l6.09-12.84c4.39,3.95,10.02,7.16,16.88,9.63,6.86,2.47,13.91,3.7,21.16,3.7,9.55,0,16.69-1.62,21.41-4.86,4.72-3.24,7.08-7.55,7.08-12.93,0-3.95-1.29-7.16-3.87-9.63-2.58-2.47-5.76-4.36-9.55-5.68s-9.14-2.8-16.05-4.45c-8.67-2.08-15.67-4.17-21-6.26-5.33-2.08-9.88-5.29-13.67-9.63-3.79-4.34-5.68-10.18-5.68-17.54,0-6.15,1.62-11.69,4.86-16.63,3.24-4.94,8.15-8.89,14.74-11.86,6.59-2.96,14.76-4.45,24.54-4.45,6.81,0,13.5.88,20.09,2.63,6.59,1.76,12.24,4.28,16.96,7.57l-5.43,13.17c-4.83-3.07-9.99-5.41-15.48-7-5.49-1.59-10.87-2.39-16.14-2.39-9.33,0-16.33,1.7-21,5.1-4.67,3.4-7,7.8-7,13.17,0,3.95,1.32,7.16,3.95,9.63,2.63,2.47,5.9,4.39,9.8,5.76,3.9,1.37,9.19,2.83,15.89,4.36,8.67,2.09,15.64,4.17,20.91,6.26,5.27,2.09,9.8,5.27,13.58,9.55,3.79,4.28,5.68,10.04,5.68,17.29,0,6.04-1.65,11.55-4.94,16.55-3.29,5-8.29,8.95-14.99,11.86-6.7,2.91-14.93,4.36-24.7,4.36-8.67,0-17.04-1.34-25.11-4.03Z"/>
+      </svg>
+    </div>
+    <h1>Authentication Failed</h1>
+    <p>Something went wrong during authentication.</p>
+    <div class="error-message">${message}</div>
+  </div>
+</body>
+</html>
+`;
+function generateState() {
+  return randomBytes(32).toString("hex");
+}
+function generateCodeVerifier() {
+  return randomBytes(32).toString("base64url");
+}
+async function generateCodeChallenge(verifier) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+  return Buffer.from(hashBuffer).toString("base64url");
+}
+async function findAvailablePort() {
+  return new Promise((resolve, reject) => {
+    const tryPort = (port) => {
+      if (port > OAUTH_CALLBACK_PORT_MAX) {
+        reject(new OAuthError("Could not find an available port for OAuth callback."));
+        return;
+      }
+      const server = createServer();
+      server.listen(port, "127.0.0.1");
+      server.once("listening", () => {
+        server.close(() => resolve(port));
+      });
+      server.once("error", () => {
+        tryPort(port + 1);
+      });
+    };
+    tryPort(OAUTH_CALLBACK_PORT_MIN);
+  });
+}
+async function startCallbackServer(expectedState) {
+  const port = await findAvailablePort();
+  let resolveResult;
+  let rejectResult;
+  const resultPromise = new Promise((resolve, reject) => {
+    resolveResult = resolve;
+    rejectResult = reject;
+  });
+  const timeoutId = setTimeout(() => {
+    rejectResult(new TimeoutError("OAuth authentication timed out."));
+  }, OAUTH_TIMEOUT_MS);
+  const server = createServer((req, res) => {
+    const url = new URL(req.url || "/", `http://127.0.0.1:${port}`);
+    if (url.pathname === "/callback") {
+      const code = url.searchParams.get("code");
+      const state = url.searchParams.get("state");
+      const error = url.searchParams.get("error");
+      const errorDescription = url.searchParams.get("error_description");
+      if (error) {
+        res.writeHead(400, { "Content-Type": "text/html" });
+        res.end(ERROR_HTML(errorDescription || error));
+        rejectResult(new OAuthError(errorDescription || error));
+        return;
+      }
+      if (!code || !state) {
+        res.writeHead(400, { "Content-Type": "text/html" });
+        res.end(ERROR_HTML("Missing authorization code or state."));
+        rejectResult(new OAuthError("Missing authorization code or state."));
+        return;
+      }
+      if (state !== expectedState) {
+        res.writeHead(400, { "Content-Type": "text/html" });
+        res.end(ERROR_HTML("Invalid state parameter. Possible CSRF attack."));
+        rejectResult(new OAuthError("Invalid state parameter."));
+        return;
+      }
+      res.writeHead(200, { "Content-Type": "text/html" });
+      res.end(SUCCESS_HTML);
+      resolveResult({ code, state });
+    } else {
+      res.writeHead(404);
+      res.end("Not Found");
+    }
+  });
+  server.listen(port, "127.0.0.1");
+  const cleanup = () => {
+    clearTimeout(timeoutId);
+    server.close();
+  };
+  return {
+    server,
+    port,
+    resultPromise,
+    cleanup
+  };
+}
+async function openBrowser(url) {
+  await open(url);
+}
+// src/auth/oauth-auth.ts
+function getOAuthConfig(port) {
+  return {
+    authorizationUrl: `${DOCYRUS_API_URL}/v1/oauth2/authorize`,
+    tokenUrl: `${DOCYRUS_API_URL}/v1/oauth2/token`,
+    clientId: OAUTH_CLIENT_ID,
+    redirectUri: OAUTH_REDIRECT_URI(port),
+    scopes: OAUTH_SCOPES
+  };
+}
+function buildAuthorizationUrl(config, state, codeChallenge) {
+  const params = new URLSearchParams({
+    response_type: "code",
+    client_id: config.clientId,
+    redirect_uri: config.redirectUri,
+    scope: config.scopes.join(" "),
+    state,
+    code_challenge: codeChallenge,
+    code_challenge_method: "S256"
+  });
+  return `${config.authorizationUrl}?${params.toString()}`;
+}
+async function exchangeCodeForTokens(config, code, codeVerifier) {
+  const response = await fetch(config.tokenUrl, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded"
+    },
+    body: new URLSearchParams({
+      grant_type: "authorization_code",
+      client_id: config.clientId,
+      code,
+      redirect_uri: config.redirectUri,
+      code_verifier: codeVerifier
+    }).toString()
+  });
+  if (!response.ok) {
+    const errorText = await response.text();
+    throw new OAuthError(`Failed to exchange authorization code: ${errorText}`);
+  }
+  const data = await response.json();
+  const tokens = {
+    accessToken: data.access_token,
+    refreshToken: data.refresh_token,
+    expiresIn: data.expires_in,
+    tokenType: data.token_type
+  };
+  if (tokens.expiresIn) {
+    tokens.expiresAt = Date.now() + tokens.expiresIn * 1e3;
+  }
+  return tokens;
+}
+async function getUserInfoFromToken(accessToken) {
+  const client = new RestApiClient({ baseURL: DOCYRUS_API_URL });
+  await client.setAccessToken(accessToken);
+  try {
+    return await client.get("/v1/users/me");
+  } catch {
+    return void 0;
+  }
+}
+async function loginWithOAuth(options = {}) {
+  const state = generateState();
+  const codeVerifier = generateCodeVerifier();
+  const codeChallenge = await generateCodeChallenge(codeVerifier);
+  const { port, resultPromise, cleanup } = await startCallbackServer(state);
+  const config = getOAuthConfig(port);
+  const authUrl = buildAuthorizationUrl(config, state, codeChallenge);
+  try {
+    options.onOpeningBrowser?.();
+    await openBrowser(authUrl);
+    options.onWaitingForAuth?.(authUrl);
+    const { code } = await resultPromise;
+    const tokens = await exchangeCodeForTokens(config, code, codeVerifier);
+    const user = await getUserInfoFromToken(tokens.accessToken);
+    return { tokens, user };
+  } finally {
+    cleanup();
+  }
+}
+var defaults = {
+  telemetryEnabled: true
+};
+var ConfigManager = class {
+  config;
+  constructor() {
+    this.config = new Conf({
+      projectName: CLI_NAME,
+      defaults
+    });
+  }
+  get(key) {
+    return this.config.get(key);
+  }
+  set(key, value) {
+    this.config.set(key, value);
+  }
+  delete(key) {
+    this.config.delete(key);
+  }
+  getAll() {
+    return this.config.store;
+  }
+  clear() {
+    this.config.clear();
+  }
+  get path() {
+    return this.config.path;
+  }
+};
+var configManager = new ConfigManager();
+export { CLI_NAME, CLI_VERSION, CliTokenManager, DOCYRUS_API_URL, configManager, getTokenManager, getUserInfo, loginWithCredentials, loginWithOAuth, refreshAccessToken };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map