@doow/cli 0.1.1 → 0.1.4

package/README.md

@@ -27,29 +27,63 @@ doow chat               # interactive chat with Derek or Mina
 
 ## Commands
 
+### Identity & setup
+
+| Command | Description |
+|---------|-------------|
+| `doow login` | Authenticate (PKCE browser flow or device-code for headless) |
+| `doow logout` | Revoke tokens and clear local credentials |
+| `doow whoami` | Show current user and organization |
+| `doow profiles` | Switch between multiple organizations |
+
+### Applications & spend
+
+| Command | Description |
+|---------|-------------|
+| `doow apps` | List, inspect, compare, and manage SaaS applications |
+| `doow dashboard` | Spend breakdown, renewal timeline, and key metrics |
+| `doow expenses` | View expenses synced from banking, accounting, or billing integrations |
+| `doow insights` | Surface apps that need attention — underused, overspent, or duplicated |
+| `doow search <query>` | Full-text search across apps, contracts, team members, and more |
+
+### Contracts & renewals
+
+| Command | Description |
+|---------|-------------|
+| `doow contracts` | Manage PAYG, Enterprise, and subscription contracts — create, update, track renewals |
+| `doow overages` | Track usage overages against contract limits |
+| `doow usage-tuples` | Record metered usage (seats, API calls, storage) against contracts for billing reconciliation |
+
+### Licensing
+
+| Command | Description |
+|---------|-------------|
+| `doow licenses` | Manage seat-based, usage-based, and prepaid licenses — assign users, track utilization, manage spend pools and credit vintages |
+
+### Cards & payments
+
+| Command | Description |
+|---------|-------------|
+| `doow cards` | Issue virtual/physical cards, fund, freeze, map to apps, view transactions |
+
+### Team & org
+
+| Command | Description |
+|---------|-------------|
+| `doow team` | Invite members, manage departments, activate/deactivate users |
+| `doow integrations` | Connect SSO, HRIS, and billing providers — view sync logs, trigger syncs |
+
+### Reports
+
+| Command | Description |
+|---------|-------------|
+| `doow reports` | Export expense, contract, license, card, and department reports as CSV or PDF — download or email |
+
+### AI assistant
+
 | Command | Description |
 |---------|-------------|
-| `doow login` | Authenticate with Doow (PKCE or device flow) |
-| `doow logout` | Revoke refresh token and clear credentials |
-| `doow whoami` | Show current identity |
-| `doow profiles` | Manage multi-org profiles |
-| `doow apps` | Manage SaaS applications |
-| `doow contracts` | Manage contracts |
-| `doow licenses` | Manage licenses |
-| `doow cards` | Manage virtual and physical cards |
-| `doow team` | Manage team members and departments |
-| `doow integrations` | Manage third-party integrations |
-| `doow insights` | View insights and notifications |
-| `doow dashboard` | View spend overview and key metrics |
-| `doow search <query>` | Search across apps, contracts, members, and more |
-| `doow expenses` | View expenses |
-| `doow overages` | View contract overages |
-| `doow usage-tuples` | View and manage usage metric tuples |
-| `doow reports` | Generate and export reports |
-| `doow chat` | Chat with Derek or Mina (interactive) |
-| `doow mcp` | Start MCP server over stdio |
-| `doow doctor` | Diagnostic: auth, config, network, API version |
-| `doow completion` | Output shell completion script |
+| `doow chat` | Interactive chat with Derek (spend analyst) or Mina (procurement advisor) |
 
 ## MCP server
 

package/dist/cjs/auth/device-flow.js

@@ -10,7 +10,7 @@ var keyring = require('./keyring.js');
  * environments where a browser cannot be opened on the same machine.
  *
  * Steps:
- *   1. POST /v1/auth/device/authorize  → get device_code + user_code
+ *   1. POST /v1/auth/cli/device        → get device_code + user_code
  *   2. Display verification URI + user_code on stderr
  *   3. Optionally open the browser (best-effort)
  *   4. Poll POST /v1/auth/device/token until granted or expired
@@ -30,6 +30,15 @@ function sleep(ms) {
 function expiresAtFromSecondsIn(secondsIn) {
     return new Date(Date.now() + secondsIn * 1000).toISOString();
 }
+function isLegacyPendingPollResponse(status, body) {
+    const legacyBody = body;
+    return (status === 400 &&
+        body != null &&
+        typeof body === 'object' &&
+        legacyBody.name === 'HttpException' &&
+        legacyBody.message === 'Bad Request Exception' &&
+        legacyBody.response === 'Bad Request Exception');
+}
 // ---------------------------------------------------------------------------
 // Core function
 // ---------------------------------------------------------------------------
@@ -52,7 +61,7 @@ async function executeDeviceFlow(options = {}) {
     // -------------------------------------------------------------------------
     // Step 1: Request device authorization
     // -------------------------------------------------------------------------
-    const authorizeRes = await fetch(`${apiUrl}/v1/auth/device/authorize`, {
+    const authorizeRes = await fetch(`${apiUrl}/v1/auth/cli/device`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ client_id: 'doow-cli' }),
@@ -62,6 +71,7 @@ async function executeDeviceFlow(options = {}) {
         throw new Error(`Device authorization request failed: HTTP ${authorizeRes.status}${body ? ` — ${body}` : ''}`);
     }
     const auth = (await authorizeRes.json());
+    const deviceCodeExpiresAt = Date.now() + auth.expires_in * 1000;
     // -------------------------------------------------------------------------
     // Step 2: Display instructions on stderr
     // -------------------------------------------------------------------------
@@ -81,6 +91,9 @@ async function executeDeviceFlow(options = {}) {
     let pollInterval = auth.interval; // seconds; RFC 8628 §3.5
     while (true) {
         await sleep(pollInterval * 1000);
+        if (Date.now() > deviceCodeExpiresAt) {
+            throw new Error('Device code expired. Run doow login --device again.');
+        }
         const tokenRes = await fetch(`${apiUrl}/v1/auth/device/token`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
@@ -125,6 +138,9 @@ async function executeDeviceFlow(options = {}) {
             case 'access_denied':
                 throw new Error('Authorization denied by user.');
             default:
+                if (isLegacyPendingPollResponse(tokenRes.status, errBody)) {
+                    continue;
+                }
                 throw new Error(`Token polling failed: ${errBody.error}${errBody.error_description ? ` — ${errBody.error_description}` : ''}`);
         }
     }

package/dist/cjs/auth/device-flow.js.map

@@ -1 +1 @@
-{"version":3,"file":"device-flow.js","sources":["../../../../src/auth/device-flow.ts"],"sourcesContent":[null],"names":["getApiUrl","createCredentialStore","shouldShowUI"],"mappings":";;;;;AAAA;;;;;;;;;;;;AAYG;AAuDH;AACA;AACA;AAEA;AACA,SAAS,KAAK,CAAC,EAAU,EAAA;AACvB,IAAA,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AAC1D;AAEA;;;AAGG;AACG,SAAU,sBAAsB,CAAC,SAAiB,EAAA;AACtD,IAAA,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;AAC9D;AAEA;AACA;AACA;AAEA;;;;;;AAMG;AACI,eAAe,iBAAiB,CACrC,UAA6B,EAAE,EAAA;IAE/B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAIA,aAAS,EAAE;AAC5C,IAAA,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,SAAS;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,eAAe,KAAK,MAAMC,6BAAqB,EAAE,CAAC;AACxE,IAAA,MAAM,OAAO,GACX,OAAO,CAAC,OAAO;AACf,SAAC,OAAO,GAAW,KAAI;YACrB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,OAAO,MAAM,CAAC;AAC9C,YAAA,MAAM,IAAI,CAAC,GAAG,CAAC;AACjB,QAAA,CAAC,CAAC;;;;IAMJ,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,CAAA,EAAG,MAAM,2BAA2B,EAAE;AACrE,QAAA,MAAM,EAAE,MAAM;AACd,QAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AAChD,KAAA,CAAC;AAEF,IAAA,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE;AACpB,QAAA,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,CAAA,0CAAA,EAA6C,YAAY,CAAC,MAAM,GAAG,IAAI,GAAG,CAAA,GAAA,EAAM,IAAI,CAAA,CAAE,GAAG,EAAE,CAAA,CAAE,CAC9F;IACH;IAEA,MAAM,IAAI,IAAI,MAAM,YAAY,CAAC,IAAI,EAAE,CAAuB;;;;AAM9D,IAAA,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,CAAA,+CAAA,EAAkD,IAAI,CAAC,gBAAgB,wBAAwB,IAAI,CAAC,SAAS,CAAA,IAAA,CAAM,CACpH;;IAGD,IAAIC,gBAAY,EAAE,EAAE;AAClB,QAAA,IAAI;AACF,YAAA,MAAM,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC;QACtC;AAAE,QAAA,MAAM;;QAER;IACF;;;;AAMA,IAAA,IAAI,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC;IAEjC,OAAO,IAAI,EAAE;AACX,QAAA,MAAM,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC;QAEhC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,CAAA,EAAG,MAAM,uBAAuB,EAAE;AAC7D,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;AAC/C,YAAA,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,WAAW,EAAE,IAAI,CAAC,WAAW;AAC7B,gBAAA,UAAU,EAAE,8CAA8C;aAC3D,CAAC;AACH,SAAA,CAAC;AAEF,QAAA,IAAI,QAAQ,CAAC,EAAE,EAAE;;YAEf,MAAM,MAAM,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAyB;;;;YAM9D,MAAM,SAAS,GAAG,sBAAsB,CAAC,MAAM,CAAC,UAAU,CAAC;AAE3D,YAAA,MAAM,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE;gBAC3B,WAAW,EAAE,MAAM,CAAC,YAAY;gBAChC,YAAY,EAAE,MAAM,CAAC,aAAa;gBAClC,SAAS;AACV,aAAA,CAAC;;;;YAMF,OAAO;gBACL,WAAW,EAAE,MAAM,CAAC,YAAY;gBAChC,YAAY,EAAE,MAAM,CAAC,aAAa;gBAClC,SAAS;aACV;QACH;;QAGA,MAAM,OAAO,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,CAAuB;AAEjG,QAAA,QAAQ,OAAO,CAAC,KAAK;AACnB,YAAA,KAAK,uBAAuB;;gBAE1B;AAEF,YAAA,KAAK,WAAW;;gBAEd,YAAY,IAAI,CAAC;gBACjB;AAEF,YAAA,KAAK,eAAe;AAClB,gBAAA,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC;AAExE,YAAA,KAAK,eAAe;AAClB,gBAAA,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC;AAElD,YAAA;gBACE,MAAM,IAAI,KAAK,CACb,CAAA,sBAAA,EAAyB,OAAO,CAAC,KAAK,CAAA,EAAG,OAAO,CAAC,iBAAiB,GAAG,CAAA,GAAA,EAAM,OAAO,CAAC,iBAAiB,CAAA,CAAE,GAAG,EAAE,CAAA,CAAE,CAC9G;;IAEP;AACF;;;;;"}
+{"version":3,"file":"device-flow.js","sources":["../../../../src/auth/device-flow.ts"],"sourcesContent":[null],"names":["getApiUrl","createCredentialStore","shouldShowUI"],"mappings":";;;;;AAAA;;;;;;;;;;;;AAYG;AAgEH;AACA;AACA;AAEA;AACA,SAAS,KAAK,CAAC,EAAU,EAAA;AACvB,IAAA,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,KAAK,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;AAC1D;AAEA;;;AAGG;AACG,SAAU,sBAAsB,CAAC,SAAiB,EAAA;AACtD,IAAA,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;AAC9D;AAEA,SAAS,2BAA2B,CAClC,MAAc,EACd,IAAmD,EAAA;IAEnD,MAAM,UAAU,GAAG,IAAgC;IACnD,QACE,MAAM,KAAK,GAAG;AACd,QAAA,IAAI,IAAI,IAAI;QACZ,OAAO,IAAI,KAAK,QAAQ;QACxB,UAAU,CAAC,IAAI,KAAK,eAAe;QACnC,UAAU,CAAC,OAAO,KAAK,uBAAuB;AAC9C,QAAA,UAAU,CAAC,QAAQ,KAAK,uBAAuB;AAEnD;AAEA;AACA;AACA;AAEA;;;;;;AAMG;AACI,eAAe,iBAAiB,CACrC,UAA6B,EAAE,EAAA;IAE/B,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAIA,aAAS,EAAE;AAC5C,IAAA,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,SAAS;IACpD,MAAM,KAAK,GAAG,OAAO,CAAC,eAAe,KAAK,MAAMC,6BAAqB,EAAE,CAAC;AACxE,IAAA,MAAM,OAAO,GACX,OAAO,CAAC,OAAO;AACf,SAAC,OAAO,GAAW,KAAI;YACrB,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,OAAO,MAAM,CAAC;AAC9C,YAAA,MAAM,IAAI,CAAC,GAAG,CAAC;AACjB,QAAA,CAAC,CAAC;;;;IAMJ,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,CAAA,EAAG,MAAM,qBAAqB,EAAE;AAC/D,QAAA,MAAM,EAAE,MAAM;AACd,QAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AAChD,KAAA,CAAC;AAEF,IAAA,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE;AACpB,QAAA,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CACb,CAAA,0CAAA,EAA6C,YAAY,CAAC,MAAM,GAAG,IAAI,GAAG,CAAA,GAAA,EAAM,IAAI,CAAA,CAAE,GAAG,EAAE,CAAA,CAAE,CAC9F;IACH;IAEA,MAAM,IAAI,IAAI,MAAM,YAAY,CAAC,IAAI,EAAE,CAAuB;AAC9D,IAAA,MAAM,mBAAmB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;;;;AAM/D,IAAA,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,CAAA,+CAAA,EAAkD,IAAI,CAAC,gBAAgB,wBAAwB,IAAI,CAAC,SAAS,CAAA,IAAA,CAAM,CACpH;;IAGD,IAAIC,gBAAY,EAAE,EAAE;AAClB,QAAA,IAAI;AACF,YAAA,MAAM,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC;QACtC;AAAE,QAAA,MAAM;;QAER;IACF;;;;AAMA,IAAA,IAAI,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC;IAEjC,OAAO,IAAI,EAAE;AACX,QAAA,MAAM,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC;AAEhC,QAAA,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,mBAAmB,EAAE;AACpC,YAAA,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC;QACxE;QAEA,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,CAAA,EAAG,MAAM,uBAAuB,EAAE;AAC7D,YAAA,MAAM,EAAE,MAAM;AACd,YAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;AAC/C,YAAA,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,WAAW,EAAE,IAAI,CAAC,WAAW;AAC7B,gBAAA,UAAU,EAAE,8CAA8C;aAC3D,CAAC;AACH,SAAA,CAAC;AAEF,QAAA,IAAI,QAAQ,CAAC,EAAE,EAAE;;YAEf,MAAM,MAAM,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAyB;;;;YAM9D,MAAM,SAAS,GAAG,sBAAsB,CAAC,MAAM,CAAC,UAAU,CAAC;AAE3D,YAAA,MAAM,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE;gBAC3B,WAAW,EAAE,MAAM,CAAC,YAAY;gBAChC,YAAY,EAAE,MAAM,CAAC,aAAa;gBAClC,SAAS;AACV,aAAA,CAAC;;;;YAMF,OAAO;gBACL,WAAW,EAAE,MAAM,CAAC,YAAY;gBAChC,YAAY,EAAE,MAAM,CAAC,aAAa;gBAClC,SAAS;aACV;QACH;;QAGA,MAAM,OAAO,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC,CAE9C;AAE5B,QAAA,QAAQ,OAAO,CAAC,KAAK;AACnB,YAAA,KAAK,uBAAuB;;gBAE1B;AAEF,YAAA,KAAK,WAAW;;gBAEd,YAAY,IAAI,CAAC;gBACjB;AAEF,YAAA,KAAK,eAAe;AAClB,gBAAA,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC;AAExE,YAAA,KAAK,eAAe;AAClB,gBAAA,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC;AAElD,YAAA;gBACE,IAAI,2BAA2B,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE;oBACzD;gBACF;gBACA,MAAM,IAAI,KAAK,CACb,CAAA,sBAAA,EAAyB,OAAO,CAAC,KAAK,CAAA,EAAG,OAAO,CAAC,iBAAiB,GAAG,CAAA,GAAA,EAAM,OAAO,CAAC,iBAAiB,CAAA,CAAE,GAAG,EAAE,CAAA,CAAE,CAC9G;;IAEP;AACF;;;;;"}

package/dist/cjs/auth/pkce.js

@@ -157,13 +157,12 @@ function startCallbackServer(expectedState, timeoutMs) {
 // ---------------------------------------------------------------------------
 // Token exchange
 // ---------------------------------------------------------------------------
-async function exchangeCodeForTokens(apiUrl, code, codeVerifier, state) {
+async function exchangeCodeForTokens(apiUrl, codeVerifier, state) {
     const response = await fetch(`${apiUrl}/v1/auth/cli/token`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({
             grant_type: 'authorization_code',
-            code,
             code_verifier: codeVerifier,
             state,
         }),
@@ -174,6 +173,31 @@ async function exchangeCodeForTokens(apiUrl, code, codeVerifier, state) {
     }
     return response.json();
 }
+async function requestAuthorizationUrl(apiUrl, codeChallenge, state, redirectUri) {
+    const response = await fetch(`${apiUrl}/v1/auth/cli/authorize`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            client_id: 'doow-cli',
+            code_challenge: codeChallenge,
+            code_challenge_method: 'S256',
+            redirect_uri: redirectUri,
+            state,
+        }),
+    });
+    if (!response.ok) {
+        const body = await response.text().catch(() => '(no body)');
+        throw new Error(`Authorize request failed: HTTP ${response.status} — ${body}`);
+    }
+    const payload = (await response.json());
+    if (payload.state !== state) {
+        throw new Error('Authorize response state mismatch — possible server bug. Try again.');
+    }
+    if (!payload.authorization_url) {
+        throw new Error('Authorize response did not include authorization_url.');
+    }
+    return payload.authorization_url;
+}
 // ---------------------------------------------------------------------------
 // Main flow
 // ---------------------------------------------------------------------------
@@ -197,14 +221,9 @@ async function executePkceFlow(options = {}) {
     // Step 3: Start callback server
     const { server, port, callbackPromise } = await startCallbackServer(state, timeout);
     try {
-        // Step 4: Build authorize URL
+        // Step 4: Request an authorization URL from the API
         const redirectUri = `http://127.0.0.1:${port}/callback`;
-        const authorizeUrl = `${apiUrl}/v1/auth/cli/authorize` +
-            `?response_type=code` +
-            `&code_challenge=${codeChallenge}` +
-            `&code_challenge_method=S256` +
-            `&state=${state}` +
-            `&redirect_uri=${encodeURIComponent(redirectUri)}`;
+        const authorizeUrl = await requestAuthorizationUrl(apiUrl, codeChallenge, state, redirectUri);
         // Step 5: Open browser
         try {
             const { default: open } = await import('open');
@@ -215,9 +234,9 @@ async function executePkceFlow(options = {}) {
             throw new Error(`Failed to open browser: ${msg}. Try doow login --device for headless environments.`);
         }
         // Step 6: Wait for callback
-        const { code } = await callbackPromise;
+        await callbackPromise;
         // Step 7: Exchange code for tokens
-        const tokenResponse = await exchangeCodeForTokens(apiUrl, code, codeVerifier, state);
+        const tokenResponse = await exchangeCodeForTokens(apiUrl, codeVerifier, state);
         // Step 8: Store tokens
         const expiresAt = new Date(Date.now() + tokenResponse.expires_in * 1000).toISOString();
         const result = {

package/dist/cjs/auth/pkce.js.map

@@ -1 +1 @@
-{"version":3,"file":"pkce.js","sources":["../../../../src/auth/pkce.ts"],"sourcesContent":[null],"names":["crypto","http","getActiveProfile","getApiUrl","createCredentialStore"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;AAcG;AAiCH;AACA;AACA;AAEA,MAAM,YAAY,GAAG,CAAA;;eAEN;AAEf,MAAM,UAAU,GAAG,CAAA;;eAEJ;AAEf;AACA;AACA;AAEA;;;;AAIG;SACa,gBAAgB,GAAA;IAC9B,MAAM,aAAa,GAAGA,iBAAM,CAAC,WAAW,CAAC,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG;SAClB,QAAQ,CAAC,QAAQ;AACjB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AAEpB,IAAA,MAAM,cAAc,GAAGA,iBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,EAAE;IAChF,MAAM,aAAa,GAAG;SACnB,QAAQ,CAAC,QAAQ;AACjB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AAEpB,IAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE;AACxC;AAEA;;AAEG;AACH,SAAS,aAAa,GAAA;AACpB,IAAA,OAAOA;SACJ,WAAW,CAAC,EAAE;SACd,QAAQ,CAAC,QAAQ;AACjB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AACtB;AAWA;;;;AAIG;AACH,SAAS,mBAAmB,CAC1B,aAAqB,EACrB,SAAiB,EAAA;IAEjB,OAAO,IAAI,OAAO,CAAC,CAAC,aAAa,EAAE,YAAY,KAAI;AACjD,QAAA,MAAM,MAAM,GAAGC,eAAI,CAAC,YAAY,EAAE;QAElC,MAAM,eAAe,GAAG,IAAI,OAAO,CAAiB,CAAC,eAAe,EAAE,cAAc,KAAI;AACtF,YAAA,IAAI,aAAwD;;;AAI5D,YAAA,aAAa,GAAG,UAAU,CAAC,MAAK;AAC9B,gBAAA,cAAc,CACZ,IAAI,KAAK,CACP,uFAAuF,CACxF,CACF;YACH,CAAC,EAAE,SAAS,CAAC;YAEb,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,KAAI;;gBAEhC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,WAAW,CAAC,EAAE;AACrC,oBAAA,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC;AAClB,oBAAA,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC;oBACpB;gBACF;gBAEA,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC;gBAChD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC;gBACzC,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;gBAC3C,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;;gBAGhD,IAAI,UAAU,EAAE;oBACd,YAAY,CAAC,aAAa,CAAC;oBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,oBAAA,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;oBACnB,cAAc,CAAC,IAAI,KAAK,CAAC,yBAAyB,UAAU,CAAA,CAAE,CAAC,CAAC;oBAChE;gBACF;;AAGA,gBAAA,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE;oBACnB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,oBAAA,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;oBACnB;gBACF;;AAGA,gBAAA,IAAI,KAAK,KAAK,aAAa,EAAE;oBAC3B,YAAY,CAAC,aAAa,CAAC;oBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,oBAAA,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;AACnB,oBAAA,cAAc,CAAC,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;oBAC9E;gBACF;;gBAGA,YAAY,CAAC,aAAa,CAAC;gBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,gBAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC;AACrB,gBAAA,eAAe,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAClC,YAAA,CAAC,CAAC;AACJ,QAAA,CAAC,CAAC;QAEF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,KAAI;YACzB,YAAY,CACV,IAAI,KAAK,CACP,CAAA,uCAAA,EAA0C,GAAG,CAAC,OAAO,CAAA,oDAAA,CAAsD,CAC5G,CACF;AACH,QAAA,CAAC,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,MAAK;AACjC,YAAA,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,EAAE;YAC7B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;gBACrC,MAAM,CAAC,KAAK,EAAE;AACd,gBAAA,YAAY,CACV,IAAI,KAAK,CACP,8FAA8F,CAC/F,CACF;gBACD;YACF;AACA,YAAA,aAAa,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,eAAe,EAAE,CAAC;AAC7D,QAAA,CAAC,CAAC;AACJ,IAAA,CAAC,CAAC;AACJ;AAEA;AACA;AACA;AAEA,eAAe,qBAAqB,CAClC,MAAc,EACd,IAAY,EACZ,YAAoB,EACpB,KAAa,EAAA;IAEb,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,CAAA,EAAG,MAAM,oBAAoB,EAAE;AAC1D,QAAA,MAAM,EAAE,MAAM;AACd,QAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;AAC/C,QAAA,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;AACnB,YAAA,UAAU,EAAE,oBAAoB;YAChC,IAAI;AACJ,YAAA,aAAa,EAAE,YAAY;YAC3B,KAAK;SACN,CAAC;AACH,KAAA,CAAC;AAEF,IAAA,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AAChB,QAAA,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,MAAM,WAAW,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,CAAA,4BAAA,EAA+B,QAAQ,CAAC,MAAM,CAAA,GAAA,EAAM,IAAI,CAAA,CAAE,CAAC;IAC7E;AAEA,IAAA,OAAO,QAAQ,CAAC,IAAI,EAA4B;AAClD;AAEA;AACA;AACA;AAEA;;;;;;AAMG;AACI,eAAe,eAAe,CAAC,UAA2B,EAAE,EAAA;;AAEjE,IAAA,MAAM,OAAO,GAAG,MAAMC,sBAAgB,EAAE;IACxC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAIC,aAAS,CAAC,OAAO,CAAC;IACnD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI;IACvD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,KAAK,MAAMC,6BAAqB,EAAE,CAAC;AAClF,IAAA,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO;;IAG1C,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,GAAG,gBAAgB,EAAE;AAC1D,IAAA,MAAM,KAAK,GAAG,aAAa,EAAE;;AAG7B,IAAA,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,MAAM,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC;AAEnF,IAAA,IAAI;;AAEF,QAAA,MAAM,WAAW,GAAG,CAAA,iBAAA,EAAoB,IAAI,WAAW;AACvD,QAAA,MAAM,YAAY,GAChB,CAAA,EAAG,MAAM,CAAA,sBAAA,CAAwB;YACjC,CAAA,mBAAA,CAAqB;AACrB,YAAA,CAAA,gBAAA,EAAmB,aAAa,CAAA,CAAE;YAClC,CAAA,2BAAA,CAA6B;AAC7B,YAAA,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE;AACjB,YAAA,CAAA,cAAA,EAAiB,kBAAkB,CAAC,WAAW,CAAC,EAAE;;AAGpD,QAAA,IAAI;YACF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,OAAO,MAAM,CAAC;AAC9C,YAAA,MAAM,IAAI,CAAC,YAAY,CAAC;QAC1B;QAAE,OAAO,GAAG,EAAE;AACZ,YAAA,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,GAAG,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC;AAC5D,YAAA,MAAM,IAAI,KAAK,CACb,2BAA2B,GAAG,CAAA,oDAAA,CAAsD,CACrF;QACH;;AAGA,QAAA,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,eAAe;;AAGtC,QAAA,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,CAAC;;AAGpF,QAAA,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;AACtF,QAAA,MAAM,MAAM,GAAmB;YAC7B,WAAW,EAAE,aAAa,CAAC,YAAY;YACvC,YAAY,EAAE,aAAa,CAAC,aAAa;YACzC,SAAS;SACV;AAED,QAAA,MAAM,eAAe,CAAC,GAAG,CAAC,WAAW,EAAE;YACrC,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,SAAS,EAAE,MAAM,CAAC,SAAS;AAC5B,SAAA,CAAC;AAEF,QAAA,OAAO,MAAM;IACf;YAAU;;QAER,MAAM,CAAC,KAAK,EAAE;IAChB;AACF;;;;;"}
+{"version":3,"file":"pkce.js","sources":["../../../../src/auth/pkce.ts"],"sourcesContent":[null],"names":["crypto","http","getActiveProfile","getApiUrl","createCredentialStore"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;;;;;;;;;;;AAcG;AAsCH;AACA;AACA;AAEA,MAAM,YAAY,GAAG,CAAA;;eAEN;AAEf,MAAM,UAAU,GAAG,CAAA;;eAEJ;AAEf;AACA;AACA;AAEA;;;;AAIG;SACa,gBAAgB,GAAA;IAC9B,MAAM,aAAa,GAAGA,iBAAM,CAAC,WAAW,CAAC,EAAE,CAAC;IAC5C,MAAM,YAAY,GAAG;SAClB,QAAQ,CAAC,QAAQ;AACjB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AAEpB,IAAA,MAAM,cAAc,GAAGA,iBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,EAAE;IAChF,MAAM,aAAa,GAAG;SACnB,QAAQ,CAAC,QAAQ;AACjB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AAEpB,IAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE;AACxC;AAEA;;AAEG;AACH,SAAS,aAAa,GAAA;AACpB,IAAA,OAAOA;SACJ,WAAW,CAAC,EAAE;SACd,QAAQ,CAAC,QAAQ;AACjB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,KAAK,EAAE,GAAG;AAClB,SAAA,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AACtB;AAWA;;;;AAIG;AACH,SAAS,mBAAmB,CAC1B,aAAqB,EACrB,SAAiB,EAAA;IAEjB,OAAO,IAAI,OAAO,CAAC,CAAC,aAAa,EAAE,YAAY,KAAI;AACjD,QAAA,MAAM,MAAM,GAAGC,eAAI,CAAC,YAAY,EAAE;QAElC,MAAM,eAAe,GAAG,IAAI,OAAO,CAAiB,CAAC,eAAe,EAAE,cAAc,KAAI;AACtF,YAAA,IAAI,aAAwD;;;AAI5D,YAAA,aAAa,GAAG,UAAU,CAAC,MAAK;AAC9B,gBAAA,cAAc,CACZ,IAAI,KAAK,CACP,uFAAuF,CACxF,CACF;YACH,CAAC,EAAE,SAAS,CAAC;YAEb,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,KAAI;;gBAEhC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,WAAW,CAAC,EAAE;AACrC,oBAAA,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC;AAClB,oBAAA,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC;oBACpB;gBACF;gBAEA,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC;gBAChD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC;gBACzC,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;gBAC3C,MAAM,UAAU,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC;;gBAGhD,IAAI,UAAU,EAAE;oBACd,YAAY,CAAC,aAAa,CAAC;oBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,oBAAA,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;oBACnB,cAAc,CAAC,IAAI,KAAK,CAAC,yBAAyB,UAAU,CAAA,CAAE,CAAC,CAAC;oBAChE;gBACF;;AAGA,gBAAA,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE;oBACnB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,oBAAA,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;oBACnB;gBACF;;AAGA,gBAAA,IAAI,KAAK,KAAK,aAAa,EAAE;oBAC3B,YAAY,CAAC,aAAa,CAAC;oBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,oBAAA,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC;AACnB,oBAAA,cAAc,CAAC,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;oBAC9E;gBACF;;gBAGA,YAAY,CAAC,aAAa,CAAC;gBAC3B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC;AACnD,gBAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC;AACrB,gBAAA,eAAe,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAClC,YAAA,CAAC,CAAC;AACJ,QAAA,CAAC,CAAC;QAEF,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,KAAI;YACzB,YAAY,CACV,IAAI,KAAK,CACP,CAAA,uCAAA,EAA0C,GAAG,CAAC,OAAO,CAAA,oDAAA,CAAsD,CAC5G,CACF;AACH,QAAA,CAAC,CAAC;;QAGF,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,MAAK;AACjC,YAAA,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,EAAE;YAC7B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;gBACrC,MAAM,CAAC,KAAK,EAAE;AACd,gBAAA,YAAY,CACV,IAAI,KAAK,CACP,8FAA8F,CAC/F,CACF;gBACD;YACF;AACA,YAAA,aAAa,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,eAAe,EAAE,CAAC;AAC7D,QAAA,CAAC,CAAC;AACJ,IAAA,CAAC,CAAC;AACJ;AAEA;AACA;AACA;AAEA,eAAe,qBAAqB,CAClC,MAAc,EACd,YAAoB,EACpB,KAAa,EAAA;IAEb,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,CAAA,EAAG,MAAM,oBAAoB,EAAE;AAC1D,QAAA,MAAM,EAAE,MAAM;AACd,QAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;AAC/C,QAAA,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;AACnB,YAAA,UAAU,EAAE,oBAAoB;AAChC,YAAA,aAAa,EAAE,YAAY;YAC3B,KAAK;SACN,CAAC;AACH,KAAA,CAAC;AAEF,IAAA,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AAChB,QAAA,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,MAAM,WAAW,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,CAAA,4BAAA,EAA+B,QAAQ,CAAC,MAAM,CAAA,GAAA,EAAM,IAAI,CAAA,CAAE,CAAC;IAC7E;AAEA,IAAA,OAAO,QAAQ,CAAC,IAAI,EAA4B;AAClD;AAEA,eAAe,uBAAuB,CACpC,MAAc,EACd,aAAqB,EACrB,KAAa,EACb,WAAmB,EAAA;IAEnB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,CAAA,EAAG,MAAM,wBAAwB,EAAE;AAC9D,QAAA,MAAM,EAAE,MAAM;AACd,QAAA,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;AAC/C,QAAA,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;AACnB,YAAA,SAAS,EAAE,UAAU;AACrB,YAAA,cAAc,EAAE,aAAa;AAC7B,YAAA,qBAAqB,EAAE,MAAM;AAC7B,YAAA,YAAY,EAAE,WAAW;YACzB,KAAK;SACN,CAAC;AACH,KAAA,CAAC;AAEF,IAAA,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AAChB,QAAA,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,MAAM,WAAW,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,CAAA,+BAAA,EAAkC,QAAQ,CAAC,MAAM,CAAA,GAAA,EAAM,IAAI,CAAA,CAAE,CAAC;IAChF;IAEA,MAAM,OAAO,IAAI,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAsB;AAE5D,IAAA,IAAI,OAAO,CAAC,KAAK,KAAK,KAAK,EAAE;AAC3B,QAAA,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC;IACxF;AAEA,IAAA,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE;AAC9B,QAAA,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC;IAC1E;IAEA,OAAO,OAAO,CAAC,iBAAiB;AAClC;AAEA;AACA;AACA;AAEA;;;;;;AAMG;AACI,eAAe,eAAe,CAAC,UAA2B,EAAE,EAAA;;AAEjE,IAAA,MAAM,OAAO,GAAG,MAAMC,sBAAgB,EAAE;IACxC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,IAAIC,aAAS,CAAC,OAAO,CAAC;IACnD,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI;IACvD,MAAM,eAAe,GAAG,OAAO,CAAC,eAAe,KAAK,MAAMC,6BAAqB,EAAE,CAAC;AAClF,IAAA,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO;;IAG1C,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,GAAG,gBAAgB,EAAE;AAC1D,IAAA,MAAM,KAAK,GAAG,aAAa,EAAE;;AAG7B,IAAA,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,MAAM,mBAAmB,CAAC,KAAK,EAAE,OAAO,CAAC;AAEnF,IAAA,IAAI;;AAEF,QAAA,MAAM,WAAW,GAAG,CAAA,iBAAA,EAAoB,IAAI,WAAW;AACvD,QAAA,MAAM,YAAY,GAAG,MAAM,uBAAuB,CAChD,MAAM,EACN,aAAa,EACb,KAAK,EACL,WAAW,CACZ;;AAGD,QAAA,IAAI;YACF,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,OAAO,MAAM,CAAC;AAC9C,YAAA,MAAM,IAAI,CAAC,YAAY,CAAC;QAC1B;QAAE,OAAO,GAAG,EAAE;AACZ,YAAA,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,GAAG,GAAG,CAAC,OAAO,GAAG,MAAM,CAAC,GAAG,CAAC;AAC5D,YAAA,MAAM,IAAI,KAAK,CACb,2BAA2B,GAAG,CAAA,oDAAA,CAAsD,CACrF;QACH;;AAGA,QAAA,MAAM,eAAe;;QAGrB,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAAC,MAAM,EAAE,YAAY,EAAE,KAAK,CAAC;;AAG9E,QAAA,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;AACtF,QAAA,MAAM,MAAM,GAAmB;YAC7B,WAAW,EAAE,aAAa,CAAC,YAAY;YACvC,YAAY,EAAE,aAAa,CAAC,aAAa;YACzC,SAAS;SACV;AAED,QAAA,MAAM,eAAe,CAAC,GAAG,CAAC,WAAW,EAAE;YACrC,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,SAAS,EAAE,MAAM,CAAC,SAAS;AAC5B,SAAA,CAAC;AAEF,QAAA,OAAO,MAAM;IACf;YAAU;;QAER,MAAM,CAAC,KAAK,EAAE;IAChB;AACF;;;;;"}

package/dist/cjs/config/env.js

@@ -33,7 +33,7 @@ function getApiUrl(profile) {
         return profile.apiUrl;
     if (process.env['DOOW_API_URL'])
         return process.env['DOOW_API_URL'];
-    return 'https://api.doow.com';
+    return 'https://dev-api.doow.co';
 }
 
 exports.getApiUrl = getApiUrl;

package/dist/cjs/config/env.js.map

@@ -1 +1 @@
-{"version":3,"file":"env.js","sources":["../../../../src/config/env.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAEA;SACgB,KAAK,GAAA;AACnB,IAAA,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,KAAK,IAAI;AACtC;AAEA;SACgB,IAAI,GAAA;IAClB,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;AAC5B;AAEA;;;;;AAKG;SACa,WAAW,GAAA;IACzB,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;AACzC;AAEA;;;AAGG;SACa,YAAY,GAAA;IAC1B,OAAO,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE;AAC7C;AAEA;;;AAGG;AACG,SAAU,SAAS,CAAC,OAAiB,EAAA;IACzC,IAAI,OAAO,EAAE,MAAM;QAAE,OAAO,OAAO,CAAC,MAAM;AAC1C,IAAA,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AAAE,QAAA,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AACnE,IAAA,OAAO,sBAAsB;AAC/B;;;;;;;;"}
+{"version":3,"file":"env.js","sources":["../../../../src/config/env.ts"],"sourcesContent":[null],"names":[],"mappings":";;AAEA;SACgB,KAAK,GAAA;AACnB,IAAA,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,KAAK,IAAI;AACtC;AAEA;SACgB,IAAI,GAAA;IAClB,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC;AAC5B;AAEA;;;;;AAKG;SACa,WAAW,GAAA;IACzB,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;AACzC;AAEA;;;AAGG;SACa,YAAY,GAAA;IAC1B,OAAO,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE;AAC7C;AAEA;;;AAGG;AACG,SAAU,SAAS,CAAC,OAAiB,EAAA;IACzC,IAAI,OAAO,EAAE,MAAM;QAAE,OAAO,OAAO,CAAC,MAAM;AAC1C,IAAA,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AAAE,QAAA,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AACnE,IAAA,OAAO,yBAAyB;AAClC;;;;;;;;"}

package/dist/cjs/index.js

@@ -11,7 +11,7 @@ var detect = require('./auth/detect.js');
 
 // @doow/cli library entry point
 // Re-exports for programmatic usage
-const VERSION = '0.1.0';
+const VERSION = "0.1.4" ;
 
 exports.clearProfileCredentials = store.clearProfileCredentials;
 exports.deleteProfile = store.deleteProfile;

package/dist/cjs/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sources":["../../../src/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;;AAAA;AACA;AAEO,MAAM,OAAO,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
+{"version":3,"file":"index.js","sources":["../../../src/index.ts"],"sourcesContent":[null],"names":[],"mappings":";;;;;;;;;;;AAAA;AACA;AAIO,MAAM,OAAO,GACuB,OAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}

package/dist/cli.cjs

@@ -231,7 +231,7 @@ function getApiUrl(profile) {
         return profile.apiUrl;
     if (process.env['DOOW_API_URL'])
         return process.env['DOOW_API_URL'];
-    return 'https://api.doow.com';
+    return 'https://dev-api.doow.co';
 }
 
 // ---------------------------------------------------------------------------
@@ -626,13 +626,12 @@ function startCallbackServer(expectedState, timeoutMs) {
 // ---------------------------------------------------------------------------
 // Token exchange
 // ---------------------------------------------------------------------------
-async function exchangeCodeForTokens(apiUrl, code, codeVerifier, state) {
+async function exchangeCodeForTokens(apiUrl, codeVerifier, state) {
     const response = await fetch(`${apiUrl}/v1/auth/cli/token`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({
             grant_type: 'authorization_code',
-            code,
             code_verifier: codeVerifier,
             state,
         }),
@@ -643,6 +642,31 @@ async function exchangeCodeForTokens(apiUrl, code, codeVerifier, state) {
     }
     return response.json();
 }
+async function requestAuthorizationUrl(apiUrl, codeChallenge, state, redirectUri) {
+    const response = await fetch(`${apiUrl}/v1/auth/cli/authorize`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            client_id: 'doow-cli',
+            code_challenge: codeChallenge,
+            code_challenge_method: 'S256',
+            redirect_uri: redirectUri,
+            state,
+        }),
+    });
+    if (!response.ok) {
+        const body = await response.text().catch(() => '(no body)');
+        throw new Error(`Authorize request failed: HTTP ${response.status} — ${body}`);
+    }
+    const payload = (await response.json());
+    if (payload.state !== state) {
+        throw new Error('Authorize response state mismatch — possible server bug. Try again.');
+    }
+    if (!payload.authorization_url) {
+        throw new Error('Authorize response did not include authorization_url.');
+    }
+    return payload.authorization_url;
+}
 // ---------------------------------------------------------------------------
 // Main flow
 // ---------------------------------------------------------------------------
@@ -666,14 +690,9 @@ async function executePkceFlow(options = {}) {
     // Step 3: Start callback server
     const { server, port, callbackPromise } = await startCallbackServer(state, timeout);
     try {
-        // Step 4: Build authorize URL
+        // Step 4: Request an authorization URL from the API
         const redirectUri = `http://127.0.0.1:${port}/callback`;
-        const authorizeUrl = `${apiUrl}/v1/auth/cli/authorize` +
-            `?response_type=code` +
-            `&code_challenge=${codeChallenge}` +
-            `&code_challenge_method=S256` +
-            `&state=${state}` +
-            `&redirect_uri=${encodeURIComponent(redirectUri)}`;
+        const authorizeUrl = await requestAuthorizationUrl(apiUrl, codeChallenge, state, redirectUri);
         // Step 5: Open browser
         try {
             const { default: open } = await import('open');
@@ -684,9 +703,9 @@ async function executePkceFlow(options = {}) {
             throw new Error(`Failed to open browser: ${msg}. Try doow login --device for headless environments.`);
         }
         // Step 6: Wait for callback
-        const { code } = await callbackPromise;
+        await callbackPromise;
         // Step 7: Exchange code for tokens
-        const tokenResponse = await exchangeCodeForTokens(apiUrl, code, codeVerifier, state);
+        const tokenResponse = await exchangeCodeForTokens(apiUrl, codeVerifier, state);
         // Step 8: Store tokens
         const expiresAt = new Date(Date.now() + tokenResponse.expires_in * 1000).toISOString();
         const result = {
@@ -714,7 +733,7 @@ async function executePkceFlow(options = {}) {
  * environments where a browser cannot be opened on the same machine.
  *
  * Steps:
- *   1. POST /v1/auth/device/authorize  → get device_code + user_code
+ *   1. POST /v1/auth/cli/device        → get device_code + user_code
  *   2. Display verification URI + user_code on stderr
  *   3. Optionally open the browser (best-effort)
  *   4. Poll POST /v1/auth/device/token until granted or expired
@@ -734,6 +753,15 @@ function sleep$1(ms) {
 function expiresAtFromSecondsIn(secondsIn) {
     return new Date(Date.now() + secondsIn * 1000).toISOString();
 }
+function isLegacyPendingPollResponse(status, body) {
+    const legacyBody = body;
+    return (status === 400 &&
+        body != null &&
+        typeof body === 'object' &&
+        legacyBody.name === 'HttpException' &&
+        legacyBody.message === 'Bad Request Exception' &&
+        legacyBody.response === 'Bad Request Exception');
+}
 // ---------------------------------------------------------------------------
 // Core function
 // ---------------------------------------------------------------------------
@@ -756,7 +784,7 @@ async function executeDeviceFlow(options = {}) {
     // -------------------------------------------------------------------------
     // Step 1: Request device authorization
     // -------------------------------------------------------------------------
-    const authorizeRes = await fetch(`${apiUrl}/v1/auth/device/authorize`, {
+    const authorizeRes = await fetch(`${apiUrl}/v1/auth/cli/device`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ client_id: 'doow-cli' }),
@@ -766,6 +794,7 @@ async function executeDeviceFlow(options = {}) {
         throw new Error(`Device authorization request failed: HTTP ${authorizeRes.status}${body ? ` — ${body}` : ''}`);
     }
     const auth = (await authorizeRes.json());
+    const deviceCodeExpiresAt = Date.now() + auth.expires_in * 1000;
     // -------------------------------------------------------------------------
     // Step 2: Display instructions on stderr
     // -------------------------------------------------------------------------
@@ -785,6 +814,9 @@ async function executeDeviceFlow(options = {}) {
     let pollInterval = auth.interval; // seconds; RFC 8628 §3.5
     while (true) {
         await sleep$1(pollInterval * 1000);
+        if (Date.now() > deviceCodeExpiresAt) {
+            throw new Error('Device code expired. Run doow login --device again.');
+        }
         const tokenRes = await fetch(`${apiUrl}/v1/auth/device/token`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
@@ -829,6 +861,9 @@ async function executeDeviceFlow(options = {}) {
             case 'access_denied':
                 throw new Error('Authorization denied by user.');
             default:
+                if (isLegacyPendingPollResponse(tokenRes.status, errBody)) {
+                    continue;
+                }
                 throw new Error(`Token polling failed: ${errBody.error}${errBody.error_description ? ` — ${errBody.error_description}` : ''}`);
         }
     }
@@ -9137,29 +9172,45 @@ async function checkNetwork(apiUrl) {
     }
 }
 async function checkApiVersion(apiUrl) {
+    const healthPaths = ['/health', '/v1/health'];
     try {
         const controller = new AbortController();
         const timeoutId = setTimeout(() => controller.abort(), 5000);
-        const res = await fetch(`${apiUrl}/v1/health`, { signal: controller.signal });
-        clearTimeout(timeoutId);
-        if (!res.ok) {
-            return { name: 'api_version', status: 'warn', detail: `HTTP ${res.status} from /v1/health` };
-        }
-        let version;
-        try {
-            const body = await res.json();
-            if (typeof body['version'] === 'string')
-                version = body['version'];
-            else if (typeof body['server_version'] === 'string')
-                version = body['server_version'];
-        }
-        catch {
-            // non-JSON body is acceptable
+        let lastPath = healthPaths[0];
+        let lastStatus;
+        for (const path of healthPaths) {
+            lastPath = path;
+            const res = await fetch(`${apiUrl}${path}`, { signal: controller.signal });
+            if (res.ok) {
+                clearTimeout(timeoutId);
+                let version;
+                try {
+                    const body = await res.json();
+                    if (typeof body['version'] === 'string')
+                        version = body['version'];
+                    else if (typeof body['server_version'] === 'string')
+                        version = body['server_version'];
+                }
+                catch {
+                    // non-JSON body is acceptable
+                }
+                return {
+                    name: 'api_version',
+                    status: 'pass',
+                    detail: version ? `server ${version}` : 'reachable (no version in response)',
+                };
+            }
+            lastStatus = res.status;
+            if (res.status !== 404 && res.status !== 410) {
+                clearTimeout(timeoutId);
+                return { name: 'api_version', status: 'warn', detail: `HTTP ${res.status} from ${path}` };
+            }
         }
+        clearTimeout(timeoutId);
         return {
             name: 'api_version',
-            status: 'pass',
-            detail: version ? `server ${version}` : 'reachable (no version in response)',
+            status: 'warn',
+            detail: `HTTP ${lastStatus ?? 404} from ${lastPath}`,
         };
     }
     catch (err) {
@@ -33863,7 +33914,7 @@ async function startStdioServer(options) {
     await server.connect(transport);
 }
 
-const VERSION = "0.1.1" ;
+const VERSION = "0.1.4" ;
 const ASCII_LOGO = `
      _
   __| |  ___    ___   __      __
@@ -33880,6 +33931,10 @@ function printLogo() {
     process.stdout.write('  Not logged in.\n\n');
     process.stdout.write('  Run \x1b[36mdoow login\x1b[0m to get started.\n\n');
 }
+function readString(data, key) {
+    const value = data[key];
+    return typeof value === 'string' ? value : undefined;
+}
 // ---------------------------------------------------------------------------
 // loginHandler — exported for testability
 // ---------------------------------------------------------------------------
@@ -33989,14 +34044,28 @@ async function whoamiHandler(globalOpts, credentialStore) {
         process.exit(1);
     }
     const data = (await res.json());
-    const email = data['email'] ?? '(unknown)';
-    const org = data['organization'] ?? '(unknown)';
+    const email = readString(data, 'email') ?? '(unknown)';
+    const organizationId = readString(data, 'organization_id');
+    const org = readString(data, 'organization') ?? organizationId ?? '(unknown)';
+    const role = readString(data, 'role');
+    const capabilities = Array.isArray(data['capabilities'])
+        ? data['capabilities'].filter((value) => typeof value === 'string')
+        : undefined;
     if (isJson) {
-        process.stdout.write(JSON.stringify({ email, organization: org, profile: profileName }) + '\n');
+        process.stdout.write(JSON.stringify({
+            email,
+            organization: org,
+            organizationId,
+            role,
+            capabilities,
+            profile: profileName,
+        }) + '\n');
     }
     else {
         process.stderr.write(`Logged in as ${email}\n`);
         process.stderr.write(`Organization: ${org}\n`);
+        if (role)
+            process.stderr.write(`Role: ${role}\n`);
         process.stderr.write(`Auth: ${resolved.source}\n`);
         process.stderr.write(`Profile: ${profileName}\n`);
     }