npm - @dreamboard-games/cli - Versions diffs - 0.1.30-alpha.0 → 0.1.30-alpha.1 - Mend

@dreamboard-games/cli 0.1.30-alpha.0 → 0.1.30-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/index.js CHANGED Viewed

@@ -3,6 +3,7 @@ import {
   CONFIG_FLAG_ARGS,
   IS_PUBLISHED_BUILD,
   LOCAL_REGISTRY_URL,
+  PUBLISHED_ENVIRONMENT,
   REDUCER_TESTING_TYPES_WRAPPER_CONTENT,
   STALE_CONTRACT_ARTIFACT_CODE,
   STALE_CONTRACT_ARTIFACT_EXIT_CODE,
@@ -59,6 +60,7 @@ import {
   materializeManifestTable,
   materializeSourceChangeOperations,
   normalizeSlug,
+  parseAuthCommandArgs,
   parseCloneCommandArgs,
   parseCompileCommandArgs,
   parseConfigCommandArgs,
@@ -70,10 +72,12 @@ import {
   parsePlayerCountFlags,
   parsePositiveInt,
   parsePullCommandArgs,
+  parseQueryCommandArgs,
   parseStatusCommandArgs,
   parseSyncCommandArgs,
   perPlayerSchema,
   projectIdFromSessionGameSource,
+  queryWorkshopRulebook,
   queueProjectRevisionCompileSdk,
   refreshResolvedAuthSession,
   removeExtraneousFiles,
@@ -101,7 +105,7 @@ import {
   writeSnapshot,
   writeSnapshotFromFiles,
   writeSourceFiles
-} from "./chunk-3XNJT3RK.js";
+} from "./chunk-RS7UXJZV.js";
 import {
   DEFAULT_LOGIN_TIMEOUT_MS,
   DEFAULT_WEB_BASE_URL,
@@ -113,6 +117,7 @@ import {
   clearCredentials,
   ensureDir,
   exists,
+  getActiveCredentialBackendName,
   getGlobalAuthPath,
   getGlobalConfigPath,
   getStoredSession,
@@ -125,10 +130,13 @@ import {
   setCredentials,
   writeJsonFile,
   writeTextFile
-} from "./chunk-TSJVWTJO.js";
+} from "./chunk-C6UAT6EH.js";
 import "./chunk-7FOO4AJI.js";
 import "./chunk-2H7UOFLK.js";
+// src/commands/auth.ts
+import crypto from "crypto";
 // ../../node_modules/.pnpm/citty@0.2.2/node_modules/citty/dist/_chunks/libs/scule.mjs
 var NUMBER_CHAR_RE = /\d/;
 var STR_SPLITTERS = [
@@ -1697,6 +1705,505 @@ function _getDefaultLogLevel() {
 }
 var consola = createConsola2();
+// src/auth/auth-server.ts
+import {
+  createServer
+} from "http";
+import { spawn } from "child_process";
+var DEFAULT_OAUTH_CALLBACK_PORT = 49371;
+async function startOAuthCallbackServer(state, timeoutMs) {
+  let resolveCode;
+  let rejectCode;
+  const waitForCode = new Promise((resolve, reject) => {
+    resolveCode = resolve;
+    rejectCode = reject;
+  });
+  const portCandidate = resolveOAuthCallbackPort();
+  const server = createServer(
+    async (request, response) => {
+      try {
+        const requestUrl = new URL(request.url ?? "/", "http://127.0.0.1");
+        if (request.method === "GET" && requestUrl.pathname === "/oauth/callback") {
+          const receivedState = requestUrl.searchParams.get("state");
+          const code = requestUrl.searchParams.get("code");
+          const error = requestUrl.searchParams.get("error");
+          if (error) {
+            throw new Error(`Clerk OAuth returned ${error}.`);
+          }
+          if (!code || receivedState !== state) {
+            writeCorsResponse(request, response, 400, "Invalid OAuth callback");
+            return;
+          }
+          resolveCode({ code });
+          response.once("finish", () => server.close());
+          writeHtmlResponse(
+            response,
+            200,
+            "Dreamboard CLI login complete. You can return to your terminal."
+          );
+          return;
+        }
+        writeHtmlResponse(
+          response,
+          200,
+          "Dreamboard CLI OAuth callback server"
+        );
+      } catch (error) {
+        rejectCode(
+          error instanceof Error ? error : new Error("Failed to handle OAuth callback.")
+        );
+        writeHtmlResponse(response, 500, "Dreamboard CLI login failed.");
+      }
+    }
+  );
+  try {
+    await new Promise((resolve, reject) => {
+      server.once("error", reject);
+      server.listen(portCandidate, "127.0.0.1", () => {
+        server.off("error", reject);
+        resolve();
+      });
+    });
+  } catch (error) {
+    const portError = error instanceof Error ? error : new Error("Failed to start OAuth callback server");
+    const configuredByEnv = Boolean(
+      process.env.DREAMBOARD_CLERK_OAUTH_REDIRECT_PORT
+    );
+    const message = configuredByEnv ? `Failed to start OAuth callback server on configured port ${portCandidate}.` : `Failed to start OAuth callback server on port ${portCandidate}. Register this loopback redirect URI with Clerk and keep the port available, or set DREAMBOARD_CLERK_OAUTH_REDIRECT_PORT.`;
+    const wrapped = new Error(`${message} ${portError.message}`);
+    server.close();
+    rejectCode(wrapped);
+    throw wrapped;
+  }
+  if (!server.listening) {
+    const error = new Error("Failed to start OAuth callback server.");
+    rejectCode(error);
+    throw error;
+  }
+  const timer = setTimeout(() => {
+    rejectCode(new Error("Login timed out."));
+    server?.close();
+  }, timeoutMs);
+  waitForCode.finally(() => clearTimeout(timer));
+  const port = portCandidateFromServer(server);
+  return {
+    port,
+    redirectUri: `http://127.0.0.1:${port}/oauth/callback`,
+    waitForCode,
+    close: () => server?.close()
+  };
+}
+function resolveOAuthCallbackPort() {
+  const rawPort = process.env.DREAMBOARD_CLERK_OAUTH_REDIRECT_PORT?.trim();
+  if (!rawPort) {
+    return DEFAULT_OAUTH_CALLBACK_PORT;
+  }
+  const port = Number(rawPort);
+  if (!Number.isInteger(port) || port < 1 || port > 65535) {
+    throw new Error(
+      `Invalid DREAMBOARD_CLERK_OAUTH_REDIRECT_PORT '${rawPort}'. Expected a TCP port from 1 to 65535.`
+    );
+  }
+  return port;
+}
+function portCandidateFromServer(server) {
+  const address = server.address();
+  if (!address || typeof address === "string") {
+    throw new Error("Auth callback server did not expose a bound port.");
+  }
+  return address.port;
+}
+function writeCorsResponse(request, response, statusCode, body) {
+  const origin = request.headers.origin ?? "*";
+  response.writeHead(statusCode, {
+    "Access-Control-Allow-Origin": origin,
+    "Access-Control-Allow-Methods": "POST, OPTIONS",
+    "Access-Control-Allow-Headers": "Content-Type",
+    "Content-Type": "text/plain; charset=utf-8"
+  });
+  response.end(body);
+}
+function writeHtmlResponse(response, statusCode, body) {
+  response.writeHead(statusCode, {
+    "Content-Type": "text/html; charset=utf-8"
+  });
+  response.end(
+    `<!doctype html><meta charset="utf-8"><title>Dreamboard CLI</title><p>${escapeHtml(body)}</p>`
+  );
+}
+function escapeHtml(value) {
+  return value.replace(/[&<>"']/g, (char) => {
+    switch (char) {
+      case "&":
+        return "&amp;";
+      case "<":
+        return "&lt;";
+      case ">":
+        return "&gt;";
+      case '"':
+        return "&quot;";
+      default:
+        return "&#39;";
+    }
+  });
+}
+function openBrowser(url) {
+  const platform2 = process.platform;
+  let command;
+  if (platform2 === "darwin") {
+    command = ["open", url];
+  } else if (platform2 === "win32") {
+    command = ["cmd", "/c", "start", "", url];
+  } else {
+    command = ["xdg-open", url];
+  }
+  const [commandName, ...commandArgs] = command;
+  const child = spawn(commandName, commandArgs, {
+    stdio: "ignore",
+    detached: true
+  });
+  child.unref();
+}
+// src/commands/auth.ts
+async function loginWithBrowser(config, quiet) {
+  const state = crypto.randomUUID();
+  const pkce = createPkcePair();
+  const server = await startOAuthCallbackServer(
+    state,
+    DEFAULT_LOGIN_TIMEOUT_MS
+  );
+  const loginUrl = buildClerkAuthorizationUrl({
+    config: {
+      issuer: config.clerkOAuthIssuer,
+      clientId: config.clerkOAuthClientId,
+      tokenUrl: config.clerkOAuthTokenUrl,
+      scope: config.clerkOAuthScope
+    },
+    redirectUri: server.redirectUri,
+    state,
+    codeChallenge: pkce.challenge
+  }).toString();
+  if (!quiet) {
+    consola.info("Opening browser for login...");
+    consola.info(`If the browser does not open, visit: ${loginUrl}`);
+  }
+  openBrowser(loginUrl);
+  if (!quiet) {
+    consola.start("Waiting for login to complete...");
+  }
+  try {
+    const { code } = await server.waitForCode;
+    const tokenResponse = await exchangeClerkOAuthCode({
+      config: {
+        issuer: config.clerkOAuthIssuer,
+        clientId: config.clerkOAuthClientId,
+        tokenUrl: config.clerkOAuthTokenUrl
+      },
+      code,
+      redirectUri: server.redirectUri,
+      codeVerifier: pkce.verifier
+    });
+    return {
+      token: tokenResponse.accessToken,
+      refreshToken: tokenResponse.refreshToken,
+      expiresAt: tokenResponse.expiresAt,
+      tokenUrl: tokenResponse.tokenUrl
+    };
+  } finally {
+    server.close();
+  }
+}
+var auth_default = defineCommand({
+  meta: { name: "auth", description: "Manage stored Dreamboard sessions" },
+  args: {
+    action: {
+      type: "positional",
+      description: IS_PUBLISHED_BUILD ? "Action: clear | login" : "Action: set | clear | login | env | status",
+      required: true
+    },
+    ...IS_PUBLISHED_BUILD ? {} : {
+      tokenValue: {
+        type: "positional",
+        description: "Token value (for set) or environment name (for env)",
+        required: false
+      },
+      token: {
+        type: "string",
+        description: "Auth token (alternative)"
+      },
+      jwt: {
+        type: "boolean",
+        description: "Print auth token JSON to stdout"
+      },
+      env: {
+        type: "string",
+        description: "Environment: local | staging | prod"
+      }
+    }
+  },
+  async run({ args }) {
+    const parsedArgs = parseAuthCommandArgs(args);
+    const action = parsedArgs.action;
+    const globalConfig = await loadGlobalConfig();
+    if (IS_PUBLISHED_BUILD && action !== "login" && action !== "clear") {
+      throw new Error(
+        "The published Dreamboard CLI only supports browser login and logout. Use `dreamboard login` or `dreamboard logout`."
+      );
+    }
+    if (action === "env") {
+      if (IS_PUBLISHED_BUILD) {
+        throw new Error(
+          "The published Dreamboard CLI is production-only and does not support switching environments."
+        );
+      }
+      const environment = parsedArgs.tokenValue ?? parsedArgs.env;
+      if (!environment) {
+        throw new Error("Usage: dreamboard auth env <local|staging|prod>");
+      }
+      if (!["local", "staging", "prod"].includes(environment)) {
+        throw new Error(
+          `Invalid environment '${environment}'. Valid options: local, staging, prod`
+        );
+      }
+      await saveGlobalConfig({
+        ...globalConfig,
+        environment
+      });
+      consola.success(`Environment set to '${environment}'.`);
+      return;
+    }
+    if (action === "set") {
+      if (IS_PUBLISHED_BUILD) {
+        throw new Error(
+          "Direct JWT injection is not supported in the published Dreamboard CLI. Use `dreamboard login` so the CLI can store a refreshable session."
+        );
+      }
+      const token = parsedArgs.tokenValue ?? parsedArgs.token ?? "";
+      if (!token) throw new Error("Usage: dreamboard auth set <token>");
+      await setAccessOnlySession(token);
+      consola.success(`Auth token saved to ${getGlobalAuthPath()}.`);
+      return;
+    }
+    if (action === "clear") {
+      await clearCredentials();
+      consola.success(
+        `Stored Dreamboard session cleared from ${getGlobalAuthPath()}.`
+      );
+      return;
+    }
+    if (action === "login") {
+      const shouldPrintJwt = !IS_PUBLISHED_BUILD && parsedArgs.jwt === true;
+      const environment = IS_PUBLISHED_BUILD ? PUBLISHED_ENVIRONMENT : parsedArgs.env || globalConfig.environment || "staging";
+      const storedSession = await getStoredSession();
+      let accessToken = storedSession?.accessToken;
+      let refreshToken = storedSession?.refreshToken;
+      let tokenExpiresAt = storedSession?.tokenExpiresAt;
+      let clerkOAuthTokenUrl = storedSession?.clerkOAuthTokenUrl;
+      let didRefreshStoredSession = false;
+      let didUseBrowserLogin = false;
+      const resolvedConfig = resolveConfig(
+        globalConfig,
+        { env: environment },
+        void 0,
+        storedSession
+      );
+      if (accessToken && refreshToken) {
+        try {
+          const refreshed = await refreshResolvedAuthSession(resolvedConfig);
+          accessToken = refreshed?.accessToken ?? accessToken;
+          refreshToken = refreshed?.refreshToken ?? refreshToken;
+          tokenExpiresAt = refreshed?.tokenExpiresAt ?? tokenExpiresAt;
+          clerkOAuthTokenUrl = refreshed?.clerkOAuthTokenUrl ?? clerkOAuthTokenUrl;
+          didRefreshStoredSession = Boolean(refreshed);
+        } catch (error) {
+          consola.warn(
+            error instanceof Error ? error.message : "Stored Dreamboard CLI session refresh failed."
+          );
+          accessToken = void 0;
+          refreshToken = void 0;
+        }
+      }
+      if (!accessToken) {
+        const browserLogin = await loginWithBrowser(
+          resolvedConfig,
+          shouldPrintJwt
+        );
+        accessToken = browserLogin.token;
+        refreshToken = browserLogin.refreshToken;
+        tokenExpiresAt = browserLogin.expiresAt;
+        clerkOAuthTokenUrl = browserLogin.tokenUrl;
+        didUseBrowserLogin = true;
+      }
+      if (!accessToken) {
+        throw new Error("Login completed but no access token was returned.");
+      }
+      await saveGlobalConfig({
+        ...globalConfig,
+        environment
+      });
+      if (refreshToken) {
+        await setCredentials({
+          accessToken,
+          refreshToken,
+          tokenExpiresAt,
+          clerkOAuthIssuer: resolvedConfig.clerkOAuthIssuer,
+          clerkOAuthClientId: resolvedConfig.clerkOAuthClientId,
+          clerkOAuthTokenUrl,
+          environment
+        });
+      } else {
+        await setAccessOnlySession(accessToken);
+      }
+      if (shouldPrintJwt) {
+        process.stdout.write(
+          `${JSON.stringify(
+            {
+              token: accessToken,
+              refreshToken: refreshToken ?? null,
+              environment
+            },
+            null,
+            2
+          )}
+`
+        );
+        return;
+      }
+      if (didUseBrowserLogin) {
+        consola.success(
+          `Browser login successful. Session saved to ${getGlobalAuthPath()}`
+        );
+      } else if (storedSession?.accessToken && didRefreshStoredSession) {
+        consola.success(
+          `Stored auth session refreshed and saved to ${getGlobalAuthPath()}`
+        );
+      } else if (storedSession?.accessToken) {
+        consola.success(
+          `Stored auth token found. Session data remains in ${getGlobalAuthPath()}`
+        );
+      }
+      return;
+    }
+    if (action === "status") {
+      const storedSession = await getStoredSession();
+      const resolvedConfig = resolveConfig(
+        globalConfig,
+        { env: parsedArgs.env },
+        void 0,
+        storedSession
+      );
+      const environment = parsedArgs.env || globalConfig.environment || "staging";
+      const authTokenExpiry = getAuthTokenExpiry(resolvedConfig.authToken);
+      const backendName = await getActiveCredentialBackendName();
+      consola.log(`Environment: ${environment}`);
+      consola.log(`Auth token source: ${resolvedConfig.authTokenSource}`);
+      consola.log(`Refresh token source: ${resolvedConfig.refreshTokenSource}`);
+      consola.log(
+        `Credential backend: ${backendName}${backendName === "keychain" ? " (OS keychain via @napi-rs/keyring)" : ` (${getGlobalAuthPath()})`}`
+      );
+      const preference = globalConfig.credentialBackend;
+      if (preference) {
+        consola.log(`Credential backend preference (config): ${preference}`);
+      } else {
+        consola.log(
+          'Credential backend preference (config): file (default; set `"credentialBackend": "keychain"` in config.json to opt in)'
+        );
+      }
+      if (process.env.DREAMBOARD_CREDENTIAL_BACKEND) {
+        consola.log(
+          `Backend override: DREAMBOARD_CREDENTIAL_BACKEND=${process.env.DREAMBOARD_CREDENTIAL_BACKEND}`
+        );
+      }
+      consola.log(`Config path: ${getGlobalConfigPath()}`);
+      if (!resolvedConfig.authToken) {
+        consola.warn("No Dreamboard session found.");
+        return;
+      }
+      if (authTokenExpiry) {
+        const isExpired = authTokenExpiry.getTime() <= Date.now();
+        consola.log(
+          `Access token expires at: ${authTokenExpiry.toISOString()} (${isExpired ? "expired" : "active"})`
+        );
+        if (isExpired) {
+          if (!resolvedConfig.refreshToken) {
+            consola.warn(
+              "Access token is expired and no refresh token is available. Run `dreamboard login` to authenticate again."
+            );
+            return;
+          }
+          const refreshed = await refreshResolvedAuthSession(resolvedConfig);
+          if (!refreshed?.accessToken) {
+            consola.warn(
+              "Access token is expired and refresh did not return a new session."
+            );
+            return;
+          }
+          const refreshedExpiry = getAuthTokenExpiry(refreshed.accessToken);
+          consola.success("Access token was expired and has been refreshed.");
+          if (refreshedExpiry) {
+            consola.log(
+              `Refreshed access token expires at: ${refreshedExpiry.toISOString()}`
+            );
+          }
+          return;
+        }
+      } else {
+        consola.log("Access token expiry: unavailable");
+      }
+      consola.success("Dreamboard session is active.");
+      return;
+    }
+    throw new Error(
+      IS_PUBLISHED_BUILD ? "Usage:\n  dreamboard auth clear\n  dreamboard auth login" : "Usage:\n  dreamboard auth clear\n  dreamboard auth login [--env <local|staging|prod>] [--jwt]\n  dreamboard auth set <token>\n  dreamboard auth env <local|staging|prod>\n  dreamboard auth status [--env <local|staging|prod>]"
+    );
+  }
+});
+// src/commands/query.ts
+var query_default = defineCommand({
+  meta: {
+    name: "query",
+    description: "Query rulebook text by title"
+  },
+  args: {
+    title: {
+      type: "positional",
+      description: "Board game title to search in the rulebook library",
+      required: true
+    },
+    ...CONFIG_FLAG_ARGS
+  },
+  async run({ args }) {
+    const parsedArgs = parseQueryCommandArgs(args);
+    const [globalConfig, storedSession] = await Promise.all([
+      loadGlobalConfig(),
+      getStoredSession()
+    ]);
+    const config = resolveConfig(
+      globalConfig,
+      parsedArgs,
+      void 0,
+      storedSession
+    );
+    requireAuth(config);
+    await configureClient(config);
+    const { data, error, response } = await queryWorkshopRulebook({
+      query: {
+        title: parsedArgs.title
+      }
+    });
+    if (!data) {
+      throw toDreamboardApiError(
+        error,
+        response,
+        `Failed to query rulebook for '${parsedArgs.title}'`
+      );
+    }
+    console.log(data.ruleText);
+  }
+});
 // src/commands/clone.ts
 import path5 from "path";
@@ -2406,8 +2913,8 @@ import { unlink as unlink2 } from "fs/promises";
 import path3 from "path";
 // src/services/project/workspace-dependencies.ts
-import crypto from "crypto";
-import { spawn } from "child_process";
+import crypto2 from "crypto";
+import { spawn as spawn2 } from "child_process";
 import "events";
 import { existsSync as existsSync2 } from "fs";
 import { mkdir, lstat, readFile as readFile2, rm as rm2, writeFile } from "fs/promises";
@@ -2666,7 +3173,7 @@ async function readRepoPackageManager() {
   return hasExactPnpmVersion(packageManager) ? packageManager : DEFAULT_PACKAGE_MANAGER;
 }
 function fingerprintContent(parts) {
-  return crypto.createHash("sha256").update(parts.join("\n---\n")).digest("hex");
+  return crypto2.createHash("sha256").update(parts.join("\n---\n")).digest("hex");
 }
 function resolvePnpmInstallInvocation(installArgs) {
   const corepackPath = path2.join(path2.dirname(process.execPath), "corepack");
@@ -2684,7 +3191,7 @@ async function runPackageManagerCommand(projectRoot, command) {
 }
 async function runLockfileCommand(projectRoot, command) {
   await new Promise((resolve, reject) => {
-    const child = spawn(command.binary, command.args, {
+    const child = spawn2(command.binary, command.args, {
       cwd: projectRoot,
       env: process.env,
       stdio: ["ignore", "pipe", "pipe"]
@@ -3003,7 +3510,7 @@ function buildRemoteAlignedSnapshotFiles(options) {
 }
 // src/services/project/local-maintainer-registry.ts
-import { spawn as spawn2 } from "child_process";
+import { spawn as spawn3 } from "child_process";
 import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
 import path4 from "path";
 import { fileURLToPath as fileURLToPath3 } from "url";
@@ -3122,7 +3629,7 @@ function parseJsonPayload(output) {
 async function runLocalMaintainerScript(args) {
   const invocation = getScriptInvocation();
   return new Promise((resolve, reject) => {
-    const child = spawn2(invocation.command, [...invocation.args, ...args], {
+    const child = spawn3(invocation.command, [...invocation.args, ...args], {
       cwd: invocation.cwd,
       stdio: ["ignore", "pipe", "pipe"],
       env: process.env
@@ -3458,7 +3965,7 @@ async function readDreamboardRegistryFromNpmrc(projectRoot) {
 }
 // src/services/project/local-typecheck.ts
-import { spawn as spawn3 } from "child_process";
+import { spawn as spawn4 } from "child_process";
 import { lstat as lstat2 } from "fs/promises";
 import { createRequire } from "module";
 import path7 from "path";
@@ -3512,7 +4019,7 @@ async function resolveTypecheckRunner(projectRoot) {
     };
   }
   const globalTscAvailable = await new Promise((resolve) => {
-    const child = spawn3("tsc", ["--version"], {
+    const child = spawn4("tsc", ["--version"], {
       env: process.env,
       stdio: "ignore"
     });
@@ -3533,7 +4040,7 @@ async function resolveTypecheckRunner(projectRoot) {
 }
 async function runTypecheckProject(runner, projectRoot, projectPath) {
   return new Promise((resolve, reject) => {
-    const child = spawn3(
+    const child = spawn4(
       runner.command,
       [...runner.argsPrefix, "--noEmit", "-p", projectPath],
       {
@@ -4052,166 +4559,6 @@ async function resolvePlayerCount(projectRoot, flags) {
   return Math.max(1, Math.floor(minPlayers));
 }
-// src/auth/auth-server.ts
-import {
-  createServer
-} from "http";
-import { spawn as spawn4 } from "child_process";
-var DEFAULT_OAUTH_CALLBACK_PORT = 49371;
-async function startOAuthCallbackServer(state, timeoutMs) {
-  let resolveCode;
-  let rejectCode;
-  const waitForCode = new Promise((resolve, reject) => {
-    resolveCode = resolve;
-    rejectCode = reject;
-  });
-  const portCandidate = resolveOAuthCallbackPort();
-  const server = createServer(
-    async (request, response) => {
-      try {
-        const requestUrl = new URL(request.url ?? "/", "http://127.0.0.1");
-        if (request.method === "GET" && requestUrl.pathname === "/oauth/callback") {
-          const receivedState = requestUrl.searchParams.get("state");
-          const code = requestUrl.searchParams.get("code");
-          const error = requestUrl.searchParams.get("error");
-          if (error) {
-            throw new Error(`Clerk OAuth returned ${error}.`);
-          }
-          if (!code || receivedState !== state) {
-            writeCorsResponse(request, response, 400, "Invalid OAuth callback");
-            return;
-          }
-          resolveCode({ code });
-          response.once("finish", () => server.close());
-          writeHtmlResponse(
-            response,
-            200,
-            "Dreamboard CLI login complete. You can return to your terminal."
-          );
-          return;
-        }
-        writeHtmlResponse(
-          response,
-          200,
-          "Dreamboard CLI OAuth callback server"
-        );
-      } catch (error) {
-        rejectCode(
-          error instanceof Error ? error : new Error("Failed to handle OAuth callback.")
-        );
-        writeHtmlResponse(response, 500, "Dreamboard CLI login failed.");
-      }
-    }
-  );
-  try {
-    await new Promise((resolve, reject) => {
-      server.once("error", reject);
-      server.listen(portCandidate, "127.0.0.1", () => {
-        server.off("error", reject);
-        resolve();
-      });
-    });
-  } catch (error) {
-    const portError = error instanceof Error ? error : new Error("Failed to start OAuth callback server");
-    const configuredByEnv = Boolean(
-      process.env.DREAMBOARD_CLERK_OAUTH_REDIRECT_PORT
-    );
-    const message = configuredByEnv ? `Failed to start OAuth callback server on configured port ${portCandidate}.` : `Failed to start OAuth callback server on port ${portCandidate}. Register this loopback redirect URI with Clerk and keep the port available, or set DREAMBOARD_CLERK_OAUTH_REDIRECT_PORT.`;
-    const wrapped = new Error(`${message} ${portError.message}`);
-    server.close();
-    rejectCode(wrapped);
-    throw wrapped;
-  }
-  if (!server.listening) {
-    const error = new Error("Failed to start OAuth callback server.");
-    rejectCode(error);
-    throw error;
-  }
-  const timer = setTimeout(() => {
-    rejectCode(new Error("Login timed out."));
-    server?.close();
-  }, timeoutMs);
-  waitForCode.finally(() => clearTimeout(timer));
-  const port = portCandidateFromServer(server);
-  return {
-    port,
-    redirectUri: `http://127.0.0.1:${port}/oauth/callback`,
-    waitForCode,
-    close: () => server?.close()
-  };
-}
-function resolveOAuthCallbackPort() {
-  const rawPort = process.env.DREAMBOARD_CLERK_OAUTH_REDIRECT_PORT?.trim();
-  if (!rawPort) {
-    return DEFAULT_OAUTH_CALLBACK_PORT;
-  }
-  const port = Number(rawPort);
-  if (!Number.isInteger(port) || port < 1 || port > 65535) {
-    throw new Error(
-      `Invalid DREAMBOARD_CLERK_OAUTH_REDIRECT_PORT '${rawPort}'. Expected a TCP port from 1 to 65535.`
-    );
-  }
-  return port;
-}
-function portCandidateFromServer(server) {
-  const address = server.address();
-  if (!address || typeof address === "string") {
-    throw new Error("Auth callback server did not expose a bound port.");
-  }
-  return address.port;
-}
-function writeCorsResponse(request, response, statusCode, body) {
-  const origin = request.headers.origin ?? "*";
-  response.writeHead(statusCode, {
-    "Access-Control-Allow-Origin": origin,
-    "Access-Control-Allow-Methods": "POST, OPTIONS",
-    "Access-Control-Allow-Headers": "Content-Type",
-    "Content-Type": "text/plain; charset=utf-8"
-  });
-  response.end(body);
-}
-function writeHtmlResponse(response, statusCode, body) {
-  response.writeHead(statusCode, {
-    "Content-Type": "text/html; charset=utf-8"
-  });
-  response.end(
-    `<!doctype html><meta charset="utf-8"><title>Dreamboard CLI</title><p>${escapeHtml(body)}</p>`
-  );
-}
-function escapeHtml(value) {
-  return value.replace(/[&<>"']/g, (char) => {
-    switch (char) {
-      case "&":
-        return "&amp;";
-      case "<":
-        return "&lt;";
-      case ">":
-        return "&gt;";
-      case '"':
-        return "&quot;";
-      default:
-        return "&#39;";
-    }
-  });
-}
-function openBrowser(url) {
-  const platform2 = process.platform;
-  let command;
-  if (platform2 === "darwin") {
-    command = ["open", url];
-  } else if (platform2 === "win32") {
-    command = ["cmd", "/c", "start", "", url];
-  } else {
-    command = ["xdg-open", url];
-  }
-  const [commandName, ...commandArgs] = command;
-  const child = spawn4(commandName, commandArgs, {
-    stdio: "ignore",
-    detached: true
-  });
-  child.unref();
-}
 // src/dev-host/start-dev-server.ts
 import { rmSync } from "fs";
 import { createRequire as createRequire3 } from "module";
@@ -7291,7 +7638,7 @@ async function assertKnownPlayerId(sessionId, playerId) {
 }
 // src/commands/login.ts
-import crypto2 from "crypto";
+import crypto3 from "crypto";
 var login_default = defineCommand({
   meta: {
     name: "login",
@@ -7317,7 +7664,7 @@ var login_default = defineCommand({
       void 0,
       storedSession
     );
-    const state = crypto2.randomUUID();
+    const state = crypto3.randomUUID();
     const pkce = createPkcePair();
     const server = await startOAuthCallbackServer(
       state,
@@ -8468,6 +8815,6 @@ function runDreamboardCli(internalSubCommands = {}) {
   void runMain(main).catch(handleFatalError);
 }
-// src/index.published.ts
-runDreamboardCli();
+// src/index.ts
+runDreamboardCli({ query: query_default, auth: auth_default });
 //# sourceMappingURL=index.js.map