@elf5/periscope 1.0.64

package/dist/interactive.d.ts

@@ -0,0 +1,25 @@
+export declare class InteractiveMode {
+    private static instance;
+    constructor();
+    private get rl();
+    private setupLineHandler;
+    /**
+     * Tab completion for interactive mode.
+     * Maps the command tree so Tab expands to the next token at each level.
+     */
+    private tabCompleter;
+    private setupSignalHandling;
+    start(): Promise<void>;
+    private handleCommand;
+    private showHelp;
+    private handleAuthCommand;
+    private handleUserCommand;
+    private handleConfigCommand;
+    private handleConnectCommand;
+    /**
+     * Trigger a new prompt (useful for background operations)
+     */
+    static triggerPrompt(): void;
+    close(): Promise<void>;
+}
+//# sourceMappingURL=interactive.d.ts.map

package/dist/interactive.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interactive.d.ts","sourceRoot":"","sources":["../src/interactive.ts"],"names":[],"mappings":"AAqBA,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAgC;;IAYvD,OAAO,KAAK,EAAE,GAEb;IAED,OAAO,CAAC,gBAAgB;IAIxB;;;OAGG;IACH,OAAO,CAAC,YAAY;IAgDpB,OAAO,CAAC,mBAAmB;IASrB,KAAK;YAWG,aAAa;IA0D3B,OAAO,CAAC,QAAQ;YAsCF,iBAAiB;YAmBjB,iBAAiB;YAgCjB,mBAAmB;YAoCnB,oBAAoB;IA8BlC;;OAEG;WACW,aAAa,IAAI,IAAI;IAS7B,KAAK;CASZ"}

package/dist/lib/__tests__/__mocks__/ssh-client.mock.d.ts

@@ -0,0 +1,18 @@
+export interface SshSession {
+    forwardPort(localPort: number, remoteHost: string, remotePort: number): Promise<void>;
+    close(): Promise<void>;
+}
+export declare class SshClient {
+    connect(options: {
+        hostname: string;
+        port: number;
+        username: string;
+        privateKey: string;
+        hostKey?: string;
+    }): Promise<SshSession>;
+}
+export declare class MockSshSession implements SshSession {
+    forwardPort(localPort: number, remoteHost: string, remotePort: number): Promise<void>;
+    close(): Promise<void>;
+}
+//# sourceMappingURL=ssh-client.mock.d.ts.map

package/dist/lib/__tests__/__mocks__/ssh-client.mock.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh-client.mock.d.ts","sourceRoot":"","sources":["../../../../src/lib/__tests__/__mocks__/ssh-client.mock.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,UAAU;IACzB,WAAW,CACT,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAED,qBAAa,SAAS;IACd,OAAO,CAAC,OAAO,EAAE;QACrB,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC,UAAU,CAAC;CAUxB;AAED,qBAAa,cAAe,YAAW,UAAU;IACzC,WAAW,CACf,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,IAAI,CAAC;IAOV,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAG7B"}

package/dist/lib/auth-callback-server.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Shared local HTTP callback server for OAuth redirect flows.
+ * Used by both MsalAuthManager and Auth0AuthManager.
+ */
+export interface AuthCallbackResult {
+    /** The authorization code from the callback */
+    code: string;
+    /** The full raw URL path from the callback (preserves state for CSRF validation) */
+    fullPath: string;
+}
+/**
+ * Start a local HTTP server to listen for an OAuth authorization code callback.
+ *
+ * - On error callback: shows sanitized error page, resolves null.
+ * - On code callback with matching state: shows success page, resolves with code + full path.
+ * - On code callback with stale state: shows retry page, redirects to authUrl, keeps waiting.
+ * - On any other request: 302 redirects to authUrl (no script injection).
+ * - Times out after 5 minutes.
+ *
+ * @param port - Port to listen on (must be pre-registered as allowed callback URL)
+ * @param authUrl - Authorization URL to redirect the browser to
+ * @param expectedState - Expected OAuth state parameter to reject stale callbacks
+ */
+export declare function listenForAuthCode(port: number, authUrl: string, expectedState?: string): Promise<AuthCallbackResult | null>;
+//# sourceMappingURL=auth-callback-server.d.ts.map

package/dist/lib/auth-callback-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-callback-server.d.ts","sourceRoot":"","sources":["../../src/lib/auth-callback-server.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAcH,MAAM,WAAW,kBAAkB;IACjC,+CAA+C;IAC/C,IAAI,EAAE,MAAM,CAAC;IACb,oFAAoF;IACpF,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,iBAAiB,CAC/B,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,aAAa,CAAC,EAAE,MAAM,GACrB,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CAuHpC"}

package/dist/lib/auth-types.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Shared authentication types used by all auth provider implementations.
+ */
+/** Returns true if the token expiry time is within the safety buffer. */
+export declare function isTokenExpired(expiresAt: Date): boolean;
+export interface AuthToken {
+    accessToken: string;
+    expiresOn: Date;
+    refreshToken?: string;
+}
+export type PromptValue = 'select_account' | 'login' | 'consent' | 'none';
+/**
+ * Common interface for authentication managers.
+ * Implemented by MsalAuthManager (Entra) and Auth0AuthManager (Auth0).
+ */
+export interface IAuthManager {
+    authenticate(): Promise<AuthToken>;
+    authenticateInteractive(prompt?: PromptValue): Promise<AuthToken>;
+    tryGetValidTokenSilently(): Promise<string | null>;
+    getValidToken(): Promise<string>;
+    isAuthenticated(): boolean;
+    logout(): void;
+}
+//# sourceMappingURL=auth-types.d.ts.map

package/dist/lib/auth-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-types.d.ts","sourceRoot":"","sources":["../../src/lib/auth-types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,yEAAyE;AACzE,wBAAgB,cAAc,CAAC,SAAS,EAAE,IAAI,GAAG,OAAO,CAEvD;AAED,MAAM,WAAW,SAAS;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,IAAI,CAAC;IAChB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,MAAM,WAAW,GAAG,gBAAgB,GAAG,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;AAE1E;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,YAAY,IAAI,OAAO,CAAC,SAAS,CAAC,CAAC;IACnC,uBAAuB,CAAC,MAAM,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;IAClE,wBAAwB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACnD,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,eAAe,IAAI,OAAO,CAAC;IAC3B,MAAM,IAAI,IAAI,CAAC;CAChB"}

package/dist/lib/auth0-auth-manager.d.ts

@@ -0,0 +1,73 @@
+import { type AuthToken, type IAuthManager, type PromptValue } from './auth-types.js';
+export interface Auth0Config {
+    /** Auth0 authority URL, e.g. https://periscope.auth0.com/ */
+    authority: string;
+    /** Auth0 application client ID */
+    clientId: string;
+    /** OAuth2 scopes to request */
+    scopes: string[];
+    /** Auth0 API audience identifier (required for JWT access tokens) */
+    audience?: string;
+}
+/**
+ * Auth0 authentication manager using openid-client (RFC-compliant OIDC).
+ * Supports authorization code + PKCE browser flow (interactive) and
+ * device code flow (headless/fallback), plus token refresh.
+ */
+export declare class Auth0AuthManager implements IAuthManager {
+    private static readonly TOKEN_CACHE_FILE;
+    private static readonly REDIRECT_PORT;
+    private oidcConfig;
+    private config;
+    constructor(config?: Auth0Config);
+    /**
+     * Discover OIDC endpoints and initialize the openid-client Configuration.
+     * Lazy-loaded on first use.
+     */
+    private ensureOidcConfig;
+    /**
+     * Authenticate using the device code flow (RFC 8628).
+     * Displays a code + URL, opens the browser, and polls for completion.
+     */
+    authenticate(): Promise<AuthToken>;
+    /**
+     * Authenticate using the interactive browser flow (Authorization Code + PKCE).
+     * Opens the browser directly to Auth0 Universal Login — user enters email,
+     * receives OTP, enters it, and is redirected back. Single code, no device confirmation.
+     */
+    authenticateInteractive(_prompt?: PromptValue): Promise<AuthToken>;
+    /**
+     * Try to get a valid token without user interaction.
+     * Checks cache first, then tries refresh token.
+     */
+    tryGetValidTokenSilently(): Promise<string | null>;
+    /**
+     * Get a valid access token, refreshing or re-authenticating if necessary.
+     *
+     * Falls back to the device code flow (not browser PKCE) so this method can be
+     * called in headless environments (e.g., mid-tunnel token refresh). Callers that
+     * need browser-based re-authentication should call authenticateInteractive() directly.
+     */
+    getValidToken(): Promise<string>;
+    /**
+     * Check if a valid cached token exists.
+     */
+    isAuthenticated(): boolean;
+    /**
+     * Clear all cached Auth0 token data.
+     */
+    logout(): void;
+    /**
+     * Use a refresh token to obtain a new access token.
+     */
+    private refreshAccessToken;
+    /**
+     * Process a token endpoint response into our AuthToken format and cache it.
+     */
+    private processTokenResponse;
+    private getScopes;
+    private getCachedTokens;
+    private cacheTokens;
+    private getTokenCachePath;
+}
+//# sourceMappingURL=auth0-auth-manager.d.ts.map

package/dist/lib/auth0-auth-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth0-auth-manager.d.ts","sourceRoot":"","sources":["../../src/lib/auth0-auth-manager.ts"],"names":[],"mappings":"AAOA,OAAO,EAEL,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,WAAW,EACjB,MAAM,iBAAiB,CAAC;AAEzB,MAAM,WAAW,WAAW;IAC1B,6DAA6D;IAC7D,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AASD;;;;GAIG;AACH,qBAAa,gBAAiB,YAAW,YAAY;IACnD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAA4B;IACpE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAS;IAE9C,OAAO,CAAC,UAAU,CAAqC;IACvD,OAAO,CAAC,MAAM,CAA4B;gBAE9B,MAAM,CAAC,EAAE,WAAW;IAMhC;;;OAGG;YACW,gBAAgB;IAgB9B;;;OAGG;IACG,YAAY,IAAI,OAAO,CAAC,SAAS,CAAC;IA4CxC;;;;OAIG;IACG,uBAAuB,CAAC,OAAO,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC;IA8DxE;;;OAGG;IACG,wBAAwB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAkCxD;;;;;;OAMG;IACG,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAStC;;OAEG;IACH,eAAe,IAAI,OAAO;IAM1B;;OAEG;IACH,MAAM,IAAI,IAAI;IAWd;;OAEG;YACW,kBAAkB;IAShC;;OAEG;IACH,OAAO,CAAC,oBAAoB;IA+B5B,OAAO,CAAC,SAAS;IAUjB,OAAO,CAAC,eAAe;IAiBvB,OAAO,CAAC,WAAW;IASnB,OAAO,CAAC,iBAAiB;CAG1B"}

package/dist/lib/cache-utils.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Get the cache directory path, computed at runtime to respect HOME env var overrides.
+ */
+export declare function getCacheDir(): string;
+/**
+ * Ensure the cache directory exists, creating it if necessary.
+ */
+export declare function ensureCacheDir(): void;
+/**
+ * Write data to a file with owner-only permissions (0o600).
+ * Creates the cache directory if it doesn't exist.
+ */
+export declare function writeSecureFile(filePath: string, data: string): void;
+//# sourceMappingURL=cache-utils.d.ts.map

package/dist/lib/cache-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cache-utils.d.ts","sourceRoot":"","sources":["../../src/lib/cache-utils.ts"],"names":[],"mappings":"AAMA;;GAEG;AACH,wBAAgB,WAAW,IAAI,MAAM,CAEpC;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,IAAI,CAKrC;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,IAAI,CAGpE"}

package/dist/lib/client.d.ts

@@ -0,0 +1,181 @@
+import { PeriscopeConfig } from './config-manager.js';
+import type { AuthToken, PromptValue } from './auth-types.js';
+import { PeriscopeApi } from '@elf-5/periscope-api-client';
+export type UserInfo = PeriscopeApi.UserDto;
+/**
+ * Account status values returned by the server.
+ * Mirrors the UserStatus enum in Periscope.Shared.
+ */
+export declare const AccountStatus: {
+    readonly PENDING_APPROVAL: "PendingApproval";
+    readonly ACTIVE: "Active";
+    readonly REJECTED: "Rejected";
+    readonly INACTIVE: "Inactive";
+};
+export interface HealthStatus {
+    healthy: boolean;
+    version?: string;
+    uptime?: number;
+}
+export declare class PeriscopeClient {
+    private config;
+    private authManager;
+    private apiClient;
+    private logger;
+    private httpsAgent;
+    private authInitPromise;
+    constructor(config: PeriscopeConfig);
+    /**
+     * Perform fetch with SSL configuration
+     */
+    private fetchWithOptions;
+    /**
+     * Initialize the auth manager with configuration from the API.
+     * Selects MSAL (Entra) or Auth0 based on the server's authProvider field.
+     * Uses a cached promise to prevent duplicate initialization attempts.
+     */
+    private initializeAuth;
+    /**
+     * Internal auth initialization logic.
+     * Uses the centralized ServerConfig cache to avoid duplicate /api/configuration requests.
+     */
+    private doInitializeAuth;
+    /**
+     * Create a custom fetch implementation that includes authentication headers.
+     * Dynamically fetches a fresh token on each request via authManager so that
+     * long-lived API clients (e.g., during tunnel reconnection) automatically
+     * pick up refreshed tokens instead of replaying an expired one.
+     */
+    private createAuthenticatedFetch;
+    /**
+     * Create an unauthenticated fetch implementation for public endpoints
+     */
+    private createUnauthenticatedFetch;
+    /**
+     * Initialize the API client with authentication token
+     */
+    private initializeApiClient;
+    /**
+     * Check if API client is initialized and ready
+     */
+    private isApiClientReady;
+    /**
+     * Authenticate and ensure we have a valid token
+     */
+    authenticate(): Promise<AuthToken>;
+    /**
+     * Authenticate using interactive flow with prompt control
+     */
+    authenticateInteractive(prompt?: PromptValue): Promise<AuthToken>;
+    /**
+     * Check if currently authenticated.
+     *
+     * Checks in order:
+     * 1. Already initialized authManager with valid token
+     * 2. Cached token on disk (without needing server config)
+     * 3. Initialize auth from server and check
+     *
+     * This layered approach allows the CLI to work even when the server
+     * doesn't provide auth configuration (e.g., test environments).
+     */
+    isAuthenticated(): Promise<boolean>;
+    /**
+     * @deprecated Use isAuthenticated() instead. This alias exists for backwards compatibility.
+     */
+    isAuthenticatedAsync(): Promise<boolean>;
+    /**
+     * Try to initialize from a cached token file without needing server config.
+     * Checks both MSAL and Auth0 token caches.
+     * Returns true if a valid cached token was found and API client initialized.
+     *
+     * NOTE: Config-less managers are used only to read the cache and extract
+     * a still-valid access token. They are NOT stored as this.authManager
+     * because they lack server config needed for re-authentication and
+     * token refresh. The full authManager is set later via initializeAuth().
+     */
+    private tryInitializeFromCachedToken;
+    /**
+     * Ensure API client is initialized if we have valid authentication.
+     */
+    private ensureApiClientInitialized;
+    /**
+     * Logout and clear authentication data.
+     * Clears both MSAL and Auth0 caches to ensure a clean slate.
+     */
+    logout(): Promise<void>;
+    /**
+     * Get auth configuration from server (unauthenticated endpoint)
+     */
+    getAuthConfig(): Promise<PeriscopeApi.PeriscopeConfigDto>;
+    checkHealth(): Promise<HealthStatus>;
+    /**
+     * Register the client's SSH public key with the server.
+     * Returns the normalized public key string accepted by the server.
+     */
+    registerPublicKey(publicKey: string): Promise<string>;
+    getSSHCredentials(): Promise<PeriscopeApi.SshCredentialsDto>;
+    /**
+     * Get current user information
+     */
+    getCurrentUser(): Promise<PeriscopeApi.UserDto>;
+    /**
+     * Get current user's account status from the server.
+     * Returns the status string (e.g., "Active", "PendingApproval").
+     * Throws if the status cannot be determined (fail-closed).
+     */
+    getUserStatus(): Promise<string>;
+    /**
+     * Get current user's Terms of Service acceptance status.
+     * Uses direct fetch since these endpoints may not yet be in the generated API client.
+     */
+    getTermsStatus(): Promise<TermsStatus>;
+    /**
+     * Accept the Terms of Service for the current user.
+     */
+    acceptTerms(termsVersion: string): Promise<void>;
+    /**
+     * Update the user's slug for tunnel namespacing (ELF-166).
+     * Requires authentication.
+     */
+    updateSlug(request: {
+        slug: string;
+    }): Promise<void>;
+    /**
+     * Validate the SSH host key received during the SSH handshake (ELF-198).
+     * Sends the raw SSH wire-format public key bytes (base64-encoded) to the server,
+     * which compares them against its own key using constant-time comparison.
+     * Throws ApiException with status 422 if the key does not match (potential MITM).
+     */
+    validateSshHostKey(keyBytes: string): Promise<void>;
+    /**
+     * Submit user feedback to create a Linear issue.
+     * Requires authentication.
+     */
+    submitFeedback(message: string): Promise<FeedbackResponse>;
+    /**
+     * Get the Application Insights connection string from the authenticated telemetry endpoint.
+     * Returns null if not authenticated or if the server has no connection string configured.
+     */
+    getTelemetryConnectionString(): Promise<string | null>;
+    /**
+     * Get the configuration object
+     */
+    getConfig(): PeriscopeConfig;
+}
+/**
+ * Terms of Service status response from server
+ */
+export interface TermsStatus {
+    accepted: boolean;
+    termsVersion: string | null;
+    acceptedAt: string | null;
+    currentVersion: string;
+}
+/**
+ * Feedback response from server
+ */
+export interface FeedbackResponse {
+    success?: boolean;
+    message?: string | undefined;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/lib/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/lib/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,KAAK,EAAE,SAAS,EAAgB,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAG5E,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAO3D,MAAM,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,CAAC;AAE5C;;;GAGG;AACH,eAAO,MAAM,aAAa;;;;;CAKhB,CAAC;AAGX,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,eAAe;IAOd,OAAO,CAAC,MAAM;IAN1B,OAAO,CAAC,WAAW,CAA6B;IAChD,OAAO,CAAC,SAAS,CAAgD;IACjE,OAAO,CAAC,MAAM,CAAwC;IACtD,OAAO,CAAC,UAAU,CAA4B;IAC9C,OAAO,CAAC,eAAe,CAA8B;gBAEjC,MAAM,EAAE,eAAe;IA2B3C;;OAEG;YACW,gBAAgB;IAc9B;;;;OAIG;YACW,cAAc;IAoB5B;;;OAGG;YACW,gBAAgB;IA8B9B;;;;;OAKG;IACH,OAAO,CAAC,wBAAwB;IA+ChC;;OAEG;IACH,OAAO,CAAC,0BAA0B;IA4BlC;;OAEG;YACW,mBAAmB;IA0BjC;;OAEG;YACW,gBAAgB;IAU9B;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,SAAS,CAAC;IAgBxC;;OAEG;IACG,uBAAuB,CAAC,MAAM,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,SAAS,CAAC;IAgBvE;;;;;;;;;;OAUG;IACG,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC;IA2DzC;;OAEG;IACG,oBAAoB,IAAI,OAAO,CAAC,OAAO,CAAC;IAI9C;;;;;;;;;OASG;YACW,4BAA4B;IA8B1C;;OAEG;YACW,0BAA0B;IAaxC;;;OAGG;IACG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAiC7B;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,YAAY,CAAC,kBAAkB,CAAC;IAiCzD,WAAW,IAAI,OAAO,CAAC,YAAY,CAAC;IAiB1C;;;OAGG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAcrD,iBAAiB,IAAI,OAAO,CAAC,YAAY,CAAC,iBAAiB,CAAC;IAkBlE;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC;IAqBrD;;;;OAIG;IACG,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAQtC;;;OAGG;IACG,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IA+B5C;;OAEG;IACG,WAAW,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IA6BtD;;;OAGG;IACG,UAAU,CAAC,OAAO,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAuB1D;;;;;OAKG;IACG,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQzD;;;OAGG;IACG,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAmBhE;;;OAGG;IACG,4BAA4B,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAa5D;;OAEG;IACH,SAAS,IAAI,eAAe;CAG7B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,OAAO,CAAC;IAClB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC9B"}

package/dist/lib/config-manager.d.ts

@@ -0,0 +1,34 @@
+export interface PeriscopeConfig {
+    serverUrl?: string;
+    logLevel?: string;
+    caCertPath?: string;
+    showRequestLog?: boolean;
+    sshKeyPath?: string;
+    allowExternalKey?: boolean;
+}
+export declare class ConfigManager {
+    private static readonly CONFIG_DIR;
+    private static readonly CONFIG_FILE;
+    private static testConfig;
+    static getConfigPath(): string;
+    /**
+     * Set a test configuration that bypasses file system operations
+     * Only use this in tests!
+     */
+    static setTestConfig(config: PeriscopeConfig | null): void;
+    /**
+     * Load configuration from file, environment variables, and .env file
+     * Priority order: environment variables > .env file > config file
+     */
+    static load(): PeriscopeConfig;
+    /**
+     * Load .env file from current working directory or project root
+     */
+    private static loadDotEnv;
+    /**
+     * Merge environment variables into configuration
+     */
+    private static mergeEnvironmentVariables;
+    static save(config: PeriscopeConfig): void;
+}
+//# sourceMappingURL=config-manager.d.ts.map

package/dist/lib/config-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-manager.d.ts","sourceRoot":"","sources":["../../src/lib/config-manager.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,eAAe;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAE5B;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAyC;IAC3E,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAiB;IACpD,OAAO,CAAC,MAAM,CAAC,UAAU,CAAgC;IAEzD,MAAM,CAAC,aAAa,IAAI,MAAM;IAI9B;;;OAGG;IACH,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,eAAe,GAAG,IAAI,GAAG,IAAI;IAO1D;;;OAGG;IACH,MAAM,CAAC,IAAI,IAAI,eAAe;IA6B9B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;IAoBzB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,yBAAyB;IA8BxC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,GAAG,IAAI;CA2B3C"}

package/dist/lib/error-classifier.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Error classification system for enhanced error handling
+ */
+export declare enum ErrorType {
+    AUTHENTICATION = "authentication",
+    AUTHORIZATION = "authorization",
+    NETWORK = "network",
+    VALIDATION = "validation",
+    SERVER = "server",
+    TUNNEL = "tunnel",
+    UNKNOWN = "unknown"
+}
+export declare enum ErrorSeverity {
+    LOW = "low",
+    MEDIUM = "medium",
+    HIGH = "high",
+    CRITICAL = "critical"
+}
+export interface ClassifiedError {
+    type: ErrorType;
+    severity: ErrorSeverity;
+    httpStatus?: number;
+    isRetryable: boolean;
+    userMessage: string;
+    suggestedActions: string[];
+    technicalDetails?: string;
+}
+/**
+ * Enhanced error classifier with granular categorization
+ */
+export declare class ErrorClassifier {
+    /**
+     * Classify an error based on various signals
+     */
+    static classify(error: unknown, context?: string): ClassifiedError;
+    /**
+     * Extract message from various error formats
+     */
+    private static extractMessage;
+    private static extractHttpStatus;
+    private static isAuthenticationError;
+    private static isAuthorizationError;
+    private static isNetworkError;
+    private static isValidationError;
+    private static isServerError;
+    private static isTunnelError;
+    private static createAuthenticationError;
+    private static createAuthorizationError;
+    private static createNetworkError;
+    private static createValidationError;
+    private static createServerError;
+    private static createTunnelError;
+    private static createUnknownError;
+}
+//# sourceMappingURL=error-classifier.d.ts.map

package/dist/lib/error-classifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-classifier.d.ts","sourceRoot":"","sources":["../../src/lib/error-classifier.ts"],"names":[],"mappings":"AAAA;;GAEG;AAoDH,oBAAY,SAAS;IACnB,cAAc,mBAAmB;IACjC,aAAa,kBAAkB;IAC/B,OAAO,YAAY;IACnB,UAAU,eAAe;IACzB,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,OAAO,YAAY;CACpB;AAED,oBAAY,aAAa;IACvB,GAAG,QAAQ;IACX,MAAM,WAAW;IACjB,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,SAAS,CAAC;IAChB,QAAQ,EAAE,aAAa,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,OAAO,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAMD;;GAEG;AACH,qBAAa,eAAe;IAC1B;;OAEG;IACH,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,eAAe;IAsClE;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,cAAc;IAa7B,OAAO,CAAC,MAAM,CAAC,iBAAiB;IA0BhC,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAuBpC,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAsBnC,OAAO,CAAC,MAAM,CAAC,cAAc;IAwC7B,OAAO,CAAC,MAAM,CAAC,iBAAiB;IAiBhC,OAAO,CAAC,MAAM,CAAC,aAAa;IAe5B,OAAO,CAAC,MAAM,CAAC,aAAa;IA4B5B,OAAO,CAAC,MAAM,CAAC,yBAAyB;IA8BxC,OAAO,CAAC,MAAM,CAAC,wBAAwB;IAoDvC,OAAO,CAAC,MAAM,CAAC,kBAAkB;IA4EjC,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAmBpC,OAAO,CAAC,MAAM,CAAC,iBAAiB;IA0BhC,OAAO,CAAC,MAAM,CAAC,iBAAiB;IA0DhC,OAAO,CAAC,MAAM,CAAC,kBAAkB;CAkBlC"}

package/dist/lib/interactive-utils.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Check if we're currently running in interactive mode
+ */
+export declare function isInteractiveMode(): boolean;
+/**
+ * Exit or throw error based on context
+ * In interactive mode, throws an error instead of calling process.exit
+ *
+ * Note: telemetry is flushed in the signal handlers (secure-memory.ts)
+ * and the main CLI exit paths (cli.ts), not here. This function is sync
+ * and cannot await an async flush.
+ */
+export declare function exitOrThrow(code: number, message?: string): never;
+//# sourceMappingURL=interactive-utils.d.ts.map

package/dist/lib/interactive-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"interactive-utils.d.ts","sourceRoot":"","sources":["../../src/lib/interactive-utils.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,KAAK,CASjE"}

package/dist/lib/logger.d.ts

@@ -0,0 +1,99 @@
+export declare enum LogLevel {
+    ERROR = 0,
+    WARN = 1,
+    INFO = 2,
+    DEBUG = 3,
+    TRACE = 4
+}
+export interface LoggerConfig {
+    level: LogLevel;
+    prefix?: string;
+    timestamp?: boolean;
+}
+export declare class Logger {
+    private config;
+    constructor(config?: LoggerConfig);
+    /**
+     * Set the current log level
+     */
+    setLevel(level: LogLevel): void;
+    /**
+     * Get the current log level
+     */
+    getLevel(): LogLevel;
+    /**
+     * Check if a log level should be output
+     */
+    private shouldLog;
+    /**
+     * Format an argument for logging
+     * Stack traces are only included at DEBUG level or higher
+     */
+    private formatArg;
+    /**
+     * Format the log message with optional timestamp and prefix
+     */
+    private formatMessage;
+    /**
+     * Error level logging (always shown unless level is below ERROR)
+     */
+    error(message: string, ...args: unknown[]): void;
+    /**
+     * Warning level logging
+     */
+    warn(message: string, ...args: unknown[]): void;
+    /**
+     * Info level logging (user-facing information)
+     */
+    info(message: string, ...args: unknown[]): void;
+    /**
+     * Success logging (special case of info)
+     */
+    success(message: string, ...args: unknown[]): void;
+    /**
+     * Debug level logging (internal operations, verbose)
+     */
+    debug(message: string, ...args: unknown[]): void;
+    /**
+     * Trace level logging (very detailed, internal state)
+     */
+    trace(message: string, ...args: unknown[]): void;
+    /**
+     * Raw output without formatting (for CLI output that shouldn't be logged)
+     */
+    raw(message: string, ...args: unknown[]): void;
+    /**
+     * Print a blank line without any icon or prefix.
+     */
+    blank(): void;
+    /**
+     * Print a section header: blank line + bold text, no icon.
+     * Use instead of log.info('\nSection Title:') for section headings.
+     */
+    header(text: string): void;
+    /**
+     * Print a horizontal separator line without any icon or prefix.
+     */
+    separator(length?: number): void;
+    /**
+     * Create a child logger with additional prefix
+     */
+    child(prefix: string): Logger;
+}
+/**
+ * Get or create the global logger instance
+ */
+export declare function getLogger(): Logger;
+export declare const log: {
+    error: (message: string, ...args: unknown[]) => void;
+    warn: (message: string, ...args: unknown[]) => void;
+    info: (message: string, ...args: unknown[]) => void;
+    success: (message: string, ...args: unknown[]) => void;
+    debug: (message: string, ...args: unknown[]) => void;
+    trace: (message: string, ...args: unknown[]) => void;
+    raw: (message: string, ...args: unknown[]) => void;
+    blank: () => void;
+    header: (text: string) => void;
+    separator: (length?: number) => void;
+};
+//# sourceMappingURL=logger.d.ts.map

package/dist/lib/logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../src/lib/logger.ts"],"names":[],"mappings":"AAGA,oBAAY,QAAQ;IAClB,KAAK,IAAI;IACT,IAAI,IAAI;IACR,IAAI,IAAI;IACR,KAAK,IAAI;IACT,KAAK,IAAI;CACV;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,QAAQ,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB;AAED,qBAAa,MAAM;IACjB,OAAO,CAAC,MAAM,CAAe;gBAEjB,MAAM,GAAE,YAAuC;IAI3D;;OAEG;IACH,QAAQ,CAAC,KAAK,EAAE,QAAQ,GAAG,IAAI;IAI/B;;OAEG;IACH,QAAQ,IAAI,QAAQ;IAIpB;;OAEG;IACH,OAAO,CAAC,SAAS;IAIjB;;;OAGG;IACH,OAAO,CAAC,SAAS;IAkBjB;;OAEG;IACH,OAAO,CAAC,aAAa;IA2BrB;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI;IAOhD;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI;IAO/C;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI;IAO/C;;OAEG;IACH,OAAO,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI;IAOlD;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI;IAOhD;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI;IAOhD;;OAEG;IACH,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI;IAQ9C;;OAEG;IACH,KAAK,IAAI,IAAI;IAIb;;;OAGG;IACH,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAK1B;;OAEG;IACH,SAAS,CAAC,MAAM,SAAK,GAAG,IAAI;IAI5B;;OAEG;IACH,KAAK,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;CAS9B;AAKD;;GAEG;AACH,wBAAgB,SAAS,IAAI,MAAM,CAUlC;AAyCD,eAAO,MAAM,GAAG;qBACG,MAAM,WAAW,OAAO,EAAE;oBAE3B,MAAM,WAAW,OAAO,EAAE;oBAE1B,MAAM,WAAW,OAAO,EAAE;uBAEvB,MAAM,WAAW,OAAO,EAAE;qBAE5B,MAAM,WAAW,OAAO,EAAE;qBAE1B,MAAM,WAAW,OAAO,EAAE;mBAE5B,MAAM,WAAW,OAAO,EAAE;;mBAG1B,MAAM;yBACA,MAAM;CAC5B,CAAC"}