@elf5/periscope 1.0.64

package/dist/lib/msal-auth-manager.d.ts

@@ -0,0 +1,54 @@
+import { type AuthToken, type IAuthManager, type PromptValue } from './auth-types.js';
+export interface MSALConfig {
+    clientId: string;
+    authority: string;
+    scopes: string[];
+}
+export declare class MsalAuthManager implements IAuthManager {
+    private static readonly TOKEN_CACHE_FILE;
+    private msalApp;
+    private config;
+    constructor(config?: MSALConfig);
+    private initializeMSAL;
+    /**
+     * Extract knownAuthorities from an authority URL for non-standard authority domains.
+     * B2C (*.b2clogin.com) and Entra External ID (*.ciamlogin.com) must be listed in knownAuthorities.
+     */
+    private static extractKnownAuthorities;
+    /**
+     * Authenticate user using device code flow
+     * This will display a device code and open the browser for authentication
+     */
+    authenticate(): Promise<AuthToken>;
+    /**
+     * Authenticate user using interactive browser flow with prompt control
+     * This opens the system browser for authentication and handles the redirect
+     */
+    authenticateInteractive(prompt?: PromptValue): Promise<AuthToken>;
+    /**
+     * Get an available port for the redirect server
+     */
+    private getAvailablePort;
+    /**
+     * Try to get a valid token without user interaction.
+     * Checks the simple cache first, then attempts MSAL silent refresh.
+     * Returns null if no valid token is available.
+     */
+    tryGetValidTokenSilently(): Promise<string | null>;
+    /**
+     * Get a valid access token, refreshing if necessary
+     */
+    getValidToken(): Promise<string>;
+    /**
+     * Check if user is currently authenticated with a valid token
+     */
+    isAuthenticated(): boolean;
+    /**
+     * Clear all cached authentication data
+     */
+    logout(): void;
+    private getCachedToken;
+    private cacheToken;
+    private getTokenCachePath;
+}
+//# sourceMappingURL=msal-auth-manager.d.ts.map

package/dist/lib/msal-auth-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"msal-auth-manager.d.ts","sourceRoot":"","sources":["../../src/lib/msal-auth-manager.ts"],"names":[],"mappings":"AAcA,OAAO,EAEL,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,WAAW,EACjB,MAAM,iBAAiB,CAAC;AAEzB,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB;AAED,qBAAa,eAAgB,YAAW,YAAY;IAClD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAsB;IAC9D,OAAO,CAAC,OAAO,CAAwC;IACvD,OAAO,CAAC,MAAM,CAA2B;gBAE7B,MAAM,CAAC,EAAE,UAAU;IAO/B,OAAO,CAAC,cAAc;IAkCtB;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAetC;;;OAGG;IACG,YAAY,IAAI,OAAO,CAAC,SAAS,CAAC;IAkExC;;;OAGG;IACG,uBAAuB,CAC3B,MAAM,GAAE,WAA8B,GACrC,OAAO,CAAC,SAAS,CAAC;IAkHrB;;OAEG;YACW,gBAAgB;IAY9B;;;;OAIG;IACG,wBAAwB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA+CxD;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC;IAWtC;;OAEG;IACH,eAAe,IAAI,OAAO;IAK1B;;OAEG;IACH,MAAM,IAAI,IAAI;IAcd,OAAO,CAAC,cAAc;IAkBtB,OAAO,CAAC,UAAU;IAelB,OAAO,CAAC,iBAAiB;CAG1B"}

package/dist/lib/msal-cache-plugin.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Get the MSAL cache file path, computed at runtime to respect HOME env var overrides in tests.
+ */
+export declare function getMsalCacheFilePath(): string;
+/**
+ * Create an MSAL ICachePlugin that persists the full MSAL token cache
+ * (including refresh tokens and account info) to ~/.periscope/msal-cache.json.
+ *
+ * Uses structural typing to match ICachePlugin from @azure/msal-common
+ * without importing it directly.
+ */
+export declare function createMsalCachePlugin(): {
+    beforeCacheAccess(cacheContext: {
+        tokenCache: {
+            deserialize: (cache: string) => void;
+        };
+    }): Promise<void>;
+    afterCacheAccess(cacheContext: {
+        cacheHasChanged: boolean;
+        tokenCache: {
+            serialize: () => string;
+        };
+    }): Promise<void>;
+};
+/**
+ * Delete the MSAL cache file from disk. Called during logout.
+ */
+export declare function clearMsalCache(): void;
+//# sourceMappingURL=msal-cache-plugin.d.ts.map

package/dist/lib/msal-cache-plugin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"msal-cache-plugin.d.ts","sourceRoot":"","sources":["../../src/lib/msal-cache-plugin.ts"],"names":[],"mappings":"AAOA;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAE7C;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB;oCAEK;QACpC,UAAU,EAAE;YAAE,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAA;SAAE,CAAC;KACtD,GAAG,OAAO,CAAC,IAAI,CAAC;mCAYoB;QACnC,eAAe,EAAE,OAAO,CAAC;QACzB,UAAU,EAAE;YAAE,SAAS,EAAE,MAAM,MAAM,CAAA;SAAE,CAAC;KACzC,GAAG,OAAO,CAAC,IAAI,CAAC;EAYpB;AAED;;GAEG;AACH,wBAAgB,cAAc,IAAI,IAAI,CASrC"}

package/dist/lib/process-lifecycle.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Centralized process exit handling.
+ *
+ * All exit paths should call gracefulExit() instead of process.exit()
+ * to ensure telemetry is flushed, the SDK is disposed, and readline
+ * is closed before the process terminates.
+ */
+/**
+ * Cleanly shut down and exit the process.
+ * Flushes + disposes telemetry, closes readline, then exits.
+ */
+export declare function gracefulExit(code?: number): Promise<never>;
+//# sourceMappingURL=process-lifecycle.d.ts.map

package/dist/lib/process-lifecycle.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"process-lifecycle.d.ts","sourceRoot":"","sources":["../../src/lib/process-lifecycle.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH;;;GAGG;AACH,wBAAsB,YAAY,CAAC,IAAI,GAAE,MAAU,GAAG,OAAO,CAAC,KAAK,CAAC,CAInE"}

package/dist/lib/readline-instance.d.ts

@@ -0,0 +1,6 @@
+import * as readline from 'readline';
+export declare function getReadlineInterface(): readline.Interface;
+export declare function initializeReadline(isInteractive?: boolean, completer?: readline.Completer): void;
+export declare function closeReadline(): void;
+export declare function isReadlineActive(): boolean;
+//# sourceMappingURL=readline-instance.d.ts.map

package/dist/lib/readline-instance.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"readline-instance.d.ts","sourceRoot":"","sources":["../../src/lib/readline-instance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,UAAU,CAAC;AAMrC,wBAAgB,oBAAoB,IAAI,QAAQ,CAAC,SAAS,CAMzD;AAED,wBAAgB,kBAAkB,CAChC,aAAa,GAAE,OAAe,EAC9B,SAAS,CAAC,EAAE,QAAQ,CAAC,SAAS,GAC7B,IAAI,CAWN;AAED,wBAAgB,aAAa,IAAI,IAAI,CAKpC;AAED,wBAAgB,gBAAgB,IAAI,OAAO,CAE1C"}

package/dist/lib/request-monitor.d.ts

@@ -0,0 +1,21 @@
+import { Duplex } from 'stream';
+import { SshClientSession } from '@microsoft/dev-tunnels-ssh';
+/**
+ * Parse an HTTP request line from a buffer and log it.
+ * Returns true if a request line was found and logged.
+ */
+export declare function parseAndLogRequestLine(chunk: Buffer, _tunnelName: string): boolean;
+/**
+ * Intercept push() on a Duplex stream to peek at every data chunk
+ * for HTTP request lines. This captures all requests on keep-alive
+ * connections where multiple requests share a single stream.
+ * Data flows through unchanged — this only observes, never modifies
+ * or consumes data.
+ */
+export declare function monitorStream(stream: Duplex, tunnelName: string): void;
+/**
+ * Hook into the PortForwardingService to log incoming HTTP requests.
+ * Call this after SSH authentication succeeds.
+ */
+export declare function setupRequestMonitor(session: SshClientSession, tunnelName: string): void;
+//# sourceMappingURL=request-monitor.d.ts.map

package/dist/lib/request-monitor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-monitor.d.ts","sourceRoot":"","sources":["../../src/lib/request-monitor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAIhC,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAW9D;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,GAClB,OAAO,CAiBT;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,IAAI,CAgBtE;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,gBAAgB,EACzB,UAAU,EAAE,MAAM,GACjB,IAAI,CA0CN"}

package/dist/lib/secure-memory.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Secure memory utilities for cleanup and process-lifecycle management.
+ */
+interface TunnelManagerLike {
+    stopAll(): Promise<void>;
+}
+export declare function registerTunnelManager(tunnelManager: TunnelManagerLike): void;
+export declare function unregisterTunnelManager(tunnelManager: TunnelManagerLike): void;
+/**
+ * Utility function to ensure cleanup happens even if process exits unexpectedly.
+ * Idempotent — safe to call multiple times; handlers are registered only once.
+ */
+export declare function setupSecureCleanup(): void;
+/**
+ * Manual cleanup function that can be called by interactive mode
+ */
+export declare function performSecureCleanup(): Promise<void>;
+/**
+ * Detect ObjectDisposedError from disposed SSH channels.
+ * These surface as uncaught exceptions when pipe() flushes data to a
+ * disposed SshStream. They are non-fatal because the session onClosed/
+ * onDisconnected handlers in tunnel-manager.ts trigger reconnection.
+ *
+ * Uses error.name check to avoid coupling this module to the SSH library.
+ */
+export declare function isSshChannelDisposedError(error: Error): boolean;
+export {};
+//# sourceMappingURL=secure-memory.d.ts.map

package/dist/lib/secure-memory.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secure-memory.d.ts","sourceRoot":"","sources":["../../src/lib/secure-memory.ts"],"names":[],"mappings":"AAAA;;GAEG;AAMH,UAAU,iBAAiB;IACzB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1B;AAKD,wBAAgB,qBAAqB,CAAC,aAAa,EAAE,iBAAiB,GAAG,IAAI,CAE5E;AAED,wBAAgB,uBAAuB,CACrC,aAAa,EAAE,iBAAiB,GAC/B,IAAI,CAEN;AAiBD;;;GAGG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CA+EzC;AAED;;GAEG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,IAAI,CAAC,CAI1D;AAED;;;;;;;GAOG;AACH,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,KAAK,GAAG,OAAO,CAE/D"}

package/dist/lib/server-config.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Centralized cache for the server's /api/configuration response.
+ *
+ * Gate 1 of CLI initialization: fetched once (unauthenticated) and
+ * consumed by MSAL auth, telemetry init, and display commands.
+ * Eliminates duplicate GET /api/configuration requests.
+ */
+import { PeriscopeApi } from '@elf-5/periscope-api-client';
+/**
+ * Get the server configuration, fetching it at most once per CLI invocation.
+ * Concurrent calls share the same in-flight request.
+ *
+ * @param serverUrl - The Periscope server base URL
+ * @returns The cached server configuration DTO
+ */
+export declare function getServerConfig(serverUrl: string): Promise<PeriscopeApi.PeriscopeConfigDto>;
+/**
+ * Get the cached config without fetching. Returns null if not yet fetched.
+ */
+export declare function getCachedServerConfig(): PeriscopeApi.PeriscopeConfigDto | null;
+/**
+ * Clear the cached config. Useful for testing.
+ */
+export declare function clearServerConfigCache(): void;
+//# sourceMappingURL=server-config.d.ts.map

package/dist/lib/server-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server-config.d.ts","sourceRoot":"","sources":["../../src/lib/server-config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAK3D;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAa1C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,YAAY,CAAC,kBAAkB,GAAG,IAAI,CAE9E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,IAAI,CAG7C"}

package/dist/lib/ssh-key-manager.d.ts

@@ -0,0 +1,50 @@
+import { KeyPair } from '@microsoft/dev-tunnels-ssh';
+export interface SshKeyInfo {
+    exists: boolean;
+    path: string;
+    pubKeyPath: string;
+}
+/**
+ * Thrown by SshKeyManager.loadKeyPair() when the private key file does not exist.
+ * Caught by TunnelCommand to trigger the missing-key setup wizard.
+ */
+export declare class SshKeyNotFoundError extends Error {
+    constructor(keyPath: string);
+}
+export declare class SshKeyManager {
+    /**
+     * Returns the default SSH private key path.
+     */
+    static getDefaultKeyPath(): string;
+    /**
+     * Generates a new ECDSA P-256 key pair and saves to disk.
+     * Warns before overwriting an existing key — callers should confirm with the user
+     * before calling this on an already-registered key path.
+     */
+    static generateKeyPair(keyPath?: string): Promise<KeyPair>;
+    /**
+     * Loads an existing key pair from disk.
+     * Throws if the key file does not exist.
+     */
+    static loadKeyPair(keyPath?: string): Promise<KeyPair>;
+    /**
+     * Ensures a key pair exists, generating one if not.
+     * Returns the loaded key pair.
+     */
+    static ensureKeyPair(keyPath?: string): Promise<KeyPair>;
+    /**
+     * Exports the public key from an in-memory KeyPair in SSH wire format.
+     * Use this after generateKeyPair() or ensureKeyPair() to avoid a redundant disk read.
+     */
+    static exportPublicKey(keyPair: KeyPair): Promise<string>;
+    /**
+     * Returns the public key string in SSH format (e.g. "ecdsa-sha2-nistp256 AAAA...").
+     * Reads from the .pub file if present; otherwise imports the private key to derive it.
+     */
+    static getPublicKeyString(keyPath?: string): Promise<string>;
+    /**
+     * Returns info about the current SSH key (path, existence).
+     */
+    static getKeyInfo(keyPath?: string): SshKeyInfo;
+}
+//# sourceMappingURL=ssh-key-manager.d.ts.map

package/dist/lib/ssh-key-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ssh-key-manager.d.ts","sourceRoot":"","sources":["../../src/lib/ssh-key-manager.ts"],"names":[],"mappings":"AAIA,OAAO,EAGL,OAAO,EACR,MAAM,4BAA4B,CAAC;AAuBpC,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,OAAO,EAAE,MAAM;CAQ5B;AAED,qBAAa,aAAa;IACxB;;OAEG;IACH,MAAM,CAAC,iBAAiB,IAAI,MAAM;IAIlC;;;;OAIG;WACU,eAAe,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAkEhE;;;OAGG;WACU,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAqB5D;;;OAGG;WACU,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW9D;;;OAGG;WACU,eAAe,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAI/D;;;OAGG;WACU,kBAAkB,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAalE;;OAEG;IACH,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,UAAU;CAQhD"}

package/dist/lib/telemetry.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Application Insights telemetry module for the Periscope CLI.
+ *
+ * Provides crash/exception tracking and event telemetry.
+ * Graceful no-op when not initialized (no connection string configured).
+ * Connection string is fetched post-auth from the server via /api/configuration/telemetry.
+ */
+/**
+ * Initialize Application Insights telemetry.
+ * Must be called with a connection string from the server configuration.
+ * Safe to call multiple times — subsequent calls are ignored.
+ *
+ * @returns true if telemetry was initialized, false if skipped
+ */
+export declare function initTelemetry(connectionString: string): Promise<boolean>;
+/**
+ * Track an exception in Application Insights.
+ * No-op if telemetry is not initialized.
+ */
+export declare function trackException(error: unknown, properties?: Record<string, string>): void;
+/**
+ * Track a custom event in Application Insights.
+ * No-op if telemetry is not initialized.
+ */
+export declare function trackEvent(name: string, properties?: Record<string, string>): void;
+/**
+ * Store the authenticated user's email for enrichment of subsequent telemetry events.
+ * Safe to call before or after initTelemetry.
+ */
+export declare function setUserContext(email?: string): void;
+/**
+ * Flush all buffered telemetry to Application Insights.
+ * Returns a Promise that resolves when flush completes or times out.
+ * No-op (resolves immediately) if telemetry is not initialized.
+ */
+export declare function flushTelemetry(): Promise<void>;
+/**
+ * Flush buffered telemetry and dispose the SDK so its background timers
+ * don't keep the process alive. Call this before process exit.
+ */
+export declare function shutdownTelemetry(): Promise<void>;
+//# sourceMappingURL=telemetry.d.ts.map

package/dist/lib/telemetry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"telemetry.d.ts","sourceRoot":"","sources":["../../src/lib/telemetry.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAwBH;;;;;;GAMG;AACH,wBAAsB,aAAa,CACjC,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,OAAO,CAAC,CA4ClB;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAC5B,KAAK,EAAE,OAAO,EACd,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAClC,IAAI,CAYN;AAED;;;GAGG;AACH,wBAAgB,UAAU,CACxB,IAAI,EAAE,MAAM,EACZ,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAClC,IAAI,CAON;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAInD;AAED;;;;GAIG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC,IAAI,CAAC,CAWpD;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC,CAavD"}

package/dist/lib/terms.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Embedded Terms of Service for Periscope CLI.
+ * This is the beta version - a simplified TOS displayed inline in the terminal.
+ * See ELF-139 for future: hosted TOS pages, versioning/re-acceptance, etc.
+ */
+export declare const TERMS_VERSION = "2026-02-14";
+export declare const TERMS_TEXT = "\nPERISCOPE TERMS OF SERVICE\nVersion: 2026-02-14\n\nCopyright (c) 2024-2026 Elf 5. All rights reserved.\n\nBy using Periscope (\"the Service\"), you agree to the following terms:\n\n1. ACCEPTANCE\n   By accessing or using Periscope, you agree to be bound by these Terms\n   of Service. If you do not agree, you may not use the Service.\n\n2. BETA PROGRAM\n   IMPORTANT: Periscope is currently in beta. By participating, you acknowledge:\n   - Beta products may contain bugs, errors, or incomplete features\n   - We may collect feedback and usage data to improve our products\n   - Beta access is provided \"as is\" without warranties of any kind\n   - We reserve the right to modify or terminate the beta at any time without notice\n   - The service may experience downtime, interruptions, or changes during the beta period\n\n3. SERVICE DESCRIPTION\n   Periscope provides secure SSH tunnel services that allow you to expose\n   local development services through publicly accessible URLs.\n\n4. ACCOUNT SECURITY\n   Periscope uses email-based passcode authentication. You are responsible for:\n   - Maintaining the security of the email address associated with your account\n   - Not sharing authentication passcodes sent to your email\n   - Promptly notifying us if you receive unexpected passcodes or suspect unauthorized access\n   - Ensuring your email address remains current and accessible\n   - All activities that occur using passcodes sent to your email address\n\n   We are not responsible for unauthorized access resulting from compromise of your\n   email account, sharing of passcodes, or use of an insecure or shared email address.\n\n5. ACCEPTABLE USE\n   You agree to use Periscope only for lawful purposes. You shall not:\n   - Use the Service to transmit harmful, illegal, or offensive content\n   - Violate any applicable laws or regulations\n   - Infringe upon the rights of others\n   - Distribute malicious software or engage in harmful activities\n   - Attempt to gain unauthorized access to other systems through tunnels\n   - Use the Service to circumvent network security policies\n   - Share your credentials or tunnel access with unauthorized parties\n   - Interfere with the proper functioning of our services\n\n6. DATA AND PRIVACY\n   - Tunnel traffic passes through Periscope infrastructure\n   - We collect minimal usage data (tunnel names, connection times, user identity)\n   - We do not inspect or store the content of your tunnel traffic\n   - Your authentication data is managed by your identity provider\n   - Your privacy is important to us. Our collection and use of personal information\n     is governed by our Privacy Policy\n\n   Data Access and Disclosure:\n   We reserve the right to access, preserve, and disclose your account information\n   and data if required by law or if we believe such action is necessary to:\n   (a) comply with legal process or government requests; (b) enforce these Terms;\n   (c) respond to claims of violation of third-party rights; or (d) protect the\n   rights, property, or safety of Elf 5, our users, or the public.\n\n7. DISCLAIMERS AND LIMITATIONS\n   Disclaimer of Warranties:\n   Our services are provided \"as is\" and \"as available\" without warranties of any kind,\n   either express or implied, including but not limited to warranties of merchantability,\n   fitness for a particular purpose, or non-infringement.\n\n   Limitation of Liability:\n   To the maximum extent permitted by law, Elf 5 shall not be liable for any indirect,\n   incidental, special, consequential, or punitive damages, or any loss of profits or\n   revenues, whether arising from:\n   - Your use or inability to use our services\n   - Services, applications, or data you expose through Periscope tunnels\n   - Unauthorized access to your tunnels or services due to your configuration choices\n   - Security vulnerabilities in services you make accessible through our platform\n   - Data breaches or exposure of sensitive information through tunnels you create\n   - Any actions taken by third parties who access services through your tunnels\n\n   User Responsibility:\n   You are solely responsible for the security, configuration, and content of any\n   services you expose through Periscope. You acknowledge that creating publicly\n   accessible tunnels to local services carries inherent security risks, and you\n   assume all such risks.\n\n   Liability Cap:\n   In no event shall Elf 5's total aggregate liability exceed the greater of:\n   (i) $100 USD or (ii) the total fees paid by you to Elf 5 in the twelve (12)\n   months immediately preceding the claim.\n\n8. TERMINATION\n   We may terminate or suspend your access to the Service at any time, with or\n   without cause or notice. Upon termination, your right to use our services will\n   cease immediately.\n\n9. CHANGES TO TERMS\n   We reserve the right to modify these Terms at any time. We will notify you of\n   any changes by updating the \"Version\" date. Your continued use of our services\n   after such modifications constitutes acceptance of the updated Terms.\n\nFor questions, contact: hello@elf5.com\n";
+//# sourceMappingURL=terms.d.ts.map

package/dist/lib/terms.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"terms.d.ts","sourceRoot":"","sources":["../../src/lib/terms.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,eAAO,MAAM,aAAa,eAAe,CAAC;AAE1C,eAAO,MAAM,UAAU,8hKAoGtB,CAAC"}

package/dist/lib/tunnel-manager.d.ts

@@ -0,0 +1,82 @@
+import { PeriscopeClient } from './client.js';
+/**
+ * Represents an active tunnel's information (ephemeral, not persisted)
+ */
+export interface TunnelInfo {
+    name: string;
+    clientPort: number;
+    sshTunnelPort: number;
+    isConnected: boolean;
+    /** Wildcard hostname from server config (e.g., "develop.elf5.com") */
+    wildcardHostname?: string;
+    /** URL separator from server config (e.g., "-" or ".") */
+    urlSeparator?: string;
+    /** SSH host for tunnel connections (from server config) */
+    sshHost?: string;
+    /** Local host override for Host header rewriting (e.g., "myapp.local:3000") */
+    localHost?: string;
+    /** Scheme used by the local service ("http" or "https"). Defaults to "http" on server. */
+    localScheme?: string;
+    /** User's unique 6-character slug for tunnel namespace isolation (ELF-166) */
+    slug?: string;
+}
+export declare class TunnelManager {
+    private client;
+    private activeTunnels;
+    private sshClients;
+    private retryIntervals;
+    private tunnelInfoMap;
+    private reconnecting;
+    private reconnectTimeouts;
+    private intentionalDisconnects;
+    private clientConfig;
+    private sshKeyPair;
+    constructor(client: PeriscopeClient);
+    /**
+     * Check if a local port is listening
+     */
+    private isPortListening;
+    /**
+     * Start monitoring for local service availability and manage tunnel connection
+     * TODO(ELF-122): Add connection queuing/debouncing to prevent race conditions
+     * during rapid port state changes
+     */
+    private startPortMonitoring;
+    /**
+     * Disconnect tunnel without stopping the monitoring
+     */
+    private disconnectTunnel;
+    /**
+     * Handle unexpected server disconnection by attempting reconnection with exponential backoff.
+     * Only triggers when the disconnect was NOT initiated by the client (e.g., server restart).
+     */
+    private handleServerDisconnect;
+    /**
+     * Establishes SSH connection with authentication
+     * TODO(ELF-123): Add configurable timeout for SSH connection establishment
+     */
+    private createSSHConnection;
+    /**
+     * Connect to establish an ephemeral SSH tunnel
+     * @param name - Unique name for this tunnel
+     * @param localPort - Local port to forward through the tunnel
+     * @param localHost - Optional Host header override for local service
+     * @param localScheme - Optional scheme for local service ("http" or "https")
+     * @param sshKeyPath - Optional path to SSH private key file
+     */
+    connect(name: string, localPort: number, localHost?: string, localScheme?: string, sshKeyPath?: string): Promise<TunnelInfo>;
+    /**
+     * Get list of active tunnels managed by this CLI session
+     */
+    getActiveTunnels(): TunnelInfo[];
+    /**
+     * Disconnect the SSH connection for a tunnel
+     */
+    disconnect(name: string): Promise<void>;
+    stopAll(): Promise<void>;
+    /**
+     * Cleanup and unregister this tunnel manager
+     */
+    dispose(): Promise<void>;
+}
+//# sourceMappingURL=tunnel-manager.d.ts.map

package/dist/lib/tunnel-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tunnel-manager.d.ts","sourceRoot":"","sources":["../../src/lib/tunnel-manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AA2C9C;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,OAAO,CAAC;IACrB,sEAAsE;IACtE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,0DAA0D;IAC1D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,2DAA2D;IAC3D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+EAA+E;IAC/E,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,0FAA0F;IAC1F,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,8EAA8E;IAC9E,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,qBAAa,aAAa;IAmBZ,OAAO,CAAC,MAAM;IAlB1B,OAAO,CAAC,aAAa,CAA4C;IACjE,OAAO,CAAC,UAAU,CAAqC;IACvD,OAAO,CAAC,cAAc,CAA0C;IAEhE,OAAO,CAAC,aAAa,CAAsC;IAE3D,OAAO,CAAC,YAAY,CAAmC;IAEvD,OAAO,CAAC,iBAAiB,CAA0C;IAGnE,OAAO,CAAC,sBAAsB,CAA0B;IACxD,OAAO,CAAC,YAAY,CAA2C;IAI/D,OAAO,CAAC,UAAU,CAAwB;gBAEtB,MAAM,EAAE,eAAe;IAY3C;;OAEG;YACW,eAAe;IA0B7B;;;;OAIG;IACH,OAAO,CAAC,mBAAmB;IAgF3B;;OAEG;YACW,gBAAgB;IAwB9B;;;OAGG;YACW,sBAAsB;IAiIpC;;;OAGG;YACW,mBAAmB;IAwOjC;;;;;;;OAOG;IACG,OAAO,CACX,IAAI,EAAE,MAAM,EACZ,SAAS,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE,MAAM,EACpB,UAAU,CAAC,EAAE,MAAM,GAClB,OAAO,CAAC,UAAU,CAAC;IAyGtB;;OAEG;IACH,gBAAgB,IAAI,UAAU,EAAE;IAIhC;;OAEG;IACG,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAwCvC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAuC9B;;OAEG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAI/B"}

package/dist/lib/tunnel-utils.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Helper function to display tunnel information consistently
+ */
+export declare function displayTunnelInfo(tunnel: {
+    id?: string | number;
+    clientPort?: number;
+    name?: string;
+    remoteURL?: string;
+    sshTunnelPort?: number;
+    wildcardHostname?: string;
+    urlSeparator?: string;
+    sshHost?: string;
+    slug?: string;
+}, serverUrl: string, options?: {
+    isInteractive?: boolean;
+    tunnelName?: string;
+    showBackgroundStatus?: boolean;
+    showAsListItem?: boolean;
+}): void;
+//# sourceMappingURL=tunnel-utils.d.ts.map

package/dist/lib/tunnel-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tunnel-utils.d.ts","sourceRoot":"","sources":["../../src/lib/tunnel-utils.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE;IACN,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf,EACD,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE;IACR,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B,GACA,IAAI,CAwDN"}

package/package.json

@@ -0,0 +1,104 @@
+{
+  "name": "@elf5/periscope",
+  "version": "1.0.64",
+  "description": "CLI client for Periscope SSH tunnel server",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "periscope": "./dist/cli.js"
+  },
+  "scripts": {
+    "build": "node scripts/build.mjs",
+    "build:tsc": "tsc",
+    "dev": "tsc --watch",
+    "clean": "rimraf dist",
+    "prepublishOnly": "npm run clean && npm run build",
+    "start": "node dist/cli.js",
+    "cli": "npm run build && node dist/cli.js",
+    "test": "npm run test:unit && npm run test:offline",
+    "test:watch": "vitest --config vitest.config.unit.js",
+    "test:ui": "vitest --ui --config vitest.config.unit.js",
+    "test:unit": "vitest run --coverage --config vitest.config.unit.js",
+    "test:offline": "vitest run --config vitest.config.integration.js",
+    "test:e2e": "vitest run --config vitest.config.e2e.js",
+    "test:ci": "npm run test && npm run test:e2e",
+    "format": "prettier --write src/**/*.ts",
+    "format:check": "prettier --check src/**/*.ts",
+    "lint": "eslint src",
+    "lint:fix": "eslint src --fix",
+    "test-server": "npx tsx src/__tests__/e2e/test-server.ts",
+    "prepare": "husky"
+  },
+  "keywords": [
+    "ssh",
+    "tunnel",
+    "cli",
+    "periscope",
+    "port-forwarding"
+  ],
+  "author": "Elf 5",
+  "type": "module",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/elf-5/periscope-client-npm.git"
+  },
+  "bugs": {
+    "url": "https://github.com/elf-5/periscope-client-npm/issues"
+  },
+  "homepage": "https://github.com/elf-5/periscope-client-npm#readme",
+  "engines": {
+    "node": ">=22.0.0"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "overrides": {
+    "glob": "^11.0.0",
+    "uuid": "^10.0.0"
+  },
+  "dependencies": {
+    "@azure/msal-node": "^2.6.6",
+    "@microsoft/dev-tunnels-connections": "^1.2.1",
+    "@microsoft/dev-tunnels-contracts": "^1.2.1",
+    "@microsoft/dev-tunnels-management": "^1.2.1",
+    "@microsoft/dev-tunnels-ssh": "^3.12.5",
+    "@microsoft/dev-tunnels-ssh-keys": "^3.12.5",
+    "@microsoft/dev-tunnels-ssh-tcp": "^3.12.5",
+    "applicationinsights": "^3.13.0",
+    "axios": "^1.7.2",
+    "chalk": "^5.3.0",
+    "commander": "^12.0.0",
+    "dotenv": "^16.4.5",
+    "open": "^10.0.3",
+    "openid-client": "^6.8.2"
+  },
+  "lint-staged": {
+    "*.ts": [
+      "prettier --write",
+      "eslint --fix"
+    ]
+  },
+  "devDependencies": {
+    "@elf-5/periscope-api-client": "^1.0.129",
+    "@types/node": "^20.14.0",
+    "@typescript-eslint/eslint-plugin": "^8.41.0",
+    "@typescript-eslint/parser": "^8.41.0",
+    "@vitest/coverage-v8": "^3.2.4",
+    "@vitest/ui": "^3.2.4",
+    "esbuild": "^0.27.3",
+    "eslint": "^9.34.0",
+    "eslint-config-prettier": "^10.1.8",
+    "globals": "^16.3.0",
+    "husky": "^9.1.7",
+    "lint-staged": "^16.2.7",
+    "prettier": "^3.8.1",
+    "rimraf": "^6.0.0",
+    "tsx": "^4.21.0",
+    "typescript": "^5.4.5",
+    "vitest": "^3.2.4",
+    "yocto-queue": "^1.2.1"
+  }
+}