@eve-horizon/cli 0.2.36 → 0.2.37
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +58 -11
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -49613,7 +49613,14 @@ for cloud deployments. Credentials are stored globally per API URL.`,
|
|
|
49613
49613
|
"--dry-run Show what would be set without actually setting",
|
|
49614
49614
|
"",
|
|
49615
49615
|
"Scope priority: --project > --org > user (default)",
|
|
49616
|
-
"Default scope is user-level, so credentials are available to all your jobs."
|
|
49616
|
+
"Default scope is user-level, so credentials are available to all your jobs.",
|
|
49617
|
+
"",
|
|
49618
|
+
"Token type guidance:",
|
|
49619
|
+
" Tokens starting with sk-ant-oat01-* are long-lived setup-tokens (preferred).",
|
|
49620
|
+
" A warning is emitted when syncing any other Claude token (short-lived OAuth,",
|
|
49621
|
+
" ~15h). Generate a long-lived token with: claude setup-token",
|
|
49622
|
+
" Codex/Code tokens are automatically written back to their originating secret",
|
|
49623
|
+
" scope after each job when the CLI refreshes them during the session."
|
|
49617
49624
|
],
|
|
49618
49625
|
examples: [
|
|
49619
49626
|
"eve auth sync # Sync to user-level (default)",
|
|
@@ -49627,7 +49634,10 @@ for cloud deployments. Credentials are stored globally per API URL.`,
|
|
|
49627
49634
|
usage: "eve auth creds [--claude] [--codex]",
|
|
49628
49635
|
options: [
|
|
49629
49636
|
"--claude Only check Claude/Anthropic credentials",
|
|
49630
|
-
"--codex Only check Codex/OpenAI credentials"
|
|
49637
|
+
"--codex Only check Codex/OpenAI credentials",
|
|
49638
|
+
"",
|
|
49639
|
+
"Shows token type for Claude (setup-token = long-lived, oauth = short-lived ~15h)",
|
|
49640
|
+
"and expiry for Codex/Code tokens."
|
|
49631
49641
|
],
|
|
49632
49642
|
examples: [
|
|
49633
49643
|
"eve auth creds",
|
|
@@ -58189,7 +58199,9 @@ var SecretResolveRequestSchema = external_exports.object({
|
|
|
58189
58199
|
var SecretResolveItemSchema = external_exports.object({
|
|
58190
58200
|
key: external_exports.string(),
|
|
58191
58201
|
value: external_exports.string(),
|
|
58192
|
-
type: SecretTypeSchema
|
|
58202
|
+
type: SecretTypeSchema,
|
|
58203
|
+
scope_type: external_exports.enum(["user", "org", "project", "system"]).optional(),
|
|
58204
|
+
scope_id: external_exports.string().optional()
|
|
58193
58205
|
});
|
|
58194
58206
|
var SecretResolveResponseSchema = external_exports.object({
|
|
58195
58207
|
data: external_exports.array(SecretResolveItemSchema)
|
|
@@ -65559,6 +65571,18 @@ Permissions (${data.permissions.length}):`);
|
|
|
65559
65571
|
);
|
|
65560
65572
|
return;
|
|
65561
65573
|
}
|
|
65574
|
+
const warnings = [];
|
|
65575
|
+
const claudeToken = extractedTokens.CLAUDE_CODE_OAUTH_TOKEN;
|
|
65576
|
+
if (claudeToken && !claudeToken.startsWith("sk-ant-oat01-")) {
|
|
65577
|
+
warnings.push("Found short-lived Claude OAuth token (expires in ~15h). For reliable agent execution, generate a long-lived token: claude setup-token\nThen re-run: eve auth sync");
|
|
65578
|
+
if (!json) {
|
|
65579
|
+
process.stderr.write(`\u26A0 Found short-lived Claude OAuth token (expires in ~15h).
|
|
65580
|
+
For reliable agent execution, generate a long-lived token: claude setup-token
|
|
65581
|
+
Then re-run: eve auth sync
|
|
65582
|
+
|
|
65583
|
+
`);
|
|
65584
|
+
}
|
|
65585
|
+
}
|
|
65562
65586
|
const targetLabel = scope.type === "user" ? "user" : scope.type === "org" ? `org ${scope.orgId}` : `project ${scope.projectId}`;
|
|
65563
65587
|
if (dryRun) {
|
|
65564
65588
|
const tokenList = Object.keys(extractedTokens).map((key) => ({
|
|
@@ -65566,7 +65590,7 @@ Permissions (${data.permissions.length}):`);
|
|
|
65566
65590
|
value: `${extractedTokens[key].substring(0, 10)}...`
|
|
65567
65591
|
}));
|
|
65568
65592
|
outputJson(
|
|
65569
|
-
{ dry_run: true, would_set: tokenList, target: targetLabel, scope },
|
|
65593
|
+
{ dry_run: true, would_set: tokenList, target: targetLabel, scope, warnings },
|
|
65570
65594
|
json,
|
|
65571
65595
|
`Would set ${tokenList.length} token(s) on ${targetLabel}:
|
|
65572
65596
|
${tokenList.map((t) => ` - ${t.name}`).join("\n")}`
|
|
@@ -65601,7 +65625,8 @@ ${tokenList.map((t) => ` - ${t.name}`).join("\n")}`
|
|
|
65601
65625
|
scope,
|
|
65602
65626
|
results,
|
|
65603
65627
|
success: successCount,
|
|
65604
|
-
failed: failCount
|
|
65628
|
+
failed: failCount,
|
|
65629
|
+
warnings
|
|
65605
65630
|
},
|
|
65606
65631
|
json,
|
|
65607
65632
|
`\u2713 Set ${successCount} secret(s) on ${targetLabel}${failCount > 0 ? ` (${failCount} failed)` : ""}`
|
|
@@ -65620,6 +65645,7 @@ ${tokenList.map((t) => ` - ${t.name}`).join("\n")}`
|
|
|
65620
65645
|
let claudeSource = "";
|
|
65621
65646
|
let claudePreview = "";
|
|
65622
65647
|
let claudeExpires;
|
|
65648
|
+
let claudeTokenType;
|
|
65623
65649
|
if (plat === "darwin" && !claudeFound) {
|
|
65624
65650
|
for (const service of ["Claude Code-credentials", "anthropic.claude"]) {
|
|
65625
65651
|
try {
|
|
@@ -65630,7 +65656,15 @@ ${tokenList.map((t) => ` - ${t.name}`).join("\n")}`
|
|
|
65630
65656
|
if (output) {
|
|
65631
65657
|
claudeFound = true;
|
|
65632
65658
|
claudeSource = `macOS Keychain (${service})`;
|
|
65633
|
-
|
|
65659
|
+
let tokenStr = output;
|
|
65660
|
+
try {
|
|
65661
|
+
const parsed = JSON.parse(output);
|
|
65662
|
+
const claudeOauth = parsed.claudeAiOauth;
|
|
65663
|
+
if (typeof claudeOauth?.accessToken === "string") tokenStr = claudeOauth.accessToken;
|
|
65664
|
+
} catch {
|
|
65665
|
+
}
|
|
65666
|
+
claudeTokenType = tokenStr.startsWith("sk-ant-oat01-") ? "setup-token" : "oauth";
|
|
65667
|
+
claudePreview = tokenStr.substring(0, 15) + "...";
|
|
65634
65668
|
break;
|
|
65635
65669
|
}
|
|
65636
65670
|
} catch {
|
|
@@ -65652,7 +65686,9 @@ ${tokenList.map((t) => ` - ${t.name}`).join("\n")}`
|
|
|
65652
65686
|
if (claudeOauth?.accessToken) {
|
|
65653
65687
|
claudeFound = true;
|
|
65654
65688
|
claudeSource = credPath.replace((0, import_node_os3.homedir)(), "~");
|
|
65655
|
-
|
|
65689
|
+
const tokenStr = claudeOauth.accessToken;
|
|
65690
|
+
claudePreview = tokenStr.substring(0, 15) + "...";
|
|
65691
|
+
claudeTokenType = tokenStr.startsWith("sk-ant-oat01-") ? "setup-token" : "oauth";
|
|
65656
65692
|
if (claudeOauth.expiresAt) {
|
|
65657
65693
|
const expDate = new Date(claudeOauth.expiresAt);
|
|
65658
65694
|
claudeExpires = expDate.toISOString();
|
|
@@ -65664,6 +65700,7 @@ ${tokenList.map((t) => ` - ${t.name}`).join("\n")}`
|
|
|
65664
65700
|
claudeSource = credPath.replace((0, import_node_os3.homedir)(), "~");
|
|
65665
65701
|
const token = creds.oauth_token || creds.access_token;
|
|
65666
65702
|
claudePreview = token.substring(0, 15) + "...";
|
|
65703
|
+
claudeTokenType = token.startsWith("sk-ant-oat01-") ? "setup-token" : "oauth";
|
|
65667
65704
|
break;
|
|
65668
65705
|
}
|
|
65669
65706
|
} catch {
|
|
@@ -65676,7 +65713,8 @@ ${tokenList.map((t) => ` - ${t.name}`).join("\n")}`
|
|
|
65676
65713
|
source: claudeFound ? claudeSource : "not found",
|
|
65677
65714
|
found: claudeFound,
|
|
65678
65715
|
preview: claudePreview || void 0,
|
|
65679
|
-
expiresAt: claudeExpires
|
|
65716
|
+
expiresAt: claudeExpires,
|
|
65717
|
+
tokenType: claudeTokenType
|
|
65680
65718
|
});
|
|
65681
65719
|
}
|
|
65682
65720
|
if (checkCodex) {
|
|
@@ -65700,6 +65738,7 @@ ${tokenList.map((t) => ` - ${t.name}`).join("\n")}`
|
|
|
65700
65738
|
}
|
|
65701
65739
|
}
|
|
65702
65740
|
}
|
|
65741
|
+
let codexExpires;
|
|
65703
65742
|
if (!codexFound) {
|
|
65704
65743
|
const freshest = pickFreshestCodeAuth();
|
|
65705
65744
|
if (freshest) {
|
|
@@ -65711,13 +65750,17 @@ ${tokenList.map((t) => ` - ${t.name}`).join("\n")}`
|
|
|
65711
65750
|
codexSource += " (API key)";
|
|
65712
65751
|
codexPreview = freshest.apiKey.substring(0, 10) + "...";
|
|
65713
65752
|
}
|
|
65753
|
+
if (freshest.expiresAt > 0) {
|
|
65754
|
+
codexExpires = new Date(freshest.expiresAt * 1e3).toISOString();
|
|
65755
|
+
}
|
|
65714
65756
|
}
|
|
65715
65757
|
}
|
|
65716
65758
|
credentials2.push({
|
|
65717
65759
|
name: "Codex/Code OAuth",
|
|
65718
65760
|
source: codexFound ? codexSource : "not found",
|
|
65719
65761
|
found: codexFound,
|
|
65720
|
-
preview: codexPreview || void 0
|
|
65762
|
+
preview: codexPreview || void 0,
|
|
65763
|
+
expiresAt: codexExpires
|
|
65721
65764
|
});
|
|
65722
65765
|
}
|
|
65723
65766
|
const foundCount = credentials2.filter((c) => c.found).length;
|
|
@@ -65731,6 +65774,10 @@ ${tokenList.map((t) => ` - ${t.name}`).join("\n")}`
|
|
|
65731
65774
|
const status = cred.found ? "\u2713" : "\u2717";
|
|
65732
65775
|
console.log(` ${status} ${cred.name}`);
|
|
65733
65776
|
console.log(` Source: ${cred.source}`);
|
|
65777
|
+
if (cred.tokenType) {
|
|
65778
|
+
const typeLabel = cred.tokenType === "setup-token" ? "setup-token (long-lived)" : "oauth (short-lived, ~15h)";
|
|
65779
|
+
console.log(` Type: ${typeLabel}`);
|
|
65780
|
+
}
|
|
65734
65781
|
if (cred.preview) {
|
|
65735
65782
|
console.log(` Token: ${cred.preview}`);
|
|
65736
65783
|
}
|
|
@@ -65738,8 +65785,8 @@ ${tokenList.map((t) => ` - ${t.name}`).join("\n")}`
|
|
|
65738
65785
|
const expDate = new Date(cred.expiresAt);
|
|
65739
65786
|
const now = /* @__PURE__ */ new Date();
|
|
65740
65787
|
const isExpired = expDate < now;
|
|
65741
|
-
const expLabel = isExpired ? "(expired)" : "";
|
|
65742
|
-
console.log(` Expires: ${cred.expiresAt}
|
|
65788
|
+
const expLabel = isExpired ? " (expired)" : "";
|
|
65789
|
+
console.log(` Expires: ${cred.expiresAt}${expLabel}`);
|
|
65743
65790
|
}
|
|
65744
65791
|
console.log("");
|
|
65745
65792
|
}
|