@glrs-dev/assume 0.10.2 → 0.10.4

package/CHANGELOG.md

@@ -1,5 +1,42 @@
 # @glrs-dev/assume
 
+## 0.10.4
+
+### Patch Changes
+
+- [#273](https://github.com/iceglober/glrs/pull/273) [`a3728ef`](https://github.com/iceglober/glrs/commit/a3728ef1336cec91762e2f1d7cac6a85ddc2a166) Thanks [@iceglober](https://github.com/iceglober)! - fix(assume): stop fabricating the refresh-token lifetime; honest `gsa status`
+
+  `gsa status` showed "Refresh token: 6d 22h remaining" even right after auto-refresh
+  had failed and the SSO session ended — making it look like auto-refresh was broken.
+
+  Root cause: `refresh_expires_at` was hardcoded to `now + 7 days` and **reset on
+  every refresh** (AWS rotates the refresh token each time). AWS SSO never reports
+  the refresh token's real lifetime — it's capped by the org's IAM Identity Center
+  session limit (often hours), enforced server-side. So the 7-day number was pure
+  fiction, and the daemon also hammered refresh every tick near session end.
+
+  - `refresh()` no longer rolls `refresh_expires_at` forward on rotation; it
+    preserves the ceiling set at login.
+  - `gsa status` no longer prints a fabricated refresh-token countdown. While the
+    session is live it shows `Auto-refresh: on`; once the SSO token is expired
+    (auto-refresh couldn't renew it) it shows `SSO session ended — run: gsa login`.
+
+  Auto-refresh itself was working correctly the whole time — it just can't extend
+  past the org's SSO session limit, which is expected AWS behavior.
+
+## 0.10.3
+
+### Patch Changes
+
+- [#271](https://github.com/iceglober/glrs/pull/271) [`1853420`](https://github.com/iceglober/glrs/commit/18534203443cd7e7415ae85ce9d87cbc43df1315) Thanks [@iceglober](https://github.com/iceglober)! - docs(assume): lead the quick start with `gsa init`
+
+  The `gsa --help` quick start (and the README usage block) still told new users to
+  run `gsa login` / `gsa use` first — but those commands now refuse until `gsa init`
+  completes (init gate). Reordered both to start with `gsa init`, show that
+  `aws s3 ls` then works off the default context, and present `gsa use` as the
+  per-shell override. Also notes the pre-init allowlist. (docs-site/assume.md
+  "How it works" + "Contexts" updated to match.)
+
 ## 0.10.2
 
 ### Patch Changes

package/README.md

@@ -17,9 +17,9 @@ Or standalone: `npm i -g @glrs-dev/assume` (then `gsa init`).
 ## Usage
 
 ```bash
-gsa login aws                # authenticate (opens browser)
-gsa use aws dev              # switch context (fuzzy match)
-aws s3 ls                    # credentials served locally
+gsa init                     # one-time setup (required first — see Install)
+aws s3 ls                    # credentials served locally (default context)
+gsa use aws dev              # switch this shell to another context (fuzzy match)
 gsa status                   # token expiry, daemon health
 gsa contexts                 # list available contexts
 ```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@glrs-dev/assume",
-  "version": "0.10.2",
+  "version": "0.10.4",
   "publishConfig": {
     "access": "public"
   },
@@ -51,9 +51,9 @@
     "typescript": "^5"
   },
   "optionalDependencies": {
-    "@glrs-dev/assume-darwin-arm64": "0.10.2",
-    "@glrs-dev/assume-darwin-x64": "0.10.2",
-    "@glrs-dev/assume-linux-x64": "0.10.2",
-    "@glrs-dev/assume-linux-arm64": "0.10.2"
+    "@glrs-dev/assume-darwin-arm64": "0.10.4",
+    "@glrs-dev/assume-darwin-x64": "0.10.4",
+    "@glrs-dev/assume-linux-x64": "0.10.4",
+    "@glrs-dev/assume-linux-arm64": "0.10.4"
   }
 }