@herodevs/cli 2.0.0-beta.8 → 2.0.0

package/README.md

@@ -10,17 +10,45 @@ The HeroDevs CLI
 * [@herodevs/cli](#herodevscli)
 <!-- tocstop -->
 
-## Installation Instructions
+### Terms and Data Security
 
-1. Install node v20 or higher: [Download Node](https://nodejs.org/en/download)
-1. Install the CLI using one of the following methods:
-   * Globally: Refer to the [Usage](#usage) instructions on installing the CLI globally
-   * npx: `npx @herodevs/cli@beta`
-1. Refer to the [Commands](#commands) section for a list of commands
+- [HeroDevs End of Life Dataset Terms of Service and Data Policy](https://docs.herodevs.com/legal/end-of-life-dataset-terms)
+- [HeroDevs End of Life Dataset Data Privacy and Security](https://docs.herodevs.com/eol-ds/data-privacy-and-security)
 
-## TERMS
+### Prerequisites
 
-Use of this CLI is governed by the [HeroDevs End of Life Dataset Terms of Service and Data Policy](https://docs.herodevs.com/legal/end-of-life-dataset-terms).
+- Install node v20 or higher: [Download Node](https://nodejs.org/en/download)
+- The HeroDevs CLI expects that you have all required technology installed for the project that you are running the CLI against
+  - For example, if you are running the CLI against a Gradle project, the CLI expects you to have Java installed.
+
+
+### Installation methods
+
+#### Node Package Execute (NPX)
+
+With Node installed, you can run the CLI directly from the npm registry without installing it globally or locally on your system
+
+```sh
+npx @herodevs/cli
+```
+
+#### Global NPM Installation
+
+```sh
+npm install -g @herodevs/cli
+```
+
+#### Binary Installation
+
+HeroDevs CLI is available as a binary installation, without requiring `npm`. To do that, you may either download and run the script manually, or use the following cURL or Wget command:
+
+```sh
+curl -o- https://raw.githubusercontent.com/herodevs/cli/v2.0.0-beta.18/scripts/install.sh | bash
+```
+
+```sh
+wget -qO- https://raw.githubusercontent.com/herodevs/cli/v2.0.0-beta.18/scripts/install.sh | bash
+```
 
 ## Scanning Behavior
 
@@ -40,11 +68,11 @@ Maven and Gradle projects should run an install and build before scanning
 ## Usage
 <!-- usage -->
 ```sh-session
-$ npm install -g @herodevs/cli@beta
+$ npm install -g @herodevs/cli
 $ hd COMMAND
 running command...
 $ hd (--version)
-@herodevs/cli/2.0.0-beta.8 darwin-arm64 node-v22.18.0
+@herodevs/cli/2.0.0 darwin-arm64 node-v24.10.0
 $ hd --help [COMMAND]
 USAGE
   $ hd COMMAND
@@ -53,10 +81,58 @@ USAGE
 <!-- usagestop -->
 ## Commands
 <!-- commands -->
+* [`hd auth login`](#hd-auth-login)
+* [`hd auth logout`](#hd-auth-logout)
+* [`hd auth provision-ci-token`](#hd-auth-provision-ci-token)
 * [`hd help [COMMAND]`](#hd-help-command)
+* [`hd report committers`](#hd-report-committers)
 * [`hd scan eol`](#hd-scan-eol)
+* [`hd tracker init`](#hd-tracker-init)
+* [`hd tracker run`](#hd-tracker-run)
 * [`hd update [CHANNEL]`](#hd-update-channel)
-  * Only applies to tarball installation. For NPM users, please update using `npm install`
+* **NOTE:** Only applies to [binary installation method](#binary-installation). NPM users should use [`npm install`](#global-npm-installation) to update to the latest version.
+
+## `hd auth login`
+
+OAuth CLI login
+
+```
+USAGE
+  $ hd auth login
+
+DESCRIPTION
+  OAuth CLI login
+```
+
+_See code: [src/commands/auth/login.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.16/src/commands/auth/login.ts)_
+
+## `hd auth logout`
+
+Logs out of HeroDevs OAuth and clears stored tokens
+
+```
+USAGE
+  $ hd auth logout
+
+DESCRIPTION
+  Logs out of HeroDevs OAuth and clears stored tokens
+```
+
+_See code: [src/commands/auth/logout.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.16/src/commands/auth/logout.ts)_
+
+## `hd auth provision-ci-token`
+
+Provision a CI/CD long-lived refresh token for headless auth
+
+```
+USAGE
+  $ hd auth provision-ci-token
+
+DESCRIPTION
+  Provision a CI/CD long-lived refresh token for headless auth
+```
+
+_See code: [src/commands/auth/provision-ci-token.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.16/src/commands/auth/provision-ci-token.ts)_
 
 ## `hd help [COMMAND]`
 
@@ -67,7 +143,7 @@ USAGE
   $ hd help [COMMAND...] [-n]
 
 ARGUMENTS
-  COMMAND...  Command to show help for.
+  [COMMAND...]  Command to show help for.
 
 FLAGS
   -n, --nested-commands  Include all nested commands in the output.
@@ -76,7 +152,43 @@ DESCRIPTION
   Display help for hd.
 ```
 
-_See code: [@oclif/plugin-help](https://github.com/oclif/plugin-help/blob/v6.2.32/src/commands/help.ts)_
+_See code: [@oclif/plugin-help](https://github.com/oclif/plugin-help/blob/6.2.37/src/commands/help.ts)_
+
+## `hd report committers`
+
+Generate report of committers to a git repository
+
+```
+USAGE
+  $ hd report committers [--json] [-x <value>...] [-d <value>] [--monthly] [-m <value> | -s <value> | -e <value> |  | ]
+    [-c] [-s]
+
+FLAGS
+  -c, --csv                 Output in CSV format
+  -d, --directory=<value>   Directory to search
+  -e, --afterDate=<value>   [default: 2025-02-26] Start date (format: yyyy-MM-dd)
+  -m, --months=<value>      [default: 12] The number of months of git history to review. Cannot be used along beforeDate
+                            and afterDate
+  -s, --beforeDate=<value>  [default: 2026-02-26] End date (format: yyyy-MM-dd)
+  -s, --save                Save the committers report as herodevs.committers.<output>
+  -x, --exclude=<value>...  Path Exclusions (eg -x="./src/bin" -x="./dist")
+      --json                Output to JSON format
+      --monthly             Break down by calendar month.
+
+DESCRIPTION
+  Generate report of committers to a git repository
+
+EXAMPLES
+  $ hd report committers
+
+  $ hd report committers --csv -s
+
+  $ hd report committers --json
+
+  $ hd report committers --csv
+```
+
+_See code: [src/commands/report/committers.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.16/src/commands/report/committers.ts)_
 
 ## `hd scan eol`
 
@@ -84,14 +196,21 @@ Scan a given SBOM for EOL data
 
 ```
 USAGE
-  $ hd scan eol [--json] [-f <value> | -d <value>] [-s] [--saveSbom] [--version]
+  $ hd scan eol [--json] [-f <value> | -d <value>] [-s] [-o <value>] [--saveSbom] [--sbomOutput <value>]
+    [--saveTrimmedSbom] [--hideReportUrl] [--automated] [--version]
 
 FLAGS
-  -d, --dir=<value>   [default: <current directory>] The directory to scan in order to create a cyclonedx SBOM
-  -f, --file=<value>  The file path of an existing cyclonedx SBOM to scan for EOL
-  -s, --save          Save the generated report as herodevs.report.json in the scanned directory
-      --saveSbom      Save the generated SBOM as herodevs.sbom.json in the scanned directory
-      --version       Show CLI version.
+  -d, --dir=<value>         [default: <current directory>] The directory to scan in order to create a cyclonedx SBOM
+  -f, --file=<value>        The file path of an existing SBOM to scan for EOL (supports CycloneDX and SPDX 2.3 formats)
+  -o, --output=<value>      Save the generated report to a custom path (defaults to herodevs.report.json when not
+                            provided)
+  -s, --save                Save the generated report as herodevs.report.json in the scanned directory
+      --automated           Mark scan as automated (for CI/CD pipelines)
+      --hideReportUrl       Hide the generated web report URL for this scan
+      --saveSbom            Save the generated SBOM as herodevs.sbom.json in the scanned directory
+      --saveTrimmedSbom     Save the trimmed SBOM as herodevs.sbom-trimmed.json in the scanned directory
+      --sbomOutput=<value>  Save the generated SBOM to a custom path (defaults to herodevs.sbom.json when not provided)
+      --version             Show CLI version.
 
 GLOBAL FLAGS
   --json  Format output as json.
@@ -121,12 +240,72 @@ EXAMPLES
     $ hd scan eol --json
 ```
 
-_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.8/src/commands/scan/eol.ts)_
+_See code: [src/commands/scan/eol.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.16/src/commands/scan/eol.ts)_
+
+## `hd tracker init`
+
+Initialize the tracker configuration
+
+```
+USAGE
+  $ hd tracker init [--force -o] [-d <value>] [-f <value>] [-i <value>...]
+
+FLAGS
+  -d, --outputDir=<value>          [default: hd-tracker] Output directory for the tracker configuration file
+  -f, --configFile=<value>         [default: config.json] Filename for the tracker configuration file
+  -i, --ignorePatterns=<value>...  [default: node_modules] Ignore patterns to use for the tracker configuration file
+  -o, --overwrite                  Overwrites the tracker configuration file if it exists
+      --force                      Force tracker configuration file creation. Use with --overwrite flag
+
+DESCRIPTION
+  Initialize the tracker configuration
+
+EXAMPLES
+  $ hd tracker init
+
+  $ hd tracker init -d trackerDir
+
+  $ hd tracker init -d trackerDir -f configFileName
+
+  $ hd tracker init -i node_modules
+
+  $ hd tracker init -i node_modules -i custom_modules
+
+  $ hd tracker init -o
+```
+
+_See code: [src/commands/tracker/init.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.16/src/commands/tracker/init.ts)_
+
+## `hd tracker run`
+
+Run the tracker
+
+```
+USAGE
+  $ hd tracker run [-d <value>] [-f <value>]
+
+FLAGS
+  -d, --configDir=<value>   [default: hd-tracker] Directory where the tracker configuration file resides
+  -f, --configFile=<value>  [default: config.json] Filename for the tracker configuration file
+
+DESCRIPTION
+  Run the tracker
+
+EXAMPLES
+  $ hd tracker run
+
+  $ hd tracker run -d tracker-configuration
+
+  $ hd tracker run -d tracker -f settings.json
+```
+
+_See code: [src/commands/tracker/run.ts](https://github.com/herodevs/cli/blob/v2.0.0-beta.16/src/commands/tracker/run.ts)_
 
 ## `hd update [CHANNEL]`
 
 update the hd CLI
-**NOTE:** Only applies to binary installation method. NPM users should use `npm install` to update to the latest version.
+
+* **NOTE:** Only applies to [binary installation method](#binary-installation). NPM users should use [`npm install`](#global-npm-installation) to update to the latest version.
 
 ```
 USAGE
@@ -160,18 +339,75 @@ EXAMPLES
     $ hd update --available
 ```
 
-_See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/v4.7.4/src/commands/update.ts)_
+_See code: [@oclif/plugin-update](https://github.com/oclif/plugin-update/blob/4.7.18/src/commands/update.ts)_
 <!-- commandsstop -->
 
 ## CI/CD Usage
 
 You can use `@herodevs/cli` in your CI/CD pipelines to automate EOL scanning.
 
+### CI/CD authentication
+
+For headless use in CI/CD (e.g. GitHub Actions, GitLab CI), the CLI supports long-lived organization-scoped refresh tokens. You do not need to run an interactive login in the pipeline.
+
+**One-time setup (interactive):**
+
+```bash
+hd auth login
+hd auth provision-ci-token
+```
+
+Copy the token output, add as an environment variable: `HD_CI_CREDENTIAL`
+
+**CI pipeline (headless):** Run `hd scan eol` directly with `HD_CI_CREDENTIAL` set. The CLI exchanges the token for an access token automatically. An explicit `auth login` command is not required when using the CI token.
+
+```bash
+export HD_CI_CREDENTIAL="<token>"
+hd scan eol
+```
+
+| Secret / Env Var | Purpose |
+|------------------|---------|
+| `HD_CI_CREDENTIAL` | Refresh token from provision; exchanged for access token |
+
+#### GitHub Actions (authenticated scan)
+
+Add secret `HD_CI_CREDENTIAL` in your repository or organization, then:
+
+```yaml
+- uses: actions/checkout@v5
+- uses: actions/setup-node@v6
+  with:
+    node-version: '24'
+- name: Run EOL Scan
+  env:
+    HD_CI_CREDENTIAL: ${{ secrets.HD_CI_CREDENTIAL }}
+  run: npx @herodevs/cli scan eol -s
+```
+
+#### GitLab CI (authenticated scan)
+
+Add CI/CD variable `HD_CI_CREDENTIAL` (masked) in your project:
+
+```yaml
+eol-scan:
+  image: node:24
+  variables:
+    HD_CI_CREDENTIAL: $HD_CI_CREDENTIAL
+  script:
+    - npx @herodevs/cli scan eol -s
+  artifacts:
+    paths:
+      - herodevs.report.json
+```
+
 ### Using the Docker Image (Recommended)
 
 We provide a Docker image that's pre-configured to run EOL scans. Based on [`cdxgen`](https://github.com/CycloneDX/cdxgen),
 it contains build tools for most project types and will provide best results when generating an SBOM. Use these templates to generate a report and save it to your CI job artifact for analysis and processing after your scan runs.
 
+**Note:** There is a potential to run into permission issues writing out the report to your CI runner. Please ensure that your CI runner is setup to have proper read/write permissions for wherever your output files are being written to.
+
 #### GitHub Actions
 
 ```yaml
@@ -187,19 +423,25 @@ on:
 jobs:
   scan:
     runs-on: ubuntu-latest
+    environment: demo
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v5
 
-      - name: Run EOL Scan with Docker
-        uses: docker://ghcr.io/herodevs/eol-scan
-        with:
-          args: "-s"
-      
-      - name: Upload   artifact
-        uses: actions/upload-artifact@v4
+      - name: Run EOL Scan
+        run: |
+          docker run --name eol-scanner \
+            -v $GITHUB_WORKSPACE:/app \
+            -w /app \
+            ghcr.io/herodevs/eol-scan --save --output /tmp/herodevs.report.json
+          docker cp eol-scanner:/tmp/herodevs.report.json ${{ runner.temp }}/herodevs.report.json
+          docker rm eol-scanner
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v5
         with:
           name: my-eol-report
-          path: herodevs.report.json
+          path: ${{ runner.temp }}/herodevs.report.json
 ```
 
 #### GitLab CI/CD
@@ -211,7 +453,7 @@ eol-scan:
     # Entrypoint or base command must be disabled due 
     # to GitLab's execution mechanism and run manually
     entrypoint: [""] 
-  script: "npx @herodevs/cli@beta scan eol -s"
+  script: "npx @herodevs/cli scan eol -s"
   artifacts:
     paths:
       - herodevs.report.json
@@ -242,18 +484,19 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+
+      - uses: actions/setup-node@v6
         with:
-          node-version: '20'
+          node-version: '24'
 
       - run: echo # Prepare environment, install tooling, perform setup, etc.
 
       - name: Run EOL Scan
-        run: npx @herodevs/cli@beta
+        run: npx @herodevs/cli scan eol
 
-      - name: Upload   artifact
-        uses: actions/upload-artifact@v4
+      - name: Upload artifact
+        uses: actions/upload-artifact@v5
         with:
           name: my-eol-report
           path: herodevs.report.json
@@ -267,7 +510,7 @@ image: alpine
 eol-scan:
   script:
     - echo # Prepare environment, install tooling, perform setup, etc.
-    - npx @herodevs/cli@beta scan eol -s
+    - npx @herodevs/cli scan eol -s
   artifacts:
     paths:
       - herodevs.report.json

package/bin/main.js

@@ -7,13 +7,9 @@ async function main(isProduction = false) {
     strict: false, // Don't validate flags
   });
 
-  // If no arguments at all, default to scan:eol
+  // If no arguments at all, default to help
   if (positionals.length === 0) {
-    process.argv.splice(2, 0, 'scan:eol');
-  }
-  // If only flags are provided, set scan:eol as the command for those flags
-  else if (positionals.length === 1 && positionals[0].startsWith('-')) {
-    process.argv.splice(2, 0, 'scan:eol');
+    process.argv.splice(2, 0, 'help');
   }
 
   try {

package/dist/api/apollo.client.d.ts

@@ -0,0 +1,3 @@
+import { ApolloClient } from '@apollo/client/core';
+export type TokenProvider = (forceRefresh?: boolean) => Promise<string>;
+export declare const createApollo: (uri: string, tokenProvider?: TokenProvider) => ApolloClient;

package/dist/api/apollo.client.js

@@ -0,0 +1,53 @@
+import { ApolloClient, HttpLink, InMemoryCache } from '@apollo/client/core';
+import { requireAccessTokenForScan } from "../service/auth.svc.js";
+function isTokenEndpoint(input) {
+    let urlString;
+    if (typeof input === 'string') {
+        urlString = input;
+    }
+    else if (input instanceof Request) {
+        urlString = input.url;
+    }
+    else {
+        urlString = input.toString();
+    }
+    try {
+        const url = new URL(urlString);
+        return url.pathname.endsWith('/token');
+    }
+    catch {
+        const pathOnly = urlString.split('?')[0].split('#')[0];
+        return pathOnly.endsWith('/token');
+    }
+}
+const createAuthorizedFetch = (tokenProvider) => async (input, init) => {
+    const headers = new Headers(init?.headers);
+    const token = await tokenProvider();
+    if (token) {
+        headers.set('Authorization', `Bearer ${token}`);
+    }
+    const response = await fetch(input, { ...init, headers });
+    if (response.status === 401 &&
+        !isTokenEndpoint(input) &&
+        (init?.method === 'GET' || init?.method === undefined || init?.method === 'POST')) {
+        const refreshed = await tokenProvider(true);
+        const retryHeaders = new Headers(init?.headers);
+        retryHeaders.set('Authorization', `Bearer ${refreshed}`);
+        return fetch(input, { ...init, headers: retryHeaders });
+    }
+    return response;
+};
+export const createApollo = (uri, tokenProvider = requireAccessTokenForScan) => new ApolloClient({
+    cache: new InMemoryCache(),
+    defaultOptions: {
+        query: { fetchPolicy: 'no-cache', errorPolicy: 'all' },
+        mutate: { errorPolicy: 'all' },
+    },
+    link: new HttpLink({
+        uri,
+        fetch: createAuthorizedFetch(tokenProvider),
+        headers: {
+            'User-Agent': `hdcli/${process.env.npm_package_version ?? 'unknown'}`,
+        },
+    }),
+});

package/dist/api/ci-token.client.d.ts

@@ -0,0 +1,27 @@
+export type IamAccessOrgTokensInput = {
+    orgId: number;
+    previousToken?: never;
+} | {
+    orgId?: never;
+    previousToken: string;
+};
+export interface ProvisionCITokenResponse {
+    refresh_token: string;
+    access_token: string;
+}
+export interface ProvisionCITokenOptions {
+    orgId?: number;
+    previousToken?: string | null;
+}
+export declare function getOrgAccessTokensUnauthenticated(input: IamAccessOrgTokensInput): Promise<{
+    accessToken: string;
+    refreshToken: string;
+}>;
+export interface ExchangeCITokenOptions {
+    refreshToken: string;
+}
+export declare function exchangeCITokenForAccess(options: ExchangeCITokenOptions): Promise<{
+    accessToken: string;
+    refreshToken: string;
+}>;
+export declare function provisionCIToken(options?: ProvisionCITokenOptions): Promise<ProvisionCITokenResponse>;

package/dist/api/ci-token.client.js

@@ -0,0 +1,95 @@
+import { config } from "../config/constants.js";
+import { requireAccessToken } from "../service/auth.svc.js";
+import { debugLogger } from "../service/log.svc.js";
+import { createApollo } from "./apollo.client.js";
+import { ApiError, isApiErrorCode } from "./errors.js";
+import { getOrgAccessTokensMutation } from "./gql-operations.js";
+import { getGraphQLErrors } from "./graphql-errors.js";
+const graphqlUrl = `${config.graphqlHost}${config.graphqlPath}`;
+const noAuthTokenProvider = async () => '';
+function extractErrorCode(errors) {
+    const code = errors[0]?.extensions?.code;
+    if (!code || !isApiErrorCode(code))
+        return;
+    return code;
+}
+async function getOrgAccessTokens(input) {
+    const client = createApollo(graphqlUrl, requireAccessToken);
+    const res = await client.mutate({
+        mutation: getOrgAccessTokensMutation,
+        variables: {
+            input,
+        },
+    });
+    const errors = getGraphQLErrors(res);
+    if (res?.error || errors?.length) {
+        debugLogger('Error returned from getOrgAccessTokens mutation: %o', res.error ?? errors);
+        if (errors?.length) {
+            const code = extractErrorCode(errors);
+            if (code) {
+                throw new ApiError(errors[0].message ?? 'CI token provisioning failed', code);
+            }
+            throw new Error(errors[0].message ?? 'CI token provisioning failed');
+        }
+        const msg = res?.error instanceof Error ? res.error.message : res?.error ? String(res.error) : '';
+        throw new Error(msg || 'CI token provisioning failed');
+    }
+    const tokens = res.data?.iamV2?.access?.getOrgAccessTokens;
+    if (!tokens?.refreshToken || tokens.refreshToken.trim() === '') {
+        throw new Error('CI token provisioning response missing refreshToken');
+    }
+    return {
+        accessToken: tokens.accessToken ?? '',
+        refreshToken: tokens.refreshToken,
+    };
+}
+export async function getOrgAccessTokensUnauthenticated(input) {
+    return callGetOrgAccessTokensInternal(input, noAuthTokenProvider);
+}
+async function callGetOrgAccessTokensInternal(input, tokenProvider) {
+    const client = createApollo(graphqlUrl, tokenProvider);
+    const res = await client.mutate({
+        mutation: getOrgAccessTokensMutation,
+        variables: { input },
+    });
+    const errors = getGraphQLErrors(res);
+    if (res?.error || errors?.length) {
+        debugLogger('Error returned from getOrgAccessTokens mutation: %o', res.error ?? errors);
+        if (errors?.length) {
+            const code = extractErrorCode(errors);
+            if (code) {
+                throw new ApiError(errors[0].message ?? 'CI token refresh failed', code);
+            }
+            throw new Error(errors[0].message ?? 'CI token refresh failed');
+        }
+        const msg = res?.error instanceof Error ? res.error.message : res?.error ? String(res.error) : '';
+        throw new Error(msg || 'CI token refresh failed');
+    }
+    const tokens = res.data?.iamV2?.access?.getOrgAccessTokens;
+    if (!tokens?.accessToken) {
+        throw new Error('getOrgAccessTokens response missing accessToken');
+    }
+    return {
+        accessToken: tokens.accessToken,
+        refreshToken: tokens.refreshToken ?? '',
+    };
+}
+export async function exchangeCITokenForAccess(options) {
+    const { refreshToken } = options;
+    return callGetOrgAccessTokensInternal({ previousToken: refreshToken }, noAuthTokenProvider);
+}
+export async function provisionCIToken(options = {}) {
+    const { orgId, previousToken } = options;
+    let input;
+    if (previousToken != null && previousToken !== '') {
+        input = { previousToken };
+    }
+    else if (orgId != null) {
+        input = { orgId };
+    }
+    else {
+        throw new Error('Either orgId or previousToken is required to provision a CI token');
+    }
+    const result = await getOrgAccessTokens(input);
+    return { access_token: result.accessToken, refresh_token: result.refreshToken };
+}

package/dist/api/errors.d.ts

@@ -0,0 +1,8 @@
+declare const API_ERROR_CODES: readonly ["SESSION_EXPIRED", "INVALID_TOKEN", "UNAUTHENTICATED", "FORBIDDEN"];
+export type ApiErrorCode = (typeof API_ERROR_CODES)[number];
+export declare class ApiError extends Error {
+    readonly code: ApiErrorCode;
+    constructor(message: string, code: ApiErrorCode);
+}
+export declare function isApiErrorCode(code: string): code is ApiErrorCode;
+export {};

package/dist/api/errors.js

@@ -0,0 +1,13 @@
+const API_ERROR_CODES = ['SESSION_EXPIRED', 'INVALID_TOKEN', 'UNAUTHENTICATED', 'FORBIDDEN'];
+const VALID_API_ERROR_CODES = new Set(API_ERROR_CODES);
+export class ApiError extends Error {
+    code;
+    constructor(message, code) {
+        super(message);
+        this.name = 'ApiError';
+        this.code = code;
+    }
+}
+export function isApiErrorCode(code) {
+    return VALID_API_ERROR_CODES.has(code);
+}

package/dist/api/gql-operations.d.ts

@@ -1,2 +1,5 @@
 export declare const createReportMutation: import("graphql/language/ast.js").DocumentNode;
 export declare const getEolReportQuery: import("graphql/language/ast.js").DocumentNode;
+export declare const userSetupStatusQuery: import("graphql/language/ast.js").DocumentNode;
+export declare const completeUserSetupMutation: import("graphql/language/ast.js").DocumentNode;
+export declare const getOrgAccessTokensMutation: import("graphql/language/ast.js").DocumentNode;