@herodevs/cli 2.0.0-beta.9 → 2.0.1

package/dist/commands/tracker/run.js

@@ -0,0 +1,183 @@
+import { spawnSync } from 'node:child_process';
+import { cwd } from 'node:process';
+import { Command, Flags, ux } from '@oclif/core';
+import { Presets, SingleBar } from 'cli-progress';
+import ora from 'ora';
+import terminalLink from 'terminal-link';
+import { TRACKER_GIT_OUTPUT_FORMAT } from '../../config/constants.js';
+import { getErrorMessage, isErrnoException } from '../../service/error.svc.js';
+import { getConfiguration, getFileStats, getFilesFromCategory, getRootDir, INITIAL_FILES_STATS, saveResults, } from '../../service/tracker.svc.js';
+export default class Run extends Command {
+    static description = 'Run the tracker';
+    static enableJsonFlag = false;
+    static examples = [
+        '<%= config.bin %> <%= command.id %>',
+        '<%= config.bin %> <%= command.id %> -d tracker-configuration',
+        '<%= config.bin %> <%= command.id %> -d tracker -f settings.json',
+    ];
+    static flags = {
+        configDir: Flags.string({
+            char: 'd',
+            description: 'Directory where the tracker configuration file resides',
+            default: 'hd-tracker',
+        }),
+        configFile: Flags.string({
+            char: 'f',
+            description: 'Filename for the tracker configuration file',
+            default: 'config.json',
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(Run);
+        const { configDir, configFile } = flags;
+        try {
+            const rootDir = getRootDir(cwd());
+            const confSpinner = ora('Searching for configuration file').start();
+            const { categories, ignorePatterns, outputDir } = getConfiguration(rootDir, configDir, configFile);
+            confSpinner.text = `Configuration file ${configFile} found in ${rootDir}/${configDir}`;
+            const categoriesTotal = Object.keys(categories).length;
+            if (categoriesTotal > 0) {
+                confSpinner.stopAndPersist({
+                    text: ux.colorize('green', `Found ${categoriesTotal} categor${categoriesTotal === 1 ? 'y' : 'ies'}`),
+                    symbol: ux.colorize('green', `\u2714`),
+                });
+            }
+            else {
+                confSpinner.stopAndPersist({
+                    text: ux.colorize('red', `No categories found, please check your configuration file`),
+                    symbol: ux.colorize('red', `\u2716`),
+                });
+                return;
+            }
+            this.log('');
+            const results = Object.entries(categories).reduce((acc, [name, category]) => {
+                const loadingFilesSpinner = ora(`[${ux.colorize('blueBright', name)}] Getting files`).start();
+                const fileProgress = new SingleBar({
+                    format: `${ux.colorize('green', '{bar}')} | {value}/{total} | {name}`,
+                    clearOnComplete: false,
+                    fps: 100,
+                    hideCursor: true,
+                }, Presets.shades_grey);
+                const fileTypes = new Set();
+                const categoryFilesWithError = [];
+                const files = getFilesFromCategory(category, {
+                    rootDir,
+                    ignorePatterns,
+                });
+                if (files.length === 0) {
+                    loadingFilesSpinner.stopAndPersist({
+                        text: ux.colorize('yellow', `[${ux.colorize('yellowBright', name)}] Found 0 files`),
+                        symbol: ux.colorize('yellowBright', `\u26A0`),
+                    });
+                    this.log(ux.colorize('yellow', `Please check your configuration [includes] property so it matches folders in your project directory`));
+                    this.log('');
+                    return acc;
+                }
+                loadingFilesSpinner.stopAndPersist({
+                    text: ux.colorize('green', `[${ux.colorize('blueBright', name)}] Found ${files.length} files`),
+                    symbol: ux.colorize('green', `\u2714`),
+                });
+                fileProgress.start(files.length, 1);
+                const fileResults = files.reduce((result, file, currentIndex, array) => {
+                    const fileStats = getFileStats(file, {
+                        rootDir,
+                    });
+                    if (currentIndex === array.length - 1) {
+                        fileProgress.update({
+                            name: ux.colorize('green', 'All files were processed successfully'),
+                        });
+                        fileProgress.stop();
+                    }
+                    else {
+                        fileProgress.increment({
+                            name: file,
+                        });
+                    }
+                    if ('error' in fileStats) {
+                        categoryFilesWithError.push(file);
+                        fileProgress.increment();
+                        return result;
+                    }
+                    else {
+                        fileTypes.add(fileStats.fileType);
+                        return {
+                            total: fileStats.total + result.total,
+                            block: fileStats.block + result.block,
+                            blockEmpty: fileStats.blockEmpty + result.blockEmpty,
+                            comment: fileStats.comment + result.comment,
+                            empty: fileStats.empty + result.empty,
+                            mixed: fileStats.mixed + result.mixed,
+                            single: fileStats.single + result.single,
+                            source: fileStats.source + result.source,
+                            todo: fileStats.todo + result.todo,
+                        };
+                    }
+                }, INITIAL_FILES_STATS);
+                this.log('');
+                acc.push({
+                    name,
+                    totals: fileResults,
+                    errors: categoryFilesWithError,
+                    fileTypes: Array.from(fileTypes),
+                });
+                return acc;
+            }, []);
+            this.log('');
+            const spinner = ora('Saving results').start();
+            const resultsLink = saveResults(results, rootDir, outputDir, this.fetchGitLastCommit(rootDir));
+            spinner.stopAndPersist({
+                text: ux.colorize('green', 'Tracker results saved!\n'),
+                symbol: ux.colorize('green', '\u2713'),
+            });
+            this.log(`${ux.colorize('blueBright', terminalLink(`Open Tracker Results`, `file://${resultsLink}`))}\n`);
+        }
+        catch (err) {
+            if (err instanceof Error) {
+                this.error(ux.colorize('red', err.message));
+            }
+        }
+    }
+    /**
+     * Fetches Git last commit
+     */
+    fetchGitLastCommit(rootDir) {
+        const logParameters = ['log', `-1`, `--format=${TRACKER_GIT_OUTPUT_FORMAT}`, ...(rootDir ? ['--', rootDir] : [])];
+        const logProcess = spawnSync('git', logParameters, {
+            encoding: 'utf-8',
+        });
+        if (logProcess.error) {
+            if (isErrnoException(logProcess.error)) {
+                if (logProcess.error.code === 'ENOENT') {
+                    this.error('Git command not found. Please ensure git is installed and available in your PATH.');
+                }
+                this.error(`Git command failed: ${getErrorMessage(logProcess.error)}`);
+            }
+            this.error(`Git command failed: ${getErrorMessage(logProcess.error)}`);
+        }
+        if (logProcess.status !== 0) {
+            this.error(`Git command failed with status ${logProcess.status}: ${logProcess.stderr}`);
+        }
+        if (!logProcess.stdout) {
+            return {
+                hash: '',
+                timestamp: '',
+                author: '',
+            };
+        }
+        return logProcess.stdout
+            .split('\n')
+            .filter(Boolean)
+            .reduce((_acc, curr) => {
+            const [hash, author, timestamp] = curr.replace(/^"(.*)"$/, '$1').split('|');
+            return {
+                timestamp,
+                hash,
+                author,
+            };
+        }, {
+            hash: '',
+            timestamp: '',
+            author: '',
+        });
+    }
+}

package/dist/config/constants.d.ts

@@ -4,6 +4,17 @@ export declare const GRAPHQL_PATH = "/graphql";
 export declare const ANALYTICS_URL = "https://apps.herodevs.com/api/eol/track";
 export declare const CONCURRENT_PAGE_REQUESTS = 3;
 export declare const PAGE_SIZE = 500;
+export declare const GIT_OUTPUT_FORMAT: string;
+export declare const DEFAULT_DATE_FORMAT = "yyyy-MM-dd";
+export declare const DEFAULT_DATE_COMMIT_FORMAT = "MM/dd/yyyy, h:mm:ss a";
+export declare const DEFAULT_DATE_COMMIT_MONTH_FORMAT = "MMMM yyyy";
+export declare const DEFAULT_TRACKER_RUN_DATA_FILE = "data.json";
+export declare const TRACKER_GIT_OUTPUT_FORMAT: string;
+export declare const OAUTH_CALLBACK_ERROR_CODES: {
+    readonly ALREADY_LOGGED_IN: "already_logged_in";
+    readonly DIFFERENT_USER_AUTHENTICATED: "different_user_authenticated";
+};
+export type OAuthCallbackErrorCode = (typeof OAUTH_CALLBACK_ERROR_CODES)[keyof typeof OAUTH_CALLBACK_ERROR_CODES];
 export declare const config: {
     eolReportUrl: string;
     graphqlHost: string;
@@ -11,5 +22,8 @@ export declare const config: {
     analyticsUrl: string;
     concurrentPageRequests: number;
     pageSize: number;
+    ciTokenFromEnv: string | undefined;
 };
 export declare const filenamePrefix = "herodevs";
+export declare const SCAN_ORIGIN_CLI = "CLI Scan";
+export declare const SCAN_ORIGIN_AUTOMATED = "Automated Scan";

package/dist/config/constants.js

@@ -4,6 +4,18 @@ export const GRAPHQL_PATH = '/graphql';
 export const ANALYTICS_URL = 'https://apps.herodevs.com/api/eol/track';
 export const CONCURRENT_PAGE_REQUESTS = 3;
 export const PAGE_SIZE = 500;
+export const GIT_OUTPUT_FORMAT = `"${['%h', '%an', '%ad'].join('|')}"`;
+// Committers Report - Date Constants
+export const DEFAULT_DATE_FORMAT = 'yyyy-MM-dd';
+export const DEFAULT_DATE_COMMIT_FORMAT = 'MM/dd/yyyy, h:mm:ss a';
+export const DEFAULT_DATE_COMMIT_MONTH_FORMAT = 'MMMM yyyy';
+// Trackers - Constants
+export const DEFAULT_TRACKER_RUN_DATA_FILE = 'data.json';
+export const TRACKER_GIT_OUTPUT_FORMAT = `"${['%H', '%an', '%ad'].join('|')}"`;
+export const OAUTH_CALLBACK_ERROR_CODES = {
+    ALREADY_LOGGED_IN: 'already_logged_in',
+    DIFFERENT_USER_AUTHENTICATED: 'different_user_authenticated',
+};
 let concurrentPageRequests = CONCURRENT_PAGE_REQUESTS;
 const parsed = Number.parseInt(process.env.CONCURRENT_PAGE_REQUESTS ?? '0', 10);
 if (parsed > 0) {
@@ -21,5 +33,8 @@ export const config = {
     analyticsUrl: process.env.ANALYTICS_URL || ANALYTICS_URL,
     concurrentPageRequests,
     pageSize,
+    ciTokenFromEnv: process.env.HD_CI_CREDENTIAL?.trim() || undefined,
 };
 export const filenamePrefix = 'herodevs';
+export const SCAN_ORIGIN_CLI = 'CLI Scan';
+export const SCAN_ORIGIN_AUTOMATED = 'Automated Scan';

package/dist/config/tracker.config.d.ts

@@ -0,0 +1,16 @@
+export interface TrackerCategoryDefinition {
+    fileTypes: string[];
+    includes: string[];
+    excludes?: string[];
+    jsTsPairs?: 'js' | 'ts' | 'ignore';
+}
+export type TrackerConfig = {
+    categories: {
+        [key: string]: TrackerCategoryDefinition;
+    };
+    ignorePatterns?: string[];
+    outputDir: string;
+    configFile: string;
+};
+export declare const TRACKER_ROOT_FILE = "package.json";
+export declare const TRACKER_DEFAULT_CONFIG: TrackerConfig;

package/dist/config/tracker.config.js

@@ -0,0 +1,16 @@
+export const TRACKER_ROOT_FILE = 'package.json';
+export const TRACKER_DEFAULT_CONFIG = {
+    categories: {
+        legacy: {
+            fileTypes: ['js', 'ts', 'html', 'css', 'scss', 'less'],
+            includes: ['./legacy'],
+        },
+        modern: {
+            fileTypes: ['ts', 'html', 'css', 'scss', 'less'],
+            includes: ['./modern'],
+        },
+    },
+    ignorePatterns: ['**/node_modules/**'],
+    outputDir: 'hd-tracker',
+    configFile: 'config.json',
+};

package/dist/hooks/finally/finally.js

@@ -1,17 +1,23 @@
 import ora, {} from 'ora';
 import { track } from "../../service/analytics.svc.js";
+import { debugLogger, getErrorMessage } from "../../service/log.svc.js";
 const hook = async (opts) => {
     const isHelpOrVersionCmd = opts.argv.includes('--help') || opts.argv.includes('--version');
+    const hasError = Boolean(opts.error);
     let spinner;
-    if (!isHelpOrVersionCmd) {
+    if (!isHelpOrVersionCmd && !hasError) {
         spinner = ora().start('Cleaning up');
     }
-    const event = track('CLI Session Ended', (context) => ({
-        cli_version: context.cli_version,
-        ended_at: new Date(),
-    })).promise;
-    if (!isHelpOrVersionCmd) {
-        await event;
+    try {
+        await track('CLI Session Ended', (context) => ({
+            cli_version: context.cli_version,
+            ended_at: new Date(),
+        })).promise;
+    }
+    catch (error) {
+        debugLogger('Failed to track CLI session end: %s', getErrorMessage(error));
+    }
+    if (!isHelpOrVersionCmd && !hasError) {
         spinner?.stop();
     }
 };

package/dist/hooks/init/01_initialize_amplitude.js

@@ -1,15 +1,26 @@
 import { parseArgs } from 'node:util';
 import { initializeAnalytics, track } from "../../service/analytics.svc.js";
+import { debugLogger, getErrorMessage } from "../../service/log.svc.js";
 const hook = async () => {
     const args = parseArgs({ allowPositionals: true, strict: false });
-    initializeAnalytics();
-    track('CLI Command Submitted', (context) => ({
-        command: args.positionals.join(' ').trim(),
-        command_flags: Object.entries(args.values).flat().join(' '),
-        app_used: context.app_used,
-        ci_provider: context.ci_provider,
-        cli_version: context.cli_version,
-        started_at: context.started_at,
-    }));
+    try {
+        await initializeAnalytics();
+    }
+    catch (error) {
+        debugLogger('Failed to initialize analytics in init hook: %s', getErrorMessage(error));
+    }
+    try {
+        track('CLI Command Submitted', (context) => ({
+            command: args.positionals.join(' ').trim(),
+            command_flags: Object.entries(args.values).flat().join(' '),
+            app_used: context.app_used,
+            ci_provider: context.ci_provider,
+            cli_version: context.cli_version,
+            started_at: context.started_at,
+        }));
+    }
+    catch (error) {
+        debugLogger('Failed to track command submission: %s', getErrorMessage(error));
+    }
 };
 export default hook;

package/dist/service/analytics.svc.d.ts

@@ -1,17 +1,19 @@
-import { Types } from '@amplitude/analytics-node';
 interface AnalyticsContext {
     locale?: string;
     os_platform?: string;
     os_release?: string;
     started_at?: Date;
     ended_at?: Date;
+    email?: string;
+    organization_name?: string;
+    role?: string;
+    user_id?: string;
     app_used?: string;
     ci_provider?: string;
     cli_version?: string;
     command?: string;
     command_flags?: string;
     error?: string;
-    scan_location?: string;
     eol_true_count?: number;
     eol_unknown_count?: number;
     nes_available_count?: number;
@@ -23,6 +25,10 @@ interface AnalyticsContext {
     scan_failure_reason?: string;
     web_report_link?: string;
 }
-export declare function initializeAnalytics(): void;
-export declare function track(event: string, getProperties?: (context: AnalyticsContext) => Partial<AnalyticsContext>): Types.AmplitudeReturn<Types.Result>;
+export declare function initializeAnalytics(): Promise<void>;
+export declare function refreshIdentityFromStoredToken(): Promise<boolean>;
+export declare function clearTrackedIdentity(): void;
+export declare function track(event: string, getProperties?: (context: AnalyticsContext) => Partial<AnalyticsContext>): {
+    promise: Promise<void>;
+};
 export {};

package/dist/service/analytics.svc.js

@@ -1,10 +1,17 @@
+import { randomUUID } from 'node:crypto';
 import os from 'node:os';
 import { track as _track, Identify, identify, init, setOptOut, Types } from '@amplitude/analytics-node';
 import NodeMachineId from 'node-machine-id';
 import { config } from "../config/constants.js";
-const device_id = NodeMachineId.machineIdSync(true);
+import { getStoredTokens } from "./auth-token.svc.js";
+import { decodeJwtPayload } from "./jwt.svc.js";
+import { debugLogger, getErrorMessage } from "./log.svc.js";
+const SOURCE = 'cli';
+const device_id = resolveDeviceId();
 const started_at = new Date();
 const session_id = started_at.getTime();
+const IDENTITY_FIELDS = ['email', 'organization_name', 'role', 'user_id'];
+const CONTEXT_IDENTITY_FIELDS = ['email', 'organization_name', 'role', 'user_id'];
 const defaultAnalyticsContext = {
     locale: Intl.DateTimeFormat().resolvedOptions().locale,
     os_platform: os.platform(),
@@ -15,29 +22,184 @@ const defaultAnalyticsContext = {
     started_at,
 };
 let analyticsContext = defaultAnalyticsContext;
-export function initializeAnalytics() {
-    init('0', {
-        flushQueueSize: 2,
-        flushIntervalMillis: 250,
-        logLevel: Types.LogLevel.None,
-        serverUrl: config.analyticsUrl,
-    });
-    setOptOut(process.env.TRACKING_OPT_OUT === 'true');
-    identify(new Identify(), {
-        device_id,
+let identifiedUserId;
+let lastIdentitySignature = '';
+export async function initializeAnalytics() {
+    try {
+        await toSafeAnalyticsResult(init('0', {
+            flushQueueSize: 2,
+            flushIntervalMillis: 250,
+            logLevel: Types.LogLevel.None,
+            serverUrl: config.analyticsUrl,
+        }), 'init').promise;
+        void toSafeAnalyticsResult(setOptOut(process.env.TRACKING_OPT_OUT === 'true'), 'setOptOut').promise;
+        const identifiedFromToken = await refreshIdentityFromStoredToken();
+        if (!identifiedFromToken) {
+            void toSafeAnalyticsResult(identify(new Identify(), buildIdentifyEventOptions()), 'identify-anonymous').promise;
+        }
+    }
+    catch (error) {
+        logAnalyticsError('initialize', error);
+    }
+}
+export async function refreshIdentityFromStoredToken() {
+    try {
+        const tokens = await getStoredTokens();
+        const claims = resolveIdentityClaims(tokens);
+        if (!claims) {
+            clearTrackedIdentity();
+            return false;
+        }
+        const entries = toIdentityEntries(claims);
+        const signature = buildIdentitySignature(entries);
+        if (signature === lastIdentitySignature) {
+            return false;
+        }
+        applyIdentityClaims(claims, signature);
+        emitIdentify(entries, claims.user_id);
+        return true;
+    }
+    catch (error) {
+        logAnalyticsError('refreshIdentityFromStoredToken', error);
+        return false;
+    }
+}
+export function clearTrackedIdentity() {
+    identifiedUserId = undefined;
+    lastIdentitySignature = '';
+    analyticsContext = clearIdentityFromContext(analyticsContext);
+}
+export function track(event, getProperties) {
+    try {
+        const localContext = getProperties?.(analyticsContext);
+        if (localContext) {
+            analyticsContext = { ...analyticsContext, ...localContext };
+        }
+        const eventProperties = { source: SOURCE, ...(localContext ?? {}) };
+        return toSafeAnalyticsResult(_track(event, eventProperties, buildEventOptions(identifiedUserId || analyticsContext.user_id)), `track:${event}`);
+    }
+    catch (error) {
+        logAnalyticsError(`track:${event}`, error);
+        return toSafeAnalyticsResult(undefined, `track:${event}:noop`);
+    }
+}
+function buildEventOptions(userId) {
+    if (userId) {
+        return { device_id, session_id, user_id: userId };
+    }
+    return { device_id, session_id };
+}
+function buildIdentifyEventOptions(userId) {
+    return {
+        ...buildEventOptions(userId),
         platform: analyticsContext.os_platform,
         os_name: getOSName(analyticsContext.os_platform ?? ''),
         os_version: analyticsContext.os_release,
-        session_id,
         app_version: analyticsContext.cli_version,
-    });
+    };
 }
-export function track(event, getProperties) {
-    const localContext = getProperties?.(analyticsContext);
-    if (localContext) {
-        analyticsContext = { ...analyticsContext, ...localContext };
+function normalizeClaim(value) {
+    if (typeof value !== 'string') {
+        return '';
+    }
+    return value.trim();
+}
+function extractIdentityClaims(accessToken) {
+    const payload = decodeJwtPayload(accessToken);
+    if (!payload) {
+        return;
+    }
+    const identity = {
+        user_id: normalizeClaim(payload.sub) || undefined,
+        email: normalizeClaim(payload.email) || undefined,
+        organization_name: normalizeClaim(payload.company) || undefined,
+        role: normalizeClaim(payload.role) || undefined,
+    };
+    if (toIdentityEntries(identity).length === 0) {
+        return;
+    }
+    return identity;
+}
+function resolveIdentityClaims(tokens) {
+    const tokenCandidates = new Set([tokens?.accessToken, config.ciTokenFromEnv].map((token) => normalizeClaim(token)).filter(Boolean));
+    for (const tokenCandidate of tokenCandidates) {
+        const claims = extractIdentityClaims(tokenCandidate);
+        if (claims) {
+            return claims;
+        }
+    }
+    return;
+}
+function toIdentityEntries(identity) {
+    const entries = [];
+    for (const field of IDENTITY_FIELDS) {
+        const value = identity[field];
+        if (value) {
+            entries.push([field, value]);
+        }
+    }
+    return entries;
+}
+function buildIdentitySignature(entries) {
+    return entries.map(([field, value]) => `${field}:${value}`).join('|');
+}
+function applyIdentityClaims(claims, signature) {
+    identifiedUserId = claims.user_id;
+    lastIdentitySignature = signature;
+    analyticsContext = { ...analyticsContext, ...claims };
+}
+function emitIdentify(entries, userId) {
+    const amplitudeIdentify = new Identify();
+    for (const [field, value] of entries) {
+        amplitudeIdentify.set(field, value);
+    }
+    const eventOptions = buildIdentifyEventOptions(userId);
+    void toSafeAnalyticsResult(identify(amplitudeIdentify, eventOptions), 'identify').promise;
+    void toSafeAnalyticsResult(_track('Identify Call', { source: SOURCE }, eventOptions), 'track:Identify Call').promise;
+}
+function resolveDeviceId() {
+    try {
+        return NodeMachineId.machineIdSync(true);
+    }
+    catch (error) {
+        logAnalyticsError('resolveDeviceId', error);
+        return randomUUID();
+    }
+}
+function toSafeAnalyticsResult(result, operation) {
+    const resultPromise = extractResultPromise(result);
+    if (!resultPromise) {
+        return { promise: Promise.resolve() };
+    }
+    return {
+        promise: resultPromise
+            .then(() => undefined)
+            .catch((error) => {
+            logAnalyticsError(operation, error);
+        }),
+    };
+}
+function extractResultPromise(result) {
+    if (!result || typeof result !== 'object') {
+        return;
+    }
+    const candidate = result.promise;
+    if (candidate instanceof Promise) {
+        return candidate;
+    }
+    if (candidate && typeof candidate.then === 'function') {
+        return candidate;
+    }
+}
+function logAnalyticsError(operation, error) {
+    debugLogger('Analytics operation failed (%s): %s', operation, getErrorMessage(error));
+}
+function clearIdentityFromContext(context) {
+    const nextContext = { ...context };
+    for (const field of CONTEXT_IDENTITY_FIELDS) {
+        delete nextContext[field];
     }
-    return _track(event, localContext, { device_id, session_id });
+    return nextContext;
 }
 function getCIProvider(env = process.env) {
     if (env.GITHUB_ACTIONS)

package/dist/service/auth-config.svc.d.ts

@@ -0,0 +1,2 @@
+export declare function getRealmUrl(): string;
+export declare function getClientId(): string;

package/dist/service/auth-config.svc.js

@@ -0,0 +1,8 @@
+const DEFAULT_REALM_URL = 'https://idp.prod.apps.herodevs.io/realms/universe/protocol/openid-connect';
+const DEFAULT_CLIENT_ID = 'eol-ds';
+export function getRealmUrl() {
+    return process.env.OAUTH_CONNECT_URL || DEFAULT_REALM_URL;
+}
+export function getClientId() {
+    return process.env.OAUTH_CLIENT_ID || DEFAULT_CLIENT_ID;
+}

package/dist/service/auth-refresh.svc.d.ts

@@ -0,0 +1,8 @@
+import type { TokenResponse } from '../types/auth.ts';
+interface AuthOptions {
+    clientId?: string;
+    realmUrl?: string;
+}
+export declare function refreshTokens(refreshToken: string, options?: AuthOptions): Promise<TokenResponse>;
+export declare function logoutFromProvider(refreshToken: string | undefined, options?: AuthOptions): Promise<void>;
+export {};

package/dist/service/auth-refresh.svc.js

@@ -0,0 +1,45 @@
+import { getClientId, getRealmUrl } from "./auth-config.svc.js";
+export async function refreshTokens(refreshToken, options = {}) {
+    const clientId = options.clientId ?? getClientId();
+    const realmUrl = options.realmUrl ?? getRealmUrl();
+    const tokenUrl = `${realmUrl}/token`;
+    const body = new URLSearchParams({
+        grant_type: 'refresh_token',
+        client_id: clientId,
+        refresh_token: refreshToken,
+    });
+    const response = await fetch(tokenUrl, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: body.toString(),
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`Token refresh failed: ${response.status} ${response.statusText}\n${text}`);
+    }
+    return response.json();
+}
+export async function logoutFromProvider(refreshToken, options = {}) {
+    if (!refreshToken) {
+        return;
+    }
+    const clientId = options.clientId ?? getClientId();
+    const realmUrl = options.realmUrl ?? getRealmUrl();
+    const logoutUrl = `${realmUrl}/logout`;
+    const body = new URLSearchParams({
+        client_id: clientId,
+        refresh_token: refreshToken,
+    });
+    const response = await fetch(logoutUrl, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: body.toString(),
+    });
+    if (!response.ok) {
+        const text = await response.text();
+        if (response.status === 400 && text.includes('invalid_grant')) {
+            return;
+        }
+        throw new Error(`Logout failed: ${response.status} ${response.statusText}\n${text}`);
+    }
+}