@kittl/cli 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +201 -0
- package/README.md +15 -105
- package/dist/chunk-3BPIJLS7.js +51 -0
- package/dist/chunk-3BPIJLS7.js.map +1 -0
- package/dist/{chunk-4ISWSLZ5.js → chunk-637YZAKM.js} +3 -3
- package/dist/chunk-637YZAKM.js.map +1 -0
- package/dist/chunk-EKU4DKQK.js +20 -0
- package/dist/chunk-EKU4DKQK.js.map +1 -0
- package/dist/chunk-GJPVFQRF.js +98 -0
- package/dist/chunk-GJPVFQRF.js.map +1 -0
- package/dist/{chunk-JGD3QFQS.js → chunk-TK44DTSK.js} +280 -70
- package/dist/chunk-TK44DTSK.js.map +1 -0
- package/dist/chunk-XU2ZHSRY.js +143 -0
- package/dist/chunk-XU2ZHSRY.js.map +1 -0
- package/dist/commands/app/init.js +699 -0
- package/dist/commands/app/init.js.map +1 -0
- package/dist/commands/app/release.js +125 -0
- package/dist/commands/app/release.js.map +1 -0
- package/dist/commands/app/update.js +45 -0
- package/dist/commands/app/update.js.map +1 -0
- package/dist/commands/app/upload.js +419 -5
- package/dist/commands/app/upload.js.map +1 -1
- package/dist/commands/auth/login.js +13 -68
- package/dist/commands/auth/login.js.map +1 -1
- package/dist/commands/auth/logout.js +1 -1
- package/dist/commands/auth/logout.js.map +1 -1
- package/dist/commands/auth/whoami.js +2 -2
- package/dist/commands/whoami.js +2 -2
- package/package.json +4 -1
- package/dist/chunk-4ISWSLZ5.js.map +0 -1
- package/dist/chunk-JGD3QFQS.js.map +0 -1
- package/dist/commands/app/create.js +0 -16
- package/dist/commands/app/create.js.map +0 -1
|
@@ -1,26 +1,88 @@
|
|
|
1
|
-
// src/
|
|
2
|
-
import {
|
|
3
|
-
import {
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
1
|
+
// src/core/utils.ts
|
|
2
|
+
import { readFile } from "node:fs/promises";
|
|
3
|
+
import { basename } from "node:path";
|
|
4
|
+
function parseJsonObject(jsonText, errorContext) {
|
|
5
|
+
let parsed;
|
|
6
|
+
try {
|
|
7
|
+
parsed = JSON.parse(jsonText);
|
|
8
|
+
} catch {
|
|
9
|
+
throw new Error(`Invalid JSON (${errorContext})`);
|
|
10
|
+
}
|
|
11
|
+
if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
|
|
12
|
+
throw new Error(
|
|
13
|
+
`JSON must be an object, not array or null (${errorContext})`
|
|
14
|
+
);
|
|
15
|
+
}
|
|
16
|
+
return parsed;
|
|
17
|
+
}
|
|
18
|
+
async function parseJsonObjectFromFile(filePath) {
|
|
19
|
+
const jsonText = await readFile(filePath, "utf8");
|
|
20
|
+
return parseJsonObject(jsonText, filePath);
|
|
21
|
+
}
|
|
22
|
+
var INK_VIEW_UNMOUNT_REASON = Symbol("INK_VIEW_UNMOUNT_REASON");
|
|
23
|
+
function parsePortFromEnv(envKey, defaultPort) {
|
|
24
|
+
const raw = process.env[envKey];
|
|
25
|
+
const n = Number(raw?.trim() || defaultPort);
|
|
26
|
+
if (!Number.isInteger(n) || n < 1 || n > 65535) {
|
|
27
|
+
throw new Error(
|
|
28
|
+
`${envKey} must be an integer between 1 and 65535 (got ${JSON.stringify(raw)}).`
|
|
29
|
+
);
|
|
30
|
+
}
|
|
31
|
+
return n;
|
|
32
|
+
}
|
|
33
|
+
function localhostOAuthRedirectUri(port) {
|
|
34
|
+
return `http://localhost:${port}/callback`;
|
|
35
|
+
}
|
|
36
|
+
function getKittlEnvEntries() {
|
|
37
|
+
return Object.entries(process.env).filter(([key]) => key.startsWith("KITTL_")).sort(([a], [b]) => a.localeCompare(b)).map(([key, value]) => `${key}=${value ?? ""}`);
|
|
38
|
+
}
|
|
39
|
+
function isSubmitKey(key) {
|
|
40
|
+
if (key.return) {
|
|
41
|
+
return true;
|
|
42
|
+
}
|
|
43
|
+
return Boolean(key.enter);
|
|
44
|
+
}
|
|
45
|
+
function resolveFileNameFromEnv(envValue, defaultFileName) {
|
|
46
|
+
const raw = envValue?.trim() ?? "";
|
|
47
|
+
const name = raw === "" ? defaultFileName : basename(raw);
|
|
48
|
+
if (name === "" || name === "." || name === "..") {
|
|
49
|
+
return defaultFileName;
|
|
50
|
+
}
|
|
51
|
+
return name;
|
|
52
|
+
}
|
|
53
|
+
function chunkArray(items, chunkSize) {
|
|
54
|
+
if (chunkSize < 1) {
|
|
55
|
+
throw new Error("chunkSize must be at least 1");
|
|
56
|
+
}
|
|
57
|
+
const n = Math.ceil(items.length / chunkSize);
|
|
58
|
+
return Array.from(
|
|
59
|
+
{ length: n },
|
|
60
|
+
(_, i) => items.slice(i * chunkSize, i * chunkSize + chunkSize)
|
|
61
|
+
);
|
|
62
|
+
}
|
|
7
63
|
|
|
8
64
|
// package.json
|
|
9
65
|
var package_default = {
|
|
10
66
|
name: "@kittl/cli",
|
|
11
67
|
version: "0.0.1",
|
|
12
|
-
|
|
68
|
+
license: "Apache-2.0",
|
|
69
|
+
private: false,
|
|
13
70
|
type: "module",
|
|
71
|
+
engines: {
|
|
72
|
+
node: ">=18"
|
|
73
|
+
},
|
|
14
74
|
bin: {
|
|
15
75
|
kittl: "./bin/run.js",
|
|
16
76
|
"kittl-dev": "./bin/dev.js"
|
|
17
77
|
},
|
|
18
78
|
publishConfig: {
|
|
79
|
+
access: "public",
|
|
19
80
|
bin: {
|
|
20
81
|
kittl: "./bin/run.js"
|
|
21
82
|
}
|
|
22
83
|
},
|
|
23
84
|
files: [
|
|
85
|
+
"LICENSE",
|
|
24
86
|
"bin/bootstrap.js",
|
|
25
87
|
"bin/run.cmd",
|
|
26
88
|
"bin/run.js",
|
|
@@ -39,19 +101,22 @@ var package_default = {
|
|
|
39
101
|
"@oclif/core": "^4.10.2",
|
|
40
102
|
axios: "^1.13.6",
|
|
41
103
|
"cross-keychain": "^1.1.0",
|
|
104
|
+
tinyglobby: "^0.2.15",
|
|
42
105
|
ink: "^6.8.0",
|
|
106
|
+
"ink-text-input": "^6.0.0",
|
|
43
107
|
"jwt-decode": "^4.0.0",
|
|
108
|
+
"mime-types": "^3.0.1",
|
|
44
109
|
open: "^11.0.0",
|
|
45
110
|
"openid-client": "^6.8.2",
|
|
46
111
|
react: "catalog:",
|
|
47
112
|
zod: "catalog:"
|
|
48
113
|
},
|
|
49
114
|
devDependencies: {
|
|
115
|
+
"@types/mime-types": "^3.0.1",
|
|
50
116
|
"@types/node": "^25.5.0",
|
|
51
117
|
"@types/react": "catalog:",
|
|
52
118
|
"ink-testing-library": "^4.0.0",
|
|
53
119
|
oclif: "^4.22.96",
|
|
54
|
-
tinyglobby: "^0.2.15",
|
|
55
120
|
tsup: "catalog:",
|
|
56
121
|
tsx: "catalog:",
|
|
57
122
|
typescript: "catalog:",
|
|
@@ -65,42 +130,47 @@ var package_default = {
|
|
|
65
130
|
}
|
|
66
131
|
};
|
|
67
132
|
|
|
68
|
-
// src/utils.ts
|
|
69
|
-
var INK_VIEW_UNMOUNT_REASON = Symbol("INK_VIEW_UNMOUNT_REASON");
|
|
70
|
-
function parseRedirectPortFromEnv(defaultPort) {
|
|
71
|
-
const raw = process.env.KITTL_REDIRECT_PORT ?? String(defaultPort);
|
|
72
|
-
const n = Number(raw);
|
|
73
|
-
if (!Number.isInteger(n) || n < 1 || n > 65535) {
|
|
74
|
-
throw new Error(
|
|
75
|
-
`KITTL_REDIRECT_PORT must be an integer between 1 and 65535 (got ${JSON.stringify(raw)}).`
|
|
76
|
-
);
|
|
77
|
-
}
|
|
78
|
-
return n;
|
|
79
|
-
}
|
|
80
|
-
function localhostOAuthRedirectUri(port) {
|
|
81
|
-
return `http://localhost:${port}/callback`;
|
|
82
|
-
}
|
|
83
|
-
function getKittlEnvEntries() {
|
|
84
|
-
return Object.entries(process.env).filter(([key]) => key.startsWith("KITTL_")).sort(([a], [b]) => a.localeCompare(b)).map(([key, value]) => `${key}=${value ?? ""}`);
|
|
85
|
-
}
|
|
86
|
-
|
|
87
133
|
// src/constants.ts
|
|
88
134
|
var { version } = package_default;
|
|
135
|
+
var CLI_CONFIG_DIR = ".kittl";
|
|
136
|
+
var CLI_CONFIG_DEFAULT_FILENAME = "config.json";
|
|
137
|
+
var CLI_MANIFEST_DEFAULT_FILENAME = "manifest.json";
|
|
89
138
|
var PRODUCTION = {
|
|
90
|
-
issuer: "https://
|
|
91
|
-
//TODO: TBD
|
|
139
|
+
issuer: "https://keycloak.kittl.dev/auth/realms/kittl",
|
|
92
140
|
apiBaseUrl: "https://api.kittl.com",
|
|
93
141
|
clientId: "kittl-cli",
|
|
94
|
-
redirectPort: 51771
|
|
142
|
+
redirectPort: 51771,
|
|
143
|
+
scaffoldViteDevPort: 5173
|
|
95
144
|
};
|
|
96
|
-
var
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
145
|
+
var CLI_CONFIG = {
|
|
146
|
+
configDir: CLI_CONFIG_DIR,
|
|
147
|
+
defaultConfigFileName: CLI_CONFIG_DEFAULT_FILENAME,
|
|
148
|
+
configFileName: resolveFileNameFromEnv(
|
|
149
|
+
process.env.KITTL_CONFIG_FILENAME,
|
|
150
|
+
CLI_CONFIG_DEFAULT_FILENAME
|
|
151
|
+
),
|
|
152
|
+
defaultManifestFileName: CLI_MANIFEST_DEFAULT_FILENAME,
|
|
153
|
+
manifestFileName: resolveFileNameFromEnv(
|
|
154
|
+
process.env.KITTL_EXTENSION_MANIFEST_FILENAME,
|
|
155
|
+
CLI_MANIFEST_DEFAULT_FILENAME
|
|
102
156
|
),
|
|
103
|
-
|
|
157
|
+
scaffoldViteDevPort: parsePortFromEnv(
|
|
158
|
+
"KITTL_SCAFFOLD_VITE_DEV_PORT",
|
|
159
|
+
PRODUCTION.scaffoldViteDevPort
|
|
160
|
+
)
|
|
161
|
+
};
|
|
162
|
+
var authRedirectPort = parsePortFromEnv(
|
|
163
|
+
"KITTL_REDIRECT_PORT",
|
|
164
|
+
PRODUCTION.redirectPort
|
|
165
|
+
);
|
|
166
|
+
var AUTH_CONFIG = {
|
|
167
|
+
issuer: process.env.KITTL_OAUTH_ISSUER_URL ?? PRODUCTION.issuer,
|
|
168
|
+
clientId: process.env.KITTL_OAUTH_CLIENT_ID ?? PRODUCTION.clientId,
|
|
169
|
+
redirectPort: authRedirectPort,
|
|
170
|
+
redirectUri: localhostOAuthRedirectUri(authRedirectPort),
|
|
171
|
+
scope: process.env.KITTL_OAUTH_SCOPE ?? "openid profile email offline_access",
|
|
172
|
+
// https://www.keycloak.org/docs/latest/server_admin/index.html#_authentication-sessions
|
|
173
|
+
authPrompt: process.env.KITTL_OAUTH_PROMPT || "login",
|
|
104
174
|
oauthCallbackTimeoutMs: Number(
|
|
105
175
|
process.env.KITTL_OAUTH_CALLBACK_TIMEOUT_MS ?? 12e4
|
|
106
176
|
),
|
|
@@ -115,12 +185,82 @@ var API_CONFIG = {
|
|
|
115
185
|
userAgent: `kittl-cli/${version}`
|
|
116
186
|
};
|
|
117
187
|
|
|
188
|
+
// src/services/auth.service.ts
|
|
189
|
+
import { createServer } from "node:http";
|
|
190
|
+
import { URL as URL2 } from "node:url";
|
|
191
|
+
import open from "open";
|
|
192
|
+
import * as oidc from "openid-client";
|
|
193
|
+
import { z } from "zod";
|
|
194
|
+
|
|
118
195
|
// src/services/session-vault.service.ts
|
|
119
196
|
import { deletePassword, getPassword, setPassword } from "cross-keychain";
|
|
197
|
+
var SESSION_META_VERSION = 2;
|
|
198
|
+
var SESSION_V2_KEY_SUFFIX = {
|
|
199
|
+
meta: "meta",
|
|
200
|
+
access: "access",
|
|
201
|
+
refresh: "refresh",
|
|
202
|
+
id: "id"
|
|
203
|
+
};
|
|
120
204
|
var SessionVault = class {
|
|
121
|
-
keychainService =
|
|
205
|
+
keychainService = this.buildKeychainServiceName();
|
|
122
206
|
keychainAccount = AUTH_CONFIG.accountName;
|
|
207
|
+
buildKeychainServiceName() {
|
|
208
|
+
try {
|
|
209
|
+
const issuerUrl = new URL(AUTH_CONFIG.issuer);
|
|
210
|
+
const issuerKey = this.sanitizeKeychainSegment(
|
|
211
|
+
`${issuerUrl.hostname}${issuerUrl.port ? `-${issuerUrl.port}` : ""}`
|
|
212
|
+
);
|
|
213
|
+
return `${AUTH_CONFIG.serviceName}-${issuerKey}`;
|
|
214
|
+
} catch {
|
|
215
|
+
return AUTH_CONFIG.serviceName;
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
sanitizeKeychainSegment(value) {
|
|
219
|
+
return value.replace(/[^a-zA-Z0-9._@-]/g, "-");
|
|
220
|
+
}
|
|
221
|
+
account(suffix) {
|
|
222
|
+
return `${this.keychainAccount}.${suffix}`;
|
|
223
|
+
}
|
|
123
224
|
async getSession() {
|
|
225
|
+
const metaRaw = await getPassword(
|
|
226
|
+
this.keychainService,
|
|
227
|
+
this.account(SESSION_V2_KEY_SUFFIX.meta)
|
|
228
|
+
);
|
|
229
|
+
let meta = null;
|
|
230
|
+
if (metaRaw) {
|
|
231
|
+
try {
|
|
232
|
+
const parsed = JSON.parse(metaRaw);
|
|
233
|
+
if (parsed.v === SESSION_META_VERSION) {
|
|
234
|
+
meta = parsed;
|
|
235
|
+
}
|
|
236
|
+
} catch {
|
|
237
|
+
meta = null;
|
|
238
|
+
}
|
|
239
|
+
}
|
|
240
|
+
if (meta) {
|
|
241
|
+
const accessRaw = await getPassword(
|
|
242
|
+
this.keychainService,
|
|
243
|
+
this.account(SESSION_V2_KEY_SUFFIX.access)
|
|
244
|
+
);
|
|
245
|
+
const accessToken = accessRaw?.trim();
|
|
246
|
+
if (accessToken) {
|
|
247
|
+
const refreshRaw = await getPassword(
|
|
248
|
+
this.keychainService,
|
|
249
|
+
this.account(SESSION_V2_KEY_SUFFIX.refresh)
|
|
250
|
+
);
|
|
251
|
+
const idRaw = await getPassword(
|
|
252
|
+
this.keychainService,
|
|
253
|
+
this.account(SESSION_V2_KEY_SUFFIX.id)
|
|
254
|
+
);
|
|
255
|
+
return {
|
|
256
|
+
accessToken,
|
|
257
|
+
refreshToken: refreshRaw ?? void 0,
|
|
258
|
+
idToken: idRaw ?? void 0,
|
|
259
|
+
tokenType: meta.tokenType,
|
|
260
|
+
expiresAt: meta.expiresAt
|
|
261
|
+
};
|
|
262
|
+
}
|
|
263
|
+
}
|
|
124
264
|
const raw = await getPassword(this.keychainService, this.keychainAccount);
|
|
125
265
|
if (!raw)
|
|
126
266
|
return null;
|
|
@@ -131,14 +271,74 @@ var SessionVault = class {
|
|
|
131
271
|
}
|
|
132
272
|
}
|
|
133
273
|
async saveSession(session) {
|
|
274
|
+
const meta = {
|
|
275
|
+
v: SESSION_META_VERSION,
|
|
276
|
+
tokenType: session.tokenType,
|
|
277
|
+
expiresAt: session.expiresAt
|
|
278
|
+
};
|
|
279
|
+
const accessToken = session.accessToken.trim();
|
|
134
280
|
await setPassword(
|
|
135
281
|
this.keychainService,
|
|
136
|
-
this.
|
|
137
|
-
|
|
282
|
+
this.account(SESSION_V2_KEY_SUFFIX.access),
|
|
283
|
+
accessToken
|
|
138
284
|
);
|
|
285
|
+
await this.setOrDeleteTokenAccount(
|
|
286
|
+
SESSION_V2_KEY_SUFFIX.refresh,
|
|
287
|
+
session.refreshToken
|
|
288
|
+
);
|
|
289
|
+
await this.setOrDeleteTokenAccount(
|
|
290
|
+
SESSION_V2_KEY_SUFFIX.id,
|
|
291
|
+
session.idToken
|
|
292
|
+
);
|
|
293
|
+
await setPassword(
|
|
294
|
+
this.keychainService,
|
|
295
|
+
this.account(SESSION_V2_KEY_SUFFIX.meta),
|
|
296
|
+
JSON.stringify(meta)
|
|
297
|
+
);
|
|
298
|
+
await this.deleteLegacyMonolithicIfPresent();
|
|
299
|
+
}
|
|
300
|
+
// when auth omits an optional token, remove any previously stored value as well
|
|
301
|
+
async setOrDeleteTokenAccount(suffix, token) {
|
|
302
|
+
const acc = this.account(suffix);
|
|
303
|
+
const trimmed = token?.trim();
|
|
304
|
+
if (trimmed) {
|
|
305
|
+
await setPassword(this.keychainService, acc, trimmed);
|
|
306
|
+
return;
|
|
307
|
+
}
|
|
308
|
+
const existing = await getPassword(this.keychainService, acc);
|
|
309
|
+
if (existing) {
|
|
310
|
+
await deletePassword(this.keychainService, acc);
|
|
311
|
+
}
|
|
312
|
+
}
|
|
313
|
+
// older releases stored the whole session JSON under {@link keychainAccount} only
|
|
314
|
+
async deleteLegacyMonolithicIfPresent() {
|
|
315
|
+
const legacy = await getPassword(
|
|
316
|
+
this.keychainService,
|
|
317
|
+
this.keychainAccount
|
|
318
|
+
);
|
|
319
|
+
if (!legacy)
|
|
320
|
+
return;
|
|
321
|
+
try {
|
|
322
|
+
await deletePassword(this.keychainService, this.keychainAccount);
|
|
323
|
+
} catch {
|
|
324
|
+
}
|
|
139
325
|
}
|
|
140
326
|
async clear() {
|
|
141
|
-
|
|
327
|
+
const accounts = [
|
|
328
|
+
...Object.values(SESSION_V2_KEY_SUFFIX).map(
|
|
329
|
+
(suffix) => this.account(suffix)
|
|
330
|
+
),
|
|
331
|
+
this.keychainAccount
|
|
332
|
+
];
|
|
333
|
+
for (const account of accounts) {
|
|
334
|
+
const existing = await getPassword(this.keychainService, account);
|
|
335
|
+
if (existing) {
|
|
336
|
+
try {
|
|
337
|
+
await deletePassword(this.keychainService, account);
|
|
338
|
+
} catch {
|
|
339
|
+
}
|
|
340
|
+
}
|
|
341
|
+
}
|
|
142
342
|
}
|
|
143
343
|
};
|
|
144
344
|
var sessionVault = new SessionVault();
|
|
@@ -152,6 +352,7 @@ var authConfigSchema = z.object({
|
|
|
152
352
|
redirectUri: z.url(),
|
|
153
353
|
redirectPort: z.number().int().min(1).max(65535),
|
|
154
354
|
scope: z.string().min(1),
|
|
355
|
+
authPrompt: z.string().min(1),
|
|
155
356
|
oauthCallbackTimeoutMs: z.number().int().min(5e3).max(36e5),
|
|
156
357
|
oauthSuccessRedirectUrl: z.url().optional()
|
|
157
358
|
});
|
|
@@ -240,7 +441,7 @@ var AuthService = class {
|
|
|
240
441
|
}
|
|
241
442
|
}
|
|
242
443
|
async discoverOidcConfiguration() {
|
|
243
|
-
const issuerUrl = new
|
|
444
|
+
const issuerUrl = new URL2(this.config.issuer);
|
|
244
445
|
return oidc.discovery(
|
|
245
446
|
issuerUrl,
|
|
246
447
|
this.config.clientId,
|
|
@@ -266,7 +467,8 @@ var AuthService = class {
|
|
|
266
467
|
code_challenge: codeChallenge,
|
|
267
468
|
code_challenge_method: "S256",
|
|
268
469
|
state,
|
|
269
|
-
nonce
|
|
470
|
+
nonce,
|
|
471
|
+
prompt: this.config.authPrompt
|
|
270
472
|
});
|
|
271
473
|
signal?.throwIfAborted();
|
|
272
474
|
await this.openBrowser(authorizationUrl.toString());
|
|
@@ -295,7 +497,7 @@ var AuthService = class {
|
|
|
295
497
|
* - **Success response:** HTTP 302 to {@link AUTH_CONFIG.oauthSuccessRedirectUrl} when set; otherwise a minimal inline HTML page.
|
|
296
498
|
*/
|
|
297
499
|
async waitForCallback(signal) {
|
|
298
|
-
const redirectUrl = new
|
|
500
|
+
const redirectUrl = new URL2(this.config.redirectUri);
|
|
299
501
|
const hostname = redirectUrl.hostname;
|
|
300
502
|
const port = Number(redirectUrl.port);
|
|
301
503
|
const pathname = redirectUrl.pathname;
|
|
@@ -307,13 +509,13 @@ var AuthService = class {
|
|
|
307
509
|
let closed = false;
|
|
308
510
|
const server = createServer((req, res) => {
|
|
309
511
|
try {
|
|
310
|
-
const requestUrl = new
|
|
512
|
+
const requestUrl = new URL2(req.url ?? "", this.config.redirectUri);
|
|
311
513
|
if (requestUrl.pathname !== pathname) {
|
|
312
514
|
res.statusCode = 404;
|
|
313
515
|
res.end("Not Found");
|
|
314
516
|
return;
|
|
315
517
|
}
|
|
316
|
-
const callbackUrl = new
|
|
518
|
+
const callbackUrl = new URL2(this.config.redirectUri);
|
|
317
519
|
callbackUrl.search = requestUrl.search;
|
|
318
520
|
const brandUrl = this.config.oauthSuccessRedirectUrl;
|
|
319
521
|
if (brandUrl) {
|
|
@@ -405,10 +607,8 @@ var AuthService = class {
|
|
|
405
607
|
};
|
|
406
608
|
var authService = new AuthService();
|
|
407
609
|
|
|
408
|
-
// src/
|
|
610
|
+
// src/core/core.command.ts
|
|
409
611
|
import { Command } from "@oclif/core";
|
|
410
|
-
import { render } from "ink";
|
|
411
|
-
import React from "react";
|
|
412
612
|
|
|
413
613
|
// src/services/api.service.ts
|
|
414
614
|
import axios, {
|
|
@@ -469,7 +669,28 @@ var KittlApiService = class {
|
|
|
469
669
|
};
|
|
470
670
|
var kittlApiService = new KittlApiService();
|
|
471
671
|
|
|
472
|
-
// src/
|
|
672
|
+
// src/ui/renderer.ts
|
|
673
|
+
import { render } from "ink";
|
|
674
|
+
import React from "react";
|
|
675
|
+
async function runInteractiveView(View, ...args) {
|
|
676
|
+
const props = args[0];
|
|
677
|
+
return new Promise((resolve, reject) => {
|
|
678
|
+
const app = render(
|
|
679
|
+
React.createElement(View, {
|
|
680
|
+
...props ?? {},
|
|
681
|
+
onDone: (result) => {
|
|
682
|
+
void (async () => {
|
|
683
|
+
app.unmount();
|
|
684
|
+
await app.waitUntilExit();
|
|
685
|
+
resolve(result);
|
|
686
|
+
})().catch(reject);
|
|
687
|
+
}
|
|
688
|
+
})
|
|
689
|
+
);
|
|
690
|
+
});
|
|
691
|
+
}
|
|
692
|
+
|
|
693
|
+
// src/core/core.command.ts
|
|
473
694
|
var BaseCommand = class extends Command {
|
|
474
695
|
session = null;
|
|
475
696
|
async init() {
|
|
@@ -493,37 +714,26 @@ ${envEntries.join("\n") || "(none)"}`);
|
|
|
493
714
|
const session = await authService.getSession();
|
|
494
715
|
if (!session?.accessToken) {
|
|
495
716
|
this.error(
|
|
496
|
-
`Session expired. Run \`${this.config.bin} auth
|
|
717
|
+
`Session expired. Run \`${this.config.bin} auth login\` first.`,
|
|
497
718
|
{ exit: 2 }
|
|
498
719
|
);
|
|
499
720
|
}
|
|
500
721
|
this.session = session;
|
|
501
722
|
return session;
|
|
502
723
|
}
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
* PRO TIP: use `this.log` / `this.error` after this resolves, not inside the view!! for final line stays on stdout.
|
|
506
|
-
*/
|
|
507
|
-
async renderView(View) {
|
|
508
|
-
return new Promise((resolve, reject) => {
|
|
509
|
-
const app = render(
|
|
510
|
-
React.createElement(View, {
|
|
511
|
-
onDone: (result) => {
|
|
512
|
-
void (async () => {
|
|
513
|
-
app.unmount();
|
|
514
|
-
await app.waitUntilExit();
|
|
515
|
-
resolve(result);
|
|
516
|
-
})().catch(reject);
|
|
517
|
-
}
|
|
518
|
-
})
|
|
519
|
-
);
|
|
520
|
-
});
|
|
724
|
+
async renderView(View, ...args) {
|
|
725
|
+
return runInteractiveView(View, ...args);
|
|
521
726
|
}
|
|
522
727
|
};
|
|
523
728
|
|
|
524
729
|
export {
|
|
730
|
+
parseJsonObjectFromFile,
|
|
525
731
|
INK_VIEW_UNMOUNT_REASON,
|
|
732
|
+
isSubmitKey,
|
|
733
|
+
chunkArray,
|
|
734
|
+
CLI_CONFIG,
|
|
735
|
+
API_CONFIG,
|
|
526
736
|
authService,
|
|
527
737
|
BaseCommand
|
|
528
738
|
};
|
|
529
|
-
//# sourceMappingURL=chunk-
|
|
739
|
+
//# sourceMappingURL=chunk-TK44DTSK.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/core/utils.ts","../package.json","../src/constants.ts","../src/services/auth.service.ts","../src/services/session-vault.service.ts","../src/core/core.command.ts","../src/services/api.service.ts","../src/ui/renderer.ts"],"sourcesContent":["import { readFile } from 'node:fs/promises';\nimport { basename } from 'node:path';\nimport type { Key } from 'ink';\n\n/**\n * Parses a JSON string into a plain object.\n */\nexport function parseJsonObject(\n jsonText: string,\n errorContext: string,\n): Record<string, unknown> {\n let parsed: unknown;\n try {\n parsed = JSON.parse(jsonText) as unknown;\n } catch {\n throw new Error(`Invalid JSON (${errorContext})`);\n }\n if (parsed === null || typeof parsed !== 'object' || Array.isArray(parsed)) {\n throw new Error(\n `JSON must be an object, not array or null (${errorContext})`,\n );\n }\n return parsed as Record<string, unknown>;\n}\n\n// Reads a file and parses its contents as a JSON object.\nexport async function parseJsonObjectFromFile(\n filePath: string,\n): Promise<Record<string, unknown>> {\n const jsonText = await readFile(filePath, 'utf8');\n return parseJsonObject(jsonText, filePath);\n}\n\n// Silent UI teardown (e.g. Ink unmount). not user-initiated cancel.\nexport const INK_VIEW_UNMOUNT_REASON = Symbol('INK_VIEW_UNMOUNT_REASON');\n\n/**\n * Reads `process.env[envKey]` as a TCP port, or {@link defaultPort} when unset/blank.\n * Must be an integer in 1–65535 when set.\n */\nexport function parsePortFromEnv(envKey: string, defaultPort: number): number {\n const raw = process.env[envKey];\n const n = Number(raw?.trim() || defaultPort);\n if (!Number.isInteger(n) || n < 1 || n > 65_535) {\n throw new Error(\n `${envKey} must be an integer between 1 and 65535 (got ${JSON.stringify(raw)}).`,\n );\n }\n return n;\n}\n\n// Fixed localhost OAuth callback path for Authorization Code + PKCE.\nexport function localhostOAuthRedirectUri(port: number): string {\n return `http://localhost:${port}/callback`;\n}\n\nexport function getKittlEnvEntries(): string[] {\n return Object.entries(process.env)\n .filter(([key]) => key.startsWith('KITTL_'))\n .sort(([a], [b]) => a.localeCompare(b))\n .map(([key, value]) => `${key}=${value ?? ''}`);\n}\n\n// Enter key across terminal variants (`return` + optional `enter`).\nexport function isSubmitKey(key: Key): boolean {\n if (key.return) {\n return true;\n }\n return Boolean((key as Key & { enter?: boolean }).enter);\n}\n\n/**\n * Resolves a file name from an env value: trim, then `basename()`; empty or\n * invalid segments fall back to `defaultFileName`. Call from `constants.ts`\n * with the relevant `process.env.KITTL_*_FILENAME`.\n */\nexport function resolveFileNameFromEnv(\n envValue: string | undefined,\n defaultFileName: string,\n): string {\n const raw = envValue?.trim() ?? '';\n const name = raw === '' ? defaultFileName : basename(raw);\n if (name === '' || name === '.' || name === '..') {\n return defaultFileName;\n }\n return name;\n}\n\n// Split an array into consecutive slices of at most `chunkSize` items.\nexport function chunkArray<T>(items: T[], chunkSize: number): T[][] {\n if (chunkSize < 1) {\n throw new Error('chunkSize must be at least 1');\n }\n const n = Math.ceil(items.length / chunkSize);\n return Array.from({ length: n }, (_, i) =>\n items.slice(i * chunkSize, i * chunkSize + chunkSize),\n );\n}\n","{\n \"name\": \"@kittl/cli\",\n \"version\": \"0.0.1\",\n \"license\": \"Apache-2.0\",\n \"private\": false,\n \"type\": \"module\",\n \"engines\": {\n \"node\": \">=18\"\n },\n \"bin\": {\n \"kittl\": \"./bin/run.js\",\n \"kittl-dev\": \"./bin/dev.js\"\n },\n \"publishConfig\": {\n \"access\": \"public\",\n \"bin\": {\n \"kittl\": \"./bin/run.js\"\n }\n },\n \"files\": [\n \"LICENSE\",\n \"bin/bootstrap.js\",\n \"bin/run.cmd\",\n \"bin/run.js\",\n \"dist\"\n ],\n \"scripts\": {\n \"build\": \"tsup && oclif manifest\",\n \"build:watch\": \"tsup --watch --onSuccess \\\"oclif manifest\\\"\",\n \"dev\": \"node ./bin/dev.js\",\n \"dev:watch\": \"node --watch --watch-path=./src --watch-path=./bin ./bin/dev.js\",\n \"typecheck\": \"tsc --noEmit\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\"\n },\n \"dependencies\": {\n \"@oclif/core\": \"^4.10.2\",\n \"axios\": \"^1.13.6\",\n \"cross-keychain\": \"^1.1.0\",\n \"tinyglobby\": \"^0.2.15\",\n \"ink\": \"^6.8.0\",\n \"ink-text-input\": \"^6.0.0\",\n \"jwt-decode\": \"^4.0.0\",\n \"mime-types\": \"^3.0.1\",\n \"open\": \"^11.0.0\",\n \"openid-client\": \"^6.8.2\",\n \"react\": \"catalog:\",\n \"zod\": \"catalog:\"\n },\n \"devDependencies\": {\n \"@types/mime-types\": \"^3.0.1\",\n \"@types/node\": \"^25.5.0\",\n \"@types/react\": \"catalog:\",\n \"ink-testing-library\": \"^4.0.0\",\n \"oclif\": \"^4.22.96\",\n \"tsup\": \"catalog:\",\n \"tsx\": \"catalog:\",\n \"typescript\": \"catalog:\",\n \"vitest\": \"^4.1.1\"\n },\n \"oclif\": {\n \"bin\": \"kittl\",\n \"commands\": \"./dist/commands\",\n \"dirname\": \"kittl\",\n \"topicSeparator\": \" \"\n }\n}\n","import pkg from '../package.json' with { type: 'json' };\nimport {\n localhostOAuthRedirectUri,\n parsePortFromEnv,\n resolveFileNameFromEnv,\n} from './core/utils';\n\nconst { version } = pkg;\n\nconst CLI_CONFIG_DIR = '.kittl' as const;\nconst CLI_CONFIG_DEFAULT_FILENAME = 'config.json' as const;\nconst CLI_MANIFEST_DEFAULT_FILENAME = 'manifest.json' as const;\n\nexport const PRODUCTION = {\n issuer: 'https://keycloak.kittl.dev/auth/realms/kittl',\n apiBaseUrl: 'https://api.kittl.com',\n clientId: 'kittl-cli',\n redirectPort: 51771,\n scaffoldViteDevPort: 5173,\n} as const;\n\n// -----------------------------------------------------------------------------\n// CLI configs\n// -----------------------------------------------------------------------------\n\nexport const CLI_CONFIG = {\n configDir: CLI_CONFIG_DIR,\n defaultConfigFileName: CLI_CONFIG_DEFAULT_FILENAME,\n configFileName: resolveFileNameFromEnv(\n process.env.KITTL_CONFIG_FILENAME,\n CLI_CONFIG_DEFAULT_FILENAME,\n ),\n defaultManifestFileName: CLI_MANIFEST_DEFAULT_FILENAME,\n manifestFileName: resolveFileNameFromEnv(\n process.env.KITTL_EXTENSION_MANIFEST_FILENAME,\n CLI_MANIFEST_DEFAULT_FILENAME,\n ),\n scaffoldViteDevPort: parsePortFromEnv(\n 'KITTL_SCAFFOLD_VITE_DEV_PORT',\n PRODUCTION.scaffoldViteDevPort,\n ),\n} as const;\n\n// -----------------------------------------------------------------------------\n// OAuth / OIDC (PKCE login, keychain session)\n// -----------------------------------------------------------------------------\n\nconst authRedirectPort = parsePortFromEnv(\n 'KITTL_REDIRECT_PORT',\n PRODUCTION.redirectPort,\n);\n\nexport const AUTH_CONFIG = {\n issuer: process.env.KITTL_OAUTH_ISSUER_URL ?? PRODUCTION.issuer,\n clientId: process.env.KITTL_OAUTH_CLIENT_ID ?? PRODUCTION.clientId,\n redirectPort: authRedirectPort,\n redirectUri: localhostOAuthRedirectUri(authRedirectPort),\n scope: process.env.KITTL_OAUTH_SCOPE ?? 'openid profile email offline_access',\n // https://www.keycloak.org/docs/latest/server_admin/index.html#_authentication-sessions\n authPrompt: process.env.KITTL_OAUTH_PROMPT || 'login',\n oauthCallbackTimeoutMs: Number(\n process.env.KITTL_OAUTH_CALLBACK_TIMEOUT_MS ?? 120_000,\n ),\n /** Optional 302 after OAuth; if undefined it renders a fallback HTML. */\n oauthSuccessRedirectUrl:\n process.env.KITTL_OAUTH_SUCCESS_REDIRECT_URL || undefined,\n serviceName: 'kittl-cli',\n accountName: 'oauth-session',\n} as const;\n\n// -----------------------------------------------------------------------------\n// HTTP API (Axios base URL for Kittl APIs)\n// -----------------------------------------------------------------------------\n\nexport const API_CONFIG = {\n baseUrl: process.env.KITTL_API_BASE_URL ?? PRODUCTION.apiBaseUrl,\n timeoutMs: 30_000,\n userAgent: `kittl-cli/${version}`,\n} as const;\n","import { createServer } from 'node:http';\nimport { URL } from 'node:url';\nimport open from 'open';\nimport * as oidc from 'openid-client';\nimport { z } from 'zod';\nimport { AUTH_CONFIG } from '../constants';\nimport type { Session } from '../types/session';\nimport { sessionVault } from './session-vault.service';\n\n// Seconds before access token expiry when we proactively refresh.\nconst ACCESS_TOKEN_REFRESH_BUFFER_SEC = 60;\n\nconst OAUTH2_TOKEN_ERROR_INVALID_GRANT = 'invalid_grant';\n\nexport type LoginOptions = {\n signal?: AbortSignal;\n};\n\nexport type CallbackResult = {\n callbackUrl: URL;\n};\n\nconst authConfigSchema = z.object({\n issuer: z.url(),\n clientId: z.string().min(1),\n redirectUri: z.url(),\n redirectPort: z.number().int().min(1).max(65_535),\n scope: z.string().min(1),\n authPrompt: z.string().min(1),\n oauthCallbackTimeoutMs: z.number().int().min(5_000).max(3_600_000),\n oauthSuccessRedirectUrl: z.url().optional(),\n});\n\nexport class LoginCancelledError extends Error {\n public constructor() {\n super('Login cancelled.');\n this.name = 'LoginCancelledError';\n }\n}\n\nexport class AuthService {\n private readonly config = authConfigSchema.parse(AUTH_CONFIG);\n\n // concurrent refresh attempts are merged into a single promise\n private refreshSessionPromise: Promise<Session | null> | null = null;\n\n /**\n * raw vault read.\n */\n public async getStoredSession(): Promise<Session | null> {\n return sessionVault.getSession();\n }\n\n /**\n * ensures token freshness (by silently refresh if needed)\n */\n public async getSession(): Promise<Session | null> {\n await this.getAccessToken();\n return this.getStoredSession();\n }\n\n /**\n * Returns a usable access token, silently refreshing when `expiresAt` is within {@link ACCESS_TOKEN_REFRESH_BUFFER_SEC}\n * seconds (or in the past). based on Session.expiresAt.\n */\n public async getAccessToken(): Promise<string | undefined> {\n const session = await this.getStoredSession();\n if (!session?.accessToken) return undefined;\n\n if (!this.shouldRefreshAccessToken(session)) {\n return session.accessToken;\n }\n\n if (!session.refreshToken) {\n await sessionVault.clear();\n return undefined;\n }\n\n const refreshed = await this.refreshSession();\n return refreshed?.accessToken;\n }\n\n /**\n * Refresh tokens via the OIDC token endpoint. On hard failure (e.g. `invalid_grant`), clears the vault.\n */\n public async refreshSession(): Promise<Session | null> {\n if (this.refreshSessionPromise) {\n return this.refreshSessionPromise;\n }\n this.refreshSessionPromise = this.performRefreshSession().finally(() => {\n this.refreshSessionPromise = null;\n });\n return this.refreshSessionPromise;\n }\n\n private shouldRefreshAccessToken(session: Session): boolean {\n if (session.expiresAt === undefined) return false;\n const now = Math.floor(Date.now() / 1000);\n return session.expiresAt <= now + ACCESS_TOKEN_REFRESH_BUFFER_SEC;\n }\n\n private async performRefreshSession(): Promise<Session | null> {\n const session = await this.getStoredSession();\n if (!session?.refreshToken) {\n await sessionVault.clear();\n return null;\n }\n\n try {\n const oidcConfig = await this.discoverOidcConfiguration();\n\n const tokenSet = await oidc.refreshTokenGrant(\n oidcConfig,\n session.refreshToken,\n { scope: this.config.scope },\n undefined,\n );\n\n const newSession = this.mapTokenSetToSession(tokenSet, session);\n\n await sessionVault.saveSession(newSession);\n return newSession;\n } catch (error) {\n if (\n error instanceof oidc.ResponseBodyError &&\n error.error === OAUTH2_TOKEN_ERROR_INVALID_GRANT\n ) {\n await sessionVault.clear();\n return null;\n }\n return null;\n }\n }\n\n private async discoverOidcConfiguration(): Promise<oidc.Configuration> {\n const issuerUrl = new URL(this.config.issuer);\n return oidc.discovery(\n issuerUrl,\n this.config.clientId,\n undefined,\n undefined,\n {\n ...(issuerUrl.protocol === 'http:'\n ? { execute: [oidc.allowInsecureRequests] as const }\n : {}),\n } as Parameters<typeof oidc.discovery>[4],\n );\n }\n\n public async login(options?: LoginOptions): Promise<Session> {\n const { signal } = options ?? {};\n\n const oidcConfig = await this.discoverOidcConfiguration();\n signal?.throwIfAborted();\n\n const codeVerifier = oidc.randomPKCECodeVerifier();\n const codeChallenge = await oidc.calculatePKCECodeChallenge(codeVerifier);\n const state = oidc.randomState();\n const nonce = oidc.randomNonce();\n\n const authorizationUrl = oidc.buildAuthorizationUrl(oidcConfig, {\n redirect_uri: this.config.redirectUri,\n response_type: 'code',\n scope: this.config.scope,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n state,\n nonce,\n prompt: this.config.authPrompt,\n });\n\n signal?.throwIfAborted();\n await this.openBrowser(authorizationUrl.toString());\n\n const callback = await this.waitForCallback(signal);\n\n const tokenSet = await oidc.authorizationCodeGrant(\n oidcConfig,\n callback.callbackUrl,\n {\n pkceCodeVerifier: codeVerifier,\n expectedState: state,\n expectedNonce: nonce,\n },\n );\n\n const session = this.mapTokenSetToSession(tokenSet);\n\n await sessionVault.saveSession(session);\n return session;\n }\n\n public async logout(): Promise<void> {\n await sessionVault.clear();\n }\n\n /**\n * Starts a short-lived `http` server on the host/port from the configured `redirectUri` so the IdP can\n * redirect the browser to `…/callback?code=…&state=…` (Authorization Code + PKCE). The first matching request\n * stops the server and resolves with that URL for the token exchange (`authorizationCodeGrant`).\n *\n * - **Success response:** HTTP 302 to {@link AUTH_CONFIG.oauthSuccessRedirectUrl} when set; otherwise a minimal inline HTML page.\n */\n private async waitForCallback(signal?: AbortSignal): Promise<CallbackResult> {\n const redirectUrl = new URL(this.config.redirectUri);\n const hostname = redirectUrl.hostname;\n const port = Number(redirectUrl.port);\n const pathname = redirectUrl.pathname;\n\n const timeoutSignal = AbortSignal.timeout(\n this.config.oauthCallbackTimeoutMs,\n );\n const combinedSignal =\n signal !== undefined\n ? AbortSignal.any([signal, timeoutSignal])\n : timeoutSignal;\n\n return new Promise((resolve, reject) => {\n let closed = false;\n\n const server = createServer((req, res) => {\n try {\n const requestUrl = new URL(req.url ?? '', this.config.redirectUri);\n if (requestUrl.pathname !== pathname) {\n res.statusCode = 404;\n res.end('Not Found');\n return;\n }\n\n const callbackUrl = new URL(this.config.redirectUri);\n callbackUrl.search = requestUrl.search;\n\n const brandUrl = this.config.oauthSuccessRedirectUrl;\n if (brandUrl) {\n res.writeHead(302, { Location: brandUrl });\n res.end();\n } else {\n res.statusCode = 200;\n res.setHeader('content-type', 'text/html; charset=utf-8');\n res.end(\n '<!doctype html><html><body><h2>Authentication complete.</h2><p>You can close this tab and return to the terminal.</p></body></html>',\n );\n }\n\n closeServer((closeErr?: Error) => {\n if (closeErr) {\n reject(closeErr);\n return;\n }\n resolve({ callbackUrl });\n });\n } catch (error) {\n closeServer(() => reject(error));\n }\n });\n\n const closeServer = (onClosed: (closeErr?: Error) => void): void => {\n if (closed) return;\n closed = true;\n combinedSignal.removeEventListener('abort', onCombinedAbort);\n if (!server.listening) {\n onClosed();\n return;\n }\n server.closeAllConnections();\n server.close((closeErr) => {\n onClosed(closeErr ?? undefined);\n });\n };\n\n function onCombinedAbort(): void {\n closeServer((closeErr?: Error) => {\n if (closeErr) {\n reject(closeErr);\n return;\n }\n if (signal?.aborted) {\n reject(signal.reason ?? new LoginCancelledError());\n return;\n }\n if (timeoutSignal.aborted) {\n reject(new Error('Login timed out. Please try again.'));\n return;\n }\n reject(new LoginCancelledError());\n });\n }\n\n server.on('error', (error: NodeJS.ErrnoException) => {\n closeServer(() => {\n if (error.code === 'EADDRINUSE') {\n const inUsePort =\n (error as NodeJS.ErrnoException & { port?: number }).port ?? port;\n reject(\n new Error(\n `Port ${String(inUsePort)} is already in use. Close the other app using it or set KITTL_REDIRECT_PORT to a free port, then try again.`,\n ),\n );\n return;\n }\n reject(error);\n });\n });\n\n // 1. Abort before any listen: avoids a half-started server; early exit skips `listen` entirely.\n combinedSignal.addEventListener('abort', onCombinedAbort, { once: true });\n if (combinedSignal.aborted) {\n onCombinedAbort();\n return;\n }\n\n server.listen(port, hostname);\n });\n }\n\n private async openBrowser(url: string): Promise<void> {\n await open(url);\n }\n\n private mapTokenSetToSession(\n tokenSet: oidc.TokenEndpointResponse,\n currentSession?: Session,\n ): Session {\n return {\n accessToken: tokenSet.access_token,\n refreshToken: tokenSet.refresh_token ?? currentSession?.refreshToken,\n idToken: tokenSet.id_token ?? currentSession?.idToken,\n tokenType: tokenSet.token_type ?? currentSession?.tokenType,\n expiresAt: tokenSet.expires_in\n ? Math.floor(Date.now() / 1000) + tokenSet.expires_in\n : undefined,\n };\n }\n}\n\nexport const authService = new AuthService();\n","import { deletePassword, getPassword, setPassword } from 'cross-keychain';\nimport { AUTH_CONFIG } from '../constants';\nimport type { Session } from '../types/session';\n\nconst SESSION_META_VERSION = 2 as const;\n\n// suffix for split v2 accounts: `{AUTH_CONFIG.accountName}.{suffix}`.\nconst SESSION_V2_KEY_SUFFIX = {\n meta: 'meta',\n access: 'access',\n refresh: 'refresh',\n id: 'id',\n} as const;\n\ntype SessionMetaV2 = {\n v: typeof SESSION_META_VERSION;\n tokenType?: string;\n expiresAt?: number;\n};\n\n/**\n * Persists OIDC session (tokens) in the OS credential store (e.g. Keychain).\n */\nexport class SessionVault {\n private readonly keychainService = this.buildKeychainServiceName();\n private readonly keychainAccount = AUTH_CONFIG.accountName;\n\n private buildKeychainServiceName(): string {\n try {\n const issuerUrl = new URL(AUTH_CONFIG.issuer);\n const issuerKey = this.sanitizeKeychainSegment(\n `${issuerUrl.hostname}${issuerUrl.port ? `-${issuerUrl.port}` : ''}`,\n );\n return `${AUTH_CONFIG.serviceName}-${issuerKey}`;\n } catch {\n // Keep previous behavior when issuer is not a valid URL.\n return AUTH_CONFIG.serviceName;\n }\n }\n\n private sanitizeKeychainSegment(value: string): string {\n return value.replace(/[^a-zA-Z0-9._@-]/g, '-');\n }\n\n private account(suffix: string): string {\n return `${this.keychainAccount}.${suffix}`;\n }\n\n public async getSession(): Promise<Session | null> {\n const metaRaw = await getPassword(\n this.keychainService,\n this.account(SESSION_V2_KEY_SUFFIX.meta),\n );\n\n let meta: SessionMetaV2 | null = null;\n if (metaRaw) {\n try {\n const parsed = JSON.parse(metaRaw) as SessionMetaV2;\n if (parsed.v === SESSION_META_VERSION) {\n meta = parsed;\n }\n } catch {\n meta = null;\n }\n }\n // if meta is present, read based on v2\n if (meta) {\n const accessRaw = await getPassword(\n this.keychainService,\n this.account(SESSION_V2_KEY_SUFFIX.access),\n );\n // fallback, if not defined, to legacy monolithic read\n const accessToken = accessRaw?.trim();\n if (accessToken) {\n const refreshRaw = await getPassword(\n this.keychainService,\n this.account(SESSION_V2_KEY_SUFFIX.refresh),\n );\n const idRaw = await getPassword(\n this.keychainService,\n this.account(SESSION_V2_KEY_SUFFIX.id),\n );\n\n return {\n accessToken,\n refreshToken: refreshRaw ?? undefined,\n idToken: idRaw ?? undefined,\n tokenType: meta.tokenType,\n expiresAt: meta.expiresAt,\n };\n }\n }\n // read based on legacy monolithic\n const raw = await getPassword(this.keychainService, this.keychainAccount);\n if (!raw) return null;\n\n try {\n return JSON.parse(raw) as Session;\n } catch {\n return null;\n }\n }\n\n public async saveSession(session: Session): Promise<void> {\n const meta: SessionMetaV2 = {\n v: SESSION_META_VERSION,\n tokenType: session.tokenType,\n expiresAt: session.expiresAt,\n };\n\n const accessToken = session.accessToken.trim();\n await setPassword(\n this.keychainService,\n this.account(SESSION_V2_KEY_SUFFIX.access),\n accessToken,\n );\n await this.setOrDeleteTokenAccount(\n SESSION_V2_KEY_SUFFIX.refresh,\n session.refreshToken,\n );\n await this.setOrDeleteTokenAccount(\n SESSION_V2_KEY_SUFFIX.id,\n session.idToken,\n );\n await setPassword(\n this.keychainService,\n this.account(SESSION_V2_KEY_SUFFIX.meta),\n JSON.stringify(meta),\n );\n\n await this.deleteLegacyMonolithicIfPresent();\n }\n\n // when auth omits an optional token, remove any previously stored value as well\n private async setOrDeleteTokenAccount(\n suffix:\n | typeof SESSION_V2_KEY_SUFFIX.refresh\n | typeof SESSION_V2_KEY_SUFFIX.id,\n token: string | undefined,\n ): Promise<void> {\n const acc = this.account(suffix);\n const trimmed = token?.trim();\n if (trimmed) {\n await setPassword(this.keychainService, acc, trimmed);\n return;\n }\n const existing = await getPassword(this.keychainService, acc);\n if (existing) {\n await deletePassword(this.keychainService, acc);\n }\n }\n\n // older releases stored the whole session JSON under {@link keychainAccount} only\n private async deleteLegacyMonolithicIfPresent(): Promise<void> {\n const legacy = await getPassword(\n this.keychainService,\n this.keychainAccount,\n );\n if (!legacy) return;\n try {\n await deletePassword(this.keychainService, this.keychainAccount);\n } catch {\n // ignore, best effort cleanup\n }\n }\n\n public async clear(): Promise<void> {\n const accounts = [\n ...Object.values(SESSION_V2_KEY_SUFFIX).map((suffix) =>\n this.account(suffix),\n ),\n this.keychainAccount,\n ];\n for (const account of accounts) {\n const existing = await getPassword(this.keychainService, account);\n if (existing) {\n try {\n await deletePassword(this.keychainService, account);\n } catch {\n // ignore\n }\n }\n }\n }\n}\n\nexport const sessionVault = new SessionVault();\n","import { Command } from '@oclif/core';\nimport type { AxiosInstance } from 'axios';\nimport type { FC } from 'react';\nimport { API_CONFIG } from '../constants';\nimport { kittlApiService } from '../services/api.service';\nimport { authService } from '../services/auth.service';\nimport type { Session } from '../types/session';\nimport { runInteractiveView, type ViewWithDone } from '../ui/renderer';\nimport { getKittlEnvEntries } from './utils';\n\nexport abstract class BaseCommand extends Command {\n protected session: Session | null = null;\n\n public override async init(): Promise<void> {\n await super.init();\n this.session = await authService.getSession();\n kittlApiService.setAccessTokenProvider(async () =>\n authService.getAccessToken(),\n );\n\n const envEntries = getKittlEnvEntries();\n this.debug(`API base URL: ${API_CONFIG.baseUrl}`);\n this.debug(`KITTL_* variables:\\n${envEntries.join('\\n') || '(none)'}`);\n }\n\n protected getKittlApiClient(): AxiosInstance {\n return kittlApiService.getClient();\n }\n\n /**\n * Ensures a valid access token (+ refreshes when the accessToken is near expiry).\n */\n protected async ensureAuthenticated(): Promise<Session> {\n const session = await authService.getSession();\n if (!session?.accessToken) {\n this.error(\n `Session expired. Run \\`${this.config.bin} auth login\\` first.`,\n { exit: 2 },\n );\n }\n\n this.session = session;\n return session;\n }\n\n /**\n * Run an Ink view that reports a result via `onDone`, then unmount and return.\n * PRO TIP: use `this.log` / `this.error` after this resolves, not inside the view!! for final line stays on stdout.\n */\n protected async renderView<R>(View: FC<ViewWithDone<R>>): Promise<R>;\n protected async renderView<R, P extends object>(\n View: FC<P & ViewWithDone<R>>,\n props: P,\n ): Promise<R>;\n protected async renderView<R, P extends object>(\n View: FC<P & ViewWithDone<R>>,\n ...args: Partial<P> extends P ? [props?: P] : [props: P]\n ): Promise<R> {\n return runInteractiveView<R, P>(View, ...args);\n }\n}\n","import axios, {\n type AxiosError,\n AxiosHeaders,\n type AxiosInstance,\n type InternalAxiosRequestConfig,\n} from 'axios';\nimport { API_CONFIG } from '../constants';\nimport { authService } from './auth.service';\n\ntype AccessTokenProvider = () => Promise<string | undefined>;\ntype RetriableRequestConfig = InternalAxiosRequestConfig & {\n _retry?: boolean;\n};\n\nexport class KittlApiService {\n private readonly client: AxiosInstance;\n private accessTokenProvider?: AccessTokenProvider;\n\n public constructor() {\n this.client = axios.create({\n baseURL: API_CONFIG.baseUrl,\n timeout: API_CONFIG.timeoutMs,\n headers: {\n 'User-Agent': API_CONFIG.userAgent,\n },\n });\n\n this.client.interceptors.request.use(\n async (config: RetriableRequestConfig) => {\n if (config.skipAuth) {\n return config;\n }\n const token = await this.accessTokenProvider?.();\n if (token) {\n this.setAuthorizationHeader(config, token);\n }\n return config;\n },\n );\n\n this.client.interceptors.response.use(\n (response) => response,\n async (error: AxiosError) => {\n const originalRequest = error.config as\n | RetriableRequestConfig\n | undefined;\n // Retry only first-time 401 responses with a valid original request.\n if (\n error.response?.status !== 401 ||\n !originalRequest ||\n originalRequest.skipAuth ||\n originalRequest._retry\n ) {\n throw error;\n }\n\n // Mark as retried to avoid infinite retry loops.\n originalRequest._retry = true;\n // Force-refresh the token before replaying the request.\n const refreshedSession = await authService.refreshSession();\n const refreshedToken = refreshedSession?.accessToken;\n if (!refreshedToken) {\n throw error;\n }\n\n // Re-run the original request with updated Authorization header.\n this.setAuthorizationHeader(originalRequest, refreshedToken);\n return this.client.request(originalRequest);\n },\n );\n }\n\n public setAccessTokenProvider(provider: AccessTokenProvider): void {\n this.accessTokenProvider = provider;\n }\n\n public getClient(): AxiosInstance {\n return this.client;\n }\n\n private setAuthorizationHeader(\n config: InternalAxiosRequestConfig,\n token: string,\n ): void {\n const headers = AxiosHeaders.from(config.headers);\n headers.set('Authorization', `Bearer ${token}`);\n config.headers = headers;\n }\n}\n\nexport const kittlApiService = new KittlApiService();\n","import { render } from 'ink';\nimport React, { type FC } from 'react';\n\n/**\n * Standard shape for a view that reports a result.\n */\nexport type ViewWithDone<R> = { onDone: (result: R) => void };\n\n/**\n * The entrypoint that touches Ink's render process.\n */\nexport async function runInteractiveView<R, P extends object>(\n View: FC<P & ViewWithDone<R>>,\n ...args: Partial<P> extends P ? [props?: P] : [props: P]\n): Promise<R> {\n const props = args[0];\n\n return new Promise<R>((resolve, reject) => {\n const app = render(\n React.createElement(View, {\n ...(props ?? ({} as P)),\n onDone: (result: R) => {\n void (async () => {\n app.unmount();\n await app.waitUntilExit();\n resolve(result);\n })().catch(reject);\n },\n } as P & ViewWithDone<R>),\n );\n });\n}\n"],"mappings":";AAAA,SAAS,gBAAgB;AACzB,SAAS,gBAAgB;AAMlB,SAAS,gBACd,UACA,cACyB;AACzB,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,QAAQ;AAAA,EAC9B,QAAQ;AACN,UAAM,IAAI,MAAM,iBAAiB,YAAY,GAAG;AAAA,EAClD;AACA,MAAI,WAAW,QAAQ,OAAO,WAAW,YAAY,MAAM,QAAQ,MAAM,GAAG;AAC1E,UAAM,IAAI;AAAA,MACR,8CAA8C,YAAY;AAAA,IAC5D;AAAA,EACF;AACA,SAAO;AACT;AAGA,eAAsB,wBACpB,UACkC;AAClC,QAAM,WAAW,MAAM,SAAS,UAAU,MAAM;AAChD,SAAO,gBAAgB,UAAU,QAAQ;AAC3C;AAGO,IAAM,0BAA0B,OAAO,yBAAyB;AAMhE,SAAS,iBAAiB,QAAgB,aAA6B;AAC5E,QAAM,MAAM,QAAQ,IAAI,MAAM;AAC9B,QAAM,IAAI,OAAO,KAAK,KAAK,KAAK,WAAW;AAC3C,MAAI,CAAC,OAAO,UAAU,CAAC,KAAK,IAAI,KAAK,IAAI,OAAQ;AAC/C,UAAM,IAAI;AAAA,MACR,GAAG,MAAM,gDAAgD,KAAK,UAAU,GAAG,CAAC;AAAA,IAC9E;AAAA,EACF;AACA,SAAO;AACT;AAGO,SAAS,0BAA0B,MAAsB;AAC9D,SAAO,oBAAoB,IAAI;AACjC;AAEO,SAAS,qBAA+B;AAC7C,SAAO,OAAO,QAAQ,QAAQ,GAAG,EAC9B,OAAO,CAAC,CAAC,GAAG,MAAM,IAAI,WAAW,QAAQ,CAAC,EAC1C,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,EACrC,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,GAAG,IAAI,SAAS,EAAE,EAAE;AAClD;AAGO,SAAS,YAAY,KAAmB;AAC7C,MAAI,IAAI,QAAQ;AACd,WAAO;AAAA,EACT;AACA,SAAO,QAAS,IAAkC,KAAK;AACzD;AAOO,SAAS,uBACd,UACA,iBACQ;AACR,QAAM,MAAM,UAAU,KAAK,KAAK;AAChC,QAAM,OAAO,QAAQ,KAAK,kBAAkB,SAAS,GAAG;AACxD,MAAI,SAAS,MAAM,SAAS,OAAO,SAAS,MAAM;AAChD,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAGO,SAAS,WAAc,OAAY,WAA0B;AAClE,MAAI,YAAY,GAAG;AACjB,UAAM,IAAI,MAAM,8BAA8B;AAAA,EAChD;AACA,QAAM,IAAI,KAAK,KAAK,MAAM,SAAS,SAAS;AAC5C,SAAO,MAAM;AAAA,IAAK,EAAE,QAAQ,EAAE;AAAA,IAAG,CAAC,GAAG,MACnC,MAAM,MAAM,IAAI,WAAW,IAAI,YAAY,SAAS;AAAA,EACtD;AACF;;;ACjGA;AAAA,EACE,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,SAAW;AAAA,EACX,SAAW;AAAA,EACX,MAAQ;AAAA,EACR,SAAW;AAAA,IACT,MAAQ;AAAA,EACV;AAAA,EACA,KAAO;AAAA,IACL,OAAS;AAAA,IACT,aAAa;AAAA,EACf;AAAA,EACA,eAAiB;AAAA,IACf,QAAU;AAAA,IACV,KAAO;AAAA,MACL,OAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,OAAS;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EACA,SAAW;AAAA,IACT,OAAS;AAAA,IACT,eAAe;AAAA,IACf,KAAO;AAAA,IACP,aAAa;AAAA,IACb,WAAa;AAAA,IACb,MAAQ;AAAA,IACR,cAAc;AAAA,EAChB;AAAA,EACA,cAAgB;AAAA,IACd,eAAe;AAAA,IACf,OAAS;AAAA,IACT,kBAAkB;AAAA,IAClB,YAAc;AAAA,IACd,KAAO;AAAA,IACP,kBAAkB;AAAA,IAClB,cAAc;AAAA,IACd,cAAc;AAAA,IACd,MAAQ;AAAA,IACR,iBAAiB;AAAA,IACjB,OAAS;AAAA,IACT,KAAO;AAAA,EACT;AAAA,EACA,iBAAmB;AAAA,IACjB,qBAAqB;AAAA,IACrB,eAAe;AAAA,IACf,gBAAgB;AAAA,IAChB,uBAAuB;AAAA,IACvB,OAAS;AAAA,IACT,MAAQ;AAAA,IACR,KAAO;AAAA,IACP,YAAc;AAAA,IACd,QAAU;AAAA,EACZ;AAAA,EACA,OAAS;AAAA,IACP,KAAO;AAAA,IACP,UAAY;AAAA,IACZ,SAAW;AAAA,IACX,gBAAkB;AAAA,EACpB;AACF;;;AC3DA,IAAM,EAAE,QAAQ,IAAI;AAEpB,IAAM,iBAAiB;AACvB,IAAM,8BAA8B;AACpC,IAAM,gCAAgC;AAE/B,IAAM,aAAa;AAAA,EACxB,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,UAAU;AAAA,EACV,cAAc;AAAA,EACd,qBAAqB;AACvB;AAMO,IAAM,aAAa;AAAA,EACxB,WAAW;AAAA,EACX,uBAAuB;AAAA,EACvB,gBAAgB;AAAA,IACd,QAAQ,IAAI;AAAA,IACZ;AAAA,EACF;AAAA,EACA,yBAAyB;AAAA,EACzB,kBAAkB;AAAA,IAChB,QAAQ,IAAI;AAAA,IACZ;AAAA,EACF;AAAA,EACA,qBAAqB;AAAA,IACnB;AAAA,IACA,WAAW;AAAA,EACb;AACF;AAMA,IAAM,mBAAmB;AAAA,EACvB;AAAA,EACA,WAAW;AACb;AAEO,IAAM,cAAc;AAAA,EACzB,QAAQ,QAAQ,IAAI,0BAA0B,WAAW;AAAA,EACzD,UAAU,QAAQ,IAAI,yBAAyB,WAAW;AAAA,EAC1D,cAAc;AAAA,EACd,aAAa,0BAA0B,gBAAgB;AAAA,EACvD,OAAO,QAAQ,IAAI,qBAAqB;AAAA;AAAA,EAExC,YAAY,QAAQ,IAAI,sBAAsB;AAAA,EAC9C,wBAAwB;AAAA,IACtB,QAAQ,IAAI,mCAAmC;AAAA,EACjD;AAAA;AAAA,EAEA,yBACE,QAAQ,IAAI,oCAAoC;AAAA,EAClD,aAAa;AAAA,EACb,aAAa;AACf;AAMO,IAAM,aAAa;AAAA,EACxB,SAAS,QAAQ,IAAI,sBAAsB,WAAW;AAAA,EACtD,WAAW;AAAA,EACX,WAAW,aAAa,OAAO;AACjC;;;AC9EA,SAAS,oBAAoB;AAC7B,SAAS,OAAAA,YAAW;AACpB,OAAO,UAAU;AACjB,YAAY,UAAU;AACtB,SAAS,SAAS;;;ACJlB,SAAS,gBAAgB,aAAa,mBAAmB;AAIzD,IAAM,uBAAuB;AAG7B,IAAM,wBAAwB;AAAA,EAC5B,MAAM;AAAA,EACN,QAAQ;AAAA,EACR,SAAS;AAAA,EACT,IAAI;AACN;AAWO,IAAM,eAAN,MAAmB;AAAA,EACP,kBAAkB,KAAK,yBAAyB;AAAA,EAChD,kBAAkB,YAAY;AAAA,EAEvC,2BAAmC;AACzC,QAAI;AACF,YAAM,YAAY,IAAI,IAAI,YAAY,MAAM;AAC5C,YAAM,YAAY,KAAK;AAAA,QACrB,GAAG,UAAU,QAAQ,GAAG,UAAU,OAAO,IAAI,UAAU,IAAI,KAAK,EAAE;AAAA,MACpE;AACA,aAAO,GAAG,YAAY,WAAW,IAAI,SAAS;AAAA,IAChD,QAAQ;AAEN,aAAO,YAAY;AAAA,IACrB;AAAA,EACF;AAAA,EAEQ,wBAAwB,OAAuB;AACrD,WAAO,MAAM,QAAQ,qBAAqB,GAAG;AAAA,EAC/C;AAAA,EAEQ,QAAQ,QAAwB;AACtC,WAAO,GAAG,KAAK,eAAe,IAAI,MAAM;AAAA,EAC1C;AAAA,EAEA,MAAa,aAAsC;AACjD,UAAM,UAAU,MAAM;AAAA,MACpB,KAAK;AAAA,MACL,KAAK,QAAQ,sBAAsB,IAAI;AAAA,IACzC;AAEA,QAAI,OAA6B;AACjC,QAAI,SAAS;AACX,UAAI;AACF,cAAM,SAAS,KAAK,MAAM,OAAO;AACjC,YAAI,OAAO,MAAM,sBAAsB;AACrC,iBAAO;AAAA,QACT;AAAA,MACF,QAAQ;AACN,eAAO;AAAA,MACT;AAAA,IACF;AAEA,QAAI,MAAM;AACR,YAAM,YAAY,MAAM;AAAA,QACtB,KAAK;AAAA,QACL,KAAK,QAAQ,sBAAsB,MAAM;AAAA,MAC3C;AAEA,YAAM,cAAc,WAAW,KAAK;AACpC,UAAI,aAAa;AACf,cAAM,aAAa,MAAM;AAAA,UACvB,KAAK;AAAA,UACL,KAAK,QAAQ,sBAAsB,OAAO;AAAA,QAC5C;AACA,cAAM,QAAQ,MAAM;AAAA,UAClB,KAAK;AAAA,UACL,KAAK,QAAQ,sBAAsB,EAAE;AAAA,QACvC;AAEA,eAAO;AAAA,UACL;AAAA,UACA,cAAc,cAAc;AAAA,UAC5B,SAAS,SAAS;AAAA,UAClB,WAAW,KAAK;AAAA,UAChB,WAAW,KAAK;AAAA,QAClB;AAAA,MACF;AAAA,IACF;AAEA,UAAM,MAAM,MAAM,YAAY,KAAK,iBAAiB,KAAK,eAAe;AACxE,QAAI,CAAC;AAAK,aAAO;AAEjB,QAAI;AACF,aAAO,KAAK,MAAM,GAAG;AAAA,IACvB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,YAAY,SAAiC;AACxD,UAAM,OAAsB;AAAA,MAC1B,GAAG;AAAA,MACH,WAAW,QAAQ;AAAA,MACnB,WAAW,QAAQ;AAAA,IACrB;AAEA,UAAM,cAAc,QAAQ,YAAY,KAAK;AAC7C,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,KAAK,QAAQ,sBAAsB,MAAM;AAAA,MACzC;AAAA,IACF;AACA,UAAM,KAAK;AAAA,MACT,sBAAsB;AAAA,MACtB,QAAQ;AAAA,IACV;AACA,UAAM,KAAK;AAAA,MACT,sBAAsB;AAAA,MACtB,QAAQ;AAAA,IACV;AACA,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,KAAK,QAAQ,sBAAsB,IAAI;AAAA,MACvC,KAAK,UAAU,IAAI;AAAA,IACrB;AAEA,UAAM,KAAK,gCAAgC;AAAA,EAC7C;AAAA;AAAA,EAGA,MAAc,wBACZ,QAGA,OACe;AACf,UAAM,MAAM,KAAK,QAAQ,MAAM;AAC/B,UAAM,UAAU,OAAO,KAAK;AAC5B,QAAI,SAAS;AACX,YAAM,YAAY,KAAK,iBAAiB,KAAK,OAAO;AACpD;AAAA,IACF;AACA,UAAM,WAAW,MAAM,YAAY,KAAK,iBAAiB,GAAG;AAC5D,QAAI,UAAU;AACZ,YAAM,eAAe,KAAK,iBAAiB,GAAG;AAAA,IAChD;AAAA,EACF;AAAA;AAAA,EAGA,MAAc,kCAAiD;AAC7D,UAAM,SAAS,MAAM;AAAA,MACnB,KAAK;AAAA,MACL,KAAK;AAAA,IACP;AACA,QAAI,CAAC;AAAQ;AACb,QAAI;AACF,YAAM,eAAe,KAAK,iBAAiB,KAAK,eAAe;AAAA,IACjE,QAAQ;AAAA,IAER;AAAA,EACF;AAAA,EAEA,MAAa,QAAuB;AAClC,UAAM,WAAW;AAAA,MACf,GAAG,OAAO,OAAO,qBAAqB,EAAE;AAAA,QAAI,CAAC,WAC3C,KAAK,QAAQ,MAAM;AAAA,MACrB;AAAA,MACA,KAAK;AAAA,IACP;AACA,eAAW,WAAW,UAAU;AAC9B,YAAM,WAAW,MAAM,YAAY,KAAK,iBAAiB,OAAO;AAChE,UAAI,UAAU;AACZ,YAAI;AACF,gBAAM,eAAe,KAAK,iBAAiB,OAAO;AAAA,QACpD,QAAQ;AAAA,QAER;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAEO,IAAM,eAAe,IAAI,aAAa;;;ADhL7C,IAAM,kCAAkC;AAExC,IAAM,mCAAmC;AAUzC,IAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,QAAQ,EAAE,IAAI;AAAA,EACd,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,aAAa,EAAE,IAAI;AAAA,EACnB,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAM;AAAA,EAChD,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACvB,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC5B,wBAAwB,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,GAAK,EAAE,IAAI,IAAS;AAAA,EACjE,yBAAyB,EAAE,IAAI,EAAE,SAAS;AAC5C,CAAC;AAEM,IAAM,sBAAN,cAAkC,MAAM;AAAA,EACtC,cAAc;AACnB,UAAM,kBAAkB;AACxB,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,cAAN,MAAkB;AAAA,EACN,SAAS,iBAAiB,MAAM,WAAW;AAAA;AAAA,EAGpD,wBAAwD;AAAA;AAAA;AAAA;AAAA,EAKhE,MAAa,mBAA4C;AACvD,WAAO,aAAa,WAAW;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAa,aAAsC;AACjD,UAAM,KAAK,eAAe;AAC1B,WAAO,KAAK,iBAAiB;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAa,iBAA8C;AACzD,UAAM,UAAU,MAAM,KAAK,iBAAiB;AAC5C,QAAI,CAAC,SAAS;AAAa,aAAO;AAElC,QAAI,CAAC,KAAK,yBAAyB,OAAO,GAAG;AAC3C,aAAO,QAAQ;AAAA,IACjB;AAEA,QAAI,CAAC,QAAQ,cAAc;AACzB,YAAM,aAAa,MAAM;AACzB,aAAO;AAAA,IACT;AAEA,UAAM,YAAY,MAAM,KAAK,eAAe;AAC5C,WAAO,WAAW;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAa,iBAA0C;AACrD,QAAI,KAAK,uBAAuB;AAC9B,aAAO,KAAK;AAAA,IACd;AACA,SAAK,wBAAwB,KAAK,sBAAsB,EAAE,QAAQ,MAAM;AACtE,WAAK,wBAAwB;AAAA,IAC/B,CAAC;AACD,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,yBAAyB,SAA2B;AAC1D,QAAI,QAAQ,cAAc;AAAW,aAAO;AAC5C,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,WAAO,QAAQ,aAAa,MAAM;AAAA,EACpC;AAAA,EAEA,MAAc,wBAAiD;AAC7D,UAAM,UAAU,MAAM,KAAK,iBAAiB;AAC5C,QAAI,CAAC,SAAS,cAAc;AAC1B,YAAM,aAAa,MAAM;AACzB,aAAO;AAAA,IACT;AAEA,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,0BAA0B;AAExD,YAAM,WAAW,MAAW;AAAA,QAC1B;AAAA,QACA,QAAQ;AAAA,QACR,EAAE,OAAO,KAAK,OAAO,MAAM;AAAA,QAC3B;AAAA,MACF;AAEA,YAAM,aAAa,KAAK,qBAAqB,UAAU,OAAO;AAE9D,YAAM,aAAa,YAAY,UAAU;AACzC,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UACE,iBAAsB,0BACtB,MAAM,UAAU,kCAChB;AACA,cAAM,aAAa,MAAM;AACzB,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAc,4BAAyD;AACrE,UAAM,YAAY,IAAIC,KAAI,KAAK,OAAO,MAAM;AAC5C,WAAY;AAAA,MACV;AAAA,MACA,KAAK,OAAO;AAAA,MACZ;AAAA,MACA;AAAA,MACA;AAAA,QACE,GAAI,UAAU,aAAa,UACvB,EAAE,SAAS,CAAM,0BAAqB,EAAW,IACjD,CAAC;AAAA,MACP;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAa,MAAM,SAA0C;AAC3D,UAAM,EAAE,OAAO,IAAI,WAAW,CAAC;AAE/B,UAAM,aAAa,MAAM,KAAK,0BAA0B;AACxD,YAAQ,eAAe;AAEvB,UAAM,eAAoB,4BAAuB;AACjD,UAAM,gBAAgB,MAAW,gCAA2B,YAAY;AACxE,UAAM,QAAa,iBAAY;AAC/B,UAAM,QAAa,iBAAY;AAE/B,UAAM,mBAAwB,2BAAsB,YAAY;AAAA,MAC9D,cAAc,KAAK,OAAO;AAAA,MAC1B,eAAe;AAAA,MACf,OAAO,KAAK,OAAO;AAAA,MACnB,gBAAgB;AAAA,MAChB,uBAAuB;AAAA,MACvB;AAAA,MACA;AAAA,MACA,QAAQ,KAAK,OAAO;AAAA,IACtB,CAAC;AAED,YAAQ,eAAe;AACvB,UAAM,KAAK,YAAY,iBAAiB,SAAS,CAAC;AAElD,UAAM,WAAW,MAAM,KAAK,gBAAgB,MAAM;AAElD,UAAM,WAAW,MAAW;AAAA,MAC1B;AAAA,MACA,SAAS;AAAA,MACT;AAAA,QACE,kBAAkB;AAAA,QAClB,eAAe;AAAA,QACf,eAAe;AAAA,MACjB;AAAA,IACF;AAEA,UAAM,UAAU,KAAK,qBAAqB,QAAQ;AAElD,UAAM,aAAa,YAAY,OAAO;AACtC,WAAO;AAAA,EACT;AAAA,EAEA,MAAa,SAAwB;AACnC,UAAM,aAAa,MAAM;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAc,gBAAgB,QAA+C;AAC3E,UAAM,cAAc,IAAIA,KAAI,KAAK,OAAO,WAAW;AACnD,UAAM,WAAW,YAAY;AAC7B,UAAM,OAAO,OAAO,YAAY,IAAI;AACpC,UAAM,WAAW,YAAY;AAE7B,UAAM,gBAAgB,YAAY;AAAA,MAChC,KAAK,OAAO;AAAA,IACd;AACA,UAAM,iBACJ,WAAW,SACP,YAAY,IAAI,CAAC,QAAQ,aAAa,CAAC,IACvC;AAEN,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI,SAAS;AAEb,YAAM,SAAS,aAAa,CAAC,KAAK,QAAQ;AACxC,YAAI;AACF,gBAAM,aAAa,IAAIA,KAAI,IAAI,OAAO,IAAI,KAAK,OAAO,WAAW;AACjE,cAAI,WAAW,aAAa,UAAU;AACpC,gBAAI,aAAa;AACjB,gBAAI,IAAI,WAAW;AACnB;AAAA,UACF;AAEA,gBAAM,cAAc,IAAIA,KAAI,KAAK,OAAO,WAAW;AACnD,sBAAY,SAAS,WAAW;AAEhC,gBAAM,WAAW,KAAK,OAAO;AAC7B,cAAI,UAAU;AACZ,gBAAI,UAAU,KAAK,EAAE,UAAU,SAAS,CAAC;AACzC,gBAAI,IAAI;AAAA,UACV,OAAO;AACL,gBAAI,aAAa;AACjB,gBAAI,UAAU,gBAAgB,0BAA0B;AACxD,gBAAI;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAEA,sBAAY,CAAC,aAAqB;AAChC,gBAAI,UAAU;AACZ,qBAAO,QAAQ;AACf;AAAA,YACF;AACA,oBAAQ,EAAE,YAAY,CAAC;AAAA,UACzB,CAAC;AAAA,QACH,SAAS,OAAO;AACd,sBAAY,MAAM,OAAO,KAAK,CAAC;AAAA,QACjC;AAAA,MACF,CAAC;AAED,YAAM,cAAc,CAAC,aAA+C;AAClE,YAAI;AAAQ;AACZ,iBAAS;AACT,uBAAe,oBAAoB,SAAS,eAAe;AAC3D,YAAI,CAAC,OAAO,WAAW;AACrB,mBAAS;AACT;AAAA,QACF;AACA,eAAO,oBAAoB;AAC3B,eAAO,MAAM,CAAC,aAAa;AACzB,mBAAS,YAAY,MAAS;AAAA,QAChC,CAAC;AAAA,MACH;AAEA,eAAS,kBAAwB;AAC/B,oBAAY,CAAC,aAAqB;AAChC,cAAI,UAAU;AACZ,mBAAO,QAAQ;AACf;AAAA,UACF;AACA,cAAI,QAAQ,SAAS;AACnB,mBAAO,OAAO,UAAU,IAAI,oBAAoB,CAAC;AACjD;AAAA,UACF;AACA,cAAI,cAAc,SAAS;AACzB,mBAAO,IAAI,MAAM,oCAAoC,CAAC;AACtD;AAAA,UACF;AACA,iBAAO,IAAI,oBAAoB,CAAC;AAAA,QAClC,CAAC;AAAA,MACH;AAEA,aAAO,GAAG,SAAS,CAAC,UAAiC;AACnD,oBAAY,MAAM;AAChB,cAAI,MAAM,SAAS,cAAc;AAC/B,kBAAM,YACH,MAAoD,QAAQ;AAC/D;AAAA,cACE,IAAI;AAAA,gBACF,QAAQ,OAAO,SAAS,CAAC;AAAA,cAC3B;AAAA,YACF;AACA;AAAA,UACF;AACA,iBAAO,KAAK;AAAA,QACd,CAAC;AAAA,MACH,CAAC;AAGD,qBAAe,iBAAiB,SAAS,iBAAiB,EAAE,MAAM,KAAK,CAAC;AACxE,UAAI,eAAe,SAAS;AAC1B,wBAAgB;AAChB;AAAA,MACF;AAEA,aAAO,OAAO,MAAM,QAAQ;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,YAAY,KAA4B;AACpD,UAAM,KAAK,GAAG;AAAA,EAChB;AAAA,EAEQ,qBACN,UACA,gBACS;AACT,WAAO;AAAA,MACL,aAAa,SAAS;AAAA,MACtB,cAAc,SAAS,iBAAiB,gBAAgB;AAAA,MACxD,SAAS,SAAS,YAAY,gBAAgB;AAAA,MAC9C,WAAW,SAAS,cAAc,gBAAgB;AAAA,MAClD,WAAW,SAAS,aAChB,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,SAAS,aACzC;AAAA,IACN;AAAA,EACF;AACF;AAEO,IAAM,cAAc,IAAI,YAAY;;;AE/U3C,SAAS,eAAe;;;ACAxB,OAAO;AAAA,EAEL;AAAA,OAGK;AASA,IAAM,kBAAN,MAAsB;AAAA,EACV;AAAA,EACT;AAAA,EAED,cAAc;AACnB,SAAK,SAAS,MAAM,OAAO;AAAA,MACzB,SAAS,WAAW;AAAA,MACpB,SAAS,WAAW;AAAA,MACpB,SAAS;AAAA,QACP,cAAc,WAAW;AAAA,MAC3B;AAAA,IACF,CAAC;AAED,SAAK,OAAO,aAAa,QAAQ;AAAA,MAC/B,OAAO,WAAmC;AACxC,YAAI,OAAO,UAAU;AACnB,iBAAO;AAAA,QACT;AACA,cAAM,QAAQ,MAAM,KAAK,sBAAsB;AAC/C,YAAI,OAAO;AACT,eAAK,uBAAuB,QAAQ,KAAK;AAAA,QAC3C;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAEA,SAAK,OAAO,aAAa,SAAS;AAAA,MAChC,CAAC,aAAa;AAAA,MACd,OAAO,UAAsB;AAC3B,cAAM,kBAAkB,MAAM;AAI9B,YACE,MAAM,UAAU,WAAW,OAC3B,CAAC,mBACD,gBAAgB,YAChB,gBAAgB,QAChB;AACA,gBAAM;AAAA,QACR;AAGA,wBAAgB,SAAS;AAEzB,cAAM,mBAAmB,MAAM,YAAY,eAAe;AAC1D,cAAM,iBAAiB,kBAAkB;AACzC,YAAI,CAAC,gBAAgB;AACnB,gBAAM;AAAA,QACR;AAGA,aAAK,uBAAuB,iBAAiB,cAAc;AAC3D,eAAO,KAAK,OAAO,QAAQ,eAAe;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AAAA,EAEO,uBAAuB,UAAqC;AACjE,SAAK,sBAAsB;AAAA,EAC7B;AAAA,EAEO,YAA2B;AAChC,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,uBACN,QACA,OACM;AACN,UAAM,UAAU,aAAa,KAAK,OAAO,OAAO;AAChD,YAAQ,IAAI,iBAAiB,UAAU,KAAK,EAAE;AAC9C,WAAO,UAAU;AAAA,EACnB;AACF;AAEO,IAAM,kBAAkB,IAAI,gBAAgB;;;AC1FnD,SAAS,cAAc;AACvB,OAAO,WAAwB;AAU/B,eAAsB,mBACpB,SACG,MACS;AACZ,QAAM,QAAQ,KAAK,CAAC;AAEpB,SAAO,IAAI,QAAW,CAAC,SAAS,WAAW;AACzC,UAAM,MAAM;AAAA,MACV,MAAM,cAAc,MAAM;AAAA,QACxB,GAAI,SAAU,CAAC;AAAA,QACf,QAAQ,CAAC,WAAc;AACrB,gBAAM,YAAY;AAChB,gBAAI,QAAQ;AACZ,kBAAM,IAAI,cAAc;AACxB,oBAAQ,MAAM;AAAA,UAChB,GAAG,EAAE,MAAM,MAAM;AAAA,QACnB;AAAA,MACF,CAAwB;AAAA,IAC1B;AAAA,EACF,CAAC;AACH;;;AFrBO,IAAe,cAAf,cAAmC,QAAQ;AAAA,EACtC,UAA0B;AAAA,EAEpC,MAAsB,OAAsB;AAC1C,UAAM,MAAM,KAAK;AACjB,SAAK,UAAU,MAAM,YAAY,WAAW;AAC5C,oBAAgB;AAAA,MAAuB,YACrC,YAAY,eAAe;AAAA,IAC7B;AAEA,UAAM,aAAa,mBAAmB;AACtC,SAAK,MAAM,iBAAiB,WAAW,OAAO,EAAE;AAChD,SAAK,MAAM;AAAA,EAAuB,WAAW,KAAK,IAAI,KAAK,QAAQ,EAAE;AAAA,EACvE;AAAA,EAEU,oBAAmC;AAC3C,WAAO,gBAAgB,UAAU;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,sBAAwC;AACtD,UAAM,UAAU,MAAM,YAAY,WAAW;AAC7C,QAAI,CAAC,SAAS,aAAa;AACzB,WAAK;AAAA,QACH,0BAA0B,KAAK,OAAO,GAAG;AAAA,QACzC,EAAE,MAAM,EAAE;AAAA,MACZ;AAAA,IACF;AAEA,SAAK,UAAU;AACf,WAAO;AAAA,EACT;AAAA,EAWA,MAAgB,WACd,SACG,MACS;AACZ,WAAO,mBAAyB,MAAM,GAAG,IAAI;AAAA,EAC/C;AACF;","names":["URL","URL"]}
|