npm - @kittl/cli - Versions diffs - 0.0.1 - Mend

@kittl/cli 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/README.md +129 -0
package/bin/bootstrap.js +16 -0
package/bin/run.cmd +3 -0
package/bin/run.js +6 -0
package/dist/chunk-4ISWSLZ5.js +29 -0
package/dist/chunk-4ISWSLZ5.js.map +1 -0
package/dist/chunk-JGD3QFQS.js +529 -0
package/dist/chunk-JGD3QFQS.js.map +1 -0
package/dist/commands/app/create.js +16 -0
package/dist/commands/app/create.js.map +1 -0
package/dist/commands/app/upload.js +16 -0
package/dist/commands/app/upload.js.map +1 -0
package/dist/commands/auth/login.js +186 -0
package/dist/commands/auth/login.js.map +1 -0
package/dist/commands/auth/logout.js +18 -0
package/dist/commands/auth/logout.js.map +1 -0
package/dist/commands/auth/whoami.js +8 -0
package/dist/commands/auth/whoami.js.map +1 -0
package/dist/commands/whoami.js +8 -0
package/dist/commands/whoami.js.map +1 -0
package/package.json +60 -0

package/README.md ADDED Viewed

@@ -0,0 +1,129 @@
+# Kittl CLI
+Official command-line interface for Kittl.
+## Install
+From repo root:
+```bash
+pnpm install
+```
+## Build
+From repo root:
+```bash
+pnpm --filter ./packages/cli build
+```
+Or from `packages/cli`:
+```bash
+pnpm build
+```
+## Use locally
+From `packages/cli` after build:
+```bash
+node bin/run.js --help
+node bin/run.js app --help
+node bin/run.js auth login
+```
+Subcommands are space-separated (for example `app init`, `app upload`, `auth login`). `whoami` is available as `auth whoami` or as a top-level shortcut. Command names, flags, and descriptions live in the tool: run `kittl --help`, then `kittl <topic> --help`. This README only covers install, build, and dev workflow, not a duplicate of the help text.
+Note: run **`pnpm build`** before using `bin/run.js`.
+Using pnpm exec from repo root:
+```bash
+pnpm --filter ./packages/cli exec kittl --help
+```
+## Published usage
+After publishing:
+- package name is `@kittl/cli`
+- executable command is `kittl`
+Examples:
+```bash
+# Global install
+npm i -g @kittl/cli
+kittl --help
+kittl app --help
+# Without global install
+npx @kittl/cli --help
+```
+Most commands that call the API expect you to be signed in (`kittl auth login`).
+## Environment
+Copy and edit:
+```bash
+cp .env.example .env
+```
+Supported vars are documented in `.env.example`.
+They are optional overrides for local development and testing.
+## Developer docs
+Internal architecture and implementation notes live in `docs/internals.md`.
+## Local development scripts
+Run from `packages/cli`:
+```bash
+# Run CLI once in development mode (no build required)
+pnpm dev app --help
+# Re-run the CLI when source changes
+pnpm dev:watch app --help
+# Watch + rebuild dist and regenerate oclif manifest
+pnpm build:watch
+```
+## Global CLI on your PATH (linked)
+From `packages/cli` (after `pnpm install` at the repo root):
+```bash
+cd packages/cli
+pnpm link --global
+```
+This puts **`kittl`** and **`kittl-dev`** on your global `PATH`, pointing at your local clone:
+| Command       | When to use it |
+| ------------- | -------------- |
+| `kittl`       | Production entry. Run **`pnpm build`** first so `dist/` is up to date. |
+| `kittl-dev`   | Dev entry (`bin/dev.js` + `tsx`), same as **`pnpm dev`**, no build required. |
+To remove the global install later:
+```bash
+pnpm uninstall --global @kittl/cli
+```
+The npm package only ships the **`kittl`** binary; **`kittl-dev`** exists in this repo for contributors (`publishConfig` strips it from the published manifest).
+## Debug logging
+Enable debug output with `DEBUG`:
+```bash
+DEBUG=oclif:kittl:* kittl app --help #TODO: need to get rid of oclif prefix here
+```

package/bin/bootstrap.js ADDED Viewed

@@ -0,0 +1,16 @@
+/**
+ * ensure Ctrl+C / SIGTERM exit the process, and uncaught exceptions print a stack then exit
+ */
+import fs from 'node:fs';
+import process from 'node:process';
+process.on('uncaughtException', (err) => {
+  fs.writeSync(process.stderr.fd, `${err.stack ?? err.message ?? err}\n`);
+  process.exit(1);
+});
+for (const sig of ['SIGINT', 'SIGTERM', 'SIGQUIT']) {
+  process.on(sig, () => {
+    process.exit(1);
+  });
+}

package/bin/run.cmd ADDED Viewed

@@ -0,0 +1,3 @@
+@echo off
+node "%~dp0\run" %*

package/bin/run.js ADDED Viewed

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+import './bootstrap.js';
+import { execute } from '@oclif/core';
+await execute({ dir: import.meta.url });

package/dist/chunk-4ISWSLZ5.js ADDED Viewed

@@ -0,0 +1,29 @@
+import {
+  BaseCommand
+} from "./chunk-JGD3QFQS.js";
+// src/commands/auth/whoami.ts
+import { jwtDecode } from "jwt-decode";
+var AuthWhoAmI = class _AuthWhoAmI extends BaseCommand {
+  static description = "Show authenticated Kittl account details";
+  async run() {
+    await this.parse(_AuthWhoAmI);
+    const session = await this.ensureAuthenticated();
+    if (!session.idToken) {
+      this.error(
+        `No ID token found in session. Run \`${this.config.bin} auth:login\` again.`,
+        { exit: 2 }
+      );
+    }
+    const claims = jwtDecode(session.idToken);
+    const email = claims.email ?? "unknown";
+    const name = claims.name ?? claims.preferred_username ?? claims.sub ?? "unknown";
+    this.log(`Name: ${name}`);
+    this.log(`Email: ${email}`);
+  }
+};
+export {
+  AuthWhoAmI
+};
+//# sourceMappingURL=chunk-4ISWSLZ5.js.map

package/dist/chunk-4ISWSLZ5.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/commands/auth/whoami.ts"],"sourcesContent":["import { jwtDecode } from 'jwt-decode';\nimport type { IDToken } from 'openid-client';\nimport { BaseCommand } from '../../base-command';\n\nexport default class AuthWhoAmI extends BaseCommand {\n public static override description =\n 'Show authenticated Kittl account details';\n\n public async run(): Promise<void> {\n await this.parse(AuthWhoAmI);\n\n const session = await this.ensureAuthenticated();\n\n if (!session.idToken) {\n this.error(\n `No ID token found in session. Run \\`${this.config.bin} auth:login\\` again.`,\n { exit: 2 },\n );\n }\n\n const claims = jwtDecode<IDToken>(session.idToken);\n const email = claims.email ?? 'unknown';\n const name =\n claims.name ?? claims.preferred_username ?? claims.sub ?? 'unknown';\n\n this.log(`Name: ${name}`);\n this.log(`Email: ${email}`);\n }\n}\n"],"mappings":";;;;;AAAA,SAAS,iBAAiB;AAI1B,IAAqB,aAArB,MAAqB,oBAAmB,YAAY;AAAA,EAClD,OAAuB,cACrB;AAAA,EAEF,MAAa,MAAqB;AAChC,UAAM,KAAK,MAAM,WAAU;AAE3B,UAAM,UAAU,MAAM,KAAK,oBAAoB;AAE/C,QAAI,CAAC,QAAQ,SAAS;AACpB,WAAK;AAAA,QACH,uCAAuC,KAAK,OAAO,GAAG;AAAA,QACtD,EAAE,MAAM,EAAE;AAAA,MACZ;AAAA,IACF;AAEA,UAAM,SAAS,UAAmB,QAAQ,OAAO;AACjD,UAAM,QAAQ,OAAO,SAAS;AAC9B,UAAM,OACJ,OAAO,QAAQ,OAAO,sBAAsB,OAAO,OAAO;AAE5D,SAAK,IAAI,SAAS,IAAI,EAAE;AACxB,SAAK,IAAI,UAAU,KAAK,EAAE;AAAA,EAC5B;AACF;","names":[]}

package/dist/chunk-JGD3QFQS.js ADDED Viewed

@@ -0,0 +1,529 @@
+// src/services/auth.service.ts
+import { createServer } from "node:http";
+import { URL } from "node:url";
+import open from "open";
+import * as oidc from "openid-client";
+import { z } from "zod";
+// package.json
+var package_default = {
+  name: "@kittl/cli",
+  version: "0.0.1",
+  private: true,
+  type: "module",
+  bin: {
+    kittl: "./bin/run.js",
+    "kittl-dev": "./bin/dev.js"
+  },
+  publishConfig: {
+    bin: {
+      kittl: "./bin/run.js"
+    }
+  },
+  files: [
+    "bin/bootstrap.js",
+    "bin/run.cmd",
+    "bin/run.js",
+    "dist"
+  ],
+  scripts: {
+    build: "tsup && oclif manifest",
+    "build:watch": 'tsup --watch --onSuccess "oclif manifest"',
+    dev: "node ./bin/dev.js",
+    "dev:watch": "node --watch --watch-path=./src --watch-path=./bin ./bin/dev.js",
+    typecheck: "tsc --noEmit",
+    test: "vitest run",
+    "test:watch": "vitest"
+  },
+  dependencies: {
+    "@oclif/core": "^4.10.2",
+    axios: "^1.13.6",
+    "cross-keychain": "^1.1.0",
+    ink: "^6.8.0",
+    "jwt-decode": "^4.0.0",
+    open: "^11.0.0",
+    "openid-client": "^6.8.2",
+    react: "catalog:",
+    zod: "catalog:"
+  },
+  devDependencies: {
+    "@types/node": "^25.5.0",
+    "@types/react": "catalog:",
+    "ink-testing-library": "^4.0.0",
+    oclif: "^4.22.96",
+    tinyglobby: "^0.2.15",
+    tsup: "catalog:",
+    tsx: "catalog:",
+    typescript: "catalog:",
+    vitest: "^4.1.1"
+  },
+  oclif: {
+    bin: "kittl",
+    commands: "./dist/commands",
+    dirname: "kittl",
+    topicSeparator: " "
+  }
+};
+// src/utils.ts
+var INK_VIEW_UNMOUNT_REASON = Symbol("INK_VIEW_UNMOUNT_REASON");
+function parseRedirectPortFromEnv(defaultPort) {
+  const raw = process.env.KITTL_REDIRECT_PORT ?? String(defaultPort);
+  const n = Number(raw);
+  if (!Number.isInteger(n) || n < 1 || n > 65535) {
+    throw new Error(
+      `KITTL_REDIRECT_PORT must be an integer between 1 and 65535 (got ${JSON.stringify(raw)}).`
+    );
+  }
+  return n;
+}
+function localhostOAuthRedirectUri(port) {
+  return `http://localhost:${port}/callback`;
+}
+function getKittlEnvEntries() {
+  return Object.entries(process.env).filter(([key]) => key.startsWith("KITTL_")).sort(([a], [b]) => a.localeCompare(b)).map(([key, value]) => `${key}=${value ?? ""}`);
+}
+// src/constants.ts
+var { version } = package_default;
+var PRODUCTION = {
+  issuer: "https://auth.kittl.com/realms/kittl",
+  //TODO: TBD
+  apiBaseUrl: "https://api.kittl.com",
+  clientId: "kittl-cli",
+  redirectPort: 51771
+};
+var AUTH_CONFIG = {
+  issuer: process.env.KITTL_ISSUER_URL ?? PRODUCTION.issuer,
+  clientId: process.env.KITTL_CLIENT_ID ?? PRODUCTION.clientId,
+  redirectPort: parseRedirectPortFromEnv(PRODUCTION.redirectPort),
+  redirectUri: localhostOAuthRedirectUri(
+    parseRedirectPortFromEnv(PRODUCTION.redirectPort)
+  ),
+  scope: process.env.KITTL_AUTH_SCOPE ?? "openid profile email offline_access",
+  oauthCallbackTimeoutMs: Number(
+    process.env.KITTL_OAUTH_CALLBACK_TIMEOUT_MS ?? 12e4
+  ),
+  /** Optional 302 after OAuth; if undefined it renders a fallback HTML. */
+  oauthSuccessRedirectUrl: process.env.KITTL_OAUTH_SUCCESS_REDIRECT_URL || void 0,
+  serviceName: "kittl-cli",
+  accountName: "oauth-session"
+};
+var API_CONFIG = {
+  baseUrl: process.env.KITTL_API_BASE_URL ?? PRODUCTION.apiBaseUrl,
+  timeoutMs: 3e4,
+  userAgent: `kittl-cli/${version}`
+};
+// src/services/session-vault.service.ts
+import { deletePassword, getPassword, setPassword } from "cross-keychain";
+var SessionVault = class {
+  keychainService = AUTH_CONFIG.serviceName;
+  keychainAccount = AUTH_CONFIG.accountName;
+  async getSession() {
+    const raw = await getPassword(this.keychainService, this.keychainAccount);
+    if (!raw)
+      return null;
+    try {
+      return JSON.parse(raw);
+    } catch {
+      return null;
+    }
+  }
+  async saveSession(session) {
+    await setPassword(
+      this.keychainService,
+      this.keychainAccount,
+      JSON.stringify(session)
+    );
+  }
+  async clear() {
+    await deletePassword(this.keychainService, this.keychainAccount);
+  }
+};
+var sessionVault = new SessionVault();
+// src/services/auth.service.ts
+var ACCESS_TOKEN_REFRESH_BUFFER_SEC = 60;
+var OAUTH2_TOKEN_ERROR_INVALID_GRANT = "invalid_grant";
+var authConfigSchema = z.object({
+  issuer: z.url(),
+  clientId: z.string().min(1),
+  redirectUri: z.url(),
+  redirectPort: z.number().int().min(1).max(65535),
+  scope: z.string().min(1),
+  oauthCallbackTimeoutMs: z.number().int().min(5e3).max(36e5),
+  oauthSuccessRedirectUrl: z.url().optional()
+});
+var LoginCancelledError = class extends Error {
+  constructor() {
+    super("Login cancelled.");
+    this.name = "LoginCancelledError";
+  }
+};
+var AuthService = class {
+  config = authConfigSchema.parse(AUTH_CONFIG);
+  // concurrent refresh attempts are merged into a single promise
+  refreshSessionPromise = null;
+  /**
+   * raw vault read.
+   */
+  async getStoredSession() {
+    return sessionVault.getSession();
+  }
+  /**
+   * ensures token freshness (by silently refresh if needed)
+   */
+  async getSession() {
+    await this.getAccessToken();
+    return this.getStoredSession();
+  }
+  /**
+   * Returns a usable access token, silently refreshing when `expiresAt` is within {@link ACCESS_TOKEN_REFRESH_BUFFER_SEC}
+   * seconds (or in the past). based on Session.expiresAt.
+   */
+  async getAccessToken() {
+    const session = await this.getStoredSession();
+    if (!session?.accessToken)
+      return void 0;
+    if (!this.shouldRefreshAccessToken(session)) {
+      return session.accessToken;
+    }
+    if (!session.refreshToken) {
+      await sessionVault.clear();
+      return void 0;
+    }
+    const refreshed = await this.refreshSession();
+    return refreshed?.accessToken;
+  }
+  /**
+   * Refresh tokens via the OIDC token endpoint. On hard failure (e.g. `invalid_grant`), clears the vault.
+   */
+  async refreshSession() {
+    if (this.refreshSessionPromise) {
+      return this.refreshSessionPromise;
+    }
+    this.refreshSessionPromise = this.performRefreshSession().finally(() => {
+      this.refreshSessionPromise = null;
+    });
+    return this.refreshSessionPromise;
+  }
+  shouldRefreshAccessToken(session) {
+    if (session.expiresAt === void 0)
+      return false;
+    const now = Math.floor(Date.now() / 1e3);
+    return session.expiresAt <= now + ACCESS_TOKEN_REFRESH_BUFFER_SEC;
+  }
+  async performRefreshSession() {
+    const session = await this.getStoredSession();
+    if (!session?.refreshToken) {
+      await sessionVault.clear();
+      return null;
+    }
+    try {
+      const oidcConfig = await this.discoverOidcConfiguration();
+      const tokenSet = await oidc.refreshTokenGrant(
+        oidcConfig,
+        session.refreshToken,
+        { scope: this.config.scope },
+        void 0
+      );
+      const newSession = this.mapTokenSetToSession(tokenSet, session);
+      await sessionVault.saveSession(newSession);
+      return newSession;
+    } catch (error) {
+      if (error instanceof oidc.ResponseBodyError && error.error === OAUTH2_TOKEN_ERROR_INVALID_GRANT) {
+        await sessionVault.clear();
+        return null;
+      }
+      return null;
+    }
+  }
+  async discoverOidcConfiguration() {
+    const issuerUrl = new URL(this.config.issuer);
+    return oidc.discovery(
+      issuerUrl,
+      this.config.clientId,
+      void 0,
+      void 0,
+      {
+        ...issuerUrl.protocol === "http:" ? { execute: [oidc.allowInsecureRequests] } : {}
+      }
+    );
+  }
+  async login(options) {
+    const { signal } = options ?? {};
+    const oidcConfig = await this.discoverOidcConfiguration();
+    signal?.throwIfAborted();
+    const codeVerifier = oidc.randomPKCECodeVerifier();
+    const codeChallenge = await oidc.calculatePKCECodeChallenge(codeVerifier);
+    const state = oidc.randomState();
+    const nonce = oidc.randomNonce();
+    const authorizationUrl = oidc.buildAuthorizationUrl(oidcConfig, {
+      redirect_uri: this.config.redirectUri,
+      response_type: "code",
+      scope: this.config.scope,
+      code_challenge: codeChallenge,
+      code_challenge_method: "S256",
+      state,
+      nonce
+    });
+    signal?.throwIfAborted();
+    await this.openBrowser(authorizationUrl.toString());
+    const callback = await this.waitForCallback(signal);
+    const tokenSet = await oidc.authorizationCodeGrant(
+      oidcConfig,
+      callback.callbackUrl,
+      {
+        pkceCodeVerifier: codeVerifier,
+        expectedState: state,
+        expectedNonce: nonce
+      }
+    );
+    const session = this.mapTokenSetToSession(tokenSet);
+    await sessionVault.saveSession(session);
+    return session;
+  }
+  async logout() {
+    await sessionVault.clear();
+  }
+  /**
+   * Starts a short-lived `http` server on the host/port from the configured `redirectUri` so the IdP can
+   * redirect the browser to `…/callback?code=…&state=…` (Authorization Code + PKCE). The first matching request
+   * stops the server and resolves with that URL for the token exchange (`authorizationCodeGrant`).
+   *
+   * - **Success response:** HTTP 302 to {@link AUTH_CONFIG.oauthSuccessRedirectUrl} when set; otherwise a minimal inline HTML page.
+   */
+  async waitForCallback(signal) {
+    const redirectUrl = new URL(this.config.redirectUri);
+    const hostname = redirectUrl.hostname;
+    const port = Number(redirectUrl.port);
+    const pathname = redirectUrl.pathname;
+    const timeoutSignal = AbortSignal.timeout(
+      this.config.oauthCallbackTimeoutMs
+    );
+    const combinedSignal = signal !== void 0 ? AbortSignal.any([signal, timeoutSignal]) : timeoutSignal;
+    return new Promise((resolve, reject) => {
+      let closed = false;
+      const server = createServer((req, res) => {
+        try {
+          const requestUrl = new URL(req.url ?? "", this.config.redirectUri);
+          if (requestUrl.pathname !== pathname) {
+            res.statusCode = 404;
+            res.end("Not Found");
+            return;
+          }
+          const callbackUrl = new URL(this.config.redirectUri);
+          callbackUrl.search = requestUrl.search;
+          const brandUrl = this.config.oauthSuccessRedirectUrl;
+          if (brandUrl) {
+            res.writeHead(302, { Location: brandUrl });
+            res.end();
+          } else {
+            res.statusCode = 200;
+            res.setHeader("content-type", "text/html; charset=utf-8");
+            res.end(
+              "<!doctype html><html><body><h2>Authentication complete.</h2><p>You can close this tab and return to the terminal.</p></body></html>"
+            );
+          }
+          closeServer((closeErr) => {
+            if (closeErr) {
+              reject(closeErr);
+              return;
+            }
+            resolve({ callbackUrl });
+          });
+        } catch (error) {
+          closeServer(() => reject(error));
+        }
+      });
+      const closeServer = (onClosed) => {
+        if (closed)
+          return;
+        closed = true;
+        combinedSignal.removeEventListener("abort", onCombinedAbort);
+        if (!server.listening) {
+          onClosed();
+          return;
+        }
+        server.closeAllConnections();
+        server.close((closeErr) => {
+          onClosed(closeErr ?? void 0);
+        });
+      };
+      function onCombinedAbort() {
+        closeServer((closeErr) => {
+          if (closeErr) {
+            reject(closeErr);
+            return;
+          }
+          if (signal?.aborted) {
+            reject(signal.reason ?? new LoginCancelledError());
+            return;
+          }
+          if (timeoutSignal.aborted) {
+            reject(new Error("Login timed out. Please try again."));
+            return;
+          }
+          reject(new LoginCancelledError());
+        });
+      }
+      server.on("error", (error) => {
+        closeServer(() => {
+          if (error.code === "EADDRINUSE") {
+            const inUsePort = error.port ?? port;
+            reject(
+              new Error(
+                `Port ${String(inUsePort)} is already in use. Close the other app using it or set KITTL_REDIRECT_PORT to a free port, then try again.`
+              )
+            );
+            return;
+          }
+          reject(error);
+        });
+      });
+      combinedSignal.addEventListener("abort", onCombinedAbort, { once: true });
+      if (combinedSignal.aborted) {
+        onCombinedAbort();
+        return;
+      }
+      server.listen(port, hostname);
+    });
+  }
+  async openBrowser(url) {
+    await open(url);
+  }
+  mapTokenSetToSession(tokenSet, currentSession) {
+    return {
+      accessToken: tokenSet.access_token,
+      refreshToken: tokenSet.refresh_token ?? currentSession?.refreshToken,
+      idToken: tokenSet.id_token ?? currentSession?.idToken,
+      tokenType: tokenSet.token_type ?? currentSession?.tokenType,
+      expiresAt: tokenSet.expires_in ? Math.floor(Date.now() / 1e3) + tokenSet.expires_in : void 0
+    };
+  }
+};
+var authService = new AuthService();
+// src/base-command.ts
+import { Command } from "@oclif/core";
+import { render } from "ink";
+import React from "react";
+// src/services/api.service.ts
+import axios, {
+  AxiosHeaders
+} from "axios";
+var KittlApiService = class {
+  client;
+  accessTokenProvider;
+  constructor() {
+    this.client = axios.create({
+      baseURL: API_CONFIG.baseUrl,
+      timeout: API_CONFIG.timeoutMs,
+      headers: {
+        "User-Agent": API_CONFIG.userAgent
+      }
+    });
+    this.client.interceptors.request.use(
+      async (config) => {
+        if (config.skipAuth) {
+          return config;
+        }
+        const token = await this.accessTokenProvider?.();
+        if (token) {
+          this.setAuthorizationHeader(config, token);
+        }
+        return config;
+      }
+    );
+    this.client.interceptors.response.use(
+      (response) => response,
+      async (error) => {
+        const originalRequest = error.config;
+        if (error.response?.status !== 401 || !originalRequest || originalRequest.skipAuth || originalRequest._retry) {
+          throw error;
+        }
+        originalRequest._retry = true;
+        const refreshedSession = await authService.refreshSession();
+        const refreshedToken = refreshedSession?.accessToken;
+        if (!refreshedToken) {
+          throw error;
+        }
+        this.setAuthorizationHeader(originalRequest, refreshedToken);
+        return this.client.request(originalRequest);
+      }
+    );
+  }
+  setAccessTokenProvider(provider) {
+    this.accessTokenProvider = provider;
+  }
+  getClient() {
+    return this.client;
+  }
+  setAuthorizationHeader(config, token) {
+    const headers = AxiosHeaders.from(config.headers);
+    headers.set("Authorization", `Bearer ${token}`);
+    config.headers = headers;
+  }
+};
+var kittlApiService = new KittlApiService();
+// src/base-command.ts
+var BaseCommand = class extends Command {
+  session = null;
+  async init() {
+    await super.init();
+    this.session = await authService.getSession();
+    kittlApiService.setAccessTokenProvider(
+      async () => authService.getAccessToken()
+    );
+    const envEntries = getKittlEnvEntries();
+    this.debug(`API base URL: ${API_CONFIG.baseUrl}`);
+    this.debug(`KITTL_* variables:
+${envEntries.join("\n") || "(none)"}`);
+  }
+  getKittlApiClient() {
+    return kittlApiService.getClient();
+  }
+  /**
+   * Ensures a valid access token (+ refreshes when the accessToken is near expiry).
+   */
+  async ensureAuthenticated() {
+    const session = await authService.getSession();
+    if (!session?.accessToken) {
+      this.error(
+        `Session expired. Run \`${this.config.bin} auth:login\` first.`,
+        { exit: 2 }
+      );
+    }
+    this.session = session;
+    return session;
+  }
+  /**
+   * Run an Ink view that reports a result via `onDone`, then unmount and return.
+   * PRO TIP: use `this.log` / `this.error` after this resolves, not inside the view!! for final line stays on stdout.
+   */
+  async renderView(View) {
+    return new Promise((resolve, reject) => {
+      const app = render(
+        React.createElement(View, {
+          onDone: (result) => {
+            void (async () => {
+              app.unmount();
+              await app.waitUntilExit();
+              resolve(result);
+            })().catch(reject);
+          }
+        })
+      );
+    });
+  }
+};
+export {
+  INK_VIEW_UNMOUNT_REASON,
+  authService,
+  BaseCommand
+};
+//# sourceMappingURL=chunk-JGD3QFQS.js.map

package/dist/chunk-JGD3QFQS.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/services/auth.service.ts","../package.json","../src/utils.ts","../src/constants.ts","../src/services/session-vault.service.ts","../src/base-command.ts","../src/services/api.service.ts"],"sourcesContent":["import { createServer } from 'node:http';\nimport { URL } from 'node:url';\nimport open from 'open';\nimport * as oidc from 'openid-client';\nimport { z } from 'zod';\nimport { AUTH_CONFIG } from '../constants';\nimport type { Session } from '../types/session';\nimport { sessionVault } from './session-vault.service';\n\n// Seconds before access token expiry when we proactively refresh.\nconst ACCESS_TOKEN_REFRESH_BUFFER_SEC = 60;\n\nconst OAUTH2_TOKEN_ERROR_INVALID_GRANT = 'invalid_grant';\n\nexport type LoginOptions = {\n signal?: AbortSignal;\n};\n\nexport type CallbackResult = {\n callbackUrl: URL;\n};\n\nconst authConfigSchema = z.object({\n issuer: z.url(),\n clientId: z.string().min(1),\n redirectUri: z.url(),\n redirectPort: z.number().int().min(1).max(65_535),\n scope: z.string().min(1),\n oauthCallbackTimeoutMs: z.number().int().min(5_000).max(3_600_000),\n oauthSuccessRedirectUrl: z.url().optional(),\n});\n\nexport class LoginCancelledError extends Error {\n public constructor() {\n super('Login cancelled.');\n this.name = 'LoginCancelledError';\n }\n}\n\nexport class AuthService {\n private readonly config = authConfigSchema.parse(AUTH_CONFIG);\n\n // concurrent refresh attempts are merged into a single promise\n private refreshSessionPromise: Promise<Session | null> | null = null;\n\n /**\n * raw vault read.\n */\n public async getStoredSession(): Promise<Session | null> {\n return sessionVault.getSession();\n }\n\n /**\n * ensures token freshness (by silently refresh if needed)\n */\n public async getSession(): Promise<Session | null> {\n await this.getAccessToken();\n return this.getStoredSession();\n }\n\n /**\n * Returns a usable access token, silently refreshing when `expiresAt` is within {@link ACCESS_TOKEN_REFRESH_BUFFER_SEC}\n * seconds (or in the past). based on Session.expiresAt.\n */\n public async getAccessToken(): Promise<string | undefined> {\n const session = await this.getStoredSession();\n if (!session?.accessToken) return undefined;\n\n if (!this.shouldRefreshAccessToken(session)) {\n return session.accessToken;\n }\n\n if (!session.refreshToken) {\n await sessionVault.clear();\n return undefined;\n }\n\n const refreshed = await this.refreshSession();\n return refreshed?.accessToken;\n }\n\n /**\n * Refresh tokens via the OIDC token endpoint. On hard failure (e.g. `invalid_grant`), clears the vault.\n */\n public async refreshSession(): Promise<Session | null> {\n if (this.refreshSessionPromise) {\n return this.refreshSessionPromise;\n }\n this.refreshSessionPromise = this.performRefreshSession().finally(() => {\n this.refreshSessionPromise = null;\n });\n return this.refreshSessionPromise;\n }\n\n private shouldRefreshAccessToken(session: Session): boolean {\n if (session.expiresAt === undefined) return false;\n const now = Math.floor(Date.now() / 1000);\n return session.expiresAt <= now + ACCESS_TOKEN_REFRESH_BUFFER_SEC;\n }\n\n private async performRefreshSession(): Promise<Session | null> {\n const session = await this.getStoredSession();\n if (!session?.refreshToken) {\n await sessionVault.clear();\n return null;\n }\n\n try {\n const oidcConfig = await this.discoverOidcConfiguration();\n\n const tokenSet = await oidc.refreshTokenGrant(\n oidcConfig,\n session.refreshToken,\n { scope: this.config.scope },\n undefined,\n );\n\n const newSession = this.mapTokenSetToSession(tokenSet, session);\n\n await sessionVault.saveSession(newSession);\n return newSession;\n } catch (error) {\n if (\n error instanceof oidc.ResponseBodyError &&\n error.error === OAUTH2_TOKEN_ERROR_INVALID_GRANT\n ) {\n await sessionVault.clear();\n return null;\n }\n return null;\n }\n }\n\n private async discoverOidcConfiguration(): Promise<oidc.Configuration> {\n const issuerUrl = new URL(this.config.issuer);\n return oidc.discovery(\n issuerUrl,\n this.config.clientId,\n undefined,\n undefined,\n {\n ...(issuerUrl.protocol === 'http:'\n ? { execute: [oidc.allowInsecureRequests] as const }\n : {}),\n } as Parameters<typeof oidc.discovery>[4],\n );\n }\n\n public async login(options?: LoginOptions): Promise<Session> {\n const { signal } = options ?? {};\n\n const oidcConfig = await this.discoverOidcConfiguration();\n signal?.throwIfAborted();\n\n const codeVerifier = oidc.randomPKCECodeVerifier();\n const codeChallenge = await oidc.calculatePKCECodeChallenge(codeVerifier);\n const state = oidc.randomState();\n const nonce = oidc.randomNonce();\n\n const authorizationUrl = oidc.buildAuthorizationUrl(oidcConfig, {\n redirect_uri: this.config.redirectUri,\n response_type: 'code',\n scope: this.config.scope,\n code_challenge: codeChallenge,\n code_challenge_method: 'S256',\n state,\n nonce,\n });\n\n signal?.throwIfAborted();\n await this.openBrowser(authorizationUrl.toString());\n\n const callback = await this.waitForCallback(signal);\n\n const tokenSet = await oidc.authorizationCodeGrant(\n oidcConfig,\n callback.callbackUrl,\n {\n pkceCodeVerifier: codeVerifier,\n expectedState: state,\n expectedNonce: nonce,\n },\n );\n\n const session = this.mapTokenSetToSession(tokenSet);\n\n await sessionVault.saveSession(session);\n return session;\n }\n\n public async logout(): Promise<void> {\n await sessionVault.clear();\n }\n\n /**\n * Starts a short-lived `http` server on the host/port from the configured `redirectUri` so the IdP can\n * redirect the browser to `…/callback?code=…&state=…` (Authorization Code + PKCE). The first matching request\n * stops the server and resolves with that URL for the token exchange (`authorizationCodeGrant`).\n *\n * - **Success response:** HTTP 302 to {@link AUTH_CONFIG.oauthSuccessRedirectUrl} when set; otherwise a minimal inline HTML page.\n */\n private async waitForCallback(signal?: AbortSignal): Promise<CallbackResult> {\n const redirectUrl = new URL(this.config.redirectUri);\n const hostname = redirectUrl.hostname;\n const port = Number(redirectUrl.port);\n const pathname = redirectUrl.pathname;\n\n const timeoutSignal = AbortSignal.timeout(\n this.config.oauthCallbackTimeoutMs,\n );\n const combinedSignal =\n signal !== undefined\n ? AbortSignal.any([signal, timeoutSignal])\n : timeoutSignal;\n\n return new Promise((resolve, reject) => {\n let closed = false;\n\n const server = createServer((req, res) => {\n try {\n const requestUrl = new URL(req.url ?? '', this.config.redirectUri);\n if (requestUrl.pathname !== pathname) {\n res.statusCode = 404;\n res.end('Not Found');\n return;\n }\n\n const callbackUrl = new URL(this.config.redirectUri);\n callbackUrl.search = requestUrl.search;\n\n const brandUrl = this.config.oauthSuccessRedirectUrl;\n if (brandUrl) {\n res.writeHead(302, { Location: brandUrl });\n res.end();\n } else {\n res.statusCode = 200;\n res.setHeader('content-type', 'text/html; charset=utf-8');\n res.end(\n '<!doctype html><html><body><h2>Authentication complete.</h2><p>You can close this tab and return to the terminal.</p></body></html>',\n );\n }\n\n closeServer((closeErr?: Error) => {\n if (closeErr) {\n reject(closeErr);\n return;\n }\n resolve({ callbackUrl });\n });\n } catch (error) {\n closeServer(() => reject(error));\n }\n });\n\n const closeServer = (onClosed: (closeErr?: Error) => void): void => {\n if (closed) return;\n closed = true;\n combinedSignal.removeEventListener('abort', onCombinedAbort);\n if (!server.listening) {\n onClosed();\n return;\n }\n server.closeAllConnections();\n server.close((closeErr) => {\n onClosed(closeErr ?? undefined);\n });\n };\n\n function onCombinedAbort(): void {\n closeServer((closeErr?: Error) => {\n if (closeErr) {\n reject(closeErr);\n return;\n }\n if (signal?.aborted) {\n reject(signal.reason ?? new LoginCancelledError());\n return;\n }\n if (timeoutSignal.aborted) {\n reject(new Error('Login timed out. Please try again.'));\n return;\n }\n reject(new LoginCancelledError());\n });\n }\n\n server.on('error', (error: NodeJS.ErrnoException) => {\n closeServer(() => {\n if (error.code === 'EADDRINUSE') {\n const inUsePort =\n (error as NodeJS.ErrnoException & { port?: number }).port ?? port;\n reject(\n new Error(\n `Port ${String(inUsePort)} is already in use. Close the other app using it or set KITTL_REDIRECT_PORT to a free port, then try again.`,\n ),\n );\n return;\n }\n reject(error);\n });\n });\n\n // 1. Abort before any listen — avoids a half-started server; early exit skips `listen` entirely.\n combinedSignal.addEventListener('abort', onCombinedAbort, { once: true });\n if (combinedSignal.aborted) {\n onCombinedAbort();\n return;\n }\n\n server.listen(port, hostname);\n });\n }\n\n private async openBrowser(url: string): Promise<void> {\n await open(url);\n }\n\n private mapTokenSetToSession(\n tokenSet: oidc.TokenEndpointResponse,\n currentSession?: Session,\n ): Session {\n return {\n accessToken: tokenSet.access_token,\n refreshToken: tokenSet.refresh_token ?? currentSession?.refreshToken,\n idToken: tokenSet.id_token ?? currentSession?.idToken,\n tokenType: tokenSet.token_type ?? currentSession?.tokenType,\n expiresAt: tokenSet.expires_in\n ? Math.floor(Date.now() / 1000) + tokenSet.expires_in\n : undefined,\n };\n }\n}\n\nexport const authService = new AuthService();\n","{\n \"name\": \"@kittl/cli\",\n \"version\": \"0.0.1\",\n \"private\": true,\n \"type\": \"module\",\n \"bin\": {\n \"kittl\": \"./bin/run.js\",\n \"kittl-dev\": \"./bin/dev.js\"\n },\n \"publishConfig\": {\n \"bin\": {\n \"kittl\": \"./bin/run.js\"\n }\n },\n \"files\": [\n \"bin/bootstrap.js\",\n \"bin/run.cmd\",\n \"bin/run.js\",\n \"dist\"\n ],\n \"scripts\": {\n \"build\": \"tsup && oclif manifest\",\n \"build:watch\": \"tsup --watch --onSuccess \\\"oclif manifest\\\"\",\n \"dev\": \"node ./bin/dev.js\",\n \"dev:watch\": \"node --watch --watch-path=./src --watch-path=./bin ./bin/dev.js\",\n \"typecheck\": \"tsc --noEmit\",\n \"test\": \"vitest run\",\n \"test:watch\": \"vitest\"\n },\n \"dependencies\": {\n \"@oclif/core\": \"^4.10.2\",\n \"axios\": \"^1.13.6\",\n \"cross-keychain\": \"^1.1.0\",\n \"ink\": \"^6.8.0\",\n \"jwt-decode\": \"^4.0.0\",\n \"open\": \"^11.0.0\",\n \"openid-client\": \"^6.8.2\",\n \"react\": \"catalog:\",\n \"zod\": \"catalog:\"\n },\n \"devDependencies\": {\n \"@types/node\": \"^25.5.0\",\n \"@types/react\": \"catalog:\",\n \"ink-testing-library\": \"^4.0.0\",\n \"oclif\": \"^4.22.96\",\n \"tinyglobby\": \"^0.2.15\",\n \"tsup\": \"catalog:\",\n \"tsx\": \"catalog:\",\n \"typescript\": \"catalog:\",\n \"vitest\": \"^4.1.1\"\n },\n \"oclif\": {\n \"bin\": \"kittl\",\n \"commands\": \"./dist/commands\",\n \"dirname\": \"kittl\",\n \"topicSeparator\": \" \"\n }\n}\n","/** Silent UI teardown (e.g. Ink unmount) — not user-initiated cancel. */\nexport const INK_VIEW_UNMOUNT_REASON = Symbol('INK_VIEW_UNMOUNT_REASON');\n\n/**\n * Reads `KITTL_REDIRECT_PORT` (or {@link defaultPort}) and validates it is an integer in 1–65535.\n */\nexport function parseRedirectPortFromEnv(defaultPort: number): number {\n const raw = process.env.KITTL_REDIRECT_PORT ?? String(defaultPort);\n const n = Number(raw);\n if (!Number.isInteger(n) || n < 1 || n > 65_535) {\n throw new Error(\n `KITTL_REDIRECT_PORT must be an integer between 1 and 65535 (got ${JSON.stringify(raw)}).`,\n );\n }\n return n;\n}\n\n/** Fixed localhost OAuth callback path for Authorization Code + PKCE. */\nexport function localhostOAuthRedirectUri(port: number): string {\n return `http://localhost:${port}/callback`;\n}\n\nexport function getKittlEnvEntries(): string[] {\n return Object.entries(process.env)\n .filter(([key]) => key.startsWith('KITTL_'))\n .sort(([a], [b]) => a.localeCompare(b))\n .map(([key, value]) => `${key}=${value ?? ''}`);\n}\n","import pkg from '../package.json' with { type: 'json' };\nimport { localhostOAuthRedirectUri, parseRedirectPortFromEnv } from './utils';\n\nconst { version } = pkg;\n\nexport const PRODUCTION = {\n issuer: 'https://auth.kittl.com/realms/kittl', //TODO: TBD\n apiBaseUrl: 'https://api.kittl.com',\n clientId: 'kittl-cli',\n redirectPort: 51771,\n} as const;\n\n// -----------------------------------------------------------------------------\n// OAuth / OIDC (PKCE login, keychain session)\n// -----------------------------------------------------------------------------\n\nexport const AUTH_CONFIG = {\n issuer: process.env.KITTL_ISSUER_URL ?? PRODUCTION.issuer,\n clientId: process.env.KITTL_CLIENT_ID ?? PRODUCTION.clientId,\n redirectPort: parseRedirectPortFromEnv(PRODUCTION.redirectPort),\n redirectUri: localhostOAuthRedirectUri(\n parseRedirectPortFromEnv(PRODUCTION.redirectPort),\n ),\n scope: process.env.KITTL_AUTH_SCOPE ?? 'openid profile email offline_access',\n oauthCallbackTimeoutMs: Number(\n process.env.KITTL_OAUTH_CALLBACK_TIMEOUT_MS ?? 120_000,\n ),\n /** Optional 302 after OAuth; if undefined it renders a fallback HTML. */\n oauthSuccessRedirectUrl:\n process.env.KITTL_OAUTH_SUCCESS_REDIRECT_URL || undefined,\n serviceName: 'kittl-cli',\n accountName: 'oauth-session',\n} as const;\n\n// -----------------------------------------------------------------------------\n// HTTP API (Axios base URL for Kittl APIs)\n// -----------------------------------------------------------------------------\n\nexport const API_CONFIG = {\n baseUrl: process.env.KITTL_API_BASE_URL ?? PRODUCTION.apiBaseUrl,\n timeoutMs: 30_000,\n userAgent: `kittl-cli/${version}`,\n} as const;\n","import { deletePassword, getPassword, setPassword } from 'cross-keychain';\nimport { AUTH_CONFIG } from '../constants';\nimport type { Session } from '../types/session';\n\n/**\n * Persists OIDC session (tokens) in the OS credential store (e.g. Keychain).\n */\nexport class SessionVault {\n private readonly keychainService = AUTH_CONFIG.serviceName;\n private readonly keychainAccount = AUTH_CONFIG.accountName;\n\n public async getSession(): Promise<Session | null> {\n const raw = await getPassword(this.keychainService, this.keychainAccount);\n if (!raw) return null;\n\n try {\n return JSON.parse(raw) as Session;\n } catch {\n return null;\n }\n }\n\n public async saveSession(session: Session): Promise<void> {\n await setPassword(\n this.keychainService,\n this.keychainAccount,\n JSON.stringify(session),\n );\n }\n\n public async clear(): Promise<void> {\n await deletePassword(this.keychainService, this.keychainAccount);\n }\n}\n\nexport const sessionVault = new SessionVault();\n","import { Command } from '@oclif/core';\nimport type { AxiosInstance } from 'axios';\nimport { render } from 'ink';\nimport type { FC } from 'react';\nimport React from 'react';\nimport { API_CONFIG } from './constants';\nimport { kittlApiService } from './services/api.service';\nimport { authService } from './services/auth.service';\nimport type { Session } from './types/session';\nimport { getKittlEnvEntries } from './utils';\n\nexport abstract class BaseCommand extends Command {\n protected session: Session | null = null;\n\n public override async init(): Promise<void> {\n await super.init();\n this.session = await authService.getSession();\n kittlApiService.setAccessTokenProvider(async () =>\n authService.getAccessToken(),\n );\n\n const envEntries = getKittlEnvEntries();\n this.debug(`API base URL: ${API_CONFIG.baseUrl}`);\n this.debug(`KITTL_* variables:\\n${envEntries.join('\\n') || '(none)'}`);\n }\n\n protected getKittlApiClient(): AxiosInstance {\n return kittlApiService.getClient();\n }\n\n /**\n * Ensures a valid access token (+ refreshes when the accessToken is near expiry).\n */\n protected async ensureAuthenticated(): Promise<Session> {\n const session = await authService.getSession();\n if (!session?.accessToken) {\n this.error(\n `Session expired. Run \\`${this.config.bin} auth:login\\` first.`,\n { exit: 2 },\n );\n }\n\n this.session = session;\n return session;\n }\n\n /**\n * Run an Ink view that reports a result via `onDone`, then unmount and return.\n * PRO TIP: use `this.log` / `this.error` after this resolves, not inside the view!! for final line stays on stdout.\n */\n protected async renderView<R>(\n View: FC<{ onDone: (result: R) => void }>,\n ): Promise<R> {\n return new Promise<R>((resolve, reject) => {\n const app = render(\n React.createElement(View, {\n onDone: (result: R) => {\n void (async () => {\n app.unmount();\n await app.waitUntilExit();\n resolve(result);\n })().catch(reject);\n },\n }),\n );\n });\n }\n}\n","import axios, {\n type AxiosError,\n AxiosHeaders,\n type AxiosInstance,\n type InternalAxiosRequestConfig,\n} from 'axios';\nimport { API_CONFIG } from '../constants';\nimport { authService } from './auth.service';\n\ntype AccessTokenProvider = () => Promise<string | undefined>;\ntype RetriableRequestConfig = InternalAxiosRequestConfig & {\n _retry?: boolean;\n};\n\nexport class KittlApiService {\n private readonly client: AxiosInstance;\n private accessTokenProvider?: AccessTokenProvider;\n\n public constructor() {\n this.client = axios.create({\n baseURL: API_CONFIG.baseUrl,\n timeout: API_CONFIG.timeoutMs,\n headers: {\n 'User-Agent': API_CONFIG.userAgent,\n },\n });\n\n this.client.interceptors.request.use(\n async (config: RetriableRequestConfig) => {\n if (config.skipAuth) {\n return config;\n }\n const token = await this.accessTokenProvider?.();\n if (token) {\n this.setAuthorizationHeader(config, token);\n }\n return config;\n },\n );\n\n this.client.interceptors.response.use(\n (response) => response,\n async (error: AxiosError) => {\n const originalRequest = error.config as\n | RetriableRequestConfig\n | undefined;\n // Retry only first-time 401 responses with a valid original request.\n if (\n error.response?.status !== 401 ||\n !originalRequest ||\n originalRequest.skipAuth ||\n originalRequest._retry\n ) {\n throw error;\n }\n\n // Mark as retried to avoid infinite retry loops.\n originalRequest._retry = true;\n // Force-refresh the token before replaying the request.\n const refreshedSession = await authService.refreshSession();\n const refreshedToken = refreshedSession?.accessToken;\n if (!refreshedToken) {\n throw error;\n }\n\n // Re-run the original request with updated Authorization header.\n this.setAuthorizationHeader(originalRequest, refreshedToken);\n return this.client.request(originalRequest);\n },\n );\n }\n\n public setAccessTokenProvider(provider: AccessTokenProvider): void {\n this.accessTokenProvider = provider;\n }\n\n public getClient(): AxiosInstance {\n return this.client;\n }\n\n private setAuthorizationHeader(\n config: InternalAxiosRequestConfig,\n token: string,\n ): void {\n const headers = AxiosHeaders.from(config.headers);\n headers.set('Authorization', `Bearer ${token}`);\n config.headers = headers;\n }\n}\n\nexport const kittlApiService = new KittlApiService();\n"],"mappings":";AAAA,SAAS,oBAAoB;AAC7B,SAAS,WAAW;AACpB,OAAO,UAAU;AACjB,YAAY,UAAU;AACtB,SAAS,SAAS;;;ACJlB;AAAA,EACE,MAAQ;AAAA,EACR,SAAW;AAAA,EACX,SAAW;AAAA,EACX,MAAQ;AAAA,EACR,KAAO;AAAA,IACL,OAAS;AAAA,IACT,aAAa;AAAA,EACf;AAAA,EACA,eAAiB;AAAA,IACf,KAAO;AAAA,MACL,OAAS;AAAA,IACX;AAAA,EACF;AAAA,EACA,OAAS;AAAA,IACP;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAAA,EACA,SAAW;AAAA,IACT,OAAS;AAAA,IACT,eAAe;AAAA,IACf,KAAO;AAAA,IACP,aAAa;AAAA,IACb,WAAa;AAAA,IACb,MAAQ;AAAA,IACR,cAAc;AAAA,EAChB;AAAA,EACA,cAAgB;AAAA,IACd,eAAe;AAAA,IACf,OAAS;AAAA,IACT,kBAAkB;AAAA,IAClB,KAAO;AAAA,IACP,cAAc;AAAA,IACd,MAAQ;AAAA,IACR,iBAAiB;AAAA,IACjB,OAAS;AAAA,IACT,KAAO;AAAA,EACT;AAAA,EACA,iBAAmB;AAAA,IACjB,eAAe;AAAA,IACf,gBAAgB;AAAA,IAChB,uBAAuB;AAAA,IACvB,OAAS;AAAA,IACT,YAAc;AAAA,IACd,MAAQ;AAAA,IACR,KAAO;AAAA,IACP,YAAc;AAAA,IACd,QAAU;AAAA,EACZ;AAAA,EACA,OAAS;AAAA,IACP,KAAO;AAAA,IACP,UAAY;AAAA,IACZ,SAAW;AAAA,IACX,gBAAkB;AAAA,EACpB;AACF;;;ACxDO,IAAM,0BAA0B,OAAO,yBAAyB;AAKhE,SAAS,yBAAyB,aAA6B;AACpE,QAAM,MAAM,QAAQ,IAAI,uBAAuB,OAAO,WAAW;AACjE,QAAM,IAAI,OAAO,GAAG;AACpB,MAAI,CAAC,OAAO,UAAU,CAAC,KAAK,IAAI,KAAK,IAAI,OAAQ;AAC/C,UAAM,IAAI;AAAA,MACR,mEAAmE,KAAK,UAAU,GAAG,CAAC;AAAA,IACxF;AAAA,EACF;AACA,SAAO;AACT;AAGO,SAAS,0BAA0B,MAAsB;AAC9D,SAAO,oBAAoB,IAAI;AACjC;AAEO,SAAS,qBAA+B;AAC7C,SAAO,OAAO,QAAQ,QAAQ,GAAG,EAC9B,OAAO,CAAC,CAAC,GAAG,MAAM,IAAI,WAAW,QAAQ,CAAC,EAC1C,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,EACrC,IAAI,CAAC,CAAC,KAAK,KAAK,MAAM,GAAG,GAAG,IAAI,SAAS,EAAE,EAAE;AAClD;;;ACxBA,IAAM,EAAE,QAAQ,IAAI;AAEb,IAAM,aAAa;AAAA,EACxB,QAAQ;AAAA;AAAA,EACR,YAAY;AAAA,EACZ,UAAU;AAAA,EACV,cAAc;AAChB;AAMO,IAAM,cAAc;AAAA,EACzB,QAAQ,QAAQ,IAAI,oBAAoB,WAAW;AAAA,EACnD,UAAU,QAAQ,IAAI,mBAAmB,WAAW;AAAA,EACpD,cAAc,yBAAyB,WAAW,YAAY;AAAA,EAC9D,aAAa;AAAA,IACX,yBAAyB,WAAW,YAAY;AAAA,EAClD;AAAA,EACA,OAAO,QAAQ,IAAI,oBAAoB;AAAA,EACvC,wBAAwB;AAAA,IACtB,QAAQ,IAAI,mCAAmC;AAAA,EACjD;AAAA;AAAA,EAEA,yBACE,QAAQ,IAAI,oCAAoC;AAAA,EAClD,aAAa;AAAA,EACb,aAAa;AACf;AAMO,IAAM,aAAa;AAAA,EACxB,SAAS,QAAQ,IAAI,sBAAsB,WAAW;AAAA,EACtD,WAAW;AAAA,EACX,WAAW,aAAa,OAAO;AACjC;;;AC1CA,SAAS,gBAAgB,aAAa,mBAAmB;AAOlD,IAAM,eAAN,MAAmB;AAAA,EACP,kBAAkB,YAAY;AAAA,EAC9B,kBAAkB,YAAY;AAAA,EAE/C,MAAa,aAAsC;AACjD,UAAM,MAAM,MAAM,YAAY,KAAK,iBAAiB,KAAK,eAAe;AACxE,QAAI,CAAC;AAAK,aAAO;AAEjB,QAAI;AACF,aAAO,KAAK,MAAM,GAAG;AAAA,IACvB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAa,YAAY,SAAiC;AACxD,UAAM;AAAA,MACJ,KAAK;AAAA,MACL,KAAK;AAAA,MACL,KAAK,UAAU,OAAO;AAAA,IACxB;AAAA,EACF;AAAA,EAEA,MAAa,QAAuB;AAClC,UAAM,eAAe,KAAK,iBAAiB,KAAK,eAAe;AAAA,EACjE;AACF;AAEO,IAAM,eAAe,IAAI,aAAa;;;AJzB7C,IAAM,kCAAkC;AAExC,IAAM,mCAAmC;AAUzC,IAAM,mBAAmB,EAAE,OAAO;AAAA,EAChC,QAAQ,EAAE,IAAI;AAAA,EACd,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,aAAa,EAAE,IAAI;AAAA,EACnB,cAAc,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,IAAI,KAAM;AAAA,EAChD,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EACvB,wBAAwB,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,GAAK,EAAE,IAAI,IAAS;AAAA,EACjE,yBAAyB,EAAE,IAAI,EAAE,SAAS;AAC5C,CAAC;AAEM,IAAM,sBAAN,cAAkC,MAAM;AAAA,EACtC,cAAc;AACnB,UAAM,kBAAkB;AACxB,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,cAAN,MAAkB;AAAA,EACN,SAAS,iBAAiB,MAAM,WAAW;AAAA;AAAA,EAGpD,wBAAwD;AAAA;AAAA;AAAA;AAAA,EAKhE,MAAa,mBAA4C;AACvD,WAAO,aAAa,WAAW;AAAA,EACjC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAa,aAAsC;AACjD,UAAM,KAAK,eAAe;AAC1B,WAAO,KAAK,iBAAiB;AAAA,EAC/B;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAa,iBAA8C;AACzD,UAAM,UAAU,MAAM,KAAK,iBAAiB;AAC5C,QAAI,CAAC,SAAS;AAAa,aAAO;AAElC,QAAI,CAAC,KAAK,yBAAyB,OAAO,GAAG;AAC3C,aAAO,QAAQ;AAAA,IACjB;AAEA,QAAI,CAAC,QAAQ,cAAc;AACzB,YAAM,aAAa,MAAM;AACzB,aAAO;AAAA,IACT;AAEA,UAAM,YAAY,MAAM,KAAK,eAAe;AAC5C,WAAO,WAAW;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAa,iBAA0C;AACrD,QAAI,KAAK,uBAAuB;AAC9B,aAAO,KAAK;AAAA,IACd;AACA,SAAK,wBAAwB,KAAK,sBAAsB,EAAE,QAAQ,MAAM;AACtE,WAAK,wBAAwB;AAAA,IAC/B,CAAC;AACD,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,yBAAyB,SAA2B;AAC1D,QAAI,QAAQ,cAAc;AAAW,aAAO;AAC5C,UAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,WAAO,QAAQ,aAAa,MAAM;AAAA,EACpC;AAAA,EAEA,MAAc,wBAAiD;AAC7D,UAAM,UAAU,MAAM,KAAK,iBAAiB;AAC5C,QAAI,CAAC,SAAS,cAAc;AAC1B,YAAM,aAAa,MAAM;AACzB,aAAO;AAAA,IACT;AAEA,QAAI;AACF,YAAM,aAAa,MAAM,KAAK,0BAA0B;AAExD,YAAM,WAAW,MAAW;AAAA,QAC1B;AAAA,QACA,QAAQ;AAAA,QACR,EAAE,OAAO,KAAK,OAAO,MAAM;AAAA,QAC3B;AAAA,MACF;AAEA,YAAM,aAAa,KAAK,qBAAqB,UAAU,OAAO;AAE9D,YAAM,aAAa,YAAY,UAAU;AACzC,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UACE,iBAAsB,0BACtB,MAAM,UAAU,kCAChB;AACA,cAAM,aAAa,MAAM;AACzB,eAAO;AAAA,MACT;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEA,MAAc,4BAAyD;AACrE,UAAM,YAAY,IAAI,IAAI,KAAK,OAAO,MAAM;AAC5C,WAAY;AAAA,MACV;AAAA,MACA,KAAK,OAAO;AAAA,MACZ;AAAA,MACA;AAAA,MACA;AAAA,QACE,GAAI,UAAU,aAAa,UACvB,EAAE,SAAS,CAAM,0BAAqB,EAAW,IACjD,CAAC;AAAA,MACP;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAa,MAAM,SAA0C;AAC3D,UAAM,EAAE,OAAO,IAAI,WAAW,CAAC;AAE/B,UAAM,aAAa,MAAM,KAAK,0BAA0B;AACxD,YAAQ,eAAe;AAEvB,UAAM,eAAoB,4BAAuB;AACjD,UAAM,gBAAgB,MAAW,gCAA2B,YAAY;AACxE,UAAM,QAAa,iBAAY;AAC/B,UAAM,QAAa,iBAAY;AAE/B,UAAM,mBAAwB,2BAAsB,YAAY;AAAA,MAC9D,cAAc,KAAK,OAAO;AAAA,MAC1B,eAAe;AAAA,MACf,OAAO,KAAK,OAAO;AAAA,MACnB,gBAAgB;AAAA,MAChB,uBAAuB;AAAA,MACvB;AAAA,MACA;AAAA,IACF,CAAC;AAED,YAAQ,eAAe;AACvB,UAAM,KAAK,YAAY,iBAAiB,SAAS,CAAC;AAElD,UAAM,WAAW,MAAM,KAAK,gBAAgB,MAAM;AAElD,UAAM,WAAW,MAAW;AAAA,MAC1B;AAAA,MACA,SAAS;AAAA,MACT;AAAA,QACE,kBAAkB;AAAA,QAClB,eAAe;AAAA,QACf,eAAe;AAAA,MACjB;AAAA,IACF;AAEA,UAAM,UAAU,KAAK,qBAAqB,QAAQ;AAElD,UAAM,aAAa,YAAY,OAAO;AACtC,WAAO;AAAA,EACT;AAAA,EAEA,MAAa,SAAwB;AACnC,UAAM,aAAa,MAAM;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAc,gBAAgB,QAA+C;AAC3E,UAAM,cAAc,IAAI,IAAI,KAAK,OAAO,WAAW;AACnD,UAAM,WAAW,YAAY;AAC7B,UAAM,OAAO,OAAO,YAAY,IAAI;AACpC,UAAM,WAAW,YAAY;AAE7B,UAAM,gBAAgB,YAAY;AAAA,MAChC,KAAK,OAAO;AAAA,IACd;AACA,UAAM,iBACJ,WAAW,SACP,YAAY,IAAI,CAAC,QAAQ,aAAa,CAAC,IACvC;AAEN,WAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,UAAI,SAAS;AAEb,YAAM,SAAS,aAAa,CAAC,KAAK,QAAQ;AACxC,YAAI;AACF,gBAAM,aAAa,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,OAAO,WAAW;AACjE,cAAI,WAAW,aAAa,UAAU;AACpC,gBAAI,aAAa;AACjB,gBAAI,IAAI,WAAW;AACnB;AAAA,UACF;AAEA,gBAAM,cAAc,IAAI,IAAI,KAAK,OAAO,WAAW;AACnD,sBAAY,SAAS,WAAW;AAEhC,gBAAM,WAAW,KAAK,OAAO;AAC7B,cAAI,UAAU;AACZ,gBAAI,UAAU,KAAK,EAAE,UAAU,SAAS,CAAC;AACzC,gBAAI,IAAI;AAAA,UACV,OAAO;AACL,gBAAI,aAAa;AACjB,gBAAI,UAAU,gBAAgB,0BAA0B;AACxD,gBAAI;AAAA,cACF;AAAA,YACF;AAAA,UACF;AAEA,sBAAY,CAAC,aAAqB;AAChC,gBAAI,UAAU;AACZ,qBAAO,QAAQ;AACf;AAAA,YACF;AACA,oBAAQ,EAAE,YAAY,CAAC;AAAA,UACzB,CAAC;AAAA,QACH,SAAS,OAAO;AACd,sBAAY,MAAM,OAAO,KAAK,CAAC;AAAA,QACjC;AAAA,MACF,CAAC;AAED,YAAM,cAAc,CAAC,aAA+C;AAClE,YAAI;AAAQ;AACZ,iBAAS;AACT,uBAAe,oBAAoB,SAAS,eAAe;AAC3D,YAAI,CAAC,OAAO,WAAW;AACrB,mBAAS;AACT;AAAA,QACF;AACA,eAAO,oBAAoB;AAC3B,eAAO,MAAM,CAAC,aAAa;AACzB,mBAAS,YAAY,MAAS;AAAA,QAChC,CAAC;AAAA,MACH;AAEA,eAAS,kBAAwB;AAC/B,oBAAY,CAAC,aAAqB;AAChC,cAAI,UAAU;AACZ,mBAAO,QAAQ;AACf;AAAA,UACF;AACA,cAAI,QAAQ,SAAS;AACnB,mBAAO,OAAO,UAAU,IAAI,oBAAoB,CAAC;AACjD;AAAA,UACF;AACA,cAAI,cAAc,SAAS;AACzB,mBAAO,IAAI,MAAM,oCAAoC,CAAC;AACtD;AAAA,UACF;AACA,iBAAO,IAAI,oBAAoB,CAAC;AAAA,QAClC,CAAC;AAAA,MACH;AAEA,aAAO,GAAG,SAAS,CAAC,UAAiC;AACnD,oBAAY,MAAM;AAChB,cAAI,MAAM,SAAS,cAAc;AAC/B,kBAAM,YACH,MAAoD,QAAQ;AAC/D;AAAA,cACE,IAAI;AAAA,gBACF,QAAQ,OAAO,SAAS,CAAC;AAAA,cAC3B;AAAA,YACF;AACA;AAAA,UACF;AACA,iBAAO,KAAK;AAAA,QACd,CAAC;AAAA,MACH,CAAC;AAGD,qBAAe,iBAAiB,SAAS,iBAAiB,EAAE,MAAM,KAAK,CAAC;AACxE,UAAI,eAAe,SAAS;AAC1B,wBAAgB;AAChB;AAAA,MACF;AAEA,aAAO,OAAO,MAAM,QAAQ;AAAA,IAC9B,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,YAAY,KAA4B;AACpD,UAAM,KAAK,GAAG;AAAA,EAChB;AAAA,EAEQ,qBACN,UACA,gBACS;AACT,WAAO;AAAA,MACL,aAAa,SAAS;AAAA,MACtB,cAAc,SAAS,iBAAiB,gBAAgB;AAAA,MACxD,SAAS,SAAS,YAAY,gBAAgB;AAAA,MAC9C,WAAW,SAAS,cAAc,gBAAgB;AAAA,MAClD,WAAW,SAAS,aAChB,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,SAAS,aACzC;AAAA,IACN;AAAA,EACF;AACF;AAEO,IAAM,cAAc,IAAI,YAAY;;;AK7U3C,SAAS,eAAe;AAExB,SAAS,cAAc;AAEvB,OAAO,WAAW;;;ACJlB,OAAO;AAAA,EAEL;AAAA,OAGK;AASA,IAAM,kBAAN,MAAsB;AAAA,EACV;AAAA,EACT;AAAA,EAED,cAAc;AACnB,SAAK,SAAS,MAAM,OAAO;AAAA,MACzB,SAAS,WAAW;AAAA,MACpB,SAAS,WAAW;AAAA,MACpB,SAAS;AAAA,QACP,cAAc,WAAW;AAAA,MAC3B;AAAA,IACF,CAAC;AAED,SAAK,OAAO,aAAa,QAAQ;AAAA,MAC/B,OAAO,WAAmC;AACxC,YAAI,OAAO,UAAU;AACnB,iBAAO;AAAA,QACT;AACA,cAAM,QAAQ,MAAM,KAAK,sBAAsB;AAC/C,YAAI,OAAO;AACT,eAAK,uBAAuB,QAAQ,KAAK;AAAA,QAC3C;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAEA,SAAK,OAAO,aAAa,SAAS;AAAA,MAChC,CAAC,aAAa;AAAA,MACd,OAAO,UAAsB;AAC3B,cAAM,kBAAkB,MAAM;AAI9B,YACE,MAAM,UAAU,WAAW,OAC3B,CAAC,mBACD,gBAAgB,YAChB,gBAAgB,QAChB;AACA,gBAAM;AAAA,QACR;AAGA,wBAAgB,SAAS;AAEzB,cAAM,mBAAmB,MAAM,YAAY,eAAe;AAC1D,cAAM,iBAAiB,kBAAkB;AACzC,YAAI,CAAC,gBAAgB;AACnB,gBAAM;AAAA,QACR;AAGA,aAAK,uBAAuB,iBAAiB,cAAc;AAC3D,eAAO,KAAK,OAAO,QAAQ,eAAe;AAAA,MAC5C;AAAA,IACF;AAAA,EACF;AAAA,EAEO,uBAAuB,UAAqC;AACjE,SAAK,sBAAsB;AAAA,EAC7B;AAAA,EAEO,YAA2B;AAChC,WAAO,KAAK;AAAA,EACd;AAAA,EAEQ,uBACN,QACA,OACM;AACN,UAAM,UAAU,aAAa,KAAK,OAAO,OAAO;AAChD,YAAQ,IAAI,iBAAiB,UAAU,KAAK,EAAE;AAC9C,WAAO,UAAU;AAAA,EACnB;AACF;AAEO,IAAM,kBAAkB,IAAI,gBAAgB;;;AD/E5C,IAAe,cAAf,cAAmC,QAAQ;AAAA,EACtC,UAA0B;AAAA,EAEpC,MAAsB,OAAsB;AAC1C,UAAM,MAAM,KAAK;AACjB,SAAK,UAAU,MAAM,YAAY,WAAW;AAC5C,oBAAgB;AAAA,MAAuB,YACrC,YAAY,eAAe;AAAA,IAC7B;AAEA,UAAM,aAAa,mBAAmB;AACtC,SAAK,MAAM,iBAAiB,WAAW,OAAO,EAAE;AAChD,SAAK,MAAM;AAAA,EAAuB,WAAW,KAAK,IAAI,KAAK,QAAQ,EAAE;AAAA,EACvE;AAAA,EAEU,oBAAmC;AAC3C,WAAO,gBAAgB,UAAU;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,sBAAwC;AACtD,UAAM,UAAU,MAAM,YAAY,WAAW;AAC7C,QAAI,CAAC,SAAS,aAAa;AACzB,WAAK;AAAA,QACH,0BAA0B,KAAK,OAAO,GAAG;AAAA,QACzC,EAAE,MAAM,EAAE;AAAA,MACZ;AAAA,IACF;AAEA,SAAK,UAAU;AACf,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAgB,WACd,MACY;AACZ,WAAO,IAAI,QAAW,CAAC,SAAS,WAAW;AACzC,YAAM,MAAM;AAAA,QACV,MAAM,cAAc,MAAM;AAAA,UACxB,QAAQ,CAAC,WAAc;AACrB,kBAAM,YAAY;AAChB,kBAAI,QAAQ;AACZ,oBAAM,IAAI,cAAc;AACxB,sBAAQ,MAAM;AAAA,YAChB,GAAG,EAAE,MAAM,MAAM;AAAA,UACnB;AAAA,QACF,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAAA,EACH;AACF;","names":[]}

package/dist/commands/app/create.js ADDED Viewed

@@ -0,0 +1,16 @@
+import {
+  BaseCommand
+} from "../../chunk-JGD3QFQS.js";
+// src/commands/app/create.ts
+var AppCreate = class _AppCreate extends BaseCommand {
+  static description = "Create a Kittl app (coming soon)";
+  async run() {
+    await this.parse(_AppCreate);
+    this.log("Not implemented yet.");
+  }
+};
+export {
+  AppCreate as default
+};
+//# sourceMappingURL=create.js.map

package/dist/commands/app/create.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../src/commands/app/create.ts"],"sourcesContent":["import { BaseCommand } from '../../base-command';\n\nexport default class AppCreate extends BaseCommand {\n public static override description = 'Create a Kittl app (coming soon)';\n\n public async run(): Promise<void> {\n await this.parse(AppCreate);\n\n this.log('Not implemented yet.');\n }\n}\n"],"mappings":";;;;;AAEA,IAAqB,YAArB,MAAqB,mBAAkB,YAAY;AAAA,EACjD,OAAuB,cAAc;AAAA,EAErC,MAAa,MAAqB;AAChC,UAAM,KAAK,MAAM,UAAS;AAE1B,SAAK,IAAI,sBAAsB;AAAA,EACjC;AACF;","names":[]}

package/dist/commands/app/upload.js ADDED Viewed

@@ -0,0 +1,16 @@
+import {
+  BaseCommand
+} from "../../chunk-JGD3QFQS.js";
+// src/commands/app/upload.ts
+var AppUpload = class _AppUpload extends BaseCommand {
+  static description = "Upload app files for review (coming soon)";
+  async run() {
+    await this.parse(_AppUpload);
+    this.log("Not implemented yet.");
+  }
+};
+export {
+  AppUpload as default
+};
+//# sourceMappingURL=upload.js.map

package/dist/commands/app/upload.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../src/commands/app/upload.ts"],"sourcesContent":["import { BaseCommand } from '../../base-command';\n\nexport default class AppUpload extends BaseCommand {\n public static override description =\n 'Upload app files for review (coming soon)';\n\n public async run(): Promise<void> {\n await this.parse(AppUpload);\n\n this.log('Not implemented yet.');\n }\n}\n"],"mappings":";;;;;AAEA,IAAqB,YAArB,MAAqB,mBAAkB,YAAY;AAAA,EACjD,OAAuB,cACrB;AAAA,EAEF,MAAa,MAAqB;AAChC,UAAM,KAAK,MAAM,UAAS;AAE1B,SAAK,IAAI,sBAAsB;AAAA,EACjC;AACF;","names":[]}

package/dist/commands/auth/login.js ADDED Viewed

@@ -0,0 +1,186 @@
+import {
+  BaseCommand,
+  INK_VIEW_UNMOUNT_REASON,
+  authService
+} from "../../chunk-JGD3QFQS.js";
+// src/ui/views/LoginView.tsx
+import { Box, Text as Text2 } from "ink";
+import { useCallback, useEffect as useEffect3, useRef, useState as useState3 } from "react";
+// src/ui/components/InlineSpinner.tsx
+import { Text } from "ink";
+import { useEffect, useState } from "react";
+// src/ui/theme/tokens.ts
+var colors = {
+  textPrimary: "white",
+  textMuted: "gray",
+  success: "green",
+  warning: "yellow",
+  danger: "red",
+  accent: "cyan"
+};
+var spacing = {
+  xs: 0,
+  sm: 1,
+  md: 2
+};
+// src/ui/theme/styles.ts
+var layoutStyles = {
+  viewColumn: {
+    flexDirection: "column",
+    padding: spacing.sm
+  },
+  section: {
+    marginTop: spacing.sm
+  }
+};
+var textStyles = {
+  title: {
+    bold: true,
+    color: colors.accent
+  },
+  muted: {
+    color: colors.textMuted
+  },
+  success: {
+    color: colors.success
+  },
+  warning: {
+    color: colors.warning
+  },
+  error: {
+    color: colors.danger
+  }
+};
+// src/ui/components/InlineSpinner.tsx
+import { jsxs } from "react/jsx-runtime";
+var frames = ["-", "\\", "|", "/"];
+function InlineSpinner({ label }) {
+  const [frameIndex, setFrameIndex] = useState(0);
+  useEffect(() => {
+    const timer = setInterval(() => {
+      setFrameIndex((current) => (current + 1) % frames.length);
+    }, 80);
+    return () => clearInterval(timer);
+  }, []);
+  return /* @__PURE__ */ jsxs(Text, { ...textStyles.muted, children: [
+    frames[frameIndex],
+    " ",
+    label
+  ] });
+}
+// src/ui/hooks/useTerminalWidth.ts
+import { useStdout } from "ink";
+import { useEffect as useEffect2, useState as useState2 } from "react";
+function useTerminalWidth() {
+  const { stdout } = useStdout();
+  const [width, setWidth] = useState2(() => stdout.columns ?? 80);
+  useEffect2(() => {
+    const onResize = () => setWidth(stdout.columns ?? 80);
+    stdout.on("resize", onResize);
+    return () => {
+      stdout.off("resize", onResize);
+    };
+  }, [stdout]);
+  return width;
+}
+// src/ui/views/LoginView.tsx
+import { jsx, jsxs as jsxs2 } from "react/jsx-runtime";
+var CHECKING_SESSION = "Checking session\u2026";
+var SIGNING_IN = "Signing in\u2026";
+function LoginView({ onDone }) {
+  const width = useTerminalWidth();
+  const doneRef = useRef(false);
+  const [phase, setPhase] = useState3("checking");
+  const finish = useCallback(
+    (result, force = false) => {
+      if (doneRef.current && !force)
+        return;
+      doneRef.current = true;
+      onDone(result);
+    },
+    [onDone]
+  );
+  useEffect3(() => {
+    doneRef.current = false;
+    const ac = new AbortController();
+    void (async () => {
+      try {
+        const existing = await authService.getSession();
+        if (ac.signal.aborted) {
+          finish({ kind: "cancelled" }, true);
+          return;
+        }
+        if (existing?.accessToken) {
+          finish({ kind: "success", reusedSession: true });
+          return;
+        }
+        setPhase("signing-in");
+        await authService.login({ signal: ac.signal });
+        finish({ kind: "success" });
+      } catch (error) {
+        if (error === INK_VIEW_UNMOUNT_REASON) {
+          finish({ kind: "cancelled" }, true);
+          return;
+        }
+        if (doneRef.current)
+          return;
+        finish({
+          kind: "error",
+          error: error instanceof Error ? error : new Error("Auth failed")
+        });
+      }
+    })();
+    return () => {
+      doneRef.current = true;
+      ac.abort(INK_VIEW_UNMOUNT_REASON);
+    };
+  }, [finish]);
+  return /* @__PURE__ */ jsxs2(
+    Box,
+    {
+      ...layoutStyles.viewColumn,
+      width: width > 0 ? width : "100%",
+      minWidth: 0,
+      children: [
+        /* @__PURE__ */ jsx(Text2, { ...textStyles.title, children: "Kittl CLI Authentication" }),
+        /* @__PURE__ */ jsx(Box, { ...layoutStyles.section, children: /* @__PURE__ */ jsx(
+          InlineSpinner,
+          {
+            label: phase === "checking" ? CHECKING_SESSION : SIGNING_IN
+          }
+        ) })
+      ]
+    }
+  );
+}
+// src/commands/auth/login.ts
+var AuthLogin = class _AuthLogin extends BaseCommand {
+  static description = "Authenticate with your Kittl account";
+  async run() {
+    await this.parse(_AuthLogin);
+    const result = await this.renderView(LoginView);
+    if (result.kind === "cancelled") {
+      this.exit(130);
+    }
+    if (result.kind === "error") {
+      throw result.error;
+    }
+    if (result.reusedSession) {
+      this.log("Already signed in.");
+    } else {
+      this.log("Signed in successfully.");
+    }
+  }
+};
+export {
+  AuthLogin as default
+};
+//# sourceMappingURL=login.js.map

package/dist/commands/auth/login.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../src/ui/views/LoginView.tsx","../../../src/ui/components/InlineSpinner.tsx","../../../src/ui/theme/tokens.ts","../../../src/ui/theme/styles.ts","../../../src/ui/hooks/useTerminalWidth.ts","../../../src/commands/auth/login.ts"],"sourcesContent":["import { Box, Text } from 'ink';\nimport { useCallback, useEffect, useRef, useState } from 'react';\nimport { authService } from '../../services/auth.service';\nimport { INK_VIEW_UNMOUNT_REASON } from '../../utils';\nimport { InlineSpinner } from '../components/InlineSpinner';\nimport { useTerminalWidth } from '../hooks';\nimport { layoutStyles, textStyles } from '../theme/styles';\n\nconst CHECKING_SESSION = 'Checking session…';\nconst SIGNING_IN = 'Signing in…';\n\nexport type LoginResult =\n | { kind: 'success'; reusedSession?: boolean }\n | { kind: 'cancelled' }\n | { kind: 'error'; error: Error };\n\nexport type LoginViewProps = {\n onDone: (result: LoginResult) => void;\n};\n\n/**\n * OAuth login TUI — only live feedback (spinner). Final outcome is owned by the command via `onDone` + `this.log`.\n * **Unmount:** aborts the local `AbortController` so discovery + the callback server stop cleanly.\n */\nexport function LoginView({ onDone }: LoginViewProps) {\n const width = useTerminalWidth();\n const doneRef = useRef(false);\n const [phase, setPhase] = useState<'checking' | 'signing-in'>('checking');\n\n const finish = useCallback(\n (result: LoginResult, force = false) => {\n if (doneRef.current && !force) return;\n doneRef.current = true;\n onDone(result);\n },\n [onDone],\n );\n\n useEffect(() => {\n doneRef.current = false;\n const ac = new AbortController();\n\n void (async () => {\n try {\n const existing = await authService.getSession();\n if (ac.signal.aborted) {\n finish({ kind: 'cancelled' }, true);\n return;\n }\n if (existing?.accessToken) {\n finish({ kind: 'success', reusedSession: true });\n return;\n }\n\n setPhase('signing-in');\n await authService.login({ signal: ac.signal });\n finish({ kind: 'success' });\n } catch (error) {\n if (error === INK_VIEW_UNMOUNT_REASON) {\n finish({ kind: 'cancelled' }, true);\n return;\n }\n if (doneRef.current) return;\n finish({\n kind: 'error',\n error: error instanceof Error ? error : new Error('Auth failed'),\n });\n }\n })();\n\n return () => {\n doneRef.current = true;\n ac.abort(INK_VIEW_UNMOUNT_REASON);\n };\n }, [finish]);\n\n return (\n <Box\n {...layoutStyles.viewColumn}\n width={width > 0 ? width : '100%'}\n minWidth={0}\n >\n <Text {...textStyles.title}>Kittl CLI Authentication</Text>\n <Box {...layoutStyles.section}>\n <InlineSpinner\n label={phase === 'checking' ? CHECKING_SESSION : SIGNING_IN}\n />\n </Box>\n </Box>\n );\n}\n","import { Text } from 'ink';\nimport { useEffect, useState } from 'react';\nimport { textStyles } from '../theme/styles';\n\nexport type InlineSpinnerProps = {\n label: string;\n};\nconst frames = ['-', '\\\\', '|', '/'];\nexport function InlineSpinner({ label }: InlineSpinnerProps) {\n const [frameIndex, setFrameIndex] = useState(0);\n\n useEffect(() => {\n const timer = setInterval(() => {\n setFrameIndex((current) => (current + 1) % frames.length);\n }, 80);\n return () => clearInterval(timer);\n }, []);\n\n return (\n <Text {...textStyles.muted}>\n {frames[frameIndex]} {label}\n </Text>\n );\n}\n","export const colors = {\n textPrimary: 'white',\n textMuted: 'gray',\n success: 'green',\n warning: 'yellow',\n danger: 'red',\n accent: 'cyan',\n} as const;\n\nexport const spacing = {\n xs: 0,\n sm: 1,\n md: 2,\n} as const;\n","import { colors, spacing } from './tokens';\n\nexport const layoutStyles = {\n viewColumn: {\n flexDirection: 'column' as const,\n padding: spacing.sm,\n },\n section: {\n marginTop: spacing.sm,\n },\n};\n\nexport const textStyles = {\n title: {\n bold: true,\n color: colors.accent,\n },\n muted: {\n color: colors.textMuted,\n },\n success: {\n color: colors.success,\n },\n warning: {\n color: colors.warning,\n },\n error: {\n color: colors.danger,\n },\n};\n","import { useStdout } from 'ink';\nimport { useEffect, useState } from 'react';\n\nexport function useTerminalWidth(): number {\n const { stdout } = useStdout();\n const [width, setWidth] = useState(() => stdout.columns ?? 80);\n\n useEffect(() => {\n const onResize = () => setWidth(stdout.columns ?? 80);\n stdout.on('resize', onResize);\n return () => {\n stdout.off('resize', onResize);\n };\n }, [stdout]);\n\n return width;\n}\n","import { BaseCommand } from '../../base-command';\nimport { type LoginResult, LoginView } from '../../ui/views/LoginView';\n\nexport default class AuthLogin extends BaseCommand {\n public static description = 'Authenticate with your Kittl account';\n\n public async run(): Promise<void> {\n await this.parse(AuthLogin);\n\n const result = await this.renderView<LoginResult>(LoginView);\n\n if (result.kind === 'cancelled') {\n this.exit(130);\n }\n if (result.kind === 'error') {\n throw result.error;\n }\n\n if (result.reusedSession) {\n this.log('Already signed in.');\n } else {\n this.log('Signed in successfully.');\n }\n }\n}\n"],"mappings":";;;;;;;AAAA,SAAS,KAAK,QAAAA,aAAY;AAC1B,SAAS,aAAa,aAAAC,YAAW,QAAQ,YAAAC,iBAAgB;;;ACDzD,SAAS,YAAY;AACrB,SAAS,WAAW,gBAAgB;;;ACD7B,IAAM,SAAS;AAAA,EACpB,aAAa;AAAA,EACb,WAAW;AAAA,EACX,SAAS;AAAA,EACT,SAAS;AAAA,EACT,QAAQ;AAAA,EACR,QAAQ;AACV;AAEO,IAAM,UAAU;AAAA,EACrB,IAAI;AAAA,EACJ,IAAI;AAAA,EACJ,IAAI;AACN;;;ACXO,IAAM,eAAe;AAAA,EAC1B,YAAY;AAAA,IACV,eAAe;AAAA,IACf,SAAS,QAAQ;AAAA,EACnB;AAAA,EACA,SAAS;AAAA,IACP,WAAW,QAAQ;AAAA,EACrB;AACF;AAEO,IAAM,aAAa;AAAA,EACxB,OAAO;AAAA,IACL,MAAM;AAAA,IACN,OAAO,OAAO;AAAA,EAChB;AAAA,EACA,OAAO;AAAA,IACL,OAAO,OAAO;AAAA,EAChB;AAAA,EACA,SAAS;AAAA,IACP,OAAO,OAAO;AAAA,EAChB;AAAA,EACA,SAAS;AAAA,IACP,OAAO,OAAO;AAAA,EAChB;AAAA,EACA,OAAO;AAAA,IACL,OAAO,OAAO;AAAA,EAChB;AACF;;;AFVI;AAZJ,IAAM,SAAS,CAAC,KAAK,MAAM,KAAK,GAAG;AAC5B,SAAS,cAAc,EAAE,MAAM,GAAuB;AAC3D,QAAM,CAAC,YAAY,aAAa,IAAI,SAAS,CAAC;AAE9C,YAAU,MAAM;AACd,UAAM,QAAQ,YAAY,MAAM;AAC9B,oBAAc,CAAC,aAAa,UAAU,KAAK,OAAO,MAAM;AAAA,IAC1D,GAAG,EAAE;AACL,WAAO,MAAM,cAAc,KAAK;AAAA,EAClC,GAAG,CAAC,CAAC;AAEL,SACE,qBAAC,QAAM,GAAG,WAAW,OAClB;AAAA,WAAO,UAAU;AAAA,IAAE;AAAA,IAAE;AAAA,KACxB;AAEJ;;;AGvBA,SAAS,iBAAiB;AAC1B,SAAS,aAAAC,YAAW,YAAAC,iBAAgB;AAE7B,SAAS,mBAA2B;AACzC,QAAM,EAAE,OAAO,IAAI,UAAU;AAC7B,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAS,MAAM,OAAO,WAAW,EAAE;AAE7D,EAAAD,WAAU,MAAM;AACd,UAAM,WAAW,MAAM,SAAS,OAAO,WAAW,EAAE;AACpD,WAAO,GAAG,UAAU,QAAQ;AAC5B,WAAO,MAAM;AACX,aAAO,IAAI,UAAU,QAAQ;AAAA,IAC/B;AAAA,EACF,GAAG,CAAC,MAAM,CAAC;AAEX,SAAO;AACT;;;AJ6DI,SAKE,KALF,QAAAE,aAAA;AArEJ,IAAM,mBAAmB;AACzB,IAAM,aAAa;AAeZ,SAAS,UAAU,EAAE,OAAO,GAAmB;AACpD,QAAM,QAAQ,iBAAiB;AAC/B,QAAM,UAAU,OAAO,KAAK;AAC5B,QAAM,CAAC,OAAO,QAAQ,IAAIC,UAAoC,UAAU;AAExE,QAAM,SAAS;AAAA,IACb,CAAC,QAAqB,QAAQ,UAAU;AACtC,UAAI,QAAQ,WAAW,CAAC;AAAO;AAC/B,cAAQ,UAAU;AAClB,aAAO,MAAM;AAAA,IACf;AAAA,IACA,CAAC,MAAM;AAAA,EACT;AAEA,EAAAC,WAAU,MAAM;AACd,YAAQ,UAAU;AAClB,UAAM,KAAK,IAAI,gBAAgB;AAE/B,UAAM,YAAY;AAChB,UAAI;AACF,cAAM,WAAW,MAAM,YAAY,WAAW;AAC9C,YAAI,GAAG,OAAO,SAAS;AACrB,iBAAO,EAAE,MAAM,YAAY,GAAG,IAAI;AAClC;AAAA,QACF;AACA,YAAI,UAAU,aAAa;AACzB,iBAAO,EAAE,MAAM,WAAW,eAAe,KAAK,CAAC;AAC/C;AAAA,QACF;AAEA,iBAAS,YAAY;AACrB,cAAM,YAAY,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC;AAC7C,eAAO,EAAE,MAAM,UAAU,CAAC;AAAA,MAC5B,SAAS,OAAO;AACd,YAAI,UAAU,yBAAyB;AACrC,iBAAO,EAAE,MAAM,YAAY,GAAG,IAAI;AAClC;AAAA,QACF;AACA,YAAI,QAAQ;AAAS;AACrB,eAAO;AAAA,UACL,MAAM;AAAA,UACN,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,aAAa;AAAA,QACjE,CAAC;AAAA,MACH;AAAA,IACF,GAAG;AAEH,WAAO,MAAM;AACX,cAAQ,UAAU;AAClB,SAAG,MAAM,uBAAuB;AAAA,IAClC;AAAA,EACF,GAAG,CAAC,MAAM,CAAC;AAEX,SACE,gBAAAF;AAAA,IAAC;AAAA;AAAA,MACE,GAAG,aAAa;AAAA,MACjB,OAAO,QAAQ,IAAI,QAAQ;AAAA,MAC3B,UAAU;AAAA,MAEV;AAAA,4BAACG,OAAA,EAAM,GAAG,WAAW,OAAO,sCAAwB;AAAA,QACpD,oBAAC,OAAK,GAAG,aAAa,SACpB;AAAA,UAAC;AAAA;AAAA,YACC,OAAO,UAAU,aAAa,mBAAmB;AAAA;AAAA,QACnD,GACF;AAAA;AAAA;AAAA,EACF;AAEJ;;;AKvFA,IAAqB,YAArB,MAAqB,mBAAkB,YAAY;AAAA,EACjD,OAAc,cAAc;AAAA,EAE5B,MAAa,MAAqB;AAChC,UAAM,KAAK,MAAM,UAAS;AAE1B,UAAM,SAAS,MAAM,KAAK,WAAwB,SAAS;AAE3D,QAAI,OAAO,SAAS,aAAa;AAC/B,WAAK,KAAK,GAAG;AAAA,IACf;AACA,QAAI,OAAO,SAAS,SAAS;AAC3B,YAAM,OAAO;AAAA,IACf;AAEA,QAAI,OAAO,eAAe;AACxB,WAAK,IAAI,oBAAoB;AAAA,IAC/B,OAAO;AACL,WAAK,IAAI,yBAAyB;AAAA,IACpC;AAAA,EACF;AACF;","names":["Text","useEffect","useState","useEffect","useState","jsxs","useState","useEffect","Text"]}

package/dist/commands/auth/logout.js ADDED Viewed

@@ -0,0 +1,18 @@
+import {
+  BaseCommand,
+  authService
+} from "../../chunk-JGD3QFQS.js";
+// src/commands/auth/logout.ts
+var AuthLogout = class _AuthLogout extends BaseCommand {
+  static description = "Clear local Kittl CLI session";
+  async run() {
+    await this.parse(_AuthLogout);
+    await authService.logout();
+    this.log("Logged out.");
+  }
+};
+export {
+  AuthLogout as default
+};
+//# sourceMappingURL=logout.js.map

package/dist/commands/auth/logout.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../src/commands/auth/logout.ts"],"sourcesContent":["import { BaseCommand } from '../../base-command';\nimport { authService } from '../../services/auth.service';\n\nexport default class AuthLogout extends BaseCommand {\n public static override description = 'Clear local Kittl CLI session';\n\n public async run(): Promise<void> {\n await this.parse(AuthLogout);\n\n await authService.logout();\n this.log('Logged out.');\n }\n}\n"],"mappings":";;;;;;AAGA,IAAqB,aAArB,MAAqB,oBAAmB,YAAY;AAAA,EAClD,OAAuB,cAAc;AAAA,EAErC,MAAa,MAAqB;AAChC,UAAM,KAAK,MAAM,WAAU;AAE3B,UAAM,YAAY,OAAO;AACzB,SAAK,IAAI,aAAa;AAAA,EACxB;AACF;","names":[]}

package/dist/commands/auth/whoami.js ADDED Viewed

@@ -0,0 +1,8 @@
+import {
+  AuthWhoAmI
+} from "../../chunk-4ISWSLZ5.js";
+import "../../chunk-JGD3QFQS.js";
+export {
+  AuthWhoAmI as default
+};
+//# sourceMappingURL=whoami.js.map

package/dist/commands/auth/whoami.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/commands/whoami.js ADDED Viewed

@@ -0,0 +1,8 @@
+import {
+  AuthWhoAmI
+} from "../chunk-4ISWSLZ5.js";
+import "../chunk-JGD3QFQS.js";
+export {
+  AuthWhoAmI as default
+};
+//# sourceMappingURL=whoami.js.map

package/dist/commands/whoami.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/package.json ADDED Viewed

@@ -0,0 +1,60 @@
+{
+  "name": "@kittl/cli",
+  "version": "0.0.1",
+  "type": "module",
+  "engines": {
+    "node": ">=18"
+  },
+  "bin": {
+    "kittl": "./bin/run.js"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "bin/bootstrap.js",
+    "bin/run.cmd",
+    "bin/run.js",
+    "dist"
+  ],
+  "dependencies": {
+    "@oclif/core": "^4.10.2",
+    "axios": "^1.13.6",
+    "cross-keychain": "^1.1.0",
+    "tinyglobby": "^0.2.15",
+    "ink": "^6.8.0",
+    "ink-text-input": "^6.0.0",
+    "jwt-decode": "^4.0.0",
+    "mime-types": "^3.0.1",
+    "open": "^11.0.0",
+    "openid-client": "^6.8.2",
+    "react": "19.0.0",
+    "zod": "4.3.6"
+  },
+  "devDependencies": {
+    "@types/mime-types": "^3.0.1",
+    "@types/node": "^25.5.0",
+    "@types/react": "19.0.0",
+    "ink-testing-library": "^4.0.0",
+    "oclif": "^4.22.96",
+    "tsup": "8.0.2",
+    "tsx": "4.21.0",
+    "typescript": "5.9.3",
+    "vitest": "^4.1.1"
+  },
+  "oclif": {
+    "bin": "kittl",
+    "commands": "./dist/commands",
+    "dirname": "kittl",
+    "topicSeparator": " "
+  },
+  "scripts": {
+    "build": "tsup && oclif manifest",
+    "build:watch": "tsup --watch --onSuccess \"oclif manifest\"",
+    "dev": "node ./bin/dev.js",
+    "dev:watch": "node --watch --watch-path=./src --watch-path=./bin ./bin/dev.js",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  }
+}