@leeguoo/wrangler-accounts 1.0.0 → 1.1.0

package/bin/wrangler-accounts.js

@@ -408,15 +408,66 @@ function main() {
 
   if (command === "list") {
     const profiles = listProfiles(profilesDir, { includeBackups });
+    const defaultName = getDefaultProfile(profilesDir);
+    const activeName = getActiveProfile(profilesDir);
+
+    const entries = profiles.map((name) => {
+      const profileDir = path.join(profilesDir, name);
+      const cfgPath = path.join(profileDir, "config.toml");
+      const session = readSessionState(cfgPath);
+      const meta = readMeta(profileDir);
+      const identity = getMetaIdentity(meta);
+      let status;
+      if (session.expired === true) status = "expired";
+      else if (session.expired === false) status = "valid";
+      else status = "unknown";
+      return {
+        name,
+        isDefault: name === defaultName,
+        isActive: name === activeName,
+        status,
+        expirationTime: session.expirationTime,
+        identity,
+      };
+    });
+
+    if (opts.plain) {
+      // --plain keeps the v1.0 contract: one name per line, scriptable.
+      if (entries.length) console.log(entries.map((e) => e.name).join("\n"));
+      return;
+    }
+
     if (opts.json) {
-      console.log(JSON.stringify(profiles, null, 2));
-    } else if (opts.plain) {
-      if (profiles.length) console.log(profiles.join("\n"));
-    } else if (profiles.length === 0) {
+      console.log(JSON.stringify(entries, null, 2));
+      return;
+    }
+
+    // Text output: human-friendly table with status markers.
+    if (entries.length === 0) {
       console.log("No profiles found.");
-    } else {
-      console.log(profiles.join("\n"));
+      return;
     }
+    if (defaultName) console.log(`Default: ${defaultName}\n`);
+    const nameW = Math.max(4, ...entries.map((e) => e.name.length));
+    const statusW = 8; // fits 'expired', 'valid', 'unknown'
+    const header = `  ${"NAME".padEnd(nameW)}  ${"STATUS".padEnd(statusW)}  IDENTITY`;
+    console.log(header);
+    for (const e of entries) {
+      const marker = e.isDefault ? "*" : " ";
+      const statusLabel =
+        e.status === "expired" ? "EXPIRED"
+        : e.status === "valid" ? "valid"
+        : "unknown";
+      const idStr = e.identity ? describeIdentity(e.identity) : "(no identity)";
+      const exp = e.expirationTime ? ` (${e.expirationTime})` : "";
+      console.log(
+        `${marker} ${e.name.padEnd(nameW)}  ${statusLabel.padEnd(statusW)}  ${idStr}${e.status === "expired" ? exp : ""}`,
+      );
+    }
+    console.log();
+    console.log(
+      `Legend: * = default profile, EXPIRED = OAuth session needs 'wrangler-accounts login <name>'`,
+    );
     return;
   }
 

package/lib/identity.js

@@ -0,0 +1,105 @@
+'use strict';
+
+const { spawnSync: defaultSpawnSync } = require('node:child_process');
+const path = require('node:path');
+
+const { resolvePath, detectConfigPath } = require('./paths');
+const { listProfiles, readMeta } = require('./profile-store');
+
+function parseWranglerWhoamiOutput(output) {
+  const text = output || '';
+  const emailMatch = text.match(/associated with the email ([^\n]+?)\.\s*$/m);
+  const rowRegex = /│\s*(.+?)\s*│\s*([a-f0-9]{32})\s*│/g;
+  const rows = [...text.matchAll(rowRegex)];
+  const row = rows[0];
+
+  if (!emailMatch && !row) return null;
+
+  return {
+    email: emailMatch ? emailMatch[1].trim() : null,
+    accountName: row ? row[1].trim() : null,
+    accountId: row ? row[2].trim() : null,
+  };
+}
+
+function getWranglerAuthPath(env = process.env) {
+  return detectConfigPath(undefined, env);
+}
+
+function canInspectIdentity(configPath, env = process.env) {
+  return resolvePath(configPath) === resolvePath(getWranglerAuthPath(env));
+}
+
+function getCurrentIdentity(configPath, { env = process.env, spawn = defaultSpawnSync } = {}) {
+  if (!canInspectIdentity(configPath, env)) {
+    return {
+      identity: null,
+      error: `Identity lookup only works for the active Wrangler auth file: ${getWranglerAuthPath(env)}`,
+    };
+  }
+
+  const result = spawn('wrangler', ['whoami'], { encoding: 'utf8' });
+
+  if (result.error) {
+    return { identity: null, error: result.error.message };
+  }
+
+  const output = `${result.stdout || ''}\n${result.stderr || ''}`;
+  if (result.status !== 0) {
+    return {
+      identity: null,
+      error: output.includes('Not logged in')
+        ? 'Not logged in'
+        : `wrangler whoami exited with code ${result.status}`,
+    };
+  }
+
+  const identity = parseWranglerWhoamiOutput(output);
+  if (!identity) {
+    return { identity: null, error: "Failed to parse 'wrangler whoami' output" };
+  }
+
+  return { identity, error: null };
+}
+
+function getMetaIdentity(meta) {
+  if (!meta || !meta.identity) return null;
+  const { email = null, accountName = null, accountId = null } = meta.identity;
+  if (!email && !accountName && !accountId) return null;
+  return { email, accountName, accountId };
+}
+
+function identitiesMatch(left, right) {
+  if (!left || !right) return false;
+  if (left.accountId && right.accountId) return left.accountId === right.accountId;
+  if (left.email && right.email) return left.email === right.email;
+  return false;
+}
+
+function describeIdentity(identity) {
+  if (!identity) return 'unknown';
+  const parts = [];
+  if (identity.email) parts.push(identity.email);
+  if (identity.accountId) parts.push(identity.accountId);
+  return parts.join(' / ') || 'unknown';
+}
+
+function findProfilesByIdentity(profilesDir, identity, { includeBackups = false } = {}) {
+  if (!identity) return [];
+  const profiles = listProfiles(profilesDir, { includeBackups });
+  return profiles.filter((name) => {
+    const meta = readMeta(path.join(profilesDir, name));
+    return identitiesMatch(identity, getMetaIdentity(meta));
+  });
+}
+
+module.exports = {
+  parseWranglerWhoamiOutput,
+  getWranglerAuthPath,
+  canInspectIdentity,
+  getCurrentIdentity,
+  getMetaIdentity,
+  identitiesMatch,
+  describeIdentity,
+  findProfilesByIdentity,
+};

package/lib/isolation.js

@@ -0,0 +1,186 @@
+'use strict';
+
+const fs = require('node:fs');
+const os = require('node:os');
+const path = require('node:path');
+const { spawnSync } = require('node:child_process');
+
+/**
+ * Create a per-invocation shadow HOME directory.
+ *
+ * Layout:
+ *   $shadow/
+ *     .wrangler/config/default.toml  → symlink to profileCfg  (token refresh
+ *                                                                syncs back)
+ *     .npmrc   → symlink to $realHome/.npmrc
+ *     .ssh     → symlink to $realHome/.ssh
+ *     Library  → symlink to $realHome/Library
+ *     ...      every other top-level entry in realHome except `.wrangler`
+ *
+ * Caller MUST call cleanupShadow(shadow) when done.
+ *
+ * @param {object} args
+ * @param {string} args.realHome
+ * @param {string} args.profileCfg - path to the profile's config.toml file
+ * @param {string} [args.label] - optional label for the tmpdir name
+ * @returns {string} path to the shadow HOME
+ */
+function createShadowHome({ realHome, profileCfg, label = 'wa' }) {
+  if (!realHome || !fs.existsSync(realHome)) {
+    throw new Error(`real HOME does not exist: ${realHome}`);
+  }
+  if (!profileCfg || !fs.existsSync(profileCfg)) {
+    throw new Error(`profile config does not exist: ${profileCfg}`);
+  }
+
+  const shadow = fs.mkdtempSync(path.join(os.tmpdir(), `${label}-`));
+  fs.chmodSync(shadow, 0o700);
+
+  // Mirror every top-level entry from real HOME except .wrangler.
+  for (const entry of fs.readdirSync(realHome)) {
+    if (entry === '.wrangler') continue;
+    try {
+      fs.symlinkSync(
+        path.join(realHome, entry),
+        path.join(shadow, entry),
+      );
+    } catch (err) {
+      // If symlinking a specific entry fails (permissions, weird file type),
+      // log to stderr and continue. Missing entries are a UX problem, not a
+      // correctness one — the subprocess will just not find that file.
+      process.stderr.write(
+        `[wrangler-accounts] skip symlink ${entry}: ${err.message}\n`,
+      );
+    }
+  }
+
+  // The one file that matters — a real symlink to the profile file so
+  // Wrangler's in-place writeFileSync token refreshes flow back into the
+  // saved profile automatically.
+  const shadowWranglerConfig = path.join(shadow, '.wrangler', 'config');
+  fs.mkdirSync(shadowWranglerConfig, { recursive: true });
+  fs.symlinkSync(
+    profileCfg,
+    path.join(shadowWranglerConfig, 'default.toml'),
+  );
+
+  return shadow;
+}
+
+/**
+ * Remove a shadow HOME. Safe because the shadow contains only symlinks and
+ * small directories owned by this process. fs.rmSync does not follow
+ * symlinks (it unlinks them), so files in real HOME are never at risk.
+ */
+function cleanupShadow(shadow) {
+  if (!shadow) return;
+  try {
+    fs.rmSync(shadow, { recursive: true, force: true });
+  } catch (err) {
+    process.stderr.write(
+      `[wrangler-accounts] cleanup warning: ${err.message}\n`,
+    );
+  }
+}
+
+/**
+ * Build the environment variable set that every isolated child process gets.
+ * This is a pure function — no I/O.
+ */
+function buildIsolatedEnv({
+  shadow,
+  realHome,
+  profile,
+  baseEnv = process.env,
+  cloudflaredPath = null,
+}) {
+  const env = { ...baseEnv };
+  env.HOME = shadow;
+  env.WRANGLER_PROFILE = profile;
+  env.WRANGLER_ACCOUNT = profile;
+  env.WRANGLER_ACCOUNT_REAL_HOME = realHome;
+  env.WRANGLER_REGISTRY_PATH = path.join(realHome, '.wrangler', 'registry');
+  env.WRANGLER_CACHE_DIR = path.join(realHome, '.wrangler', 'cache');
+  env.WRANGLER_LOG_PATH = path.join(realHome, '.wrangler', 'logs');
+  env.WRANGLER_SEND_METRICS = 'false';
+  if (cloudflaredPath) {
+    env.CLOUDFLARED_PATH = cloudflaredPath;
+  }
+  return env;
+}
+
+/**
+ * Spawn a command inside a shadow HOME for the given profile.
+ * Handles setup, spawning, and cleanup in a try/finally so cleanup runs
+ * even on unexpected errors.
+ *
+ * @param {object} args
+ * @param {string} args.profile
+ * @param {string} args.profileCfg
+ * @param {string} args.realHome
+ * @param {string} args.command
+ * @param {string[]} args.args
+ * @param {object} [args.baseEnv]
+ * @param {boolean} [args.captureStdout]
+ * @param {string|null} [args.cloudflaredPath]
+ * @returns {{exitCode: number, stdout?: string, stderr?: string}}
+ */
+function runIsolated({
+  profile,
+  profileCfg,
+  realHome,
+  command,
+  args,
+  baseEnv = process.env,
+  captureStdout = false,
+  cloudflaredPath = null,
+}) {
+  const shadow = createShadowHome({
+    realHome,
+    profileCfg,
+    label: `wa-${profile}`,
+  });
+  const env = buildIsolatedEnv({
+    shadow,
+    realHome,
+    profile,
+    baseEnv,
+    cloudflaredPath,
+  });
+
+  let result;
+  try {
+    result = spawnSync(command, args, {
+      stdio: captureStdout ? ['inherit', 'pipe', 'pipe'] : 'inherit',
+      env,
+      encoding: 'utf8',
+    });
+  } finally {
+    cleanupShadow(shadow);
+  }
+
+  // spawnSync surfaces spawn-time errors (ENOENT, EACCES, etc.) via
+  // result.error. Forward the message to stderr so the user can diagnose
+  // "command not found" scenarios instead of seeing a silent exit 1.
+  if (result.error) {
+    process.stderr.write(
+      `[wrangler-accounts] failed to spawn '${command}': ${result.error.message}\n`,
+    );
+  }
+
+  const exitCode =
+    result.status == null ? (result.signal ? 128 : 1) : result.status;
+
+  return {
+    exitCode,
+    stdout: captureStdout ? result.stdout || '' : undefined,
+    stderr: captureStdout ? result.stderr || '' : undefined,
+  };
+}
+
+module.exports = {
+  createShadowHome,
+  cleanupShadow,
+  buildIsolatedEnv,
+  runIsolated,
+};

package/lib/paths.js

@@ -0,0 +1,57 @@
+'use strict';
+
+const fs = require('node:fs');
+const os = require('node:os');
+const path = require('node:path');
+
+function expandHome(p) {
+  if (!p) return p;
+  if (p === '~') return os.homedir();
+  if (p.startsWith('~/')) return path.join(os.homedir(), p.slice(2));
+  return p;
+}
+
+function resolvePath(p) {
+  if (!p) return p;
+  return path.resolve(expandHome(p));
+}
+
+function detectConfigPath(cliPath, env = process.env) {
+  if (cliPath) return resolvePath(cliPath);
+  if (env.WRANGLER_CONFIG_PATH) {
+    return resolvePath(env.WRANGLER_CONFIG_PATH);
+  }
+
+  const home = os.homedir();
+  const candidates = [
+    path.join(home, '.wrangler', 'config', 'default.toml'),
+    path.join(home, 'Library', 'Preferences', '.wrangler', 'config', 'default.toml'),
+    path.join(home, '.config', '.wrangler', 'config', 'default.toml'),
+    path.join(home, '.config', 'wrangler', 'config', 'default.toml'),
+  ];
+
+  for (const candidate of candidates) {
+    if (fs.existsSync(candidate)) return candidate;
+  }
+
+  return candidates[0];
+}
+
+function detectProfilesDir(cliPath, env = process.env) {
+  if (cliPath) return resolvePath(cliPath);
+  if (env.WRANGLER_ACCOUNTS_DIR) {
+    return resolvePath(env.WRANGLER_ACCOUNTS_DIR);
+  }
+
+  const xdg = env.XDG_CONFIG_HOME;
+  if (xdg) return path.join(resolvePath(xdg), 'wrangler-accounts');
+
+  return path.join(os.homedir(), '.config', 'wrangler-accounts');
+}
+
+module.exports = {
+  expandHome,
+  resolvePath,
+  detectConfigPath,
+  detectProfilesDir,
+};

package/lib/profile-store.js

@@ -0,0 +1,213 @@
+'use strict';
+
+const crypto = require('node:crypto');
+const fs = require('node:fs');
+const path = require('node:path');
+
+function ensureDir(dirPath) {
+  fs.mkdirSync(dirPath, { recursive: true });
+}
+
+function isValidName(name) {
+  return /^[A-Za-z0-9._-]+$/.test(name);
+}
+
+function isBackupName(name) {
+  return name.startsWith('__backup-');
+}
+
+function listProfiles(profilesDir, { includeBackups = false } = {}) {
+  if (!fs.existsSync(profilesDir)) return [];
+  const entries = fs.readdirSync(profilesDir, { withFileTypes: true });
+  return entries
+    .filter((entry) => entry.isDirectory())
+    .map((entry) => entry.name)
+    .filter((name) => includeBackups || !isBackupName(name))
+    .filter((name) => fs.existsSync(path.join(profilesDir, name, 'config.toml')))
+    .sort();
+}
+
+function fileHash(filePath) {
+  const data = fs.readFileSync(filePath);
+  return crypto.createHash('sha256').update(data).digest('hex');
+}
+
+function readExpirationTime(filePath) {
+  if (!fs.existsSync(filePath)) return null;
+  const text = fs.readFileSync(filePath, 'utf8');
+  const match = text.match(/^\s*expiration_time\s*=\s*"([^"]+)"/m);
+  return match ? match[1] : null;
+}
+
+function readSessionState(filePath) {
+  const expirationTime = readExpirationTime(filePath);
+  if (!expirationTime) {
+    return { expirationTime: null, expired: null };
+  }
+
+  const expiresAt = new Date(expirationTime);
+  if (Number.isNaN(expiresAt.getTime())) {
+    return { expirationTime, expired: null };
+  }
+
+  return {
+    expirationTime,
+    expired: expiresAt.getTime() <= Date.now(),
+  };
+}
+
+function filesEqual(pathA, pathB) {
+  if (!fs.existsSync(pathA) || !fs.existsSync(pathB)) return false;
+  const statA = fs.statSync(pathA);
+  const statB = fs.statSync(pathB);
+  if (statA.size !== statB.size) return false;
+  return fileHash(pathA) === fileHash(pathB);
+}
+
+function writeMeta(profileDir, name, sourcePath, identity = null) {
+  const configPath = path.join(profileDir, 'config.toml');
+  const stat = fs.statSync(configPath);
+  const meta = {
+    name,
+    savedAt: new Date().toISOString(),
+    sourcePath,
+    bytes: stat.size,
+    sha256: fileHash(configPath),
+  };
+  if (identity) {
+    meta.identity = identity;
+  }
+  fs.writeFileSync(path.join(profileDir, 'meta.json'), JSON.stringify(meta, null, 2));
+}
+
+function readMeta(profileDir) {
+  const metaPath = path.join(profileDir, 'meta.json');
+  if (!fs.existsSync(metaPath)) return null;
+  try {
+    return JSON.parse(fs.readFileSync(metaPath, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function setActiveProfile(profilesDir, name) {
+  ensureDir(profilesDir);
+  fs.writeFileSync(path.join(profilesDir, 'active'), `${name}\n`);
+}
+
+function getActiveProfile(profilesDir) {
+  const activePath = path.join(profilesDir, 'active');
+  if (!fs.existsSync(activePath)) return null;
+  const value = fs.readFileSync(activePath, 'utf8').trim();
+  return value.length ? value : null;
+}
+
+function getDefaultProfile(profilesDir) {
+  const p = path.join(profilesDir, 'default');
+  if (!fs.existsSync(p)) return null;
+  const raw = fs.readFileSync(p, 'utf8').trim();
+  return raw.length ? raw : null;
+}
+
+function setDefaultProfile(profilesDir, name) {
+  ensureDir(profilesDir);
+  fs.writeFileSync(path.join(profilesDir, 'default'), `${name}\n`);
+}
+
+function unsetDefaultProfile(profilesDir) {
+  const p = path.join(profilesDir, 'default');
+  if (fs.existsSync(p)) fs.unlinkSync(p);
+}
+
+function timestampForFile() {
+  const now = new Date();
+  const pad = (n) => String(n).padStart(2, '0');
+  return [
+    now.getFullYear(),
+    pad(now.getMonth() + 1),
+    pad(now.getDate()),
+    '-',
+    pad(now.getHours()),
+    pad(now.getMinutes()),
+    pad(now.getSeconds()),
+  ].join('');
+}
+
+function backupCurrentConfig(configPath, profilesDir) {
+  const backupName = `__backup-${timestampForFile()}`;
+  const backupDir = path.join(profilesDir, backupName);
+  ensureDir(backupDir);
+  fs.copyFileSync(configPath, path.join(backupDir, 'config.toml'));
+  writeMeta(backupDir, backupName, configPath);
+  return backupName;
+}
+
+function findMatchingProfile(profilesDir, configPath, { includeBackups = false } = {}) {
+  if (!fs.existsSync(configPath)) return null;
+  const configHash = fileHash(configPath);
+  const profiles = listProfiles(profilesDir, { includeBackups });
+  for (const name of profiles) {
+    const profileConfig = path.join(profilesDir, name, 'config.toml');
+    if (fileHash(profileConfig) === configHash) return name;
+  }
+  return null;
+}
+
+function saveProfile(name, configPath, profilesDir, force, identity = null) {
+  if (!isValidName(name)) {
+    throw new Error(`Invalid profile name: ${name}`);
+  }
+  if (!fs.existsSync(configPath)) {
+    throw new Error(`Config file not found: ${configPath}`);
+  }
+
+  const profileDir = path.join(profilesDir, name);
+  if (fs.existsSync(profileDir) && !force) {
+    throw new Error(`Profile exists: ${name} (use --force to overwrite)`);
+  }
+
+  ensureDir(profileDir);
+  fs.copyFileSync(configPath, path.join(profileDir, 'config.toml'));
+  writeMeta(profileDir, name, configPath, identity);
+}
+
+function removeProfile(name, profilesDir) {
+  if (!isValidName(name)) {
+    throw new Error(`Invalid profile name: ${name}`);
+  }
+  const profileDir = path.join(profilesDir, name);
+  if (!fs.existsSync(profileDir)) {
+    throw new Error(`Profile not found: ${name}`);
+  }
+
+  fs.rmSync(profileDir, { recursive: true, force: true });
+
+  const active = getActiveProfile(profilesDir);
+  if (active === name) {
+    const activePath = path.join(profilesDir, 'active');
+    if (fs.existsSync(activePath)) fs.unlinkSync(activePath);
+  }
+}
+
+module.exports = {
+  ensureDir,
+  isValidName,
+  isBackupName,
+  listProfiles,
+  fileHash,
+  readExpirationTime,
+  readSessionState,
+  filesEqual,
+  writeMeta,
+  readMeta,
+  setActiveProfile,
+  getActiveProfile,
+  getDefaultProfile,
+  setDefaultProfile,
+  unsetDefaultProfile,
+  timestampForFile,
+  backupCurrentConfig,
+  findMatchingProfile,
+  saveProfile,
+  removeProfile,
+};

package/lib/resolve.js

@@ -0,0 +1,101 @@
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+const { isValidName, getDefaultProfile } = require('./profile-store');
+
+class ResolveError extends Error {
+  constructor(message, code = 'PROFILE_NOT_FOUND') {
+    super(message);
+    this.name = 'ResolveError';
+    this.code = code;
+  }
+}
+
+function profileExists(name, profilesDir) {
+  return fs.existsSync(path.join(profilesDir, name, 'config.toml'));
+}
+
+function assertValid(name) {
+  if (!isValidName(name)) {
+    throw new ResolveError(`Invalid profile name: ${name}`, 'INVALID_NAME');
+  }
+}
+
+function assertExists(name, profilesDir) {
+  if (!profileExists(name, profilesDir)) {
+    throw new ResolveError(`Profile not found: ${name}`, 'PROFILE_NOT_FOUND');
+  }
+}
+
+/**
+ * Resolve a profile name using AWS-style precedence.
+ *
+ * Order:
+ *  1. Explicit `--profile <name>` / `-p <name>` (cliProfile)
+ *  2. Positional shorthand — first positional arg, only when it matches a
+ *     saved profile AND is not a management subcommand name
+ *  3. `$WRANGLER_PROFILE`
+ *  4. Persistent default from profilesDir/default
+ *  5. Hard error with actionable hint
+ *
+ * @param {object} args
+ * @param {string|null} args.cliProfile
+ * @param {string|null} args.positional
+ * @param {object} args.env
+ * @param {string} args.profilesDir
+ * @param {Set<string>} [args.managementSubcommands]
+ * @returns {{ name: string, source: 'cli' | 'positional' | 'env' | 'default' }}
+ * @throws ResolveError
+ */
+function resolveProfile({
+  cliProfile,
+  positional,
+  env,
+  profilesDir,
+  managementSubcommands = new Set(),
+}) {
+  // 1. Explicit --profile / -p
+  if (cliProfile) {
+    assertValid(cliProfile);
+    assertExists(cliProfile, profilesDir);
+    return { name: cliProfile, source: 'cli' };
+  }
+
+  // 2. Positional shorthand
+  if (positional && !managementSubcommands.has(positional)) {
+    if (isValidName(positional) && profileExists(positional, profilesDir)) {
+      return { name: positional, source: 'positional' };
+    }
+  }
+
+  // 3. Env var
+  const envProfile = env && env.WRANGLER_PROFILE;
+  if (envProfile && envProfile.length) {
+    assertValid(envProfile);
+    assertExists(envProfile, profilesDir);
+    return { name: envProfile, source: 'env' };
+  }
+
+  // 4. Persistent default
+  const def = getDefaultProfile(profilesDir);
+  if (def) {
+    assertValid(def);
+    assertExists(def, profilesDir);
+    return { name: def, source: 'default' };
+  }
+
+  // 5. Error
+  throw new ResolveError(
+    [
+      'No profile specified. Options:',
+      '  - wrangler-accounts --profile <name> ...',
+      '  - WRANGLER_PROFILE=<name> wrangler-accounts ...',
+      '  - wrangler-accounts default <name>   (set a persistent default)',
+    ].join('\n'),
+    'NO_PROFILE',
+  );
+}
+
+module.exports = { resolveProfile, ResolveError };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@leeguoo/wrangler-accounts",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "AWS-style multi-account convenience for Cloudflare Wrangler — per-invocation OAuth isolation via shadow HOME.",
   "license": "MIT",
   "bin": {
@@ -8,6 +8,7 @@
   },
   "files": [
     "bin",
+    "lib",
     "completions",
     "skills"
   ],
@@ -33,7 +34,9 @@
     "access": "public"
   },
   "scripts": {
-    "test": "node --test test/*.test.js"
+    "test": "node --test test/*.test.js",
+    "verify-package": "node scripts/verify-package.js",
+    "prepublishOnly": "npm test && npm run verify-package"
   },
   "engines": {
     "node": ">=16"