npm - @nalvietnam/avatar-cli - Versions diffs - 1.2.1 → 1.2.2 - Mend

@nalvietnam/avatar-cli 1.2.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js +202 -197
package/dist/index.js.map +1 -1
package/dist/lib/print-welcome-screen.js +1 -1
package/dist/lib/print-welcome-screen.js.map +1 -1
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -1109,7 +1109,7 @@ async function applyFixes(checks) {
 // src/commands/init.ts
 import { basename, join as join16, relative as relative2, resolve } from "path";
 import { confirm as confirm2, input as input2, select as select4 } from "@inquirer/prompts";
-import boxen2 from "boxen";
+import boxen3 from "boxen";
 // src/lib/avatar-ascii-banner.ts
 import chalk2 from "chalk";
@@ -1778,6 +1778,196 @@ function buildScaffoldVariables(args) {
   };
 }
+// src/commands/login.ts
+import boxen2 from "boxen";
+import open from "open";
+// src/lib/google-oauth-device-flow.ts
+var GOOGLE_CLIENT_ID = "1014766441755-i4jimivh5rd7vt8phuhmepmt45sovtph.apps.googleusercontent.com";
+var GOOGLE_CLIENT_SECRET = "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";
+var HOSTED_DOMAIN = "nal.vn";
+var SCOPES = ["openid", "email", "profile"];
+var DEVICE_CODE_URL = "https://oauth2.googleapis.com/device/code";
+var TOKEN_URL = "https://oauth2.googleapis.com/token";
+var REVOKE_URL = "https://oauth2.googleapis.com/revoke";
+async function requestDeviceCode() {
+  const body = new URLSearchParams({
+    client_id: GOOGLE_CLIENT_ID,
+    scope: SCOPES.join(" ")
+  });
+  const res = await fetch(DEVICE_CODE_URL, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body
+  });
+  if (!res.ok) {
+    const text = await res.text();
+    throw new Error(`Device code request failed (${res.status}): ${text}`);
+  }
+  return await res.json();
+}
+async function pollForToken(deviceCode) {
+  const body = new URLSearchParams({
+    client_id: GOOGLE_CLIENT_ID,
+    client_secret: GOOGLE_CLIENT_SECRET,
+    device_code: deviceCode,
+    grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+  });
+  const res = await fetch(TOKEN_URL, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body
+  });
+  if (res.ok) {
+    return await res.json();
+  }
+  let errorCode = "";
+  try {
+    const data = await res.json();
+    errorCode = data.error ?? "";
+  } catch {
+    errorCode = "";
+  }
+  if (errorCode === "authorization_pending" || errorCode === "slow_down") {
+    return null;
+  }
+  if (errorCode === "access_denied") {
+    throw new Error("User t\u1EEB ch\u1ED1i quy\u1EC1n truy c\u1EADp");
+  }
+  if (errorCode === "expired_token") {
+    throw new Error("H\u1EBFt h\u1EA1n ch\u1EDD (5 ph\xFAt). Ch\u1EA1y l\u1EA1i 'avatar login'.");
+  }
+  throw new Error(`OAuth token endpoint tr\u1EA3 l\u1ED7i: ${errorCode || res.status}`);
+}
+function decodeIdToken(idToken) {
+  const parts = idToken.split(".");
+  if (parts.length !== 3) {
+    throw new Error("id_token format kh\xF4ng h\u1EE3p l\u1EC7");
+  }
+  const payload = parts[1];
+  if (!payload) throw new Error("id_token thi\u1EBFu payload");
+  const base64 = payload.replace(/-/g, "+").replace(/_/g, "/");
+  const json = Buffer.from(base64, "base64").toString("utf8");
+  return JSON.parse(json);
+}
+function verifyHostedDomain(claims) {
+  if (claims.hd !== HOSTED_DOMAIN) {
+    throw new Error(
+      `Email kh\xF4ng thu\u1ED9c workspace NAL (y\xEAu c\u1EA7u @${HOSTED_DOMAIN}). Nh\u1EADn: ${claims.email}`
+    );
+  }
+  if (!claims.email_verified) {
+    throw new Error("Email ch\u01B0a \u0111\u01B0\u1EE3c Google verify");
+  }
+}
+function buildUserConfig(token, claims) {
+  const expiresAt = new Date(Date.now() + token.expires_in * 1e3).toISOString();
+  return {
+    email: claims.email,
+    name: claims.name ?? claims.email,
+    access_token: token.access_token,
+    refresh_token: token.refresh_token,
+    expires_at: expiresAt,
+    id_token: token.id_token
+  };
+}
+async function revokeToken(token) {
+  const body = new URLSearchParams({ token });
+  await fetch(REVOKE_URL, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body
+  }).catch(() => {
+  });
+}
+function buildVerificationUrl(response) {
+  const url = new URL(response.verification_url);
+  url.searchParams.set("user_code", response.user_code);
+  url.searchParams.set("hd", HOSTED_DOMAIN);
+  return url.toString();
+}
+// src/commands/login.ts
+function registerLoginCommand(program2) {
+  program2.command("login").description("\u0110\u0103ng nh\u1EADp Google SSO (workspace @nal.vn)").option("--reset", "X\xF3a credential c\u0169 v\xE0 \u0111\u0103ng nh\u1EADp l\u1EA1i").action(async (opts) => {
+    try {
+      await runLogin(opts);
+    } catch (err) {
+      log.error(err instanceof Error ? err.message : String(err));
+      process.exit(1);
+    }
+  });
+}
+async function runLogin(opts) {
+  printAvatarBanner({ tagline: "\u0110\u0103ng nh\u1EADp Google SSO \xB7 workspace @nal.vn" });
+  if (opts.reset) {
+    await clearUserConfig();
+    await appendAuditEntry("login_reset");
+  } else {
+    const existing = await readUserConfig();
+    if (existing && !isTokenExpired(existing)) {
+      log.success(`\u0110\xE3 \u0111\u0103ng nh\u1EADp: ${existing.email}`);
+      return;
+    }
+  }
+  const deviceSpinner = spinner("\u0110ang y\xEAu c\u1EA7u device code t\u1EEB Google...");
+  let deviceCode;
+  try {
+    deviceCode = await requestDeviceCode();
+    deviceSpinner.succeed("Nh\u1EADn device code");
+  } catch (err) {
+    deviceSpinner.fail("Kh\xF4ng k\u1EBFt n\u1ED1i \u0111\u01B0\u1EE3c Google");
+    throw err;
+  }
+  const verificationUrl = buildVerificationUrl(deviceCode);
+  const instructions = [
+    `1. Truy c\u1EADp:    ${chalk.cyan(deviceCode.verification_url)}`,
+    `2. Nh\u1EADp code:   ${chalk.bold.yellow(deviceCode.user_code)}`,
+    "",
+    `Ho\u1EB7c Avatar t\u1EF1 m\u1EDF browser, click ${chalk.green("Allow")}...`
+  ].join("\n");
+  process.stdout.write(`${boxen2(instructions, { padding: 1, borderStyle: "round" })}
+`);
+  void open(verificationUrl).catch(() => {
+    log.dim("(Kh\xF4ng m\u1EDF \u0111\u01B0\u1EE3c browser t\u1EF1 \u0111\u1ED9ng \u2014 copy URL \u1EDF tr\xEAn)");
+  });
+  const waitSpinner = spinner("\u0110ang ch\u1EDD x\xE1c nh\u1EADn trong browser...");
+  const intervalMs = deviceCode.interval * 1e3;
+  const deadline = Date.now() + deviceCode.expires_in * 1e3;
+  let token = null;
+  while (Date.now() < deadline) {
+    await sleep(intervalMs);
+    try {
+      token = await pollForToken(deviceCode.device_code);
+      if (token) break;
+    } catch (err) {
+      waitSpinner.fail("X\xE1c th\u1EF1c th\u1EA5t b\u1EA1i");
+      throw err;
+    }
+  }
+  if (!token) {
+    waitSpinner.fail("H\u1EBFt h\u1EA1n ch\u1EDD (5 ph\xFAt). Ch\u1EA1y l\u1EA1i 'avatar login'.");
+    process.exit(1);
+  }
+  waitSpinner.succeed("\u0110\xE3 nh\u1EADn token t\u1EEB Google");
+  const claims = decodeIdToken(token.id_token);
+  try {
+    verifyHostedDomain(claims);
+  } catch (err) {
+    await revokeToken(token.access_token);
+    throw err;
+  }
+  const userConfig = buildUserConfig(token, claims);
+  await writeUserConfig(userConfig);
+  await appendAuditEntry("login", userConfig.email);
+  log.success(`X\xE1c th\u1EF1c th\xE0nh c\xF4ng: ${userConfig.email}`);
+  log.success(`Verify hosted domain: ${claims.hd} \u2713`);
+  log.success(`L\u01B0u credential v\xE0o ${USER_CONFIG_PATH} (chmod 600)`);
+}
+function sleep(ms) {
+  return new Promise((resolve2) => setTimeout(resolve2, ms));
+}
 // src/commands/init.ts
 function parseBootstrapStrategyOpts(opts) {
   if (opts.preserveUncommitted) return "stash";
@@ -1812,10 +2002,15 @@ async function runInit(opts) {
   if (opts.mode) {
     log.warn("Flag --mode \u0111\xE3 deprecated t\u1EEB v1.1. D\xF9ng --project-status thay th\u1EBF.");
   }
-  const userConfig = await readUserConfig();
+  let userConfig = await readUserConfig();
   if (!userConfig || isTokenExpired(userConfig)) {
-    log.error("Ch\u01B0a \u0111\u0103ng nh\u1EADp ho\u1EB7c token h\u1EBFt h\u1EA1n. Ch\u1EA1y 'avatar login' tr\u01B0\u1EDBc.");
-    process.exit(1);
+    log.info("Ch\u01B0a \u0111\u0103ng nh\u1EADp \u2014 ch\u1EA1y login flow tr\u01B0\u1EDBc khi init...");
+    await runLogin({});
+    userConfig = await readUserConfig();
+    if (!userConfig || isTokenExpired(userConfig)) {
+      log.error("Login kh\xF4ng ho\xE0n t\u1EA5t. Ch\u1EA1y 'avatar login' tay r\u1ED3i init l\u1EA1i.");
+      process.exit(1);
+    }
   }
   const status = opts.projectStatus ?? await promptProjectStatus();
   switch (status) {
@@ -2147,200 +2342,10 @@ function printInitSuccessBox(rootPath, flow, aiResult = null) {
     `  ${chalk.cyan("avatar sync")}               Pull team-ai-pack m\u1EDBi`,
     `  ${chalk.cyan("avatar uninstall")}          G\u1EE1 Avatar (gi\u1EEF code)`
   ];
-  process.stdout.write(`${boxen2(lines.join("\n"), { padding: 1, borderStyle: "round" })}
+  process.stdout.write(`${boxen3(lines.join("\n"), { padding: 1, borderStyle: "round" })}
 `);
 }
-// src/commands/login.ts
-import boxen3 from "boxen";
-import open from "open";
-// src/lib/google-oauth-device-flow.ts
-var GOOGLE_CLIENT_ID = "1014766441755-i4jimivh5rd7vt8phuhmepmt45sovtph.apps.googleusercontent.com";
-var GOOGLE_CLIENT_SECRET = "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";
-var HOSTED_DOMAIN = "nal.vn";
-var SCOPES = ["openid", "email", "profile"];
-var DEVICE_CODE_URL = "https://oauth2.googleapis.com/device/code";
-var TOKEN_URL = "https://oauth2.googleapis.com/token";
-var REVOKE_URL = "https://oauth2.googleapis.com/revoke";
-async function requestDeviceCode() {
-  const body = new URLSearchParams({
-    client_id: GOOGLE_CLIENT_ID,
-    scope: SCOPES.join(" ")
-  });
-  const res = await fetch(DEVICE_CODE_URL, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body
-  });
-  if (!res.ok) {
-    const text = await res.text();
-    throw new Error(`Device code request failed (${res.status}): ${text}`);
-  }
-  return await res.json();
-}
-async function pollForToken(deviceCode) {
-  const body = new URLSearchParams({
-    client_id: GOOGLE_CLIENT_ID,
-    client_secret: GOOGLE_CLIENT_SECRET,
-    device_code: deviceCode,
-    grant_type: "urn:ietf:params:oauth:grant-type:device_code"
-  });
-  const res = await fetch(TOKEN_URL, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body
-  });
-  if (res.ok) {
-    return await res.json();
-  }
-  let errorCode = "";
-  try {
-    const data = await res.json();
-    errorCode = data.error ?? "";
-  } catch {
-    errorCode = "";
-  }
-  if (errorCode === "authorization_pending" || errorCode === "slow_down") {
-    return null;
-  }
-  if (errorCode === "access_denied") {
-    throw new Error("User t\u1EEB ch\u1ED1i quy\u1EC1n truy c\u1EADp");
-  }
-  if (errorCode === "expired_token") {
-    throw new Error("H\u1EBFt h\u1EA1n ch\u1EDD (5 ph\xFAt). Ch\u1EA1y l\u1EA1i 'avatar login'.");
-  }
-  throw new Error(`OAuth token endpoint tr\u1EA3 l\u1ED7i: ${errorCode || res.status}`);
-}
-function decodeIdToken(idToken) {
-  const parts = idToken.split(".");
-  if (parts.length !== 3) {
-    throw new Error("id_token format kh\xF4ng h\u1EE3p l\u1EC7");
-  }
-  const payload = parts[1];
-  if (!payload) throw new Error("id_token thi\u1EBFu payload");
-  const base64 = payload.replace(/-/g, "+").replace(/_/g, "/");
-  const json = Buffer.from(base64, "base64").toString("utf8");
-  return JSON.parse(json);
-}
-function verifyHostedDomain(claims) {
-  if (claims.hd !== HOSTED_DOMAIN) {
-    throw new Error(
-      `Email kh\xF4ng thu\u1ED9c workspace NAL (y\xEAu c\u1EA7u @${HOSTED_DOMAIN}). Nh\u1EADn: ${claims.email}`
-    );
-  }
-  if (!claims.email_verified) {
-    throw new Error("Email ch\u01B0a \u0111\u01B0\u1EE3c Google verify");
-  }
-}
-function buildUserConfig(token, claims) {
-  const expiresAt = new Date(Date.now() + token.expires_in * 1e3).toISOString();
-  return {
-    email: claims.email,
-    name: claims.name ?? claims.email,
-    access_token: token.access_token,
-    refresh_token: token.refresh_token,
-    expires_at: expiresAt,
-    id_token: token.id_token
-  };
-}
-async function revokeToken(token) {
-  const body = new URLSearchParams({ token });
-  await fetch(REVOKE_URL, {
-    method: "POST",
-    headers: { "Content-Type": "application/x-www-form-urlencoded" },
-    body
-  }).catch(() => {
-  });
-}
-function buildVerificationUrl(response) {
-  const url = new URL(response.verification_url);
-  url.searchParams.set("user_code", response.user_code);
-  url.searchParams.set("hd", HOSTED_DOMAIN);
-  return url.toString();
-}
-// src/commands/login.ts
-function registerLoginCommand(program2) {
-  program2.command("login").description("\u0110\u0103ng nh\u1EADp Google SSO (workspace @nal.vn)").option("--reset", "X\xF3a credential c\u0169 v\xE0 \u0111\u0103ng nh\u1EADp l\u1EA1i").action(async (opts) => {
-    try {
-      await runLogin(opts);
-    } catch (err) {
-      log.error(err instanceof Error ? err.message : String(err));
-      process.exit(1);
-    }
-  });
-}
-async function runLogin(opts) {
-  printAvatarBanner({ tagline: "\u0110\u0103ng nh\u1EADp Google SSO \xB7 workspace @nal.vn" });
-  if (opts.reset) {
-    await clearUserConfig();
-    await appendAuditEntry("login_reset");
-  } else {
-    const existing = await readUserConfig();
-    if (existing && !isTokenExpired(existing)) {
-      log.success(`\u0110\xE3 \u0111\u0103ng nh\u1EADp: ${existing.email}`);
-      return;
-    }
-  }
-  const deviceSpinner = spinner("\u0110ang y\xEAu c\u1EA7u device code t\u1EEB Google...");
-  let deviceCode;
-  try {
-    deviceCode = await requestDeviceCode();
-    deviceSpinner.succeed("Nh\u1EADn device code");
-  } catch (err) {
-    deviceSpinner.fail("Kh\xF4ng k\u1EBFt n\u1ED1i \u0111\u01B0\u1EE3c Google");
-    throw err;
-  }
-  const verificationUrl = buildVerificationUrl(deviceCode);
-  const instructions = [
-    `1. Truy c\u1EADp:    ${chalk.cyan(deviceCode.verification_url)}`,
-    `2. Nh\u1EADp code:   ${chalk.bold.yellow(deviceCode.user_code)}`,
-    "",
-    `Ho\u1EB7c Avatar t\u1EF1 m\u1EDF browser, click ${chalk.green("Allow")}...`
-  ].join("\n");
-  process.stdout.write(`${boxen3(instructions, { padding: 1, borderStyle: "round" })}
-`);
-  void open(verificationUrl).catch(() => {
-    log.dim("(Kh\xF4ng m\u1EDF \u0111\u01B0\u1EE3c browser t\u1EF1 \u0111\u1ED9ng \u2014 copy URL \u1EDF tr\xEAn)");
-  });
-  const waitSpinner = spinner("\u0110ang ch\u1EDD x\xE1c nh\u1EADn trong browser...");
-  const intervalMs = deviceCode.interval * 1e3;
-  const deadline = Date.now() + deviceCode.expires_in * 1e3;
-  let token = null;
-  while (Date.now() < deadline) {
-    await sleep(intervalMs);
-    try {
-      token = await pollForToken(deviceCode.device_code);
-      if (token) break;
-    } catch (err) {
-      waitSpinner.fail("X\xE1c th\u1EF1c th\u1EA5t b\u1EA1i");
-      throw err;
-    }
-  }
-  if (!token) {
-    waitSpinner.fail("H\u1EBFt h\u1EA1n ch\u1EDD (5 ph\xFAt). Ch\u1EA1y l\u1EA1i 'avatar login'.");
-    process.exit(1);
-  }
-  waitSpinner.succeed("\u0110\xE3 nh\u1EADn token t\u1EEB Google");
-  const claims = decodeIdToken(token.id_token);
-  try {
-    verifyHostedDomain(claims);
-  } catch (err) {
-    await revokeToken(token.access_token);
-    throw err;
-  }
-  const userConfig = buildUserConfig(token, claims);
-  await writeUserConfig(userConfig);
-  await appendAuditEntry("login", userConfig.email);
-  log.success(`X\xE1c th\u1EF1c th\xE0nh c\xF4ng: ${userConfig.email}`);
-  log.success(`Verify hosted domain: ${claims.hd} \u2713`);
-  log.success(`L\u01B0u credential v\xE0o ${USER_CONFIG_PATH} (chmod 600)`);
-}
-function sleep(ms) {
-  return new Promise((resolve2) => setTimeout(resolve2, ms));
-}
 // src/commands/mcp-run.ts
 function registerMcpRunCommand(program2) {
   program2.command("mcp-run <tool-id>", { hidden: true }).description("[internal] Spawn MCP v\u1EDBi secrets injected (M09)").action(notImplementedYet("mcp-run", "Milestone 09"));
@@ -2626,7 +2631,7 @@ async function removeSubmoduleEntry(gitmodulesPath, submodulePath) {
 }
 // src/commands/uninstall.ts
-var CLI_VERSION = "1.2.1";
+var CLI_VERSION = "1.2.2";
 function registerUninstallCommand(program2) {
   program2.command("uninstall").description("G\u1EE1 Avatar kh\u1ECFi project \u2014 backup t\u1EF1 \u0111\u1ED9ng (M11)").option("--yes", "Skip confirm prompt").option("--no-backup", "Kh\xF4ng t\u1EA1o backup tr\u01B0\u1EDBc khi x\xF3a (nguy hi\u1EC3m)").option("--keep-submodule", "Gi\u1EEF submodule .claude/pack/").option("--keep-hooks", "Gi\u1EEF git hooks post-merge, pre-push").option("--dry-run", "Hi\u1EC3n th\u1ECB danh s\xE1ch s\u1EBD x\xF3a, kh\xF4ng th\u1EF1c thi").action(async (opts) => {
     try {
@@ -2708,7 +2713,7 @@ function printUninstallSuccessBox(backupPath) {
 }
 // src/index.ts
-var CLI_VERSION2 = "1.2.1";
+var CLI_VERSION2 = "1.2.2";
 var program = new Command();
 program.name("avatar").description("AI harness CLI for NAL Vietnam engineering").version(CLI_VERSION2, "-v, --version", "Hi\u1EC3n th\u1ECB phi\xEAn b\u1EA3n Avatar CLI").addHelpText(
   "beforeAll",