@nocobase/cli 2.1.0-alpha.19 → 2.1.0-alpha.20

package/dist/commands/pm/disable.js

@@ -6,27 +6,26 @@
  * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
-import { Args, Command, Flags } from '@oclif/core';
+import { Args, Command } from '@oclif/core';
 export default class PmDisable extends Command {
     static args = {
-        file: Args.string({ description: 'file to read' }),
+        packages: Args.string({
+            required: true,
+            multiple: true,
+            description: 'Plugin package name(s) to disable (e.g. `@nocobase/plugin-sample`). Pass one or more names as separate arguments.',
+        }),
     };
-    static description = 'describe the command here';
+    static description = 'Disable one or more plugins';
     static examples = [
-        '<%= config.bin %> <%= command.id %>',
+        '<%= config.bin %> <%= command.id %> @nocobase/plugin-sample',
+        '<%= config.bin %> <%= command.id %> @nocobase/plugin-a @nocobase/plugin-b',
     ];
-    static flags = {
-        // flag with no value (-f, --force)
-        force: Flags.boolean({ char: 'f' }),
-        // flag with a value (-n, --name=VALUE)
-        name: Flags.string({ char: 'n', description: 'name to print' }),
-    };
     async run() {
-        const { args, flags } = await this.parse(PmDisable);
-        const name = flags.name ?? 'world';
-        this.log(`hello ${name} from packages/core/cli/src/commands/pm/disable.ts`);
-        if (args.file && flags.force) {
-            this.log(`you input --force and --file: ${args.file}`);
+        const { args } = await this.parse(PmDisable);
+        const packages = args.packages;
+        if (!Array.isArray(packages) || packages.length === 0) {
+            this.error('Pass at least one plugin package name.');
         }
+        await this.config.runCommand('api:pm:disable', ['--await-response', '--filter-by-tk', packages.join(',')]);
     }
 }

package/dist/commands/pm/enable.js

@@ -6,27 +6,26 @@
  * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
-import { Args, Command, Flags } from '@oclif/core';
+import { Args, Command } from '@oclif/core';
 export default class PmEnable extends Command {
     static args = {
-        file: Args.string({ description: 'file to read' }),
+        packages: Args.string({
+            required: true,
+            multiple: true,
+            description: 'Plugin package name(s) to enable (e.g. `@nocobase/plugin-sample`). Pass one or more names as separate arguments.',
+        }),
     };
-    static description = 'describe the command here';
+    static description = 'Enable one or more plugins';
     static examples = [
-        '<%= config.bin %> <%= command.id %>',
+        '<%= config.bin %> <%= command.id %> @nocobase/plugin-sample',
+        '<%= config.bin %> <%= command.id %> @nocobase/plugin-a @nocobase/plugin-b',
     ];
-    static flags = {
-        // flag with no value (-f, --force)
-        force: Flags.boolean({ char: 'f' }),
-        // flag with a value (-n, --name=VALUE)
-        name: Flags.string({ char: 'n', description: 'name to print' }),
-    };
     async run() {
-        const { args, flags } = await this.parse(PmEnable);
-        const name = flags.name ?? 'world';
-        this.log(`hello ${name} from packages/core/cli/src/commands/pm/enable.ts`);
-        if (args.file && flags.force) {
-            this.log(`you input --force and --file: ${args.file}`);
+        const { args } = await this.parse(PmEnable);
+        const packages = args.packages;
+        if (!Array.isArray(packages) || packages.length === 0) {
+            this.error('Pass at least one plugin package name.');
         }
+        await this.config.runCommand('api:pm:enable', ['--await-response', '--filter-by-tk', packages.join(',')]);
     }
 }

package/dist/commands/pm/list.js

@@ -6,27 +6,16 @@
  * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
-import { Args, Command, Flags } from '@oclif/core';
+import { Command } from '@oclif/core';
 export default class PmList extends Command {
-    static args = {
-        file: Args.string({ description: 'file to read' }),
-    };
-    static description = 'describe the command here';
+    static args = {};
+    static summary = 'List all plugins';
     static examples = [
         '<%= config.bin %> <%= command.id %>',
     ];
-    static flags = {
-        // flag with no value (-f, --force)
-        force: Flags.boolean({ char: 'f' }),
-        // flag with a value (-n, --name=VALUE)
-        name: Flags.string({ char: 'n', description: 'name to print' }),
-    };
+    static flags = {};
     async run() {
         const { args, flags } = await this.parse(PmList);
-        const name = flags.name ?? 'world';
-        this.log(`hello ${name} from packages/core/cli/src/commands/pm/list.ts`);
-        if (args.file && flags.force) {
-            this.log(`you input --force and --file: ${args.file}`);
-        }
+        await this.config.runCommand('api:pm:list', ['--mode=summary']);
     }
 }

package/dist/commands/scaffold/migration.js

@@ -28,7 +28,7 @@ export default class ScaffoldMigration extends Command {
             npmArgs.push('--on', flags.on);
         }
         try {
-            await runNocoBaseCommand(npmArgs, process.cwd(), { env: { LOGGER_SILENT: 'true' } });
+            await runNocoBaseCommand(npmArgs, { env: { LOGGER_SILENT: 'true' } });
         }
         catch (error) {
             const message = error instanceof Error ? error.message : String(error);

package/dist/commands/scaffold/plugin.js

@@ -27,7 +27,7 @@ export default class ScaffoldPlugin extends Command {
             npmArgs.push('--force-recreate');
         }
         try {
-            await runNocoBaseCommand(npmArgs, process.cwd(), { env: { LOGGER_SILENT: 'true' } });
+            await runNocoBaseCommand(npmArgs, { env: { LOGGER_SILENT: 'true' } });
         }
         catch (error) {
             const message = error instanceof Error ? error.message : String(error);

package/dist/commands/start.js

@@ -45,7 +45,7 @@ export default class Start extends Command {
             npmArgs.push('--launch-mode', flags['launch-mode']);
         }
         try {
-            await runNocoBaseCommand(npmArgs, process.cwd());
+            await runNocoBaseCommand(npmArgs);
         }
         catch (error) {
             const message = error instanceof Error ? error.message : String(error);

package/dist/commands/upgrade.js

@@ -25,7 +25,7 @@ export default class Upgrade extends Command {
             npmArgs.push('--skip-code-update');
         }
         try {
-            await runNocoBaseCommand(npmArgs, process.cwd());
+            await runNocoBaseCommand(npmArgs);
         }
         catch (error) {
             const message = error instanceof Error ? error.message : String(error);

package/dist/generated/command-registry.js

@@ -14,12 +14,13 @@ var __rewriteRelativeImportExtension = (this && this.__rewriteRelativeImportExte
     }
     return path;
 };
-import { Command } from '@oclif/core';
+import { Command, loadHelpClass } from '@oclif/core';
 import { dirname, join, relative } from 'node:path';
 import { fileURLToPath, pathToFileURL } from 'node:url';
 import { collectCommandModulePaths, commandRelativePathToRegistryKey, } from "../lib/command-discovery.js";
 import { getCurrentEnvName, getEnv } from "../lib/auth-store.js";
 import { createGeneratedFlags, GeneratedApiCommand } from "../lib/generated-command.js";
+import { toKebabCase } from "../lib/naming.js";
 import { loadRuntimeSync } from "../lib/runtime-store.js";
 const registryFilePath = fileURLToPath(import.meta.url);
 const commandsRoot = join(dirname(registryFilePath), '../commands');
@@ -58,15 +59,60 @@ function createRuntimeCommand(operation) {
         static operation = operation;
     };
 }
-function createRuntimeIndexCommand(commandId, operation) {
+function createRuntimeIndexCommand(commandId, metadata) {
+    const summary = metadata.summary || `Work with ${commandId}`;
+    const description = metadata.description && metadata.description !== summary ? metadata.description : undefined;
     return class RuntimeIndexCommand extends Command {
-        static summary = operation.resourceDescription || operation.resourceDisplayName || `Work with ${commandId}`;
-        static description = operation.resourceDescription;
+        static summary = summary;
+        static description = description;
         async run() {
-            this.log(`Use \`nb ${commandId} --help\` to view available subcommands.`);
+            await this.parse(RuntimeIndexCommand);
+            const Help = await loadHelpClass(this.config);
+            await new Help(this.config, this.config.pjson.oclif.helpOptions ?? this.config.pjson.helpOptions).showHelp([
+                this.id ?? commandId.replaceAll(' ', ':'),
+                ...this.argv,
+            ]);
         }
     };
 }
+function getRuntimeTopicEntries(operation) {
+    const commandSegments = operation.commandId.split(' ');
+    const topLevelCommandId = commandSegments[0];
+    const modulePrefix = toKebabCase(operation.moduleDisplayName || operation.moduleName || '');
+    const isTopLevelResource = Boolean(topLevelCommandId && modulePrefix && topLevelCommandId !== modulePrefix);
+    const entries = [];
+    if (!topLevelCommandId) {
+        return entries;
+    }
+    if (isTopLevelResource) {
+        entries.push([
+            topLevelCommandId,
+            {
+                summary: operation.resourceDescription || operation.resourceDisplayName,
+                description: operation.resourceDescription,
+            },
+        ]);
+        return entries;
+    }
+    entries.push([
+        topLevelCommandId,
+        {
+            summary: operation.moduleDescription || operation.moduleDisplayName || operation.moduleName,
+            description: operation.moduleDescription,
+        },
+    ]);
+    const resourceCommandId = commandSegments.slice(0, 2).join(' ');
+    if (commandSegments[1]) {
+        entries.push([
+            resourceCommandId,
+            {
+                summary: operation.resourceDescription || operation.resourceDisplayName,
+                description: operation.resourceDescription,
+            },
+        ]);
+    }
+    return entries;
+}
 const registry = {
     ...(await loadCommandsFromDirectory()),
 };
@@ -77,11 +123,11 @@ for (const operation of runtime?.commands ?? []) {
     const commandSegments = operation.commandId.split(' ');
     const commandKey = commandSegments.join(':');
     registry[`api:${commandKey}`] = createRuntimeCommand(operation);
-    // const topLevelCommandId = commandSegments[0];
-    // const modulePrefix = toKebabCase(operation.moduleDisplayName || operation.moduleName || '');
-    // const isTopLevelResource = Boolean(topLevelCommandId && modulePrefix && topLevelCommandId !== modulePrefix);
-    // if (isTopLevelResource && !registry[`api:${topLevelCommandId}`]) {
-    //   registry[`api:${topLevelCommandId}`] = createRuntimeIndexCommand(`api ${topLevelCommandId}`, operation);
-    // }
+    for (const [topicCommandId, metadata] of getRuntimeTopicEntries(operation)) {
+        const topicKey = `api:${topicCommandId.split(' ').join(':')}`;
+        if (!registry[topicKey]) {
+            registry[topicKey] = createRuntimeIndexCommand(`api ${topicCommandId}`, metadata);
+        }
+    }
 }
 export default registry;

package/dist/help/runtime-help.js

@@ -0,0 +1,20 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Help } from '@oclif/core';
+export function isTopicIndexCommand(commandId, topics) {
+    if (!commandId) {
+        return false;
+    }
+    return topics.some((topic) => topic.name.startsWith(`${commandId}:`));
+}
+export default class RuntimeHelp extends Help {
+    get sortedCommands() {
+        return super.sortedCommands.filter((command) => !isTopicIndexCommand(command.id, this.config.topics));
+    }
+}

package/dist/lib/auth-store.js

@@ -1,5 +1,13 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
 import { promises as fs } from 'node:fs';
-import path from 'node:path';
+import path, { isAbsolute } from 'node:path';
 import { resolveCliHomeDir } from './cli-home.js';
 const DEFAULT_CONFIG = {
     currentEnv: 'default',
@@ -45,10 +53,45 @@ export async function setCurrentEnv(envName, options = {}) {
     config.currentEnv = envName;
     await saveAuthConfig(config, options);
 }
+export class Env {
+    config;
+    constructor(config = {}) {
+        this.config = config;
+    }
+    get name() {
+        return this.config.name;
+    }
+    get baseUrl() {
+        return this.config.baseUrl;
+    }
+    get auth() {
+        return this.config.auth;
+    }
+    get runtime() {
+        return this.config.runtime;
+    }
+    get appRootPath() {
+        const appRootPath = this.config.appRootPath;
+        if (!appRootPath) {
+            return process.cwd();
+        }
+        if (isAbsolute(appRootPath)) {
+            return appRootPath;
+        }
+        return path.resolve(process.cwd(), appRootPath);
+    }
+    get storagePath() {
+        const storagePath = this.config.storagePath;
+        if (isAbsolute(storagePath)) {
+            return storagePath;
+        }
+        return path.resolve(process.cwd(), storagePath);
+    }
+}
 export async function getEnv(envName, options = {}) {
     const config = await loadAuthConfig(options);
     const resolved = envName || config.currentEnv || 'default';
-    return config.envs[resolved];
+    return new Env({ ...config.envs[resolved], name: resolved });
 }
 function areAuthConfigsEquivalent(left, right) {
     if (!left && !right) {
@@ -78,8 +121,9 @@ async function writeEnv(envName, updater, options = {}) {
     config.currentEnv = envName;
     await saveAuthConfig(config, options);
 }
-export async function upsertEnv(envName, baseUrl, accessToken, options = {}) {
+export async function upsertEnv(envName, config, options = {}) {
     await writeEnv(envName, (previous) => {
+        const { baseUrl, accessToken, ...rest } = config;
         const baseUrlChanged = previous?.baseUrl !== baseUrl;
         const nextAuth = accessToken
             ? {
@@ -94,6 +138,7 @@ export async function upsertEnv(envName, baseUrl, accessToken, options = {}) {
             ...previous,
             baseUrl,
             auth: nextAuth,
+            ...rest,
             runtime: baseUrlChanged || authChanged ? undefined : previous?.runtime,
         };
     }, options);

package/dist/lib/bootstrap.js

@@ -53,13 +53,17 @@ function hasBooleanFlag(argv, name) {
     return false;
 }
 function getCommandToken(argv) {
+    const tokens = [];
     for (const token of argv) {
         if (!token || token.startsWith('-')) {
             continue;
         }
-        return token;
+        tokens.push(token);
     }
-    return undefined;
+    if (tokens[0] === 'api') {
+        return tokens[1] ?? tokens[0];
+    }
+    return tokens[0];
 }
 function hasHelpFlag(argv) {
     return argv.includes('--help') || argv.includes('-h');
@@ -68,8 +72,9 @@ function hasVersionFlag(argv) {
     return argv.includes('--version') || argv.includes('-v');
 }
 function isBuiltinCommand(argv) {
-    const commandToken = getCommandToken(argv);
-    return commandToken === 'env' || commandToken === 'resource';
+    const commandTokens = argv.filter((token) => token && !token.startsWith('-'));
+    const [topic, subtopic] = commandTokens;
+    return topic === 'env' || topic === 'resource' || (topic === 'api' && subtopic === 'resource');
 }
 export function shouldSkipRuntimeBootstrap(argv) {
     return hasVersionFlag(argv) || isBuiltinCommand(argv);
@@ -246,7 +251,7 @@ export function formatSwaggerSchemaError(response, context) {
             `Authentication failed while loading the command runtime from \`swagger:get\`${envLabel}.`,
             `Base URL: ${context.baseUrl}`,
             details,
-            'Update the API key with `nb env add --name <name> --base-url <url> --token <api-key>`, log in with `nb env auth -e <name>`, or rerun the command with `--token <api-key>`.',
+            'Update the API key with `nb env add <name> --base-url <url> --auth-type token --token <api-key>`, log in with `nb env auth <name>`, or rerun the command with `--token <api-key>`.',
             commandHint,
         ].join('\n');
     }
@@ -257,7 +262,7 @@ export function formatSwaggerSchemaError(response, context) {
             `Base URL: ${context.baseUrl}`,
             `Network error: ${rawMessage}`,
             'Check that the NocoBase app is running, the base URL is correct, and the server is reachable from this machine.',
-            'If you recently changed the server address, update it with `nb env add --name <name> --base-url <url>` and retry `nb env update`.',
+            'If you recently changed the server address, update it with `nb env add <name> --base-url <url>` and retry `nb env update`.',
             'Use `nb env list` to inspect the current env configuration.',
         ].join('\n');
     }
@@ -267,7 +272,7 @@ export function formatMissingRuntimeEnvError(commandToken) {
     if (!commandToken) {
         return [
             'No env is configured for runtime commands.',
-            'Run `nb env add --name <name> --base-url <url>` first.',
+            'Run `nb env add <name> --base-url <url>` first.',
             'If you configure multiple environments later, switch with `nb env use <name>`.',
         ].join('\n');
     }
@@ -275,7 +280,7 @@ export function formatMissingRuntimeEnvError(commandToken) {
         `Unable to resolve runtime command \`${commandToken}\`.`,
         'No env is configured, so the CLI cannot load runtime commands from `swagger:get`.',
         'If this is a built-in command or a typo, run `nb --help` to inspect available commands.',
-        'If this should be an application runtime command, run `nb env add --name <name> --base-url <url>` and then `nb env update`.',
+        'If this should be an application runtime command, run `nb env add <name> --base-url <url>` and then `nb env update`.',
     ].join('\n');
 }
 export async function ensureRuntimeFromArgv(argv, options) {
@@ -350,7 +355,7 @@ export async function updateEnvRuntime(options) {
     if (!baseUrl) {
         throw new Error([
             `Env "${envName}" is missing a base URL.`,
-            'Update it with `nb env add --name <name> --base-url <url>` first.',
+            'Update it with `nb env add <name> --base-url <url>` first.',
         ].join('\n'));
     }
     updateTask('Loading command runtime...');

package/dist/lib/command-discovery.js

@@ -27,13 +27,13 @@ export async function collectCommandModulePaths(commandsRoot, extension) {
 }
 /**
  * Map a path relative to `commands/` with `.js` / `.ts` to an oclif explicit-registry key.
- * `resource/foo.js` → `api:resource:foo` (topic `api resource …`); other paths use `:` between segments.
+ * `api/resource/foo.js` → `api:resource:foo`; trailing `index` maps to the parent command.
  */
 export function commandRelativePathToRegistryKey(relativePath) {
     const normalized = relativePath.replace(/\\/g, '/').replace(/\.(js|ts)$/i, '');
     const segments = normalized.split('/').filter(Boolean);
-    // if (segments[0] === 'resource' && segments.length >= 2) {
-    //   return ['api', 'resource', ...segments.slice(1)].join(':');
-    // }
+    if (segments.at(-1) === 'index') {
+        segments.pop();
+    }
     return segments.join(':');
 }

package/dist/lib/env-auth.js

@@ -10,6 +10,9 @@ import crypto from 'node:crypto';
 import { createServer } from 'node:http';
 import { spawn } from 'node:child_process';
 import { URL } from 'node:url';
+import { mkdtemp, rm, writeFile } from 'node:fs/promises';
+import os from 'node:os';
+import path from 'node:path';
 import { getCurrentEnvName, getEnv, setEnvOauthSession, } from './auth-store.js';
 import { printInfo, printVerbose, printWarning, printWarningBlock, updateTask } from './ui.js';
 const ACCESS_TOKEN_REFRESH_WINDOW_MS = 60_000;
@@ -79,8 +82,8 @@ function formatOauthFetchFailure(prefix, options) {
         `Network error: ${options.rawMessage || 'fetch failed'}`,
         'Check that the NocoBase app is running, the base URL is correct, and the server is reachable from this machine.',
         options.envName
-            ? `If the saved login is stale, run \`nb env auth -e ${options.envName}\` again after connectivity is restored.`
-            : 'If the saved login is stale, run `nb env auth -e <name>` again after connectivity is restored.',
+            ? `If the saved login is stale, run \`nb env auth ${options.envName}\` again after connectivity is restored.`
+            : 'If the saved login is stale, run `nb env auth <name>` again after connectivity is restored.',
         'Use `nb env list` to inspect the current env configuration.',
     ]
         .filter(Boolean)
@@ -159,12 +162,61 @@ function buildPkcePair() {
         codeChallenge,
     };
 }
-function maybeOpenBrowser(url) {
+function escapeHtmlAttribute(value) {
+    return value
+        .replace(/&/g, '&amp;')
+        .replace(/"/g, '&quot;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;');
+}
+function escapeScriptString(value) {
+    return JSON.stringify(value).replace(/</g, '\\u003c');
+}
+export function buildOauthRedirectHtml(url) {
+    const escapedUrl = escapeHtmlAttribute(url);
+    return `<!doctype html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="refresh" content="0; url=${escapedUrl}">
+  <title>NocoBase OAuth Login</title>
+</head>
+<body>
+  <script>window.location.replace(${escapeScriptString(url)});</script>
+  <p>Redirecting to the OAuth login page. If nothing happens, <a href="${escapedUrl}">continue manually</a>.</p>
+</body>
+</html>
+`;
+}
+async function createWindowsBrowserRedirectFile(url) {
+    const directory = await mkdtemp(path.join(os.tmpdir(), 'nocobase-cli-oauth-'));
+    const filePath = path.join(directory, 'authorize.html');
+    await writeFile(filePath, buildOauthRedirectHtml(url), 'utf8');
+    const cleanup = setTimeout(() => {
+        void rm(directory, { recursive: true, force: true });
+    }, OAUTH_LOGIN_TIMEOUT_MS);
+    cleanup.unref?.();
+    return {
+        target: filePath,
+        cleanup: async () => {
+            clearTimeout(cleanup);
+            await rm(directory, { recursive: true, force: true });
+        },
+    };
+}
+async function getBrowserOpenTarget(url) {
+    if (process.platform !== 'win32') {
+        return { target: url };
+    }
+    return createWindowsBrowserRedirectFile(url);
+}
+async function maybeOpenBrowser(url) {
+    const { target, cleanup } = await getBrowserOpenTarget(url);
     const candidates = process.platform === 'darwin'
-        ? [['open', url]]
+        ? [['open', target]]
         : process.platform === 'win32'
-            ? [['cmd', '/c', 'start', '', url]]
-            : [['xdg-open', url]];
+            ? [['cmd', '/c', 'start', '', target]]
+            : [['xdg-open', target]];
     for (const [command, ...args] of candidates) {
         try {
             const child = spawn(command, args, {
@@ -172,13 +224,19 @@ function maybeOpenBrowser(url) {
                 stdio: 'ignore',
             });
             child.unref();
-            return true;
+            return {
+                opened: true,
+                cleanup,
+            };
         }
         catch (_error) {
             continue;
         }
     }
-    return false;
+    return {
+        opened: false,
+        cleanup,
+    };
 }
 async function createLoopbackServer(state) {
     const result = await new Promise((resolve, reject) => {
@@ -208,7 +266,26 @@ async function createLoopbackServer(state) {
                     return;
                 }
                 res.statusCode = 200;
-                res.end('<html><body><h1>Authentication complete</h1><p>You can return to the terminal.</p></body></html>');
+                res.end(`<!DOCTYPE html>
+<html lang="en">
+<head><meta charset="utf-8" /><title>Authentication complete</title></head>
+<body>
+<h1>Authentication complete</h1>
+<p>You can return to the terminal.</p>
+<p id="manual"></p>
+<script>
+setTimeout(function () {
+  window.close();
+  setTimeout(function () {
+    var el = document.getElementById('manual');
+    if (document.visibilityState === 'visible' && el) {
+      el.textContent = 'Please close this tab manually if it is still open.';
+    }
+  }, 400);
+}, 1000);
+</script>
+</body>
+</html>`);
                 resolveWaiter(code);
             }
             catch (error) {
@@ -279,7 +356,7 @@ async function exchangeAuthorizationCode(options) {
 }
 async function refreshOauthAccessToken(options) {
     if (!options.auth.refreshToken || !options.auth.clientId) {
-        throw new Error(`OAuth session for env "${options.envName}" cannot be refreshed. Run \`nb env auth -e ${options.envName}\`.`);
+        throw new Error(`OAuth session for env "${options.envName}" cannot be refreshed. Run \`nb env auth ${options.envName}\`.`);
     }
     const metadata = await fetchOauthServerMetadata(options.baseUrl, { envName: options.envName });
     const resource = options.auth.resource || getOauthResource(metadata.issuer);
@@ -306,7 +383,7 @@ async function refreshOauthAccessToken(options) {
     });
     const data = await parseJsonResponse(response);
     if (!response.ok) {
-        throw new Error(formatOauthError(`Failed to refresh OAuth session for env "${options.envName}". Run \`nb env auth -e ${options.envName}\` again`, data, response.status));
+        throw new Error(formatOauthError(`Failed to refresh OAuth session for env "${options.envName}". Run \`nb env auth ${options.envName}\` again`, data, response.status));
     }
     if (!data || typeof data !== 'object' || typeof data.access_token !== 'string') {
         throw new Error(`OAuth refresh response for env "${options.envName}" is missing access_token.`);
@@ -344,7 +421,7 @@ export async function resolveAccessToken(options) {
     }
     const baseUrl = options.baseUrl ?? env.baseUrl;
     if (!baseUrl) {
-        throw new Error(`Env "${envName}" is missing a base URL. Run \`nb env add --name ${envName} --base-url <url>\`.`);
+        throw new Error(`Env "${envName}" is missing a base URL. Run \`nb env add ${envName} --base-url <url>\`.`);
     }
     printVerbose(`Refreshing OAuth session for env "${envName}"`);
     return refreshOauthAccessToken({
@@ -376,7 +453,7 @@ export async function authenticateEnvWithOauth(options) {
     if (!baseUrl) {
         throw new Error([
             `Env "${envName}" is missing a base URL.`,
-            'Run `nb env add --name <name> --base-url <url>` first.',
+            'Run `nb env add <name> --base-url <url>` first.',
         ].join('\n'));
     }
     updateTask(`Loading OAuth metadata for env "${envName}"...`);
@@ -385,6 +462,7 @@ export async function authenticateEnvWithOauth(options) {
     const { codeVerifier, codeChallenge } = buildPkcePair();
     const callback = await createLoopbackServer(state);
     const resource = getOauthResource(metadata.issuer);
+    let cleanupBrowserOpenTarget;
     try {
         updateTask(`Registering OAuth client for env "${envName}"...`);
         const registration = await registerOauthClient(metadata, callback.redirectUri);
@@ -399,8 +477,9 @@ export async function authenticateEnvWithOauth(options) {
         authorizationUrl.searchParams.set('code_challenge_method', 'S256');
         authorizationUrl.searchParams.set('resource', resource);
         updateTask(`Waiting for OAuth login for env "${envName}"...`);
-        const opened = maybeOpenBrowser(authorizationUrl.toString());
-        if (!opened) {
+        const browser = await maybeOpenBrowser(authorizationUrl.toString());
+        cleanupBrowserOpenTarget = browser.cleanup;
+        if (!browser.opened) {
             printWarningBlock('Unable to open the browser automatically. Open this URL manually:');
         }
         else {
@@ -442,6 +521,7 @@ export async function authenticateEnvWithOauth(options) {
         }, { scope: options.scope });
     }
     finally {
+        await cleanupBrowserOpenTarget?.().catch(() => undefined);
         await callback.close().catch(() => undefined);
     }
 }