@odeva/cli 0.0.1

package/dist/commands/app/submit.js

@@ -0,0 +1,85 @@
+import { Command } from "@oclif/core";
+import * as p from "@clack/prompts";
+import { OdevaApi } from "../../lib/api.js";
+import { loadAppConfig } from "../../lib/config.js";
+import { CliError } from "../../lib/errors.js";
+import { withErrorHandling } from "../../lib/run.js";
+import { ui } from "../../lib/ui.js";
+class AppSubmit extends Command {
+  static description = "Submit the local app to Odeva for marketplace review";
+  static examples = ["$ odeva app submit"];
+  async run() {
+    await this.parse(AppSubmit);
+    await withErrorHandling(this, async () => {
+      const loaded = loadAppConfig();
+      if (!loaded.config.client_id) {
+        throw new CliError("App has not been registered yet.", {
+          hint: "Run `odeva app config link` first."
+        });
+      }
+      const api = new OdevaApi();
+      p.intro(ui.brand("odeva app submit"));
+      const lookup = p.spinner();
+      lookup.start("Looking up app on Odeva");
+      const app = await api.findAppWithReviewByClientId(loaded.config.client_id);
+      if (!app) {
+        lookup.stop("Not found.");
+        throw new CliError(
+          `No app with client_id ${loaded.config.client_id} is owned by your active organization.`,
+          { hint: "If you registered against a different org, run `odeva auth select-org`." }
+        );
+      }
+      lookup.stop(`Found ${ui.code(app.slug)} (${app.publicationStatus})`);
+      if (app.publicationStatus === "submitted") {
+        this.log(ui.warn("This app is already under review. Run `odeva app status` to check progress."));
+        return;
+      }
+      if (app.publicationStatus === "published") {
+        this.log(ui.warn("This app is already published. Re-running submit would have no effect."));
+        return;
+      }
+      if (!app.installUrl) {
+        throw new CliError("install_url is missing on the server-side app record.", {
+          hint: "Set a non-empty install_url in odeva.app.toml (it must be a publicly reachable URL that handles the install handshake), then run `odeva app config link` and try again."
+        });
+      }
+      p.note(
+        [
+          `${ui.dim("name:")}        ${app.name}`,
+          `${ui.dim("slug:")}        ${app.slug}`,
+          `${ui.dim("install_url:")} ${app.installUrl}`,
+          `${ui.dim("scopes:")}      ${app.requestedScopes.join(", ") || ui.dim("(none)")}`,
+          ``,
+          `Reviewers check that install + UI work and that scopes match the app's purpose.`,
+          `They don't review your code.`
+        ].join("\n"),
+        "Ready to submit"
+      );
+      const confirm = await p.confirm({
+        message: "Submit for review?",
+        initialValue: true
+      });
+      if (p.isCancel(confirm) || !confirm) {
+        this.log(ui.warn("Cancelled."));
+        return;
+      }
+      const submit = p.spinner();
+      submit.start("Submitting");
+      const result = await api.submitDeveloperApp(app.id);
+      if (result.errors.length > 0) {
+        submit.stop("Failed.");
+        throw new CliError(result.errors.join(", "));
+      }
+      submit.stop(`Submitted. Status: ${ui.code(result.app?.publicationStatus ?? "submitted")}`);
+      p.outro(
+        [
+          ui.ok("Awaiting review."),
+          `  Check progress: ${ui.code("odeva app status")}`
+        ].join("\n")
+      );
+    });
+  }
+}
+export {
+  AppSubmit as default
+};

package/dist/commands/auth/login.js

@@ -0,0 +1,136 @@
+import { hostname as osHostname } from "node:os";
+import { Command, Flags } from "@oclif/core";
+import * as p from "@clack/prompts";
+import { OdevaApi } from "../../lib/api.js";
+import { saveCredentials } from "../../lib/credentials.js";
+import { DEFAULT_API_URL } from "../../lib/paths.js";
+import { ApiError, CliError } from "../../lib/errors.js";
+import { openUrl } from "../../lib/open-url.js";
+import { pickOrganization } from "../../lib/org-picker.js";
+import { withErrorHandling } from "../../lib/run.js";
+import { ui } from "../../lib/ui.js";
+const POLL_TIMEOUT_MS = 15 * 60 * 1e3;
+class AuthLogin extends Command {
+  static description = "Authenticate the CLI with your Odeva account";
+  static examples = [
+    "$ odeva auth login",
+    "$ odeva auth login --token odeva_cli_...",
+    "$ odeva auth login --api-url https://api.staging.odeva.app"
+  ];
+  static flags = {
+    token: Flags.string({
+      description: "CLI token (skips the browser flow). Mostly useful for CI.",
+      env: "ODEVA_TOKEN"
+    }),
+    "api-url": Flags.string({
+      description: "Override the Odeva API URL",
+      default: DEFAULT_API_URL
+    }),
+    "no-open": Flags.boolean({
+      description: "Print the approval URL instead of opening a browser",
+      default: false
+    })
+  };
+  async run() {
+    const { flags } = await this.parse(AuthLogin);
+    await withErrorHandling(this, async () => {
+      const apiUrl = flags["api-url"];
+      if (flags.token) {
+        await this.completeWithToken(flags.token.trim(), apiUrl);
+        return;
+      }
+      const api = new OdevaApi({ apiUrl });
+      p.intro(ui.brand("odeva auth login"));
+      const begin = await api.cliAuthBegin(osHostname());
+      p.note(
+        [
+          `Verify this code matches the one shown on the approval page:`,
+          ``,
+          `  ${ui.code(begin.userCode)}`,
+          ``,
+          `Opening: ${begin.verificationUri}`
+        ].join("\n"),
+        "Approval required"
+      );
+      if (!flags["no-open"]) {
+        const opened = openUrl(begin.verificationUri);
+        if (!opened) {
+          this.log(ui.warn(`Could not open a browser automatically. Visit the URL above to approve.`));
+        }
+      }
+      const token = await this.pollUntilResolved(api, begin.deviceCode, begin.interval);
+      await this.completeWithToken(token, apiUrl);
+    });
+  }
+  async pollUntilResolved(api, deviceCode, intervalSec) {
+    const spinner = p.spinner();
+    spinner.start("Waiting for approval in your browser\u2026");
+    const deadline = Date.now() + POLL_TIMEOUT_MS;
+    try {
+      while (Date.now() < deadline) {
+        await sleep(intervalSec * 1e3);
+        const result = await api.cliAuthPoll(deviceCode);
+        switch (result.status) {
+          case "approved":
+            if (!result.token) {
+              throw new CliError("Approval succeeded but no token was issued.");
+            }
+            spinner.stop("Approved.");
+            return result.token;
+          case "denied":
+            spinner.stop("Denied.");
+            throw new CliError("Approval was denied in the browser.", {
+              hint: "Run `odeva auth login` again if this was a mistake."
+            });
+          case "expired":
+            spinner.stop("Expired.");
+            throw new CliError("The approval window expired before you confirmed.", {
+              hint: "Run `odeva auth login` again to start a new session."
+            });
+          case "not_found":
+            spinner.stop("Lost session.");
+            throw new CliError("The CLI session was not found server-side.");
+          case "pending":
+            continue;
+        }
+      }
+      spinner.stop("Timed out.");
+      throw new CliError("Gave up waiting for approval.", {
+        hint: "Run `odeva auth login` again."
+      });
+    } catch (err) {
+      if (!(err instanceof CliError)) spinner.stop("Failed.");
+      throw err;
+    }
+  }
+  async completeWithToken(token, apiUrl) {
+    if (!token) {
+      throw new CliError("Empty token.", { hint: "Run `odeva auth login` again." });
+    }
+    const api = new OdevaApi({ credentials: { token, apiUrl, savedAt: (/* @__PURE__ */ new Date()).toISOString() } });
+    try {
+      const { organization, email } = await pickOrganization(api);
+      saveCredentials({
+        token,
+        apiUrl,
+        organizationId: organization.id,
+        organizationSlug: organization.slug
+      });
+      const who = email ?? "unknown";
+      this.log(ui.ok(`Authenticated as ${ui.bold(who)} (${ui.dim(organization.name)}).`));
+    } catch (err) {
+      if (err instanceof ApiError) {
+        throw new CliError(`Token rejected by ${apiUrl}: ${err.message}`, {
+          hint: "Double-check the API URL and try again."
+        });
+      }
+      throw err;
+    }
+  }
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+export {
+  AuthLogin as default
+};

package/dist/commands/auth/logout.js

@@ -0,0 +1,20 @@
+import { Command } from "@oclif/core";
+import { clearCredentials } from "../../lib/credentials.js";
+import { withErrorHandling } from "../../lib/run.js";
+import { ui } from "../../lib/ui.js";
+class AuthLogout extends Command {
+  static description = "Remove stored credentials from this machine";
+  async run() {
+    await withErrorHandling(this, async () => {
+      const removed = clearCredentials();
+      if (removed) {
+        this.log(ui.ok("Logged out."));
+      } else {
+        this.log(ui.dim("Already logged out."));
+      }
+    });
+  }
+}
+export {
+  AuthLogout as default
+};

package/dist/commands/auth/select-org.js

@@ -0,0 +1,30 @@
+import { Command } from "@oclif/core";
+import { OdevaApi } from "../../lib/api.js";
+import { requireCredentials, saveCredentials } from "../../lib/credentials.js";
+import { pickOrganization } from "../../lib/org-picker.js";
+import { withErrorHandling } from "../../lib/run.js";
+import { ui } from "../../lib/ui.js";
+class AuthSelectOrg extends Command {
+  static description = "Switch which organization the CLI acts on";
+  static examples = ["$ odeva auth select-org"];
+  async run() {
+    await this.parse(AuthSelectOrg);
+    await withErrorHandling(this, async () => {
+      const creds = requireCredentials();
+      const api = new OdevaApi({ credentials: creds });
+      const { organization } = await pickOrganization(api, {
+        preferOrganizationId: creds.organizationId
+      });
+      saveCredentials({
+        token: creds.token,
+        apiUrl: creds.apiUrl,
+        organizationId: organization.id,
+        organizationSlug: organization.slug
+      });
+      this.log(ui.ok(`Active organization: ${ui.bold(organization.name)} (${ui.dim(organization.slug)})`));
+    });
+  }
+}
+export {
+  AuthSelectOrg as default
+};

package/dist/commands/auth/whoami.js

@@ -0,0 +1,24 @@
+import { Command } from "@oclif/core";
+import { OdevaApi } from "../../lib/api.js";
+import { requireCredentials } from "../../lib/credentials.js";
+import { withErrorHandling } from "../../lib/run.js";
+import { ui } from "../../lib/ui.js";
+class AuthWhoami extends Command {
+  static description = "Show the currently authenticated session";
+  async run() {
+    await this.parse(AuthWhoami);
+    await withErrorHandling(this, async () => {
+      const creds = requireCredentials();
+      const api = new OdevaApi({ credentials: creds });
+      const probe = await api.ping();
+      this.log(ui.bold("Authenticated"));
+      this.log(`  ${ui.dim("User:")}     ${probe.email ?? "unknown"}`);
+      this.log(`  ${ui.dim("Org:")}      ${creds.organizationSlug ?? ui.dim("(none \u2014 run `odeva auth select-org`)")}`);
+      this.log(`  ${ui.dim("API URL:")}  ${creds.apiUrl}`);
+      this.log(`  ${ui.dim("Saved at:")} ${creds.savedAt}`);
+    });
+  }
+}
+export {
+  AuthWhoami as default
+};

package/dist/commands/version.js

@@ -0,0 +1,17 @@
+import { Command } from "@oclif/core";
+import { readFileSync } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname, join } from "node:path";
+class Version extends Command {
+  static description = "Show the installed odeva CLI version";
+  static hidden = true;
+  async run() {
+    const here = dirname(fileURLToPath(import.meta.url));
+    const pkgPath = join(here, "..", "..", "package.json");
+    const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));
+    this.log(`odeva/${pkg.version}`);
+  }
+}
+export {
+  Version as default
+};

package/dist/commands/webhook/list.js

@@ -0,0 +1,50 @@
+import { Command, Flags } from "@oclif/core";
+import { OdevaApi } from "../../lib/api.js";
+import { withErrorHandling } from "../../lib/run.js";
+import { ui } from "../../lib/ui.js";
+class WebhookList extends Command {
+  static description = "List webhook subscriptions (and optionally available event types)";
+  static examples = ["$ odeva webhook list", "$ odeva webhook list --available"];
+  static flags = {
+    available: Flags.boolean({
+      description: "List event types the API supports instead of active subscriptions",
+      default: false
+    })
+  };
+  async run() {
+    const { flags } = await this.parse(WebhookList);
+    await withErrorHandling(this, async () => {
+      const api = new OdevaApi();
+      if (flags.available) {
+        const events = await api.webhookEventTypes();
+        if (events.length === 0) {
+          this.log(ui.dim("No event types reported by the API."));
+          return;
+        }
+        this.log(ui.bold("Available webhook event types"));
+        for (const event of events) {
+          this.log(`  ${event}`);
+        }
+        return;
+      }
+      const subscriptions = await api.webhookSubscriptions();
+      if (subscriptions.length === 0) {
+        this.log(ui.dim("No webhook subscriptions on this organization."));
+        this.log(ui.dim("Hint: `odeva app dev` registers subscriptions automatically from odeva.app.toml."));
+        return;
+      }
+      this.log(ui.bold(`Webhook subscriptions (${subscriptions.length})`));
+      for (const sub of subscriptions) {
+        const statusColor = sub.status === "active" ? ui.ok : sub.status === "paused" ? ui.warn : ui.err;
+        this.log("");
+        this.log(`  ${ui.code(sub.id)}  ${sub.name}`);
+        this.log(`    ${ui.dim("status:")}    ${statusColor(sub.status)}`);
+        this.log(`    ${ui.dim("events:")}    ${sub.eventTypes.join(", ")}`);
+        this.log(`    ${ui.dim("endpoint:")}  ${sub.endpointUrl}`);
+      }
+    });
+  }
+}
+export {
+  WebhookList as default
+};

package/dist/commands/webhook/trigger.js

@@ -0,0 +1,128 @@
+import { Args, Command, Flags } from "@oclif/core";
+import { readFileSync } from "node:fs";
+import { resolve } from "node:path";
+import { loadAppConfig, findAppConfigPath } from "../../lib/config.js";
+import { buildFixture, signPayload } from "../../lib/webhook-fixtures.js";
+import { CliError } from "../../lib/errors.js";
+import { withErrorHandling } from "../../lib/run.js";
+import { readEnvFile } from "../../lib/dev-runner.js";
+import { ui } from "../../lib/ui.js";
+import { join } from "node:path";
+class WebhookTrigger extends Command {
+  static description = "Fire a sample webhook payload at a local handler (uses the secret from .env.odeva.local if present)";
+  static examples = [
+    "$ odeva webhook trigger reservation.created",
+    "$ odeva webhook trigger payment.succeeded --port 4000",
+    "$ odeva webhook trigger reservation.created --payload ./fixtures/big-booking.json",
+    "$ odeva webhook trigger reservation.created --url http://localhost:3000/webhooks/reservation.created"
+  ];
+  static args = {
+    event: Args.string({
+      description: "Event type to trigger (e.g. reservation.created)",
+      required: true
+    })
+  };
+  static flags = {
+    url: Flags.string({
+      description: "Full URL to POST the payload to (overrides toml lookup)"
+    }),
+    port: Flags.integer({
+      description: "Local port for the handler (defaults to odeva.app.toml [build].port or 3000)"
+    }),
+    payload: Flags.string({
+      description: "Path to a JSON file with the payload body (overrides built-in fixture)"
+    }),
+    secret: Flags.string({
+      description: "HMAC secret to sign the payload with",
+      env: "ODEVA_WEBHOOK_SECRET"
+    }),
+    "no-sign": Flags.boolean({
+      description: "Skip HMAC signing (omits the x-odeva-signature header)",
+      default: false
+    })
+  };
+  async run() {
+    const { args, flags } = await this.parse(WebhookTrigger);
+    await withErrorHandling(this, async () => {
+      const event = args.event;
+      const url = flags.url ?? this.urlFromConfig(event, flags.port);
+      const payload = flags.payload ? this.readPayload(flags.payload, event) : buildFixture(event);
+      const body = JSON.stringify(payload);
+      const secret = flags.secret ?? this.secretFromEnvFile();
+      const headers = {
+        "content-type": "application/json",
+        "x-odeva-event": event,
+        "x-odeva-delivery": payload.id
+      };
+      if (!flags["no-sign"]) {
+        if (!secret) {
+          throw new CliError("No webhook secret available.", {
+            hint: "Run `odeva app dev` first to generate one, or pass --secret <value>, or use --no-sign for unsigned testing."
+          });
+        }
+        headers["x-odeva-signature"] = signPayload(body, secret);
+      }
+      this.log(`${ui.bold("POST")} ${url}`);
+      this.log(`  ${ui.dim("event:")}     ${event}`);
+      this.log(`  ${ui.dim("delivery:")}  ${payload.id}`);
+      this.log(`  ${ui.dim("signed:")}    ${headers["x-odeva-signature"] ? "yes" : "no"}`);
+      const started = Date.now();
+      let response;
+      try {
+        response = await fetch(url, { method: "POST", headers, body });
+      } catch (err) {
+        throw new CliError(`Could not reach ${url}: ${err.message}`, {
+          hint: "Is your dev server running? Try `odeva app dev`."
+        });
+      }
+      const durationMs = Date.now() - started;
+      const text = await response.text().catch(() => "");
+      const indicator = response.ok ? ui.ok : ui.err;
+      this.log("");
+      this.log(`${indicator(`${response.status} ${response.statusText}`)} ${ui.dim(`(${durationMs}ms)`)}`);
+      if (text) this.log(ui.dim(text.length > 500 ? `${text.slice(0, 500)}\u2026` : text));
+    });
+  }
+  urlFromConfig(event, portFlag) {
+    const cfgPath = findAppConfigPath();
+    if (!cfgPath) {
+      throw new CliError("No odeva.app.toml found, and no --url provided.", {
+        hint: "Pass --url <full-local-url> or run from an Odeva app directory."
+      });
+    }
+    const loaded = loadAppConfig();
+    const sub = loaded.config.webhooks?.subscriptions?.find((s) => s.topic === event);
+    const port = portFlag ?? loaded.config.build?.port ?? 3e3;
+    const path = sub?.uri ?? `/webhooks/${event}`;
+    return `http://localhost:${port}${path.startsWith("/") ? path : `/${path}`}`;
+  }
+  secretFromEnvFile() {
+    const cfgPath = findAppConfigPath();
+    if (!cfgPath) return void 0;
+    const envPath = join(resolve(cfgPath, ".."), ".env.odeva.local");
+    const env = readEnvFile(envPath);
+    return env["ODEVA_WEBHOOK_SECRET"];
+  }
+  readPayload(path, event) {
+    const abs = resolve(process.cwd(), path);
+    let raw;
+    try {
+      raw = readFileSync(abs, "utf8");
+    } catch (err) {
+      throw new CliError(`Failed to read payload file ${abs}: ${err.message}`);
+    }
+    let parsed;
+    try {
+      parsed = JSON.parse(raw);
+    } catch (err) {
+      throw new CliError(`Invalid JSON in ${abs}: ${err.message}`);
+    }
+    if (typeof parsed.event === "string" && typeof parsed.id === "string" && "data" in parsed) {
+      return parsed;
+    }
+    return buildFixture(event, parsed);
+  }
+}
+export {
+  WebhookTrigger as default
+};

package/dist/index.js

@@ -0,0 +1,4 @@
+import { run } from "@oclif/core";
+export {
+  run
+};