@oncoding/bsteam 0.2.0

package/dist/commands/auth/login.js

@@ -0,0 +1,155 @@
+import { Flags } from '@oclif/core';
+import { BaseCommand } from '../../base-command.js';
+import { getBsteamConfigFilePath, saveContextCredential, summarizeContextCredential, } from '../../auth/context-config.js';
+import { ExitCodes } from '../../config/exit-codes.js';
+import { extractCapabilities, platformApiFlags, platformApiGet, platformApiPost, resolvePlatformApiOptions, } from '../../http/platform-api.js';
+export default class AuthLogin extends BaseCommand {
+    static description = '登录 bsteam Platform API 并把 token 保存到本机 context config';
+    static flags = {
+        ...BaseCommand.baseFlags,
+        ...platformApiFlags,
+        name: Flags.string({
+            char: 'n',
+            description: 'context 名称别名；优先使用全局 --context',
+            default: 'default',
+        }),
+        cluster: Flags.string({
+            description: 'cluster 名称；默认与 context 相同',
+        }),
+        user: Flags.string({
+            description: 'user 名称；默认与 context 相同',
+        }),
+        'set-default': Flags.boolean({
+            description: '把本次登录设置为 currentContext',
+            default: true,
+            allowNo: true,
+        }),
+        'token-stdin': Flags.boolean({
+            description: '从 stdin 读取 bearer token，避免 token 进入 shell history',
+            default: false,
+        }),
+        email: Flags.string({
+            description: '邮箱密码登录的邮箱；仅用于本地/已启用密码登录的账号',
+        }),
+        'password-stdin': Flags.boolean({
+            description: '从 stdin 读取登录密码，并调用 /api/v1/auth/login 换取 token',
+            default: false,
+        }),
+        'skip-verify': Flags.boolean({
+            description: '只保存 token，不调用 /api/v1/auth/session 验证',
+            default: false,
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(AuthLogin);
+        const options = await resolvePlatformApiOptions({
+            ...flags,
+            token: undefined,
+            credential: undefined,
+        });
+        const login = await this.resolveLoginToken(flags, options.apiUrl);
+        if (!login.token) {
+            this.reportAuthError('AUTH_TOKEN_REQUIRED', '缺少 token。使用 --token、--token-stdin，或 --email + --password-stdin 登录。', '优先从个人中心复制 CLI 登录命令；Agent 场景用 --token-stdin 避免泄露。');
+            this.exit(ExitCodes.INVALID_ARGS);
+            return;
+        }
+        let user = login.user;
+        let capabilities;
+        if (!flags['skip-verify']) {
+            const session = await platformApiGet({ apiUrl: options.apiUrl, token: login.token }, '/api/v1/auth/session');
+            if (!session.ok) {
+                this.reportAuthError('AUTH_VERIFY_FAILED', `token 验证失败：${session.error ?? session.status}`, '确认 token 未过期，并且 --api-url 指向当前 bsteam Platform API。');
+                this.exit(ExitCodes.AUTH_REQUIRED);
+                return;
+            }
+            user = normalizeUser(session.data) ?? user;
+            const scopeResult = await platformApiGet({ apiUrl: options.apiUrl, token: login.token }, '/api/v1/platform/authz/capabilities');
+            if (scopeResult.ok)
+                capabilities = extractCapabilities(scopeResult.data);
+        }
+        const saved = await saveContextCredential({
+            contextName: flags.context ?? flags.name,
+            clusterName: flags.cluster,
+            userName: flags.user,
+            apiUrl: options.apiUrl,
+            token: login.token,
+            activeDomainId: flags.domain,
+            user,
+            capabilities,
+            lastVerifiedAt: flags['skip-verify'] ? undefined : new Date().toISOString(),
+        }, { setCurrent: flags['set-default'], configPath: flags.config });
+        const output = {
+            context: summarizeContextCredential(saved, flags['set-default']),
+            configFile: getBsteamConfigFilePath(flags.config),
+            verified: !flags['skip-verify'],
+        };
+        if (flags.json) {
+            this.outputEnvelope(output);
+            return;
+        }
+        this.log(`Logged in: ${saved.user?.display_name ?? saved.user?.email ?? saved.contextName}`);
+        this.log(`API: ${saved.apiUrl}`);
+        this.log(`Context: ${saved.contextName}${flags['set-default'] ? ' (current)' : ''}`);
+        this.log(`Config: ${getBsteamConfigFilePath(flags.config)}`);
+        this.log(`Token: ${summarizeContextCredential(saved).tokenRedacted}`);
+        this.log('Next: bsteam auth status');
+    }
+    async resolveLoginToken(flags, apiUrl) {
+        if (typeof flags.token === 'string' && flags.token.trim()) {
+            return { token: flags.token.trim() };
+        }
+        if (flags['token-stdin']) {
+            return { token: (await readStdin()).trim() };
+        }
+        if (typeof flags.email === 'string' && flags['password-stdin']) {
+            const password = (await readStdin()).trim();
+            const result = await platformApiPost({ apiUrl }, '/api/v1/auth/login', { email: flags.email, password });
+            if (!result.ok || !result.data?.access_token) {
+                this.reportAuthError('AUTH_LOGIN_FAILED', `登录失败：${result.error ?? result.status}`, '确认邮箱密码登录已启用；飞书/企微 OAuth 账号请从个人中心复制平台 session token。');
+                this.exit(ExitCodes.AUTH_REQUIRED);
+                return {};
+            }
+            return {
+                token: result.data.access_token,
+                user: normalizeUser(result.data.user),
+            };
+        }
+        return {};
+    }
+    reportAuthError(code, message, hint) {
+        const error = { code, message, hint };
+        if (this.argv.includes('--json')) {
+            this.outputEnvelope(error, false);
+            return;
+        }
+        this.error(`${message}\n${hint}`, { exit: false });
+    }
+}
+function normalizeUser(value) {
+    if (!value || typeof value !== 'object')
+        return undefined;
+    const user = value;
+    return {
+        id: stringOrUndefined(user.id),
+        principal_id: stringOrUndefined(user.principal_id),
+        display_name: stringOrUndefined(user.display_name),
+        email: stringOrUndefined(user.email),
+        tenant_id: stringOrUndefined(user.tenant_id),
+        status: stringOrUndefined(user.status),
+    };
+}
+function stringOrUndefined(value) {
+    return typeof value === 'string' ? value : undefined;
+}
+function readStdin() {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        process.stdin.setEncoding('utf8');
+        process.stdin.on('data', (chunk) => {
+            data += chunk;
+        });
+        process.stdin.on('end', () => resolve(data));
+        process.stdin.on('error', reject);
+    });
+}
+//# sourceMappingURL=login.js.map

package/dist/commands/auth/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../../src/commands/auth/login.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAEpC,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EACL,uBAAuB,EACvB,qBAAqB,EACrB,0BAA0B,GAC3B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AACvD,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,eAAe,EACf,yBAAyB,GAC1B,MAAM,4BAA4B,CAAC;AAOpC,MAAM,CAAC,OAAO,OAAO,SAAU,SAAQ,WAAW;IAChD,MAAM,CAAU,WAAW,GAAG,sDAAsD,CAAC;IAErF,MAAM,CAAU,KAAK,GAAG;QACtB,GAAG,WAAW,CAAC,SAAS;QACxB,GAAG,gBAAgB;QACnB,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;YACjB,IAAI,EAAE,GAAG;YACT,WAAW,EAAE,+BAA+B;YAC5C,OAAO,EAAE,SAAS;SACnB,CAAC;QACF,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC;YACpB,WAAW,EAAE,2BAA2B;SACzC,CAAC;QACF,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;YACjB,WAAW,EAAE,wBAAwB;SACtC,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC;YAC3B,WAAW,EAAE,yBAAyB;YACtC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,IAAI;SACd,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC;YAC3B,WAAW,EAAE,mDAAmD;YAChE,OAAO,EAAE,KAAK;SACf,CAAC;QACF,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC;YAClB,WAAW,EAAE,4BAA4B;SAC1C,CAAC;QACF,gBAAgB,EAAE,KAAK,CAAC,OAAO,CAAC;YAC9B,WAAW,EAAE,gDAAgD;YAC7D,OAAO,EAAE,KAAK;SACf,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,OAAO,CAAC;YAC3B,WAAW,EAAE,uCAAuC;YACpD,OAAO,EAAE,KAAK;SACf,CAAC;KACH,CAAC;IAEF,KAAK,CAAC,GAAG;QACP,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC9C,MAAM,OAAO,GAAG,MAAM,yBAAyB,CAAC;YAC9C,GAAG,KAAK;YACR,KAAK,EAAE,SAAS;YAChB,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAClE,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACjB,IAAI,CAAC,eAAe,CAClB,qBAAqB,EACrB,oEAAoE,EACpE,kDAAkD,CACnD,CAAC;YACF,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;YAClC,OAAO;QACT,CAAC;QAED,IAAI,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QACtB,IAAI,YAAkC,CAAC;QACvC,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;YAC1B,MAAM,OAAO,GAAG,MAAM,cAAc,CAClC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,EAC9C,sBAAsB,CACvB,CAAC;YACF,IAAI,CAAC,OAAO,CAAC,EAAE,EAAE,CAAC;gBAChB,IAAI,CAAC,eAAe,CAClB,oBAAoB,EACpB,cAAc,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,EAC/C,qDAAqD,CACtD,CAAC;gBACF,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;gBACnC,OAAO;YACT,CAAC;YACD,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;YAE3C,MAAM,WAAW,GAAG,MAAM,cAAc,CACtC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,EAC9C,qCAAqC,CACtC,CAAC;YACF,IAAI,WAAW,CAAC,EAAE;gBAAE,YAAY,GAAG,mBAAmB,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAC3E,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,qBAAqB,CAAC;YACxC,WAAW,EAAE,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,IAAI;YACxC,WAAW,EAAE,KAAK,CAAC,OAAO;YAC1B,QAAQ,EAAE,KAAK,CAAC,IAAI;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,cAAc,EAAE,KAAK,CAAC,MAAM;YAC5B,IAAI;YACJ,YAAY;YACZ,cAAc,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SAC5E,EAAE,EAAE,UAAU,EAAE,KAAK,CAAC,aAAa,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAEnE,MAAM,MAAM,GAAG;YACb,OAAO,EAAE,0BAA0B,CAAC,KAAK,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;YAChE,UAAU,EAAE,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC;YACjD,QAAQ,EAAE,CAAC,KAAK,CAAC,aAAa,CAAC;SAChC,CAAC;QAEF,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACf,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,cAAc,KAAK,CAAC,IAAI,EAAE,YAAY,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;QAC7F,IAAI,CAAC,GAAG,CAAC,QAAQ,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG,CAAC,YAAY,KAAK,CAAC,WAAW,GAAG,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrF,IAAI,CAAC,GAAG,CAAC,WAAW,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,GAAG,CAAC,UAAU,0BAA0B,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,CAAC,CAAC;QACtE,IAAI,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IACvC,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAC7B,KAA0B,EAC1B,MAAc;QAEd,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;YAC1D,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;QACvC,CAAC;QACD,IAAI,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,KAAK,EAAE,CAAC,MAAM,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QAC/C,CAAC;QACD,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAG,CAAC,MAAM,SAAS,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;YAC5C,MAAM,MAAM,GAAG,MAAM,eAAe,CAClC,EAAE,MAAM,EAAE,EACV,oBAAoB,EACpB,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE,CACjC,CAAC;YACF,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;gBAC7C,IAAI,CAAC,eAAe,CAClB,mBAAmB,EACnB,QAAQ,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,EAAE,EACvC,qDAAqD,CACtD,CAAC;gBACF,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;gBACnC,OAAO,EAAE,CAAC;YACZ,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY;gBAC/B,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;aACtC,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,eAAe,CAAC,IAAY,EAAE,OAAe,EAAE,IAAY;QACjE,MAAM,KAAK,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;YAClC,OAAO;QACT,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,GAAG,OAAO,KAAK,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACrD,CAAC;;AAGH,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC1D,MAAM,IAAI,GAAG,KAAgC,CAAC;IAC9C,OAAO;QACL,EAAE,EAAE,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,YAAY,EAAE,iBAAiB,CAAC,IAAI,CAAC,YAAY,CAAC;QAClD,YAAY,EAAE,iBAAiB,CAAC,IAAI,CAAC,YAAY,CAAC;QAClD,KAAK,EAAE,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC;QACpC,SAAS,EAAE,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC;QAC5C,MAAM,EAAE,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC;KACvC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,SAAS,SAAS;IAChB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,IAAI,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,EAAE;YACjC,IAAI,IAAI,KAAK,CAAC;QAChB,CAAC,CAAC,CAAC;QACH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7C,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/commands/auth/logout.d.ts

@@ -0,0 +1,15 @@
+import { BaseCommand } from '../../base-command.js';
+export default class AuthLogout extends BaseCommand {
+    static description: string;
+    static flags: {
+        name: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        all: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        profile: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        config: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        context: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'trace-id': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}
+//# sourceMappingURL=logout.d.ts.map

package/dist/commands/auth/logout.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../../../src/commands/auth/logout.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAIpD,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,WAAW;IACjD,OAAgB,WAAW,SAAqC;IAEhE,OAAgB,KAAK;;;;;;;;MAUnB;IAEI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;CAqC3B"}

package/dist/commands/auth/logout.js

@@ -0,0 +1,55 @@
+import { Flags } from '@oclif/core';
+import { BaseCommand } from '../../base-command.js';
+import { deleteAllCredentials, deleteCredential } from '../../auth/credential-store.js';
+import { deleteAllContexts, deleteContext } from '../../auth/context-config.js';
+export default class AuthLogout extends BaseCommand {
+    static description = '删除本机保存的 bsteam CLI context 或旧凭证';
+    static flags = {
+        ...BaseCommand.baseFlags,
+        name: Flags.string({
+            char: 'n',
+            description: '要删除的 context 名称别名；优先使用全局 --context',
+        }),
+        all: Flags.boolean({
+            description: '删除全部本机 contexts 和旧凭证',
+            default: false,
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(AuthLogout);
+        const contextName = flags.context ?? flags.name;
+        const contextResult = flags.all
+            ? await deleteAllContexts(flags.config)
+            : await deleteContext(contextName, flags.config);
+        const credentialResult = flags.all
+            ? await deleteAllCredentials()
+            : contextResult.deleted.length === 0 && !flags.context
+                ? await deleteCredential(flags.name)
+                : { deleted: [], default: undefined };
+        const result = {
+            deletedContexts: contextResult.deleted,
+            currentContext: 'currentContext' in contextResult ? contextResult.currentContext : undefined,
+            deletedCredentials: credentialResult.deleted,
+            defaultCredential: 'default' in credentialResult ? credentialResult.default : undefined,
+        };
+        if (flags.json) {
+            this.outputEnvelope(result);
+            return;
+        }
+        if (result.deletedContexts.length === 0 && result.deletedCredentials.length === 0) {
+            this.log('No context or credential was removed');
+            return;
+        }
+        if (result.deletedContexts.length > 0) {
+            this.log(`Removed contexts: ${result.deletedContexts.join(', ')}`);
+        }
+        if (result.currentContext)
+            this.log(`Current context is now: ${result.currentContext}`);
+        if (result.deletedCredentials.length > 0) {
+            this.log(`Removed legacy credentials: ${result.deletedCredentials.join(', ')}`);
+        }
+        if (result.defaultCredential)
+            this.log(`Default legacy credential is now: ${result.defaultCredential}`);
+    }
+}
+//# sourceMappingURL=logout.js.map

package/dist/commands/auth/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.js","sourceRoot":"","sources":["../../../src/commands/auth/logout.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAEpC,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AACxF,OAAO,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAEhF,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,WAAW;IACjD,MAAM,CAAU,WAAW,GAAG,iCAAiC,CAAC;IAEhE,MAAM,CAAU,KAAK,GAAG;QACtB,GAAG,WAAW,CAAC,SAAS;QACxB,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;YACjB,IAAI,EAAE,GAAG;YACT,WAAW,EAAE,oCAAoC;SAClD,CAAC;QACF,GAAG,EAAE,KAAK,CAAC,OAAO,CAAC;YACjB,WAAW,EAAE,sBAAsB;YACnC,OAAO,EAAE,KAAK;SACf,CAAC;KACH,CAAC;IAEF,KAAK,CAAC,GAAG;QACP,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC/C,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,IAAI,CAAC;QAChD,MAAM,aAAa,GAAG,KAAK,CAAC,GAAG;YAC7B,CAAC,CAAC,MAAM,iBAAiB,CAAC,KAAK,CAAC,MAAM,CAAC;YACvC,CAAC,CAAC,MAAM,aAAa,CAAC,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QACnD,MAAM,gBAAgB,GAAG,KAAK,CAAC,GAAG;YAChC,CAAC,CAAC,MAAM,oBAAoB,EAAE;YAC9B,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO;gBACpD,CAAC,CAAC,MAAM,gBAAgB,CAAC,KAAK,CAAC,IAAI,CAAC;gBACpC,CAAC,CAAC,EAAE,OAAO,EAAE,EAAc,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;QACtD,MAAM,MAAM,GAAG;YACb,eAAe,EAAE,aAAa,CAAC,OAAO;YACtC,cAAc,EAAE,gBAAgB,IAAI,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS;YAC5F,kBAAkB,EAAE,gBAAgB,CAAC,OAAO;YAC5C,iBAAiB,EAAE,SAAS,IAAI,gBAAgB,CAAC,CAAC,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;SACxF,CAAC;QAEF,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACf,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;QAED,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;YACjD,OAAO;QACT,CAAC;QAED,IAAI,MAAM,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtC,IAAI,CAAC,GAAG,CAAC,qBAAqB,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACrE,CAAC;QACD,IAAI,MAAM,CAAC,cAAc;YAAE,IAAI,CAAC,GAAG,CAAC,2BAA2B,MAAM,CAAC,cAAc,EAAE,CAAC,CAAC;QACxF,IAAI,MAAM,CAAC,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,GAAG,CAAC,+BAA+B,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAClF,CAAC;QACD,IAAI,MAAM,CAAC,iBAAiB;YAAE,IAAI,CAAC,GAAG,CAAC,qCAAqC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAC1G,CAAC"}

package/dist/commands/auth/scopes.d.ts

@@ -0,0 +1,18 @@
+import { BaseCommand } from '../../base-command.js';
+export default class AuthScopes extends BaseCommand {
+    static description: string;
+    static flags: {
+        'api-url': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        token: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        credential: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        domain: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        profile: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        config: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        context: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'trace-id': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+    private reportMissingToken;
+}
+//# sourceMappingURL=scopes.d.ts.map

package/dist/commands/auth/scopes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scopes.d.ts","sourceRoot":"","sources":["../../../src/commands/auth/scopes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAKpD,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,WAAW;IACjD,OAAgB,WAAW,SAA8B;IAEzD,OAAgB,KAAK;;;;;;;;;;MAGnB;IAEI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;IAmC1B,OAAO,CAAC,kBAAkB;CAS3B"}

package/dist/commands/auth/scopes.js

@@ -0,0 +1,56 @@
+import { BaseCommand } from '../../base-command.js';
+import { ExitCodes } from '../../config/exit-codes.js';
+import { extractCapabilities, platformApiFlags, platformApiGet, resolvePlatformApiOptions } from '../../http/platform-api.js';
+import { formatTable } from '../../formatters/table.js';
+export default class AuthScopes extends BaseCommand {
+    static description = '列出当前 token 可用的平台能力 scope';
+    static flags = {
+        ...BaseCommand.baseFlags,
+        ...platformApiFlags,
+    };
+    async run() {
+        const { flags } = await this.parse(AuthScopes);
+        const options = await resolvePlatformApiOptions(flags);
+        if (!options.token) {
+            this.reportMissingToken(flags.json);
+            this.exit(ExitCodes.AUTH_REQUIRED);
+            return;
+        }
+        const result = await platformApiGet(options, '/api/v1/platform/authz/capabilities');
+        if (!result.ok) {
+            const error = {
+                code: result.status === 401 || result.status === 403 ? 'AUTH_REQUIRED' : 'NETWORK_ERROR',
+                message: result.error ?? 'failed to load capabilities',
+                hint: 'Run bsteam auth status to verify the saved credential.',
+            };
+            if (flags.json)
+                this.outputEnvelope(error, false);
+            else
+                this.error(`${error.message}\n${error.hint}`, { exit: false });
+            this.exit(result.status === 401 || result.status === 403 ? ExitCodes.AUTH_REQUIRED : ExitCodes.NETWORK_ERROR);
+            return;
+        }
+        const capabilities = extractCapabilities(result.data).sort();
+        if (flags.json) {
+            this.outputEnvelope({ capabilities, count: capabilities.length });
+            return;
+        }
+        if (capabilities.length === 0) {
+            this.log('No capabilities returned');
+            return;
+        }
+        this.log(formatTable(['Capability'], capabilities.map((capability) => [capability])));
+    }
+    reportMissingToken(json) {
+        const error = {
+            code: 'AUTH_REQUIRED',
+            message: 'No bearer token found',
+            hint: 'Run bsteam auth login --context <name> --token-stdin, or set BSTEAM_PLATFORM_TOKEN.',
+        };
+        if (json)
+            this.outputEnvelope(error, false);
+        else
+            this.error(`${error.message}\n${error.hint}`, { exit: false });
+    }
+}
+//# sourceMappingURL=scopes.js.map

package/dist/commands/auth/scopes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scopes.js","sourceRoot":"","sources":["../../../src/commands/auth/scopes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AACvD,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAC9H,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAExD,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,WAAW;IACjD,MAAM,CAAU,WAAW,GAAG,0BAA0B,CAAC;IAEzD,MAAM,CAAU,KAAK,GAAG;QACtB,GAAG,WAAW,CAAC,SAAS;QACxB,GAAG,gBAAgB;KACpB,CAAC;IAEF,KAAK,CAAC,GAAG;QACP,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,MAAM,yBAAyB,CAAC,KAAK,CAAC,CAAC;QACvD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACpC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAA0B,OAAO,EAAE,qCAAqC,CAAC,CAAC;QAC7G,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,CAAC;YACf,MAAM,KAAK,GAAG;gBACZ,IAAI,EAAE,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,eAAe;gBACxF,OAAO,EAAE,MAAM,CAAC,KAAK,IAAI,6BAA6B;gBACtD,IAAI,EAAE,wDAAwD;aAC/D,CAAC;YACF,IAAI,KAAK,CAAC,IAAI;gBAAE,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;;gBAC7C,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,OAAO,KAAK,KAAK,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YACpE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;YAC9G,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7D,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACf,IAAI,CAAC,cAAc,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;YAClE,OAAO;QACT,CAAC;QAED,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;YACrC,OAAO;QACT,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;IACxF,CAAC;IAEO,kBAAkB,CAAC,IAAa;QACtC,MAAM,KAAK,GAAG;YACZ,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,uBAAuB;YAChC,IAAI,EAAE,qFAAqF;SAC5F,CAAC;QACF,IAAI,IAAI;YAAE,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;;YACvC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,OAAO,KAAK,KAAK,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,CAAC"}

package/dist/commands/auth/status.d.ts

@@ -0,0 +1,17 @@
+import { BaseCommand } from '../../base-command.js';
+export default class AuthStatus extends BaseCommand {
+    static description: string;
+    static flags: {
+        'api-url': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        token: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        credential: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        domain: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        profile: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        config: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        context: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'trace-id': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}
+//# sourceMappingURL=status.d.ts.map

package/dist/commands/auth/status.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../../src/commands/auth/status.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAepD,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,WAAW;IACjD,OAAgB,WAAW,SAAgC;IAE3D,OAAgB,KAAK;;;;;;;;;;MAGnB;IAEI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;CAsE3B"}

package/dist/commands/auth/status.js

@@ -0,0 +1,81 @@
+import { BaseCommand } from '../../base-command.js';
+import { getCredential, getCredentialsFilePath, summarizeCredential } from '../../auth/credential-store.js';
+import { getBsteamConfigFilePath, getContextCredential, summarizeContextCredential, } from '../../auth/context-config.js';
+import { ExitCodes } from '../../config/exit-codes.js';
+import { extractCapabilities, platformApiFlags, platformApiGet, resolvePlatformApiOptions, } from '../../http/platform-api.js';
+export default class AuthStatus extends BaseCommand {
+    static description = '查看当前 bsteam CLI 登录状态和已授权能力';
+    static flags = {
+        ...BaseCommand.baseFlags,
+        ...platformApiFlags,
+    };
+    async run() {
+        const { flags } = await this.parse(AuthStatus);
+        const options = await resolvePlatformApiOptions(flags);
+        const context = await getContextCredential(flags.context ?? flags.credential, flags.config);
+        const credential = context ? undefined : await getCredential(flags.credential);
+        if (!options.token) {
+            const output = {
+                authenticated: false,
+                apiUrl: options.apiUrl,
+                context: context ? summarizeContextCredential(context, context.contextName === options.context) : undefined,
+                configFile: getBsteamConfigFilePath(flags.config),
+                credential: credential ? summarizeCredential(credential) : undefined,
+                credentialsFile: getCredentialsFilePath(),
+                nextStep: 'Run bsteam auth login --context <name> --token-stdin, or copy the CLI login command from Account Security.',
+            };
+            if (flags.json) {
+                this.outputEnvelope(output, false);
+            }
+            else {
+                this.log('Not authenticated');
+                this.log(`API: ${options.apiUrl}`);
+                this.log(`Config: ${getBsteamConfigFilePath(flags.config)}`);
+                this.log('Next: bsteam auth login --context <name> --token-stdin');
+            }
+            this.exit(ExitCodes.AUTH_REQUIRED);
+            return;
+        }
+        const session = await platformApiGet(options, '/api/v1/auth/session');
+        const scopes = session.ok
+            ? await platformApiGet(options, '/api/v1/platform/authz/capabilities')
+            : undefined;
+        const capabilities = scopes?.ok ? extractCapabilities(scopes.data) : [];
+        const ok = session.ok;
+        const output = {
+            authenticated: ok,
+            apiUrl: options.apiUrl,
+            context: context ? summarizeContextCredential(context, context.contextName === options.context) : undefined,
+            configFile: getBsteamConfigFilePath(flags.config),
+            credential: credential ? summarizeCredential(credential) : undefined,
+            user: session.ok ? session.data : undefined,
+            capabilities,
+            capabilitiesCount: capabilities.length,
+            error: session.ok ? undefined : session.error,
+        };
+        if (flags.json) {
+            this.outputEnvelope(output, ok);
+            if (!ok)
+                this.exit(ExitCodes.AUTH_REQUIRED);
+            return;
+        }
+        if (!ok) {
+            this.log('Authentication failed');
+            this.log(`API: ${options.apiUrl}`);
+            this.log(`Error: ${session.error ?? session.status}`);
+            this.log('Next: refresh the token from Account Security and run bsteam auth login again.');
+            this.exit(ExitCodes.AUTH_REQUIRED);
+            return;
+        }
+        const user = session.data;
+        this.log('Authenticated');
+        this.log(`API: ${options.apiUrl}`);
+        this.log(`Context: ${context?.contextName ?? options.context ?? 'inline/env token'}`);
+        if (credential)
+            this.log(`Legacy credential: ${credential.name}`);
+        this.log(`Config: ${getBsteamConfigFilePath(flags.config)}`);
+        this.log(`User: ${user.display_name ?? user.email ?? user.id ?? '-'}`);
+        this.log(`Capabilities: ${capabilities.length}`);
+    }
+}
+//# sourceMappingURL=status.js.map

package/dist/commands/auth/status.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.js","sourceRoot":"","sources":["../../../src/commands/auth/status.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAC5G,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,0BAA0B,GAC3B,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AACvD,OAAO,EACL,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,yBAAyB,GAC1B,MAAM,4BAA4B,CAAC;AAEpC,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,WAAW;IACjD,MAAM,CAAU,WAAW,GAAG,4BAA4B,CAAC;IAE3D,MAAM,CAAU,KAAK,GAAG;QACtB,GAAG,WAAW,CAAC,SAAS;QACxB,GAAG,gBAAgB;KACpB,CAAC;IAEF,KAAK,CAAC,GAAG;QACP,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,MAAM,yBAAyB,CAAC,KAAK,CAAC,CAAC;QACvD,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,KAAK,CAAC,OAAO,IAAI,KAAK,CAAC,UAAU,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5F,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,aAAa,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAE/E,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,MAAM,GAAG;gBACb,aAAa,EAAE,KAAK;gBACpB,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC3G,UAAU,EAAE,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC;gBACjD,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;gBACpE,eAAe,EAAE,sBAAsB,EAAE;gBACzC,QAAQ,EAAE,4GAA4G;aACvH,CAAC;YACF,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;gBACf,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACrC,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;gBAC9B,IAAI,CAAC,GAAG,CAAC,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;gBACnC,IAAI,CAAC,GAAG,CAAC,WAAW,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAC7D,IAAI,CAAC,GAAG,CAAC,wDAAwD,CAAC,CAAC;YACrE,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,cAAc,CAA0B,OAAO,EAAE,sBAAsB,CAAC,CAAC;QAC/F,MAAM,MAAM,GAAG,OAAO,CAAC,EAAE;YACvB,CAAC,CAAC,MAAM,cAAc,CAA0B,OAAO,EAAE,qCAAqC,CAAC;YAC/F,CAAC,CAAC,SAAS,CAAC;QACd,MAAM,YAAY,GAAG,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;QACxE,MAAM,EAAE,GAAG,OAAO,CAAC,EAAE,CAAC;QACtB,MAAM,MAAM,GAAG;YACb,aAAa,EAAE,EAAE;YACjB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,WAAW,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS;YAC3G,UAAU,EAAE,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC;YACjD,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;YACpE,IAAI,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS;YAC3C,YAAY;YACZ,iBAAiB,EAAE,YAAY,CAAC,MAAM;YACtC,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK;SAC9C,CAAC;QAEF,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACf,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAChC,IAAI,CAAC,EAAE;gBAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;YAC5C,OAAO;QACT,CAAC;QAED,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,IAAI,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YAClC,IAAI,CAAC,GAAG,CAAC,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACnC,IAAI,CAAC,GAAG,CAAC,UAAU,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;YACtD,IAAI,CAAC,GAAG,CAAC,gFAAgF,CAAC,CAAC;YAC3F,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,MAAM,IAAI,GAAG,OAAO,CAAC,IAA+B,CAAC;QACrD,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAC1B,IAAI,CAAC,GAAG,CAAC,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;QACnC,IAAI,CAAC,GAAG,CAAC,YAAY,OAAO,EAAE,WAAW,IAAI,OAAO,CAAC,OAAO,IAAI,kBAAkB,EAAE,CAAC,CAAC;QACtF,IAAI,UAAU;YAAE,IAAI,CAAC,GAAG,CAAC,sBAAsB,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAClE,IAAI,CAAC,GAAG,CAAC,WAAW,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC7D,IAAI,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,YAAY,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;QACvE,IAAI,CAAC,GAAG,CAAC,iBAAiB,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IACnD,CAAC"}

package/dist/commands/auth/token/create.d.ts

@@ -0,0 +1,22 @@
+import { BaseCommand } from '../../../base-command.js';
+export default class AuthTokenCreate extends BaseCommand {
+    static description: string;
+    static flags: {
+        name: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        'expires-in-days': import("@oclif/core/interfaces").OptionFlag<number | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'dry-run': import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        data: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'data-file': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'api-url': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        token: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        credential: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        domain: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        profile: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        config: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        context: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'trace-id': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}
+//# sourceMappingURL=create.d.ts.map

package/dist/commands/auth/token/create.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create.d.ts","sourceRoot":"","sources":["../../../../src/commands/auth/token/create.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAIvD,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,WAAW;IACtD,OAAgB,WAAW,SAAuC;IAElE,OAAgB,KAAK;;;;;;;;;;;;;;;MAenB;IAEI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;CAuB3B"}

package/dist/commands/auth/token/create.js

@@ -0,0 +1,46 @@
+import { Flags } from '@oclif/core';
+import { BaseCommand } from '../../../base-command.js';
+import { platformApiFlags } from '../../../http/platform-api.js';
+import { buildBody, jsonBodyFlags, requestAndOutput } from '../../../command-utils/platform-command.js';
+export default class AuthTokenCreate extends BaseCommand {
+    static description = '创建当前账号的 CLI Personal Access Token';
+    static flags = {
+        ...BaseCommand.baseFlags,
+        ...platformApiFlags,
+        ...jsonBodyFlags,
+        name: Flags.string({
+            description: 'token 名称',
+            default: 'CLI token',
+        }),
+        'expires-in-days': Flags.integer({
+            description: '有效期天数；不填则由服务端默认策略决定',
+        }),
+        'dry-run': Flags.boolean({
+            description: '只预览请求，不实际创建 token',
+            default: false,
+        }),
+    };
+    async run() {
+        const { flags } = await this.parse(AuthTokenCreate);
+        const body = await buildBody(flags, {
+            name: flags.name,
+            expires_in_days: flags['expires-in-days'],
+        });
+        await requestAndOutput(this, flags, {
+            method: 'POST',
+            path: '/api/v1/account/personal-access-tokens',
+            body,
+            human: (data) => {
+                const token = data?.token;
+                return [
+                    'Personal access token created.',
+                    'The plain token is shown once:',
+                    typeof token === 'string' ? token : JSON.stringify(data, null, 2),
+                    '',
+                    'Next: printf %s "$TOKEN" | bsteam auth login --context <name> --token-stdin',
+                ].join('\n');
+            },
+        });
+    }
+}
+//# sourceMappingURL=create.js.map

package/dist/commands/auth/token/create.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create.js","sourceRoot":"","sources":["../../../../src/commands/auth/token/create.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAEpC,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,4CAA4C,CAAC;AAExG,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,WAAW;IACtD,MAAM,CAAU,WAAW,GAAG,mCAAmC,CAAC;IAElE,MAAM,CAAU,KAAK,GAAG;QACtB,GAAG,WAAW,CAAC,SAAS;QACxB,GAAG,gBAAgB;QACnB,GAAG,aAAa;QAChB,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;YACjB,WAAW,EAAE,UAAU;YACvB,OAAO,EAAE,WAAW;SACrB,CAAC;QACF,iBAAiB,EAAE,KAAK,CAAC,OAAO,CAAC;YAC/B,WAAW,EAAE,qBAAqB;SACnC,CAAC;QACF,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC;YACvB,WAAW,EAAE,mBAAmB;YAChC,OAAO,EAAE,KAAK;SACf,CAAC;KACH,CAAC;IAEF,KAAK,CAAC,GAAG;QACP,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE;YAClC,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,eAAe,EAAE,KAAK,CAAC,iBAAiB,CAAC;SAC1C,CAAC,CAAC;QAEH,MAAM,gBAAgB,CAAC,IAAI,EAAE,KAAK,EAAE;YAClC,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,wCAAwC;YAC9C,IAAI;YACJ,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE;gBACd,MAAM,KAAK,GAAI,IAAgC,EAAE,KAAK,CAAC;gBACvD,OAAO;oBACL,gCAAgC;oBAChC,gCAAgC;oBAChC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;oBACjE,EAAE;oBACF,6EAA6E;iBAC9E,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,CAAC;SACF,CAAC,CAAC;IACL,CAAC"}

package/dist/commands/auth/token/list.d.ts

@@ -0,0 +1,17 @@
+import { BaseCommand } from '../../../base-command.js';
+export default class AuthTokenList extends BaseCommand {
+    static description: string;
+    static flags: {
+        'api-url': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        token: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        credential: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        domain: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        profile: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        config: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        context: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'trace-id': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}
+//# sourceMappingURL=list.d.ts.map

package/dist/commands/auth/token/list.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.d.ts","sourceRoot":"","sources":["../../../../src/commands/auth/token/list.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAKvD,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,WAAW;IACpD,OAAgB,WAAW,SAAwC;IAEnE,OAAgB,KAAK;;;;;;;;;;MAGnB;IAEI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;CAuB3B"}

package/dist/commands/auth/token/list.js

@@ -0,0 +1,33 @@
+import { BaseCommand } from '../../../base-command.js';
+import { formatTable } from '../../../formatters/table.js';
+import { platformApiFlags } from '../../../http/platform-api.js';
+import { extractItems, pickText, requestAndOutput } from '../../../command-utils/platform-command.js';
+export default class AuthTokenList extends BaseCommand {
+    static description = '列出当前账号的 CLI Personal Access Tokens';
+    static flags = {
+        ...BaseCommand.baseFlags,
+        ...platformApiFlags,
+    };
+    async run() {
+        const { flags } = await this.parse(AuthTokenList);
+        await requestAndOutput(this, flags, {
+            method: 'GET',
+            path: '/api/v1/account/personal-access-tokens',
+            human: (data) => {
+                const items = extractItems(data);
+                if (items.length === 0)
+                    return 'No personal access tokens';
+                return formatTable(['ID', 'Name', 'Prefix', 'Last4', 'Expires', 'Revoked', 'Last Used'], items.map((item) => [
+                    pickText(item, ['id']),
+                    pickText(item, ['name']),
+                    pickText(item, ['prefix']),
+                    pickText(item, ['last4']),
+                    pickText(item, ['expires_at', 'expiresAt']),
+                    pickText(item, ['revoked_at', 'revokedAt']),
+                    pickText(item, ['last_used_at', 'lastUsedAt']),
+                ]));
+            },
+        });
+    }
+}
+//# sourceMappingURL=list.js.map

package/dist/commands/auth/token/list.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"list.js","sourceRoot":"","sources":["../../../../src/commands/auth/token/list.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAC3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,gBAAgB,EAAE,MAAM,4CAA4C,CAAC;AAEtG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,WAAW;IACpD,MAAM,CAAU,WAAW,GAAG,oCAAoC,CAAC;IAEnE,MAAM,CAAU,KAAK,GAAG;QACtB,GAAG,WAAW,CAAC,SAAS;QACxB,GAAG,gBAAgB;KACpB,CAAC;IAEF,KAAK,CAAC,GAAG;QACP,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QAClD,MAAM,gBAAgB,CAAC,IAAI,EAAE,KAAK,EAAE;YAClC,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,wCAAwC;YAC9C,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE;gBACd,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;gBACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;oBAAE,OAAO,2BAA2B,CAAC;gBAC3D,OAAO,WAAW,CAChB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,WAAW,CAAC,EACpE,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;oBAClB,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC;oBACtB,QAAQ,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;oBACxB,QAAQ,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,CAAC;oBAC1B,QAAQ,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,CAAC;oBACzB,QAAQ,CAAC,IAAI,EAAE,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;oBAC3C,QAAQ,CAAC,IAAI,EAAE,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;oBAC3C,QAAQ,CAAC,IAAI,EAAE,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;iBAC/C,CAAC,CACH,CAAC;YACJ,CAAC;SACF,CAAC,CAAC;IACL,CAAC"}

package/dist/commands/auth/token/revoke.d.ts

@@ -0,0 +1,24 @@
+import { BaseCommand } from '../../../base-command.js';
+export default class AuthTokenRevoke extends BaseCommand {
+    static description: string;
+    static args: {
+        id: import("@oclif/core/interfaces").Arg<string, Record<string, unknown>>;
+    };
+    static flags: {
+        'dry-run': import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        yes: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        data: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'data-file': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'api-url': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        token: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        credential: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        domain: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        json: import("@oclif/core/interfaces").BooleanFlag<boolean>;
+        profile: import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        config: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        context: import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+        'trace-id': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<void>;
+}
+//# sourceMappingURL=revoke.d.ts.map

package/dist/commands/auth/token/revoke.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"revoke.d.ts","sourceRoot":"","sources":["../../../../src/commands/auth/token/revoke.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAIvD,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,WAAW;IACtD,OAAgB,WAAW,SAAuC;IAElE,OAAgB,IAAI;;MAKlB;IAEF,OAAgB,KAAK;;;;;;;;;;;;;;MAInB;IAEI,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;CAU3B"}