@ones-open/cli 1.0.1-16596.1816 → 1.0.1-8523.1883

package/dist/index.cjs

@@ -3,21 +3,26 @@ Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const _includesInstanceProperty = require("@babel/runtime-corejs3/core-js-stable/instance/includes");
 const commander = require("commander");
 const createOnesApp = require("create-ones-app");
-const lodashEs = require("lodash-es");
-const process = require("node:process");
 const node_path = require("node:path");
-const node_url = require("node:url");
+const node_child_process = require("node:child_process");
 const node_fs = require("node:fs");
-const zod = require("zod");
+const archiver = require("archiver");
+const lodashEs = require("lodash-es");
+const process$1 = require("node:process");
+const node_url = require("node:url");
+const cosmiconfig = require("cosmiconfig");
 const fse = require("fs-extra");
 const envPaths = require("env-paths");
+const zod = require("zod");
+const _defineProperty = require("@babel/runtime-corejs3/helpers/defineProperty");
+const WebSocket = require("ws");
+const axios = require("axios");
+const _reduceInstanceProperty = require("@babel/runtime-corejs3/core-js-stable/instance/reduce");
 const http = require("node:http");
 const ora = require("ora");
 const open = require("open");
 const getPort = require("get-port");
 const uuid = require("uuid");
-const axios = require("axios");
-const _reduceInstanceProperty = require("@babel/runtime-corejs3/core-js-stable/instance/reduce");
 var _documentCurrentScript = typeof document !== "undefined" ? document.currentScript : null;
 const en = {
   "desc.ones": "cli for ones",
@@ -45,7 +50,9 @@ const en = {
   "error.schema.app.manifest.parseError": "app manifest json parse error",
   "error.build.scriptNotFound": "build script not found",
   "error.dev.scriptNotFound": "dev script not found",
-  "error.store.permission": 'permission denied, please check the file permission with "{filePath}"'
+  "error.store.permission": 'permission denied, please check the file permission with "{filePath}"',
+  "error.hostedToken.requestFailed": "failed to request hosted token",
+  "error.hostedToken.empty": "hosted token is empty"
 };
 const map = {
   en
@@ -87,49 +94,14 @@ var ErrorCode = ((ErrorCode2) => {
   ErrorCode2["BUILD_SCRIPT_NOT_FOUND"] = "E09";
   ErrorCode2["DEV_SCRIPT_NOT_FOUND"] = "E10";
   ErrorCode2["STORE_PERMISSION"] = "E11";
+  ErrorCode2["HOSTED_TOKEN_REQUEST_FAILED"] = "E12";
+  ErrorCode2["HOSTED_TOKEN_EMPTY"] = "E13";
   return ErrorCode2;
 })(ErrorCode || {});
-const AppPackageJSONSchema = zod.z.object({
-  scripts: zod.z.object({
-    dev: zod.z.string().optional(),
-    build: zod.z.string().optional()
-  }).optional()
-});
-const AppManifestJSONSchema = zod.z.object({
-  app: zod.z.object({
-    id: zod.z.string(),
-    name: zod.z.string(),
-    version: zod.z.string(),
-    logo: zod.z.string().optional(),
-    desc: zod.z.string().optional(),
-    base_url: zod.z.string().optional(),
-    auth: zod.z.object({
-      type: zod.z.literal("jwt")
-    }),
-    ones_version: zod.z.object({
-      min: zod.z.string(),
-      max: zod.z.string()
-    }).optional(),
-    lifecycle_callback: zod.z.object({
-      install: zod.z.string(),
-      enabled: zod.z.string().optional(),
-      disabled: zod.z.string().optional(),
-      uninstalled: zod.z.string().optional()
-    }),
-    oauth: zod.z.object({
-      type: zod.z.array(zod.z.enum(["app", "user"])).optional(),
-      scope: zod.z.array(zod.z.string()),
-      redirect_url: zod.z.string().optional()
-    }).optional(),
-    events: zod.z.object({
-      url: zod.z.string(),
-      types: zod.z.array(zod.z.object({
-        eventType: zod.z.string()
-      }))
-    }).optional(),
-    extensions: zod.z.record(zod.z.unknown()).optional()
-  })
-});
+const getPublicPath = () => {
+  const __dirname = node_path.dirname(node_url.fileURLToPath(typeof document === "undefined" ? require("url").pathToFileURL(__filename).href : _documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === "SCRIPT" && _documentCurrentScript.src || new URL("index.cjs", document.baseURI).href));
+  return node_path.join(__dirname, "../public");
+};
 const getPackageJSONPath = () => {
   const __dirname = node_path.dirname(node_url.fileURLToPath(typeof document === "undefined" ? require("url").pathToFileURL(__filename).href : _documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === "SCRIPT" && _documentCurrentScript.src || new URL("index.cjs", document.baseURI).href));
   return node_path.join(__dirname, "../package.json");
@@ -145,8 +117,11 @@ const getPackageJSON = () => {
     return {};
   }
 };
+const getAppWorkspacePath = () => {
+  return node_path.join(process$1.cwd());
+};
 const getAppPackageJSONPath = () => {
-  return node_path.join(process.cwd(), "./package.json");
+  return node_path.join(process$1.cwd(), "./package.json");
 };
 const getAppPackageJSON = () => {
   const path = getAppPackageJSONPath();
@@ -155,14 +130,14 @@ const getAppPackageJSON = () => {
       encoding: "utf8"
     });
     const json = JSON.parse(string);
-    return AppPackageJSONSchema.parse(json);
+    return createOnesApp.AppPackageJSONSchema.parse(json);
   } catch (error) {
     console.error(error);
     return createOnesApp.throwError(ErrorCode.APP_PACKAGE_JSON_PARSE_ERROR, i18n.t("error.schema.app.package.parseError"));
   }
 };
 const getAppManifestJSONPath = () => {
-  return node_path.join(process.cwd(), "./opkx.json");
+  return node_path.join(process$1.cwd(), createOnesApp.PUBLIC_FILENAME.MANIFEST);
 };
 const getAppManifestJSON = () => {
   const path = getAppManifestJSONPath();
@@ -171,17 +146,54 @@ const getAppManifestJSON = () => {
       encoding: "utf8"
     });
     const json = JSON.parse(string);
-    return AppManifestJSONSchema.parse(json);
+    return createOnesApp.AppManifestJSONSchema.parse(json);
   } catch (error) {
     console.error(error);
     return createOnesApp.throwError(ErrorCode.APP_MANIFEST_JSON_PARSE_ERROR, i18n.t("error.schema.app.manifest.parseError"));
   }
 };
+const defaultAppRcJSON = {
+  dev: {
+    command: ["npm run dev"]
+  }
+};
+let storeAppRcJSON = null;
+const getAppRcJSON = async () => {
+  if (storeAppRcJSON)
+    ;
+  else {
+    try {
+      const path = node_path.join(createOnesApp.getPublicPath(), createOnesApp.PUBLIC_FILENAME.RC);
+      const string = node_fs.readFileSync(path, {
+        encoding: "utf8"
+      });
+      const json = JSON.parse(string);
+      storeAppRcJSON = createOnesApp.AppRcJSONSchema.parse(json);
+    } catch (error) {
+      storeAppRcJSON = {};
+    }
+  }
+  const templateAppRcJSON = storeAppRcJSON || {};
+  let currentAppRcJSON;
+  const explorer = cosmiconfig.cosmiconfig("ones");
+  try {
+    const result = await explorer.search();
+    const json = result === null || result === void 0 ? void 0 : result.config;
+    currentAppRcJSON = createOnesApp.AppRcJSONSchema.parse(json);
+  } catch (error) {
+    currentAppRcJSON = {};
+  }
+  return {
+    ...defaultAppRcJSON,
+    ...templateAppRcJSON,
+    ...currentAppRcJSON
+  };
+};
 const isOPKXFilename = /\.opkx$/;
 const defaultOutputPath = "";
 const normalize$a = async (options) => {
   var _options$output;
-  let output = node_path.resolve(process.cwd(), (_options$output = options.output) !== null && _options$output !== void 0 ? _options$output : defaultOutputPath);
+  let output = node_path.resolve(process$1.cwd(), (_options$output = options.output) !== null && _options$output !== void 0 ? _options$output : defaultOutputPath);
   if (isOPKXFilename.test(output))
     ;
   else {
@@ -194,7 +206,7 @@ const normalize$a = async (options) => {
   };
 };
 const build = async function() {
-  var _appPackageJSON$scrip;
+  var _appPackageJSON$scrip, _appRcJSON$build$comp, _appRcJSON$build;
   for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
     args[_key] = arguments[_key];
   }
@@ -202,16 +214,55 @@ const build = async function() {
     options
   } = createOnesApp.getCommandOptions(args, buildCommandArguments);
   const normalizedOptions = await normalize$a(options);
-  console.log("build", normalizedOptions);
   const appPackageJSON = getAppPackageJSON();
-  console.log("appPackageJSON", appPackageJSON);
   const appManifestJSON = getAppManifestJSON();
-  console.log("appManifestJSON", appManifestJSON);
-  if ((_appPackageJSON$scrip = appPackageJSON.scripts) !== null && _appPackageJSON$scrip !== void 0 && _appPackageJSON$scrip.build)
-    ;
-  else {
+  const appRcJSON = await getAppRcJSON();
+  appManifestJSON.app.name;
+  if ((_appPackageJSON$scrip = appPackageJSON.scripts) !== null && _appPackageJSON$scrip !== void 0 && _appPackageJSON$scrip.build) {
+    node_child_process.spawnSync("npm", ["run", "build"], {
+      cwd: getAppWorkspacePath(),
+      stdio: "inherit"
+    });
+  } else {
     return createOnesApp.throwError(ErrorCode.BUILD_SCRIPT_NOT_FOUND, i18n.t("error.build.scriptNotFound"));
   }
+  const archive = archiver("zip", {
+    zlib: {
+      level: 9
+    }
+  });
+  archive.on("error", (err) => {
+    throw err;
+  });
+  archive.on("warning", (err) => {
+    throw err;
+  });
+  archive.on("progress", (progress) => {
+    const {
+      entries,
+      fs
+    } = progress;
+    const entriesStr = entries.total > 0 ? ` ${entries.processed}/${entries.total} files` : "";
+    const bytesStr = fs.totalBytes > 0 ? ` ${(fs.processedBytes / 1024).toFixed(1)}/${(fs.totalBytes / 1024).toFixed(1)} KB` : "";
+    process.stdout.write(`\rCompressing:${entriesStr}${bytesStr}   `);
+  });
+  archive.on("finish", () => {
+    process.stdout.write("\n");
+    console.log(`Output file: ${normalizedOptions.output}`);
+    console.log(`OPKX "${node_path.basename(normalizedOptions.output)}" created successfully!`);
+  });
+  const outputStream = node_fs.createWriteStream(normalizedOptions.output);
+  archive.pipe(outputStream);
+  const files = (_appRcJSON$build$comp = (_appRcJSON$build = appRcJSON.build) === null || _appRcJSON$build === void 0 || (_appRcJSON$build = _appRcJSON$build.compress) === null || _appRcJSON$build === void 0 ? void 0 : _appRcJSON$build.files) !== null && _appRcJSON$build$comp !== void 0 ? _appRcJSON$build$comp : [];
+  files.forEach((file) => {
+    archive.glob(file, {
+      cwd: getAppWorkspacePath()
+    });
+  });
+  archive.file(createOnesApp.PUBLIC_FILENAME.MANIFEST, {
+    name: createOnesApp.PUBLIC_FILENAME.MANIFEST
+  });
+  archive.finalize();
 };
 var InstallOptions = /* @__PURE__ */ ((InstallOptions2) => {
   InstallOptions2["AUTO"] = "auto";
@@ -288,7 +339,8 @@ const StoreJSONSchema = zod.z.object({
   timestamp: zod.z.number().optional(),
   base_url: zod.z.string().optional(),
   region_url: zod.z.string().optional(),
-  ones_token: zod.z.string().optional()
+  ones_token: zod.z.string().optional(),
+  host_token: zod.z.string().optional()
 });
 const {
   ensureFile,
@@ -353,6 +405,11 @@ const mergeStore = async (store) => {
     ...store
   });
 };
+const getBaseURL = async () => {
+  var _store$base_url;
+  const store = await getStore();
+  return (_store$base_url = store.base_url) !== null && _store$base_url !== void 0 ? _store$base_url : "";
+};
 const setBaseURL = async (baseURL) => {
   return mergeStore({
     base_url: baseURL
@@ -378,14 +435,415 @@ const setONESToken = async (token) => {
     ones_token: token
   });
 };
-const invokeTunnel = async (port) => {
-  console.log("invokeTunnel", port);
+class TunnelClient {
+  constructor(localPort, baseUrl, appID, hostedToken) {
+    _defineProperty(this, "ws", null);
+    this.localPort = localPort;
+    this.baseUrl = baseUrl;
+    this.appID = appID;
+    this.hostedToken = hostedToken;
+  }
+  async connect() {
+    const proxyUrl = this.buildProxyUrl();
+    this.ws = new WebSocket(proxyUrl, {
+      headers: {
+        Authorization: `Bearer ${this.hostedToken}`
+      }
+    });
+    this.ws.on("message", async (data) => {
+      const message = this.parseMessage(data);
+      if (!message) {
+        return;
+      }
+      await this.handleMessage(message);
+    });
+    this.ws.on("ping", (data) => {
+      var _this$ws;
+      (_this$ws = this.ws) === null || _this$ws === void 0 || _this$ws.pong(data);
+    });
+    this.ws.on("error", (error) => {
+      console.error("WebSocket error:", error);
+    });
+    return new Promise((resolve, reject) => {
+      var _this$ws2, _this$ws3;
+      (_this$ws2 = this.ws) === null || _this$ws2 === void 0 || _this$ws2.on("open", () => resolve());
+      (_this$ws3 = this.ws) === null || _this$ws3 === void 0 || _this$ws3.on("error", reject);
+    });
+  }
+  close() {
+    var _this$ws4;
+    (_this$ws4 = this.ws) === null || _this$ws4 === void 0 || _this$ws4.close();
+  }
+  buildProxyUrl() {
+    const url = new URL("/platform/app/relay/", this.baseUrl);
+    url.protocol = url.protocol === "https:" ? "wss:" : "ws:";
+    url.searchParams.set("app_id", this.appID);
+    return url.toString();
+  }
+  parseMessage(data) {
+    const payload = data.toString();
+    try {
+      const message = JSON.parse(payload);
+      if (!message) {
+        return null;
+      }
+      return message;
+    } catch (error) {
+      console.error("Invalid tunnel message:", error);
+      return null;
+    }
+  }
+  async handleMessage(message) {
+    const request = this.getRequestPayload(message);
+    if (!request) {
+      return;
+    }
+    if (request.path === ONES_CLI_MANIFEST_PATH) {
+      var _this$ws5;
+      const appManifest = getAppManifestJSON().app;
+      const baseURL = await buildTunnelUrl();
+      const reply = {
+        id: message.id,
+        payload: {
+          status: 200,
+          headers: {
+            "content-type": ["application/json"]
+          },
+          body: {
+            ...appManifest,
+            base_url: baseURL
+          }
+        }
+      };
+      (_this$ws5 = this.ws) === null || _this$ws5 === void 0 || _this$ws5.send(JSON.stringify(reply));
+      return;
+    }
+    try {
+      var _this$ws6;
+      const response = await this.forwardRequest(request);
+      const reply = {
+        id: message.id,
+        payload: response
+      };
+      (_this$ws6 = this.ws) === null || _this$ws6 === void 0 || _this$ws6.send(JSON.stringify(reply));
+    } catch (error) {
+      var _this$ws7;
+      const reply = {
+        id: message.id,
+        payload: {
+          status: 500,
+          headers: {
+            "x-agent-error": [error instanceof Error ? error.message : "Unknown error"]
+          },
+          body: "agent request error"
+        }
+      };
+      (_this$ws7 = this.ws) === null || _this$ws7 === void 0 || _this$ws7.send(JSON.stringify(reply));
+    }
+  }
+  getRequestPayload(message) {
+    const payload = message.payload;
+    if (!(payload !== null && payload !== void 0 && payload.method) || !(payload !== null && payload !== void 0 && payload.path)) {
+      return null;
+    }
+    return payload;
+  }
+  async forwardRequest(payload) {
+    const url = new URL(payload.path, `http://127.0.0.1:${this.localPort}`);
+    if (payload.query) {
+      Object.entries(payload.query).forEach((_ref) => {
+        let [key, value] = _ref;
+        url.searchParams.set(key, value);
+      });
+    }
+    const headers = this.normalizeHeaders(payload.headers);
+    const body = this.normalizeBody(payload.body);
+    const response = await axios.request({
+      url: url.toString(),
+      method: payload.method,
+      headers,
+      data: body,
+      responseType: "text",
+      validateStatus: () => true
+    });
+    return {
+      status: response.status,
+      headers: this.collectHeaders(response.headers),
+      body: this.normalizeResponseBody(response.data)
+    };
+  }
+  normalizeHeaders(headers) {
+    if (!headers) {
+      return void 0;
+    }
+    const normalized = {};
+    Object.entries(headers).forEach((_ref2) => {
+      let [key, values] = _ref2;
+      if (!values || values.length === 0) {
+        return;
+      }
+      normalized[key] = values.join(",");
+    });
+    return normalized;
+  }
+  collectHeaders(headers) {
+    const collected = {};
+    Object.entries(headers).forEach((_ref3) => {
+      let [key, value] = _ref3;
+      if (Array.isArray(value)) {
+        collected[key] = value.map((item) => String(item));
+        return;
+      }
+      if (value !== void 0 && value !== null) {
+        collected[key] = [String(value)];
+      }
+    });
+    return collected;
+  }
+  normalizeBody(body) {
+    if (body === void 0 || body === null) {
+      return void 0;
+    }
+    if (typeof body === "string") {
+      return body;
+    }
+    return JSON.stringify(body);
+  }
+  normalizeResponseBody(body) {
+    if (!body) {
+      return void 0;
+    }
+    try {
+      return JSON.parse(body);
+    } catch {
+      return body;
+    }
+  }
+}
+const getPath = (path, map2) => {
+  var _context;
+  return _reduceInstanceProperty(_context = path.split("/")).call(_context, (base, part) => {
+    if (/^:/.test(part)) {
+      return `${base}/${map2[part.slice(1)]}`;
+    }
+    return `${base}/${part}`;
+  }, "").slice(1);
+};
+const consoleUnauthorizedMessage = () => {
+  console.log("Not logged in");
+  console.log('Login with "ones login" command');
+};
+const getURL = async (path, pathMap, queryMap) => {
+  const base = await getRegionURL();
+  if (base) {
+    const query = new URLSearchParams(queryMap !== null && queryMap !== void 0 ? queryMap : {}).toString();
+    return `${base}${getPath(path, pathMap !== null && pathMap !== void 0 ? pathMap : {})}${query ? `?${query}` : ""}`;
+  }
+  consoleUnauthorizedMessage();
+  process$1.exit(1);
+};
+const getHeaders = async (value) => {
+  const token = await getONESToken();
+  if (token) {
+    return lodashEs.merge({
+      Authorization: `Bearer ${token}`
+    }, value);
+  }
+  consoleUnauthorizedMessage();
+  process$1.exit(1);
+};
+const handleError = (error) => {
+  var _error$response;
+  if (((_error$response = error.response) === null || _error$response === void 0 ? void 0 : _error$response.status) === 401) {
+    console.log(error.response.statusText);
+    consoleUnauthorizedMessage();
+  } else {
+    console.error(error);
+  }
+  return {};
+};
+const API = {
+  TOKEN_INFO: "/project/api/project/auth/token_info",
+  HOSTED_TOKEN: "/platform/runtime_manager/hosted_token",
+  APP_LIST: "/platform/api/app/list",
+  APP_INSTALL: "/platform/api/app/install",
+  APP_UPGRADE: "/platform/api/app/upgrade",
+  APP_UNINSTALL: "/platform/api/app/:installation_id/uninstall",
+  APP_ENABLE: "/platform/api/app/:installation_id/enable",
+  APP_DISABLE: "/platform/api/app/:installation_id/disable"
+};
+const isRecord = (value) => {
+  return typeof value === "object" && value !== null;
+};
+const getHostedTokenScopes = (ones2) => {
+  const storage = ones2 === null || ones2 === void 0 ? void 0 : ones2.storage;
+  if (!storage) {
+    return [];
+  }
+  const scopes = /* @__PURE__ */ new Set();
+  if (Array.isArray(storage.entities) && storage.entities.length > 0) {
+    scopes.add(createOnesApp.HostedTokenScope.STORAGE_ENTITY);
+  }
+  if (storage.object !== void 0 && storage.object !== null && storage.object !== false) {
+    scopes.add(createOnesApp.HostedTokenScope.STORAGE_OBJECT);
+  }
+  return Array.from(scopes);
+};
+const getRelayScope = () => {
+  return createOnesApp.HostedTokenScope.RELAY;
+};
+const getHostToken = async (baseUrl, userToken, appID, scopes) => {
+  const url = `${baseUrl.replace(/\/$/, "")}${API.HOSTED_TOKEN}`;
+  return axios.post(url, {
+    app_id: appID,
+    scopes
+  }, {
+    headers: {
+      Authorization: `Bearer ${userToken}`
+    }
+  }).then((resp) => {
+    const data = resp === null || resp === void 0 ? void 0 : resp.data;
+    const tokenFromData = (value) => {
+      if (isRecord(value) && isRecord(value.data)) {
+        const hosted_token = value.data.hosted_token;
+        if (typeof hosted_token === "string" && hosted_token.length > 0) {
+          return hosted_token;
+        }
+      }
+      return null;
+    };
+    const token = tokenFromData(data);
+    if (token) {
+      return token;
+    }
+    return createOnesApp.throwError(ErrorCode.HOSTED_TOKEN_EMPTY, i18n.t("error.hostedToken.empty"));
+  }).catch((error) => {
+    handleError(error);
+    return createOnesApp.throwError(ErrorCode.HOSTED_TOKEN_REQUEST_FAILED, i18n.t("error.hostedToken.requestFailed"));
+  });
+};
+const fetchAppBase = async (params) => {
+  var _params$url;
+  const url = await getURL((_params$url = params.url) !== null && _params$url !== void 0 ? _params$url : "", params.pathMap, params.queryMap);
+  const headers = await getHeaders(params.headers);
+  const response = await axios({
+    ...params,
+    url,
+    headers
+  });
+  return response.data;
+};
+const fetchAppList = async (appID) => {
+  return await fetchAppBase({
+    url: API.APP_LIST,
+    method: "GET",
+    queryMap: {
+      app_id: appID
+    }
+  }).catch(handleError);
+};
+const fetchTokenInfo = async () => {
+  return await fetchAppBase({
+    url: API.TOKEN_INFO,
+    method: "GET"
+  }).catch(handleError);
+};
+const fetchAppInstall = async (data) => {
+  var _appList$data$0$insta, _appList$data;
+  const appID = getAppManifestJSON().app.id;
+  const appList = await fetchAppList(appID);
+  const installationID = (_appList$data$0$insta = (_appList$data = appList.data) === null || _appList$data === void 0 || (_appList$data = _appList$data[0]) === null || _appList$data === void 0 ? void 0 : _appList$data.installation_id) !== null && _appList$data$0$insta !== void 0 ? _appList$data$0$insta : "";
+  const url = installationID ? API.APP_UPGRADE : API.APP_INSTALL;
+  return await fetchAppBase({
+    url,
+    method: "POST",
+    data
+  }).catch(handleError);
+};
+const fetchAppUninstall = async () => {
+  var _appList$data$0$insta2, _appList$data2;
+  const appID = getAppManifestJSON().app.id;
+  const appList = await fetchAppList(appID);
+  const installationID = (_appList$data$0$insta2 = (_appList$data2 = appList.data) === null || _appList$data2 === void 0 || (_appList$data2 = _appList$data2[0]) === null || _appList$data2 === void 0 ? void 0 : _appList$data2.installation_id) !== null && _appList$data$0$insta2 !== void 0 ? _appList$data$0$insta2 : "";
+  return await fetchAppBase({
+    url: API.APP_UNINSTALL,
+    method: "POST",
+    pathMap: {
+      installation_id: installationID
+    }
+  }).catch(handleError);
+};
+const fetchAppEnable = async () => {
+  var _appList$data$0$insta3, _appList$data3;
+  const appID = getAppManifestJSON().app.id;
+  const appList = await fetchAppList(appID);
+  const installationID = (_appList$data$0$insta3 = (_appList$data3 = appList.data) === null || _appList$data3 === void 0 || (_appList$data3 = _appList$data3[0]) === null || _appList$data3 === void 0 ? void 0 : _appList$data3.installation_id) !== null && _appList$data$0$insta3 !== void 0 ? _appList$data$0$insta3 : "";
+  return await fetchAppBase({
+    url: API.APP_ENABLE,
+    method: "POST",
+    pathMap: {
+      installation_id: installationID
+    }
+  }).catch(handleError);
+};
+const fetchAppDisable = async () => {
+  var _appList$data$0$insta4, _appList$data4;
+  const appID = getAppManifestJSON().app.id;
+  const appList = await fetchAppList(appID);
+  const installationID = (_appList$data$0$insta4 = (_appList$data4 = appList.data) === null || _appList$data4 === void 0 || (_appList$data4 = _appList$data4[0]) === null || _appList$data4 === void 0 ? void 0 : _appList$data4.installation_id) !== null && _appList$data$0$insta4 !== void 0 ? _appList$data$0$insta4 : "";
+  return await fetchAppBase({
+    url: API.APP_DISABLE,
+    method: "POST",
+    pathMap: {
+      installation_id: installationID
+    }
+  }).catch(handleError);
+};
+const ONES_CLI_MANIFEST_PATH = "/__ones_cli_manifest__";
+const buildTunnelContext = async () => {
+  var _appManifestJSON$app$, _appManifestJSON$app;
   const appManifestJSON = getAppManifestJSON();
-  console.log("appManifestJSON", appManifestJSON);
+  const appID = (_appManifestJSON$app$ = (_appManifestJSON$app = appManifestJSON.app) === null || _appManifestJSON$app === void 0 ? void 0 : _appManifestJSON$app.id) !== null && _appManifestJSON$app$ !== void 0 ? _appManifestJSON$app$ : "";
+  if (!appID) {
+    throw new Error("app id is empty");
+  }
   const regionURL = await getRegionURL();
+  if (!regionURL) {
+    throw new Error("region url is empty");
+  }
+  return {
+    appManifestJSON,
+    appID,
+    regionURL
+  };
+};
+const buildTunnelUrl = async () => {
+  const {
+    appID,
+    regionURL
+  } = await buildTunnelContext();
+  const url = new URL(regionURL);
+  return `${url.protocol}//${url.host}/platform/app/relay/dispatch/${appID}`;
+};
+const invokeTunnel = async (port) => {
+  const {
+    appManifestJSON,
+    appID,
+    regionURL
+  } = await buildTunnelContext();
   const onesToken = await getONESToken();
-  console.log("regionURL", regionURL);
-  console.log("onesToken", onesToken);
+  if (!onesToken) {
+    consoleUnauthorizedMessage();
+    process$1.exit(1);
+  }
+  const storageScopes = getHostedTokenScopes(appManifestJSON.ones);
+  const scopes = Array.from(/* @__PURE__ */ new Set([...storageScopes, getRelayScope()]));
+  const hostedToken = await getHostToken(regionURL, onesToken, appID, scopes);
+  process.env.ONES_HOSTED_TOKEN = hostedToken;
+  const client = new TunnelClient(port, regionURL, appID, hostedToken);
+  await client.connect();
+  const runnelUrl = await buildTunnelUrl();
+  console.log(`Relay endpoint: ${runnelUrl}`);
 };
 const tunnel = async function() {
   for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
@@ -395,18 +853,15 @@ const tunnel = async function() {
     options
   } = createOnesApp.getCommandOptions(args, tunnelCommandArguments);
   const normalizedOptions = await normalize$8(options);
-  await invokeTunnel(normalizedOptions.port);
+  await invokeTunnel(Number(normalizedOptions.port));
 };
 const config = {
   defaultPort: {
-    login: 8200
+    login: 8200,
+    tunnel: 8201
   }
 };
 const getConfig = () => config;
-const getPublicPath = () => {
-  const __dirname = node_path.dirname(node_url.fileURLToPath(typeof document === "undefined" ? require("url").pathToFileURL(__filename).href : _documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === "SCRIPT" && _documentCurrentScript.src || new URL("index.cjs", document.baseURI).href));
-  return node_path.join(__dirname, "../public");
-};
 function createPromise() {
   let resolve;
   let reject;
@@ -482,6 +937,10 @@ const login = async function() {
   const html = node_fs.readFileSync(htmlPath, {
     encoding: "utf-8"
   });
+  const logoPath = node_path.join(publicPath, "logo.svg");
+  const logo = node_fs.readFileSync(logoPath, {
+    encoding: "utf-8"
+  });
   const {
     promise,
     resolve
@@ -490,6 +949,21 @@ const login = async function() {
     var _req$url$split$, _req$url, _search2$get, _search2$get2;
     const search2 = new URLSearchParams((_req$url$split$ = (_req$url = req.url) === null || _req$url === void 0 ? void 0 : _req$url.split("?")[1]) !== null && _req$url$split$ !== void 0 ? _req$url$split$ : "");
     const state = search2.get("state");
+    if (state === "logo") {
+      res.writeHead(200, {
+        "Content-Type": "image/svg+xml"
+      });
+      res.end(logo);
+      return;
+    }
+    if (state === "cancel") {
+      res.writeHead(200, {
+        "Content-Type": "image/svg+xml"
+      });
+      res.end(logo);
+      resolve(null);
+      return;
+    }
     const token = (_search2$get = search2.get("access_token")) !== null && _search2$get !== void 0 ? _search2$get : "";
     const region = (_search2$get2 = search2.get("region_url")) !== null && _search2$get2 !== void 0 ? _search2$get2 : "";
     if (state === uuid$1 && token && region) {
@@ -498,22 +972,31 @@ const login = async function() {
         ones_token: token,
         region_url: region
       });
+      res.writeHead(200, {
+        "Content-Type": "text/html"
+      });
+      res.end(html);
+      return;
     }
     res.writeHead(200, {
       "Content-Type": "text/html"
     });
-    res.end(html);
+    res.end("Invalid state error, please try again!");
   });
   server.listen(port);
   promise.then(async (store) => {
-    var _store$base_url, _store$ones_token, _store$region_url;
     await sleep(100);
     server.closeAllConnections();
-    await setBaseURL((_store$base_url = store.base_url) !== null && _store$base_url !== void 0 ? _store$base_url : "");
-    await setONESToken((_store$ones_token = store.ones_token) !== null && _store$ones_token !== void 0 ? _store$ones_token : "");
-    await setRegionURL((_store$region_url = store.region_url) !== null && _store$region_url !== void 0 ? _store$region_url : "");
-    console.log("Logged in successfully!");
-    process.exit(0);
+    if (store) {
+      var _store$base_url, _store$ones_token, _store$region_url;
+      await setBaseURL((_store$base_url = store.base_url) !== null && _store$base_url !== void 0 ? _store$base_url : "");
+      await setONESToken((_store$ones_token = store.ones_token) !== null && _store$ones_token !== void 0 ? _store$ones_token : "");
+      await setRegionURL((_store$region_url = store.region_url) !== null && _store$region_url !== void 0 ? _store$region_url : "");
+      console.log("Logged in successfully!");
+    } else {
+      console.log("Login canceled!");
+    }
+    process$1.exit(0);
   });
   console.log("Logging into your ONES account...");
   console.log(`Opening ${url}`);
@@ -536,120 +1019,6 @@ const logout = async function() {
   await setStore({});
   console.log("Logged out successfully!");
 };
-const API = {
-  TOKEN_INFO: "/project/api/project/auth/token_info",
-  APP_LIST: "/platform/api/app/list",
-  APP_INSTALL: "/app/install",
-  APP_UNINSTALL: "/app/uninstall",
-  APP_ENABLE: "/platform/api/app/:installation_id/enable",
-  APP_DISABLE: "/platform/api/app/:installation_id/disable"
-};
-const getPath = (path, map2) => {
-  var _context;
-  return _reduceInstanceProperty(_context = path.split("/")).call(_context, (base, part) => {
-    if (/^:/.test(part)) {
-      return `${base}/${map2[part.slice(1)]}`;
-    }
-    return `${base}/${part}`;
-  }, "").slice(1);
-};
-const consoleUnauthorizedMessage = () => {
-  console.log("Not logged in");
-  console.log('Login with "ones login" command');
-};
-const getURL = async (path, pathMap, queryMap) => {
-  const base = await getRegionURL();
-  if (base) {
-    const query = new URLSearchParams(queryMap !== null && queryMap !== void 0 ? queryMap : {}).toString();
-    return `${base}${getPath(path, pathMap !== null && pathMap !== void 0 ? pathMap : {})}${query ? `?${query}` : ""}`;
-  }
-  consoleUnauthorizedMessage();
-  process.exit(1);
-};
-const getHeaders = async (value) => {
-  const token = await getONESToken();
-  if (token) {
-    return lodashEs.merge({
-      Authorization: `Bearer ${token}`
-    }, value);
-  }
-  consoleUnauthorizedMessage();
-  process.exit(1);
-};
-const handleError = (error) => {
-  var _error$response;
-  if (((_error$response = error.response) === null || _error$response === void 0 ? void 0 : _error$response.status) === 401) {
-    console.log(error.response.statusText);
-    consoleUnauthorizedMessage();
-  } else {
-    console.error(error);
-  }
-  return {};
-};
-const fetchAppBase = async (params) => {
-  var _params$url;
-  const url = await getURL((_params$url = params.url) !== null && _params$url !== void 0 ? _params$url : "", params.pathMap, params.queryMap);
-  const headers = await getHeaders(params.headers);
-  const response = await axios({
-    ...params,
-    url,
-    headers
-  });
-  return response.data;
-};
-const fetchAppList = async (appID) => {
-  return await fetchAppBase({
-    url: API.APP_LIST,
-    method: "GET",
-    queryMap: {
-      app_id: appID
-    }
-  }).catch(handleError);
-};
-const fetchTokenInfo = async () => {
-  return await fetchAppBase({
-    url: API.TOKEN_INFO,
-    method: "GET"
-  }).catch(handleError);
-};
-const fetchAppInstall = async () => {
-  return await fetchAppBase({
-    url: API.APP_INSTALL,
-    method: "POST"
-  }).catch(handleError);
-};
-const fetchAppUninstall = async () => {
-  return await fetchAppBase({
-    url: API.APP_UNINSTALL,
-    method: "POST"
-  }).catch(handleError);
-};
-const fetchAppEnable = async () => {
-  var _appList$data$0$insta, _appList$data;
-  const appID = getAppManifestJSON().app.id;
-  const appList = await fetchAppList(appID);
-  const installationID = (_appList$data$0$insta = (_appList$data = appList.data) === null || _appList$data === void 0 || (_appList$data = _appList$data[0]) === null || _appList$data === void 0 ? void 0 : _appList$data.installation_id) !== null && _appList$data$0$insta !== void 0 ? _appList$data$0$insta : "";
-  return await fetchAppBase({
-    url: API.APP_ENABLE,
-    method: "POST",
-    pathMap: {
-      installation_id: installationID
-    }
-  }).catch(handleError);
-};
-const fetchAppDisable = async () => {
-  var _appList$data$0$insta2, _appList$data2;
-  const appID = getAppManifestJSON().app.id;
-  const appList = await fetchAppList(appID);
-  const installationID = (_appList$data$0$insta2 = (_appList$data2 = appList.data) === null || _appList$data2 === void 0 || (_appList$data2 = _appList$data2[0]) === null || _appList$data2 === void 0 ? void 0 : _appList$data2.installation_id) !== null && _appList$data$0$insta2 !== void 0 ? _appList$data$0$insta2 : "";
-  return await fetchAppBase({
-    url: API.APP_DISABLE,
-    method: "POST",
-    pathMap: {
-      installation_id: installationID
-    }
-  }).catch(handleError);
-};
 const normalize$5 = async (options) => {
   lodashEs.noop(options);
   return {};
@@ -664,11 +1033,13 @@ const whoami = async function() {
   } = createOnesApp.getCommandOptions(args, whoamiCommandArguments);
   const normalizedOptions = await normalize$5(options);
   lodashEs.noop(normalizedOptions);
+  const baseURL = await getBaseURL();
   const tokenInfo = await fetchTokenInfo();
   const name2 = (_tokenInfo$user = tokenInfo.user) === null || _tokenInfo$user === void 0 ? void 0 : _tokenInfo$user.name;
   const email = (_tokenInfo$user2 = tokenInfo.user) === null || _tokenInfo$user2 === void 0 ? void 0 : _tokenInfo$user2.email;
   if (name2 && email) {
     console.log(`${name2} <${email}>`);
+    console.log(`ONES: ${baseURL}`);
   } else {
     consoleUnauthorizedMessage();
   }
@@ -686,7 +1057,11 @@ const install = async function() {
   } = createOnesApp.getCommandOptions(args, installCommandArguments);
   const normalizedOptions = await normalize$4(options);
   lodashEs.noop(normalizedOptions);
-  const result = await fetchAppInstall();
+  await invokeTunnel(getConfig().defaultPort.tunnel);
+  const runnelUrl = await buildTunnelUrl();
+  const result = await fetchAppInstall({
+    manifest_url: `${runnelUrl}${ONES_CLI_MANIFEST_PATH}`
+  });
   if (result.code === "OK") {
     console.log("App installed successfully!");
   } else {