@ones-open/cli 1.0.1-16596.1816 → 1.0.1-8523.1883

package/dist/index.js

@@ -1,21 +1,26 @@
 import _includesInstanceProperty from "@babel/runtime-corejs3/core-js-stable/instance/includes";
 import { Command } from "commander";
-import { ErrorCode as ErrorCode$1, throwError, getCommandOptions, addCommandUsage, addCommandOutput, $create, setContext } from "create-ones-app";
-import { get, noop, merge } from "lodash-es";
-import process, { cwd, exit } from "node:process";
-import { dirname, join, resolve } from "node:path";
+import { ErrorCode as ErrorCode$1, AppPackageJSONSchema, throwError, AppManifestJSONSchema, getPublicPath as getPublicPath$1, PUBLIC_FILENAME, AppRcJSONSchema, getCommandOptions, HostedTokenScope, addCommandUsage, addCommandOutput, $create, setContext } from "create-ones-app";
+import { dirname, join, resolve, basename } from "node:path";
+import { spawnSync } from "node:child_process";
+import { readFileSync, createWriteStream } from "node:fs";
+import archiver from "archiver";
+import { get, merge, noop } from "lodash-es";
+import process$1, { cwd, exit } from "node:process";
 import { fileURLToPath } from "node:url";
-import { readFileSync } from "node:fs";
-import { z } from "zod";
+import { cosmiconfig } from "cosmiconfig";
 import fse from "fs-extra";
 import envPaths from "env-paths";
+import { z } from "zod";
+import _defineProperty from "@babel/runtime-corejs3/helpers/defineProperty";
+import WebSocket from "ws";
+import axios from "axios";
+import _reduceInstanceProperty from "@babel/runtime-corejs3/core-js-stable/instance/reduce";
 import http from "node:http";
 import ora from "ora";
 import open from "open";
 import getPort from "get-port";
 import { v7 } from "uuid";
-import axios from "axios";
-import _reduceInstanceProperty from "@babel/runtime-corejs3/core-js-stable/instance/reduce";
 const en = {
   "desc.ones": "cli for ones",
   "desc.build": "build the application",
@@ -42,7 +47,9 @@ const en = {
   "error.schema.app.manifest.parseError": "app manifest json parse error",
   "error.build.scriptNotFound": "build script not found",
   "error.dev.scriptNotFound": "dev script not found",
-  "error.store.permission": 'permission denied, please check the file permission with "{filePath}"'
+  "error.store.permission": 'permission denied, please check the file permission with "{filePath}"',
+  "error.hostedToken.requestFailed": "failed to request hosted token",
+  "error.hostedToken.empty": "hosted token is empty"
 };
 const map = {
   en
@@ -84,49 +91,14 @@ var ErrorCode = ((ErrorCode2) => {
   ErrorCode2["BUILD_SCRIPT_NOT_FOUND"] = "E09";
   ErrorCode2["DEV_SCRIPT_NOT_FOUND"] = "E10";
   ErrorCode2["STORE_PERMISSION"] = "E11";
+  ErrorCode2["HOSTED_TOKEN_REQUEST_FAILED"] = "E12";
+  ErrorCode2["HOSTED_TOKEN_EMPTY"] = "E13";
   return ErrorCode2;
 })(ErrorCode || {});
-const AppPackageJSONSchema = z.object({
-  scripts: z.object({
-    dev: z.string().optional(),
-    build: z.string().optional()
-  }).optional()
-});
-const AppManifestJSONSchema = z.object({
-  app: z.object({
-    id: z.string(),
-    name: z.string(),
-    version: z.string(),
-    logo: z.string().optional(),
-    desc: z.string().optional(),
-    base_url: z.string().optional(),
-    auth: z.object({
-      type: z.literal("jwt")
-    }),
-    ones_version: z.object({
-      min: z.string(),
-      max: z.string()
-    }).optional(),
-    lifecycle_callback: z.object({
-      install: z.string(),
-      enabled: z.string().optional(),
-      disabled: z.string().optional(),
-      uninstalled: z.string().optional()
-    }),
-    oauth: z.object({
-      type: z.array(z.enum(["app", "user"])).optional(),
-      scope: z.array(z.string()),
-      redirect_url: z.string().optional()
-    }).optional(),
-    events: z.object({
-      url: z.string(),
-      types: z.array(z.object({
-        eventType: z.string()
-      }))
-    }).optional(),
-    extensions: z.record(z.unknown()).optional()
-  })
-});
+const getPublicPath = () => {
+  const __dirname = dirname(fileURLToPath(import.meta.url));
+  return join(__dirname, "../public");
+};
 const getPackageJSONPath = () => {
   const __dirname = dirname(fileURLToPath(import.meta.url));
   return join(__dirname, "../package.json");
@@ -142,6 +114,9 @@ const getPackageJSON = () => {
     return {};
   }
 };
+const getAppWorkspacePath = () => {
+  return join(cwd());
+};
 const getAppPackageJSONPath = () => {
   return join(cwd(), "./package.json");
 };
@@ -159,7 +134,7 @@ const getAppPackageJSON = () => {
   }
 };
 const getAppManifestJSONPath = () => {
-  return join(cwd(), "./opkx.json");
+  return join(cwd(), PUBLIC_FILENAME.MANIFEST);
 };
 const getAppManifestJSON = () => {
   const path = getAppManifestJSONPath();
@@ -174,6 +149,43 @@ const getAppManifestJSON = () => {
     return throwError(ErrorCode.APP_MANIFEST_JSON_PARSE_ERROR, i18n.t("error.schema.app.manifest.parseError"));
   }
 };
+const defaultAppRcJSON = {
+  dev: {
+    command: ["npm run dev"]
+  }
+};
+let storeAppRcJSON = null;
+const getAppRcJSON = async () => {
+  if (storeAppRcJSON)
+    ;
+  else {
+    try {
+      const path = join(getPublicPath$1(), PUBLIC_FILENAME.RC);
+      const string = readFileSync(path, {
+        encoding: "utf8"
+      });
+      const json = JSON.parse(string);
+      storeAppRcJSON = AppRcJSONSchema.parse(json);
+    } catch (error) {
+      storeAppRcJSON = {};
+    }
+  }
+  const templateAppRcJSON = storeAppRcJSON || {};
+  let currentAppRcJSON;
+  const explorer = cosmiconfig("ones");
+  try {
+    const result = await explorer.search();
+    const json = result === null || result === void 0 ? void 0 : result.config;
+    currentAppRcJSON = AppRcJSONSchema.parse(json);
+  } catch (error) {
+    currentAppRcJSON = {};
+  }
+  return {
+    ...defaultAppRcJSON,
+    ...templateAppRcJSON,
+    ...currentAppRcJSON
+  };
+};
 const isOPKXFilename = /\.opkx$/;
 const defaultOutputPath = "";
 const normalize$a = async (options) => {
@@ -191,7 +203,7 @@ const normalize$a = async (options) => {
   };
 };
 const build = async function() {
-  var _appPackageJSON$scrip;
+  var _appPackageJSON$scrip, _appRcJSON$build$comp, _appRcJSON$build;
   for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
     args[_key] = arguments[_key];
   }
@@ -199,16 +211,55 @@ const build = async function() {
     options
   } = getCommandOptions(args, buildCommandArguments);
   const normalizedOptions = await normalize$a(options);
-  console.log("build", normalizedOptions);
   const appPackageJSON = getAppPackageJSON();
-  console.log("appPackageJSON", appPackageJSON);
   const appManifestJSON = getAppManifestJSON();
-  console.log("appManifestJSON", appManifestJSON);
-  if ((_appPackageJSON$scrip = appPackageJSON.scripts) !== null && _appPackageJSON$scrip !== void 0 && _appPackageJSON$scrip.build)
-    ;
-  else {
+  const appRcJSON = await getAppRcJSON();
+  appManifestJSON.app.name;
+  if ((_appPackageJSON$scrip = appPackageJSON.scripts) !== null && _appPackageJSON$scrip !== void 0 && _appPackageJSON$scrip.build) {
+    spawnSync("npm", ["run", "build"], {
+      cwd: getAppWorkspacePath(),
+      stdio: "inherit"
+    });
+  } else {
     return throwError(ErrorCode.BUILD_SCRIPT_NOT_FOUND, i18n.t("error.build.scriptNotFound"));
   }
+  const archive = archiver("zip", {
+    zlib: {
+      level: 9
+    }
+  });
+  archive.on("error", (err) => {
+    throw err;
+  });
+  archive.on("warning", (err) => {
+    throw err;
+  });
+  archive.on("progress", (progress) => {
+    const {
+      entries,
+      fs
+    } = progress;
+    const entriesStr = entries.total > 0 ? ` ${entries.processed}/${entries.total} files` : "";
+    const bytesStr = fs.totalBytes > 0 ? ` ${(fs.processedBytes / 1024).toFixed(1)}/${(fs.totalBytes / 1024).toFixed(1)} KB` : "";
+    process.stdout.write(`\rCompressing:${entriesStr}${bytesStr}   `);
+  });
+  archive.on("finish", () => {
+    process.stdout.write("\n");
+    console.log(`Output file: ${normalizedOptions.output}`);
+    console.log(`OPKX "${basename(normalizedOptions.output)}" created successfully!`);
+  });
+  const outputStream = createWriteStream(normalizedOptions.output);
+  archive.pipe(outputStream);
+  const files = (_appRcJSON$build$comp = (_appRcJSON$build = appRcJSON.build) === null || _appRcJSON$build === void 0 || (_appRcJSON$build = _appRcJSON$build.compress) === null || _appRcJSON$build === void 0 ? void 0 : _appRcJSON$build.files) !== null && _appRcJSON$build$comp !== void 0 ? _appRcJSON$build$comp : [];
+  files.forEach((file) => {
+    archive.glob(file, {
+      cwd: getAppWorkspacePath()
+    });
+  });
+  archive.file(PUBLIC_FILENAME.MANIFEST, {
+    name: PUBLIC_FILENAME.MANIFEST
+  });
+  archive.finalize();
 };
 var InstallOptions = /* @__PURE__ */ ((InstallOptions2) => {
   InstallOptions2["AUTO"] = "auto";
@@ -285,7 +336,8 @@ const StoreJSONSchema = z.object({
   timestamp: z.number().optional(),
   base_url: z.string().optional(),
   region_url: z.string().optional(),
-  ones_token: z.string().optional()
+  ones_token: z.string().optional(),
+  host_token: z.string().optional()
 });
 const {
   ensureFile,
@@ -350,6 +402,11 @@ const mergeStore = async (store) => {
     ...store
   });
 };
+const getBaseURL = async () => {
+  var _store$base_url;
+  const store = await getStore();
+  return (_store$base_url = store.base_url) !== null && _store$base_url !== void 0 ? _store$base_url : "";
+};
 const setBaseURL = async (baseURL) => {
   return mergeStore({
     base_url: baseURL
@@ -375,14 +432,415 @@ const setONESToken = async (token) => {
     ones_token: token
   });
 };
-const invokeTunnel = async (port) => {
-  console.log("invokeTunnel", port);
+class TunnelClient {
+  constructor(localPort, baseUrl, appID, hostedToken) {
+    _defineProperty(this, "ws", null);
+    this.localPort = localPort;
+    this.baseUrl = baseUrl;
+    this.appID = appID;
+    this.hostedToken = hostedToken;
+  }
+  async connect() {
+    const proxyUrl = this.buildProxyUrl();
+    this.ws = new WebSocket(proxyUrl, {
+      headers: {
+        Authorization: `Bearer ${this.hostedToken}`
+      }
+    });
+    this.ws.on("message", async (data) => {
+      const message = this.parseMessage(data);
+      if (!message) {
+        return;
+      }
+      await this.handleMessage(message);
+    });
+    this.ws.on("ping", (data) => {
+      var _this$ws;
+      (_this$ws = this.ws) === null || _this$ws === void 0 || _this$ws.pong(data);
+    });
+    this.ws.on("error", (error) => {
+      console.error("WebSocket error:", error);
+    });
+    return new Promise((resolve2, reject) => {
+      var _this$ws2, _this$ws3;
+      (_this$ws2 = this.ws) === null || _this$ws2 === void 0 || _this$ws2.on("open", () => resolve2());
+      (_this$ws3 = this.ws) === null || _this$ws3 === void 0 || _this$ws3.on("error", reject);
+    });
+  }
+  close() {
+    var _this$ws4;
+    (_this$ws4 = this.ws) === null || _this$ws4 === void 0 || _this$ws4.close();
+  }
+  buildProxyUrl() {
+    const url = new URL("/platform/app/relay/", this.baseUrl);
+    url.protocol = url.protocol === "https:" ? "wss:" : "ws:";
+    url.searchParams.set("app_id", this.appID);
+    return url.toString();
+  }
+  parseMessage(data) {
+    const payload = data.toString();
+    try {
+      const message = JSON.parse(payload);
+      if (!message) {
+        return null;
+      }
+      return message;
+    } catch (error) {
+      console.error("Invalid tunnel message:", error);
+      return null;
+    }
+  }
+  async handleMessage(message) {
+    const request = this.getRequestPayload(message);
+    if (!request) {
+      return;
+    }
+    if (request.path === ONES_CLI_MANIFEST_PATH) {
+      var _this$ws5;
+      const appManifest = getAppManifestJSON().app;
+      const baseURL = await buildTunnelUrl();
+      const reply = {
+        id: message.id,
+        payload: {
+          status: 200,
+          headers: {
+            "content-type": ["application/json"]
+          },
+          body: {
+            ...appManifest,
+            base_url: baseURL
+          }
+        }
+      };
+      (_this$ws5 = this.ws) === null || _this$ws5 === void 0 || _this$ws5.send(JSON.stringify(reply));
+      return;
+    }
+    try {
+      var _this$ws6;
+      const response = await this.forwardRequest(request);
+      const reply = {
+        id: message.id,
+        payload: response
+      };
+      (_this$ws6 = this.ws) === null || _this$ws6 === void 0 || _this$ws6.send(JSON.stringify(reply));
+    } catch (error) {
+      var _this$ws7;
+      const reply = {
+        id: message.id,
+        payload: {
+          status: 500,
+          headers: {
+            "x-agent-error": [error instanceof Error ? error.message : "Unknown error"]
+          },
+          body: "agent request error"
+        }
+      };
+      (_this$ws7 = this.ws) === null || _this$ws7 === void 0 || _this$ws7.send(JSON.stringify(reply));
+    }
+  }
+  getRequestPayload(message) {
+    const payload = message.payload;
+    if (!(payload !== null && payload !== void 0 && payload.method) || !(payload !== null && payload !== void 0 && payload.path)) {
+      return null;
+    }
+    return payload;
+  }
+  async forwardRequest(payload) {
+    const url = new URL(payload.path, `http://127.0.0.1:${this.localPort}`);
+    if (payload.query) {
+      Object.entries(payload.query).forEach((_ref) => {
+        let [key, value] = _ref;
+        url.searchParams.set(key, value);
+      });
+    }
+    const headers = this.normalizeHeaders(payload.headers);
+    const body = this.normalizeBody(payload.body);
+    const response = await axios.request({
+      url: url.toString(),
+      method: payload.method,
+      headers,
+      data: body,
+      responseType: "text",
+      validateStatus: () => true
+    });
+    return {
+      status: response.status,
+      headers: this.collectHeaders(response.headers),
+      body: this.normalizeResponseBody(response.data)
+    };
+  }
+  normalizeHeaders(headers) {
+    if (!headers) {
+      return void 0;
+    }
+    const normalized = {};
+    Object.entries(headers).forEach((_ref2) => {
+      let [key, values] = _ref2;
+      if (!values || values.length === 0) {
+        return;
+      }
+      normalized[key] = values.join(",");
+    });
+    return normalized;
+  }
+  collectHeaders(headers) {
+    const collected = {};
+    Object.entries(headers).forEach((_ref3) => {
+      let [key, value] = _ref3;
+      if (Array.isArray(value)) {
+        collected[key] = value.map((item) => String(item));
+        return;
+      }
+      if (value !== void 0 && value !== null) {
+        collected[key] = [String(value)];
+      }
+    });
+    return collected;
+  }
+  normalizeBody(body) {
+    if (body === void 0 || body === null) {
+      return void 0;
+    }
+    if (typeof body === "string") {
+      return body;
+    }
+    return JSON.stringify(body);
+  }
+  normalizeResponseBody(body) {
+    if (!body) {
+      return void 0;
+    }
+    try {
+      return JSON.parse(body);
+    } catch {
+      return body;
+    }
+  }
+}
+const getPath = (path, map2) => {
+  var _context;
+  return _reduceInstanceProperty(_context = path.split("/")).call(_context, (base, part) => {
+    if (/^:/.test(part)) {
+      return `${base}/${map2[part.slice(1)]}`;
+    }
+    return `${base}/${part}`;
+  }, "").slice(1);
+};
+const consoleUnauthorizedMessage = () => {
+  console.log("Not logged in");
+  console.log('Login with "ones login" command');
+};
+const getURL = async (path, pathMap, queryMap) => {
+  const base = await getRegionURL();
+  if (base) {
+    const query = new URLSearchParams(queryMap !== null && queryMap !== void 0 ? queryMap : {}).toString();
+    return `${base}${getPath(path, pathMap !== null && pathMap !== void 0 ? pathMap : {})}${query ? `?${query}` : ""}`;
+  }
+  consoleUnauthorizedMessage();
+  exit(1);
+};
+const getHeaders = async (value) => {
+  const token = await getONESToken();
+  if (token) {
+    return merge({
+      Authorization: `Bearer ${token}`
+    }, value);
+  }
+  consoleUnauthorizedMessage();
+  exit(1);
+};
+const handleError = (error) => {
+  var _error$response;
+  if (((_error$response = error.response) === null || _error$response === void 0 ? void 0 : _error$response.status) === 401) {
+    console.log(error.response.statusText);
+    consoleUnauthorizedMessage();
+  } else {
+    console.error(error);
+  }
+  return {};
+};
+const API = {
+  TOKEN_INFO: "/project/api/project/auth/token_info",
+  HOSTED_TOKEN: "/platform/runtime_manager/hosted_token",
+  APP_LIST: "/platform/api/app/list",
+  APP_INSTALL: "/platform/api/app/install",
+  APP_UPGRADE: "/platform/api/app/upgrade",
+  APP_UNINSTALL: "/platform/api/app/:installation_id/uninstall",
+  APP_ENABLE: "/platform/api/app/:installation_id/enable",
+  APP_DISABLE: "/platform/api/app/:installation_id/disable"
+};
+const isRecord = (value) => {
+  return typeof value === "object" && value !== null;
+};
+const getHostedTokenScopes = (ones2) => {
+  const storage = ones2 === null || ones2 === void 0 ? void 0 : ones2.storage;
+  if (!storage) {
+    return [];
+  }
+  const scopes = /* @__PURE__ */ new Set();
+  if (Array.isArray(storage.entities) && storage.entities.length > 0) {
+    scopes.add(HostedTokenScope.STORAGE_ENTITY);
+  }
+  if (storage.object !== void 0 && storage.object !== null && storage.object !== false) {
+    scopes.add(HostedTokenScope.STORAGE_OBJECT);
+  }
+  return Array.from(scopes);
+};
+const getRelayScope = () => {
+  return HostedTokenScope.RELAY;
+};
+const getHostToken = async (baseUrl, userToken, appID, scopes) => {
+  const url = `${baseUrl.replace(/\/$/, "")}${API.HOSTED_TOKEN}`;
+  return axios.post(url, {
+    app_id: appID,
+    scopes
+  }, {
+    headers: {
+      Authorization: `Bearer ${userToken}`
+    }
+  }).then((resp) => {
+    const data = resp === null || resp === void 0 ? void 0 : resp.data;
+    const tokenFromData = (value) => {
+      if (isRecord(value) && isRecord(value.data)) {
+        const hosted_token = value.data.hosted_token;
+        if (typeof hosted_token === "string" && hosted_token.length > 0) {
+          return hosted_token;
+        }
+      }
+      return null;
+    };
+    const token = tokenFromData(data);
+    if (token) {
+      return token;
+    }
+    return throwError(ErrorCode.HOSTED_TOKEN_EMPTY, i18n.t("error.hostedToken.empty"));
+  }).catch((error) => {
+    handleError(error);
+    return throwError(ErrorCode.HOSTED_TOKEN_REQUEST_FAILED, i18n.t("error.hostedToken.requestFailed"));
+  });
+};
+const fetchAppBase = async (params) => {
+  var _params$url;
+  const url = await getURL((_params$url = params.url) !== null && _params$url !== void 0 ? _params$url : "", params.pathMap, params.queryMap);
+  const headers = await getHeaders(params.headers);
+  const response = await axios({
+    ...params,
+    url,
+    headers
+  });
+  return response.data;
+};
+const fetchAppList = async (appID) => {
+  return await fetchAppBase({
+    url: API.APP_LIST,
+    method: "GET",
+    queryMap: {
+      app_id: appID
+    }
+  }).catch(handleError);
+};
+const fetchTokenInfo = async () => {
+  return await fetchAppBase({
+    url: API.TOKEN_INFO,
+    method: "GET"
+  }).catch(handleError);
+};
+const fetchAppInstall = async (data) => {
+  var _appList$data$0$insta, _appList$data;
+  const appID = getAppManifestJSON().app.id;
+  const appList = await fetchAppList(appID);
+  const installationID = (_appList$data$0$insta = (_appList$data = appList.data) === null || _appList$data === void 0 || (_appList$data = _appList$data[0]) === null || _appList$data === void 0 ? void 0 : _appList$data.installation_id) !== null && _appList$data$0$insta !== void 0 ? _appList$data$0$insta : "";
+  const url = installationID ? API.APP_UPGRADE : API.APP_INSTALL;
+  return await fetchAppBase({
+    url,
+    method: "POST",
+    data
+  }).catch(handleError);
+};
+const fetchAppUninstall = async () => {
+  var _appList$data$0$insta2, _appList$data2;
+  const appID = getAppManifestJSON().app.id;
+  const appList = await fetchAppList(appID);
+  const installationID = (_appList$data$0$insta2 = (_appList$data2 = appList.data) === null || _appList$data2 === void 0 || (_appList$data2 = _appList$data2[0]) === null || _appList$data2 === void 0 ? void 0 : _appList$data2.installation_id) !== null && _appList$data$0$insta2 !== void 0 ? _appList$data$0$insta2 : "";
+  return await fetchAppBase({
+    url: API.APP_UNINSTALL,
+    method: "POST",
+    pathMap: {
+      installation_id: installationID
+    }
+  }).catch(handleError);
+};
+const fetchAppEnable = async () => {
+  var _appList$data$0$insta3, _appList$data3;
+  const appID = getAppManifestJSON().app.id;
+  const appList = await fetchAppList(appID);
+  const installationID = (_appList$data$0$insta3 = (_appList$data3 = appList.data) === null || _appList$data3 === void 0 || (_appList$data3 = _appList$data3[0]) === null || _appList$data3 === void 0 ? void 0 : _appList$data3.installation_id) !== null && _appList$data$0$insta3 !== void 0 ? _appList$data$0$insta3 : "";
+  return await fetchAppBase({
+    url: API.APP_ENABLE,
+    method: "POST",
+    pathMap: {
+      installation_id: installationID
+    }
+  }).catch(handleError);
+};
+const fetchAppDisable = async () => {
+  var _appList$data$0$insta4, _appList$data4;
+  const appID = getAppManifestJSON().app.id;
+  const appList = await fetchAppList(appID);
+  const installationID = (_appList$data$0$insta4 = (_appList$data4 = appList.data) === null || _appList$data4 === void 0 || (_appList$data4 = _appList$data4[0]) === null || _appList$data4 === void 0 ? void 0 : _appList$data4.installation_id) !== null && _appList$data$0$insta4 !== void 0 ? _appList$data$0$insta4 : "";
+  return await fetchAppBase({
+    url: API.APP_DISABLE,
+    method: "POST",
+    pathMap: {
+      installation_id: installationID
+    }
+  }).catch(handleError);
+};
+const ONES_CLI_MANIFEST_PATH = "/__ones_cli_manifest__";
+const buildTunnelContext = async () => {
+  var _appManifestJSON$app$, _appManifestJSON$app;
   const appManifestJSON = getAppManifestJSON();
-  console.log("appManifestJSON", appManifestJSON);
+  const appID = (_appManifestJSON$app$ = (_appManifestJSON$app = appManifestJSON.app) === null || _appManifestJSON$app === void 0 ? void 0 : _appManifestJSON$app.id) !== null && _appManifestJSON$app$ !== void 0 ? _appManifestJSON$app$ : "";
+  if (!appID) {
+    throw new Error("app id is empty");
+  }
   const regionURL = await getRegionURL();
+  if (!regionURL) {
+    throw new Error("region url is empty");
+  }
+  return {
+    appManifestJSON,
+    appID,
+    regionURL
+  };
+};
+const buildTunnelUrl = async () => {
+  const {
+    appID,
+    regionURL
+  } = await buildTunnelContext();
+  const url = new URL(regionURL);
+  return `${url.protocol}//${url.host}/platform/app/relay/dispatch/${appID}`;
+};
+const invokeTunnel = async (port) => {
+  const {
+    appManifestJSON,
+    appID,
+    regionURL
+  } = await buildTunnelContext();
   const onesToken = await getONESToken();
-  console.log("regionURL", regionURL);
-  console.log("onesToken", onesToken);
+  if (!onesToken) {
+    consoleUnauthorizedMessage();
+    exit(1);
+  }
+  const storageScopes = getHostedTokenScopes(appManifestJSON.ones);
+  const scopes = Array.from(/* @__PURE__ */ new Set([...storageScopes, getRelayScope()]));
+  const hostedToken = await getHostToken(regionURL, onesToken, appID, scopes);
+  process.env.ONES_HOSTED_TOKEN = hostedToken;
+  const client = new TunnelClient(port, regionURL, appID, hostedToken);
+  await client.connect();
+  const runnelUrl = await buildTunnelUrl();
+  console.log(`Relay endpoint: ${runnelUrl}`);
 };
 const tunnel = async function() {
   for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) {
@@ -392,18 +850,15 @@ const tunnel = async function() {
     options
   } = getCommandOptions(args, tunnelCommandArguments);
   const normalizedOptions = await normalize$8(options);
-  await invokeTunnel(normalizedOptions.port);
+  await invokeTunnel(Number(normalizedOptions.port));
 };
 const config = {
   defaultPort: {
-    login: 8200
+    login: 8200,
+    tunnel: 8201
   }
 };
 const getConfig = () => config;
-const getPublicPath = () => {
-  const __dirname = dirname(fileURLToPath(import.meta.url));
-  return join(__dirname, "../public");
-};
 function createPromise() {
   let resolve2;
   let reject;
@@ -479,6 +934,10 @@ const login = async function() {
   const html = readFileSync(htmlPath, {
     encoding: "utf-8"
   });
+  const logoPath = join(publicPath, "logo.svg");
+  const logo = readFileSync(logoPath, {
+    encoding: "utf-8"
+  });
   const {
     promise,
     resolve: resolve2
@@ -487,6 +946,21 @@ const login = async function() {
     var _req$url$split$, _req$url, _search2$get, _search2$get2;
     const search2 = new URLSearchParams((_req$url$split$ = (_req$url = req.url) === null || _req$url === void 0 ? void 0 : _req$url.split("?")[1]) !== null && _req$url$split$ !== void 0 ? _req$url$split$ : "");
     const state = search2.get("state");
+    if (state === "logo") {
+      res.writeHead(200, {
+        "Content-Type": "image/svg+xml"
+      });
+      res.end(logo);
+      return;
+    }
+    if (state === "cancel") {
+      res.writeHead(200, {
+        "Content-Type": "image/svg+xml"
+      });
+      res.end(logo);
+      resolve2(null);
+      return;
+    }
     const token = (_search2$get = search2.get("access_token")) !== null && _search2$get !== void 0 ? _search2$get : "";
     const region = (_search2$get2 = search2.get("region_url")) !== null && _search2$get2 !== void 0 ? _search2$get2 : "";
     if (state === uuid && token && region) {
@@ -495,22 +969,31 @@ const login = async function() {
         ones_token: token,
         region_url: region
       });
+      res.writeHead(200, {
+        "Content-Type": "text/html"
+      });
+      res.end(html);
+      return;
     }
     res.writeHead(200, {
       "Content-Type": "text/html"
     });
-    res.end(html);
+    res.end("Invalid state error, please try again!");
   });
   server.listen(port);
   promise.then(async (store) => {
-    var _store$base_url, _store$ones_token, _store$region_url;
     await sleep(100);
     server.closeAllConnections();
-    await setBaseURL((_store$base_url = store.base_url) !== null && _store$base_url !== void 0 ? _store$base_url : "");
-    await setONESToken((_store$ones_token = store.ones_token) !== null && _store$ones_token !== void 0 ? _store$ones_token : "");
-    await setRegionURL((_store$region_url = store.region_url) !== null && _store$region_url !== void 0 ? _store$region_url : "");
-    console.log("Logged in successfully!");
-    process.exit(0);
+    if (store) {
+      var _store$base_url, _store$ones_token, _store$region_url;
+      await setBaseURL((_store$base_url = store.base_url) !== null && _store$base_url !== void 0 ? _store$base_url : "");
+      await setONESToken((_store$ones_token = store.ones_token) !== null && _store$ones_token !== void 0 ? _store$ones_token : "");
+      await setRegionURL((_store$region_url = store.region_url) !== null && _store$region_url !== void 0 ? _store$region_url : "");
+      console.log("Logged in successfully!");
+    } else {
+      console.log("Login canceled!");
+    }
+    process$1.exit(0);
   });
   console.log("Logging into your ONES account...");
   console.log(`Opening ${url}`);
@@ -533,120 +1016,6 @@ const logout = async function() {
   await setStore({});
   console.log("Logged out successfully!");
 };
-const API = {
-  TOKEN_INFO: "/project/api/project/auth/token_info",
-  APP_LIST: "/platform/api/app/list",
-  APP_INSTALL: "/app/install",
-  APP_UNINSTALL: "/app/uninstall",
-  APP_ENABLE: "/platform/api/app/:installation_id/enable",
-  APP_DISABLE: "/platform/api/app/:installation_id/disable"
-};
-const getPath = (path, map2) => {
-  var _context;
-  return _reduceInstanceProperty(_context = path.split("/")).call(_context, (base, part) => {
-    if (/^:/.test(part)) {
-      return `${base}/${map2[part.slice(1)]}`;
-    }
-    return `${base}/${part}`;
-  }, "").slice(1);
-};
-const consoleUnauthorizedMessage = () => {
-  console.log("Not logged in");
-  console.log('Login with "ones login" command');
-};
-const getURL = async (path, pathMap, queryMap) => {
-  const base = await getRegionURL();
-  if (base) {
-    const query = new URLSearchParams(queryMap !== null && queryMap !== void 0 ? queryMap : {}).toString();
-    return `${base}${getPath(path, pathMap !== null && pathMap !== void 0 ? pathMap : {})}${query ? `?${query}` : ""}`;
-  }
-  consoleUnauthorizedMessage();
-  exit(1);
-};
-const getHeaders = async (value) => {
-  const token = await getONESToken();
-  if (token) {
-    return merge({
-      Authorization: `Bearer ${token}`
-    }, value);
-  }
-  consoleUnauthorizedMessage();
-  exit(1);
-};
-const handleError = (error) => {
-  var _error$response;
-  if (((_error$response = error.response) === null || _error$response === void 0 ? void 0 : _error$response.status) === 401) {
-    console.log(error.response.statusText);
-    consoleUnauthorizedMessage();
-  } else {
-    console.error(error);
-  }
-  return {};
-};
-const fetchAppBase = async (params) => {
-  var _params$url;
-  const url = await getURL((_params$url = params.url) !== null && _params$url !== void 0 ? _params$url : "", params.pathMap, params.queryMap);
-  const headers = await getHeaders(params.headers);
-  const response = await axios({
-    ...params,
-    url,
-    headers
-  });
-  return response.data;
-};
-const fetchAppList = async (appID) => {
-  return await fetchAppBase({
-    url: API.APP_LIST,
-    method: "GET",
-    queryMap: {
-      app_id: appID
-    }
-  }).catch(handleError);
-};
-const fetchTokenInfo = async () => {
-  return await fetchAppBase({
-    url: API.TOKEN_INFO,
-    method: "GET"
-  }).catch(handleError);
-};
-const fetchAppInstall = async () => {
-  return await fetchAppBase({
-    url: API.APP_INSTALL,
-    method: "POST"
-  }).catch(handleError);
-};
-const fetchAppUninstall = async () => {
-  return await fetchAppBase({
-    url: API.APP_UNINSTALL,
-    method: "POST"
-  }).catch(handleError);
-};
-const fetchAppEnable = async () => {
-  var _appList$data$0$insta, _appList$data;
-  const appID = getAppManifestJSON().app.id;
-  const appList = await fetchAppList(appID);
-  const installationID = (_appList$data$0$insta = (_appList$data = appList.data) === null || _appList$data === void 0 || (_appList$data = _appList$data[0]) === null || _appList$data === void 0 ? void 0 : _appList$data.installation_id) !== null && _appList$data$0$insta !== void 0 ? _appList$data$0$insta : "";
-  return await fetchAppBase({
-    url: API.APP_ENABLE,
-    method: "POST",
-    pathMap: {
-      installation_id: installationID
-    }
-  }).catch(handleError);
-};
-const fetchAppDisable = async () => {
-  var _appList$data$0$insta2, _appList$data2;
-  const appID = getAppManifestJSON().app.id;
-  const appList = await fetchAppList(appID);
-  const installationID = (_appList$data$0$insta2 = (_appList$data2 = appList.data) === null || _appList$data2 === void 0 || (_appList$data2 = _appList$data2[0]) === null || _appList$data2 === void 0 ? void 0 : _appList$data2.installation_id) !== null && _appList$data$0$insta2 !== void 0 ? _appList$data$0$insta2 : "";
-  return await fetchAppBase({
-    url: API.APP_DISABLE,
-    method: "POST",
-    pathMap: {
-      installation_id: installationID
-    }
-  }).catch(handleError);
-};
 const normalize$5 = async (options) => {
   noop(options);
   return {};
@@ -661,11 +1030,13 @@ const whoami = async function() {
   } = getCommandOptions(args, whoamiCommandArguments);
   const normalizedOptions = await normalize$5(options);
   noop(normalizedOptions);
+  const baseURL = await getBaseURL();
   const tokenInfo = await fetchTokenInfo();
   const name2 = (_tokenInfo$user = tokenInfo.user) === null || _tokenInfo$user === void 0 ? void 0 : _tokenInfo$user.name;
   const email = (_tokenInfo$user2 = tokenInfo.user) === null || _tokenInfo$user2 === void 0 ? void 0 : _tokenInfo$user2.email;
   if (name2 && email) {
     console.log(`${name2} <${email}>`);
+    console.log(`ONES: ${baseURL}`);
   } else {
     consoleUnauthorizedMessage();
   }
@@ -683,7 +1054,11 @@ const install = async function() {
   } = getCommandOptions(args, installCommandArguments);
   const normalizedOptions = await normalize$4(options);
   noop(normalizedOptions);
-  const result = await fetchAppInstall();
+  await invokeTunnel(getConfig().defaultPort.tunnel);
+  const runnelUrl = await buildTunnelUrl();
+  const result = await fetchAppInstall({
+    manifest_url: `${runnelUrl}${ONES_CLI_MANIFEST_PATH}`
+  });
   if (result.code === "OK") {
     console.log("App installed successfully!");
   } else {