@onmyway133/asc-cli 1.0.1

package/openapi-ts.config.ts

@@ -0,0 +1,25 @@
+import { defineConfig } from "@hey-api/openapi-ts"
+
+/**
+ * hey-api SDK generation config.
+ *
+ * Input: the offline OpenAPI snapshot at docs/openapi/latest.json
+ * To update the snapshot and regenerate: bun run generate
+ *
+ * The snapshot is committed to the repo. When Apple updates their API,
+ * update the snapshot file and re-run generation.
+ */
+export default defineConfig({
+  input: "docs/openapi/latest.json",
+  output: {
+    path: "src/api/generated",
+    format: "prettier",
+  },
+  plugins: [
+    "@hey-api/typescript",
+    {
+      name: "@hey-api/sdk",
+      asClass: false,
+    },
+  ],
+})

package/package.json

@@ -0,0 +1,32 @@
+{
+  "name": "@onmyway133/asc-cli",
+  "version": "1.0.1",
+  "description": "App Store Connect CLI — manage apps, builds, TestFlight, metadata and more from your terminal",
+  "type": "module",
+  "bin": {
+    "asc": "./dist/index.js"
+  },
+  "scripts": {
+    "dev": "bun run src/index.ts",
+    "build": "bun build src/index.ts --outfile dist/index.js --target bun --minify",
+    "test": "bun test",
+    "typecheck": "tsc --noEmit",
+    "generate": "curl -s https://raw.githubusercontent.com/EvanBacon/App-Store-Connect-OpenAPI-Spec/main/specs/latest.json -o docs/openapi/latest.json && python3 scripts/gen-paths-index.py && openapi-ts --file openapi-ts.config.ts"
+  },
+  "dependencies": {
+    "@clack/prompts": "^1.2.0",
+    "@hey-api/client-fetch": "^0.13.1",
+    "@hey-api/openapi-ts": "^0.96.0",
+    "chalk": "^5.3.0",
+    "citty": "^0.1.6",
+    "cli-table3": "^0.6.5",
+    "jose": "^5.9.6"
+  },
+  "devDependencies": {
+    "bun-types": "latest",
+    "typescript": "^5.5.4"
+  },
+  "engines": {
+    "bun": ">=1.0.0"
+  }
+}

package/scripts/gen-paths-index.py

@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+"""Regenerate docs/openapi/paths.txt from docs/openapi/latest.json"""
+import json, os
+
+root = os.path.join(os.path.dirname(__file__), "..")
+spec_path = os.path.join(root, "docs", "openapi", "latest.json")
+out_path = os.path.join(root, "docs", "openapi", "paths.txt")
+
+with open(spec_path) as f:
+    spec = json.load(f)
+
+paths = spec.get("paths", {})
+lines = []
+for path, methods in sorted(paths.items()):
+    for method in ("get", "post", "patch", "delete"):
+        if method in methods:
+            op = methods[method]
+            summary = op.get("summary") or op.get("operationId", "")
+            lines.append(f"{method.upper():7} {path}  # {summary}")
+
+with open(out_path, "w") as f:
+    f.write("\n".join(lines) + "\n")
+
+print(f"paths.txt: {len(lines)} endpoints written")

package/src/api/client.ts

@@ -0,0 +1,132 @@
+/**
+ * ASC API client.
+ *
+ * Architecture:
+ * - Auto-generated SDK functions live in src/api/generated/sdk.gen.ts
+ *   (regenerate with: bun run generate)
+ * - This file provides:
+ *   a) JWT auth middleware wired onto the hey-api generated client
+ *   b) ascFetch / ascFetchAll — lightweight helpers for custom endpoints
+ *      not covered by the generated SDK, or for commands that pre-date the SDK.
+ *
+ * New commands should prefer importing functions from ./generated/sdk.gen.ts
+ * directly after calling configureAuth() at startup.
+ */
+
+import { getActiveProfile } from "../auth/credentials.ts"
+import { generateJWT } from "../auth/jwt.ts"
+
+// ---- Error types ----
+
+export interface ASCApiError {
+  id?: string
+  status: string
+  code: string
+  title: string
+  detail?: string
+}
+
+export class ASCError extends Error {
+  constructor(
+    message: string,
+    public readonly status: number,
+    public readonly errors?: ASCApiError[],
+  ) {
+    super(message)
+    this.name = "ASCError"
+  }
+}
+
+// ---- Helper: throw on API error ----
+
+export function throwOnError<T>(result: { data?: T; error?: unknown }): T {
+  if (result.error) {
+    const err = result.error as { errors?: ASCApiError[] }
+    const first = err.errors?.[0]
+    const msg = first?.detail ?? first?.title ?? "API error"
+    const status = first?.status ? Number(first.status) : 500
+    throw new ASCError(msg, status, err.errors)
+  }
+  if (result.data === undefined) throw new ASCError("Empty response", 500)
+  return result.data
+}
+
+// ---- Internal auth helper ----
+
+async function authHeaders(): Promise<Headers> {
+  const profile = getActiveProfile()
+  if (!profile) throw new ASCError("No active profile. Run: asc auth login", 401)
+  const token = await generateJWT(profile)
+  const headers = new Headers()
+  headers.set("Authorization", `Bearer ${token}`)
+  headers.set("Content-Type", "application/json")
+  return headers
+}
+
+// ---- Generic fetch wrapper (for endpoints without a generated SDK function) ----
+
+export async function ascFetch<T>(
+  path: string,
+  options: { method?: string; body?: unknown; params?: Record<string, unknown> } = {},
+): Promise<{ data: T }> {
+  const headers = await authHeaders()
+  const url = new URL(`https://api.appstoreconnect.apple.com${path}`)
+  if (options.params) {
+    for (const [k, v] of Object.entries(options.params)) {
+      if (v !== undefined) url.searchParams.set(k, String(v))
+    }
+  }
+  const res = await fetch(url.toString(), {
+    method: options.method ?? "GET",
+    headers,
+    body: options.body ? JSON.stringify(options.body) : undefined,
+  })
+  if (res.status === 204) return { data: undefined as unknown as T }
+  const json = await res.json() as Record<string, unknown>
+  if (!res.ok) {
+    const errors = json["errors"] as ASCApiError[] | undefined
+    const msg = errors?.[0]?.detail ?? errors?.[0]?.title ?? `HTTP ${res.status}`
+    throw new ASCError(msg, res.status, errors)
+  }
+  return json as { data: T }
+}
+
+// ---- Paginated fetch (auto-follows next-page cursors) ----
+
+export async function ascFetchAll<T>(
+  path: string,
+  options: { params?: Record<string, unknown> } = {},
+  maxPages = 20,
+): Promise<T[]> {
+  const items: T[] = []
+  let nextUrl: string | undefined
+  let page = 0
+
+  while (page < maxPages) {
+    const headers = await authHeaders()
+
+    const url = nextUrl ?? (() => {
+      const u = new URL(`https://api.appstoreconnect.apple.com${path}`)
+      for (const [k, v] of Object.entries({ limit: "200", ...options.params })) {
+        if (v !== undefined) u.searchParams.set(k, String(v))
+      }
+      return u.toString()
+    })()
+
+    const res = await fetch(url, { headers })
+    const json = await res.json() as Record<string, unknown>
+    if (!res.ok) {
+      const errors = json["errors"] as ASCApiError[] | undefined
+      const msg = errors?.[0]?.detail ?? errors?.[0]?.title ?? `HTTP ${res.status}`
+      throw new ASCError(msg, res.status, errors)
+    }
+
+    const data = json["data"]
+    if (Array.isArray(data)) items.push(...(data as T[]))
+    nextUrl = (json["links"] as Record<string, string> | undefined)?.["next"]
+    if (!nextUrl) break
+    page++
+  }
+
+  return items
+}

package/src/api/generated/client/client.gen.ts

@@ -0,0 +1,298 @@
+// This file is auto-generated by @hey-api/openapi-ts
+
+import { createSseClient } from '../core/serverSentEvents.gen';
+import type { HttpMethod } from '../core/types.gen';
+import { getValidRequestBody } from '../core/utils.gen';
+import type { Client, Config, RequestOptions, ResolvedRequestOptions } from './types.gen';
+import {
+  buildUrl,
+  createConfig,
+  createInterceptors,
+  getParseAs,
+  mergeConfigs,
+  mergeHeaders,
+  setAuthParams,
+} from './utils.gen';
+
+type ReqInit = Omit<RequestInit, 'body' | 'headers'> & {
+  body?: any;
+  headers: ReturnType<typeof mergeHeaders>;
+};
+
+export const createClient = (config: Config = {}): Client => {
+  let _config = mergeConfigs(createConfig(), config);
+
+  const getConfig = (): Config => ({ ..._config });
+
+  const setConfig = (config: Config): Config => {
+    _config = mergeConfigs(_config, config);
+    return getConfig();
+  };
+
+  const interceptors = createInterceptors<Request, Response, unknown, ResolvedRequestOptions>();
+
+  const beforeRequest = async <
+    TData = unknown,
+    TResponseStyle extends 'data' | 'fields' = 'fields',
+    ThrowOnError extends boolean = boolean,
+    Url extends string = string,
+  >(
+    options: RequestOptions<TData, TResponseStyle, ThrowOnError, Url>,
+  ) => {
+    const opts = {
+      ..._config,
+      ...options,
+      fetch: options.fetch ?? _config.fetch ?? globalThis.fetch,
+      headers: mergeHeaders(_config.headers, options.headers),
+      serializedBody: undefined as string | undefined,
+    };
+
+    if (opts.security) {
+      await setAuthParams({
+        ...opts,
+        security: opts.security,
+      });
+    }
+
+    if (opts.requestValidator) {
+      await opts.requestValidator(opts);
+    }
+
+    if (opts.body !== undefined && opts.bodySerializer) {
+      opts.serializedBody = opts.bodySerializer(opts.body) as string | undefined;
+    }
+
+    // remove Content-Type header if body is empty to avoid sending invalid requests
+    if (opts.body === undefined || opts.serializedBody === '') {
+      opts.headers.delete('Content-Type');
+    }
+
+    const resolvedOpts = opts as typeof opts &
+      ResolvedRequestOptions<TResponseStyle, ThrowOnError, Url>;
+    const url = buildUrl(resolvedOpts);
+
+    return { opts: resolvedOpts, url };
+  };
+
+  const request: Client['request'] = async (options) => {
+    const { opts, url } = await beforeRequest(options);
+    const requestInit: ReqInit = {
+      redirect: 'follow',
+      ...opts,
+      body: getValidRequestBody(opts),
+    };
+
+    let request = new Request(url, requestInit);
+
+    for (const fn of interceptors.request.fns) {
+      if (fn) {
+        request = await fn(request, opts);
+      }
+    }
+
+    // fetch must be assigned here, otherwise it would throw the error:
+    // TypeError: Failed to execute 'fetch' on 'Window': Illegal invocation
+    const _fetch = opts.fetch!;
+    let response: Response;
+
+    try {
+      response = await _fetch(request);
+    } catch (error) {
+      // Handle fetch exceptions (AbortError, network errors, etc.)
+      let finalError = error;
+
+      for (const fn of interceptors.error.fns) {
+        if (fn) {
+          finalError = (await fn(error, undefined as any, request, opts)) as unknown;
+        }
+      }
+
+      finalError = finalError || ({} as unknown);
+
+      if (opts.throwOnError) {
+        throw finalError;
+      }
+
+      // Return error response
+      return opts.responseStyle === 'data'
+        ? undefined
+        : {
+            error: finalError,
+            request,
+            response: undefined as any,
+          };
+    }
+
+    for (const fn of interceptors.response.fns) {
+      if (fn) {
+        response = await fn(response, request, opts);
+      }
+    }
+
+    const result = {
+      request,
+      response,
+    };
+
+    if (response.ok) {
+      const parseAs =
+        (opts.parseAs === 'auto'
+          ? getParseAs(response.headers.get('Content-Type'))
+          : opts.parseAs) ?? 'json';
+
+      if (response.status === 204 || response.headers.get('Content-Length') === '0') {
+        let emptyData: any;
+        switch (parseAs) {
+          case 'arrayBuffer':
+          case 'blob':
+          case 'text':
+            emptyData = await response[parseAs]();
+            break;
+          case 'formData':
+            emptyData = new FormData();
+            break;
+          case 'stream':
+            emptyData = response.body;
+            break;
+          case 'json':
+          default:
+            emptyData = {};
+            break;
+        }
+        return opts.responseStyle === 'data'
+          ? emptyData
+          : {
+              data: emptyData,
+              ...result,
+            };
+      }
+
+      let data: any;
+      switch (parseAs) {
+        case 'arrayBuffer':
+        case 'blob':
+        case 'formData':
+        case 'text':
+          data = await response[parseAs]();
+          break;
+        case 'json': {
+          // Some servers return 200 with no Content-Length and empty body.
+          // response.json() would throw; read as text and parse if non-empty.
+          const text = await response.text();
+          data = text ? JSON.parse(text) : {};
+          break;
+        }
+        case 'stream':
+          return opts.responseStyle === 'data'
+            ? response.body
+            : {
+                data: response.body,
+                ...result,
+              };
+      }
+
+      if (parseAs === 'json') {
+        if (opts.responseValidator) {
+          await opts.responseValidator(data);
+        }
+
+        if (opts.responseTransformer) {
+          data = await opts.responseTransformer(data);
+        }
+      }
+
+      return opts.responseStyle === 'data'
+        ? data
+        : {
+            data,
+            ...result,
+          };
+    }
+
+    const textError = await response.text();
+    let jsonError: unknown;
+
+    try {
+      jsonError = JSON.parse(textError);
+    } catch {
+      // noop
+    }
+
+    const error = jsonError ?? textError;
+    let finalError = error;
+
+    for (const fn of interceptors.error.fns) {
+      if (fn) {
+        finalError = (await fn(error, response, request, opts)) as string;
+      }
+    }
+
+    finalError = finalError || ({} as string);
+
+    if (opts.throwOnError) {
+      throw finalError;
+    }
+
+    // TODO: we probably want to return error and improve types
+    return opts.responseStyle === 'data'
+      ? undefined
+      : {
+          error: finalError,
+          ...result,
+        };
+  };
+
+  const makeMethodFn = (method: Uppercase<HttpMethod>) => (options: RequestOptions) =>
+    request({ ...options, method });
+
+  const makeSseFn = (method: Uppercase<HttpMethod>) => async (options: RequestOptions) => {
+    const { opts, url } = await beforeRequest(options);
+    return createSseClient({
+      ...opts,
+      body: opts.body as BodyInit | null | undefined,
+      headers: opts.headers as unknown as Record<string, string>,
+      method,
+      onRequest: async (url, init) => {
+        let request = new Request(url, init);
+        for (const fn of interceptors.request.fns) {
+          if (fn) {
+            request = await fn(request, opts);
+          }
+        }
+        return request;
+      },
+      serializedBody: getValidRequestBody(opts) as BodyInit | null | undefined,
+      url,
+    });
+  };
+
+  const _buildUrl: Client['buildUrl'] = (options) => buildUrl({ ..._config, ...options });
+
+  return {
+    buildUrl: _buildUrl,
+    connect: makeMethodFn('CONNECT'),
+    delete: makeMethodFn('DELETE'),
+    get: makeMethodFn('GET'),
+    getConfig,
+    head: makeMethodFn('HEAD'),
+    interceptors,
+    options: makeMethodFn('OPTIONS'),
+    patch: makeMethodFn('PATCH'),
+    post: makeMethodFn('POST'),
+    put: makeMethodFn('PUT'),
+    request,
+    setConfig,
+    sse: {
+      connect: makeSseFn('CONNECT'),
+      delete: makeSseFn('DELETE'),
+      get: makeSseFn('GET'),
+      head: makeSseFn('HEAD'),
+      options: makeSseFn('OPTIONS'),
+      patch: makeSseFn('PATCH'),
+      post: makeSseFn('POST'),
+      put: makeSseFn('PUT'),
+      trace: makeSseFn('TRACE'),
+    },
+    trace: makeMethodFn('TRACE'),
+  } as Client;
+};

package/src/api/generated/client/index.ts

@@ -0,0 +1,25 @@
+// This file is auto-generated by @hey-api/openapi-ts
+
+export type { Auth } from '../core/auth.gen';
+export type { QuerySerializerOptions } from '../core/bodySerializer.gen';
+export {
+  formDataBodySerializer,
+  jsonBodySerializer,
+  urlSearchParamsBodySerializer,
+} from '../core/bodySerializer.gen';
+export { buildClientParams } from '../core/params.gen';
+export { serializeQueryKeyValue } from '../core/queryKeySerializer.gen';
+export { createClient } from './client.gen';
+export type {
+  Client,
+  ClientOptions,
+  Config,
+  CreateClientConfig,
+  Options,
+  RequestOptions,
+  RequestResult,
+  ResolvedRequestOptions,
+  ResponseStyle,
+  TDataShape,
+} from './types.gen';
+export { createConfig, mergeHeaders } from './utils.gen';