@openape/apes 0.17.0 → 0.19.0

package/dist/cli.js

@@ -12,11 +12,9 @@ import {
   checkSudoRejection,
   isApesSelfDispatch,
   notifyGrantPending
-} from "./chunk-OFIVF6NH.js";
+} from "./chunk-EDYICCBC.js";
 import {
-  ApiError,
   GENERIC_OPERATION_ID,
-  apiFetch,
   buildGenericResolved,
   buildStructuredCliGrantRequest,
   createShapesGrant,
@@ -28,10 +26,6 @@ import {
   findAdapter,
   findConflictingAdapters,
   findExistingGrant,
-  getAgentAuthenticateEndpoint,
-  getAgentChallengeEndpoint,
-  getDelegationsEndpoint,
-  getGrantsEndpoint,
   getInstalledDigest,
   installAdapter,
   isInstalled,
@@ -46,7 +40,15 @@ import {
   searchAdapters,
   verifyAndExecute,
   waitForGrantStatus
-} from "./chunk-O7GSG3OE.js";
+} from "./chunk-IT6T6AKX.js";
+import {
+  ApiError,
+  apiFetch,
+  getAgentAuthenticateEndpoint,
+  getAgentChallengeEndpoint,
+  getDelegationsEndpoint,
+  getGrantsEndpoint
+} from "./chunk-7NUT2PFT.js";
 import {
   AUTH_FILE,
   CONFIG_DIR,
@@ -58,10 +60,10 @@ import {
   loadConfig,
   saveAuth,
   saveConfig
-} from "./chunk-6GPSKAMU.js";
+} from "./chunk-IDPV5SNB.js";
 
 // src/cli.ts
-import consola33 from "consola";
+import consola35 from "consola";
 
 // src/ape-shell.ts
 import path from "path";
@@ -91,7 +93,7 @@ function rewriteApeShellArgs(argv, argv0) {
 }
 
 // src/cli.ts
-import { defineCommand as defineCommand41, runMain } from "citty";
+import { defineCommand as defineCommand44, runMain } from "citty";
 
 // src/commands/auth/login.ts
 import { Buffer } from "buffer";
@@ -462,7 +464,7 @@ var whoamiCommand = defineCommand3({
     console.log(`IdP:   ${auth.idp}`);
     console.log(`Token: ${isExpired ? "\u26A0 EXPIRED" : "valid"} (until ${expiresAt})`);
     if (isExpired) {
-      consola4.warn("Token is expired. Run `apes login` to re-authenticate.");
+      consola4.warn("Token is expired and could not be auto-refreshed. Run `apes login` to re-authenticate.");
     }
   }
 });
@@ -3699,7 +3701,7 @@ var mcpCommand = defineCommand32({
     if (transport !== "stdio" && transport !== "sse") {
       throw new Error('Transport must be "stdio" or "sse"');
     }
-    const { startMcpServer } = await import("./server-YGRMW3OW.js");
+    const { startMcpServer } = await import("./server-GYHLAJXV.js");
     await startMcpServer(transport, port);
   }
 });
@@ -4170,11 +4172,81 @@ var utilsCommand = defineCommand37({
   }
 });
 
-// src/commands/dns-check.ts
+// src/commands/sessions/index.ts
+import { defineCommand as defineCommand40 } from "citty";
+
+// src/commands/sessions/list.ts
 import { defineCommand as defineCommand38 } from "citty";
 import consola31 from "consola";
+var sessionsListCommand = defineCommand38({
+  meta: {
+    name: "list",
+    description: "List your active refresh-token families (one per logged-in device)."
+  },
+  args: {
+    json: { type: "boolean", description: "JSON output" },
+    limit: { type: "string", description: "Max rows (default 50)" }
+  },
+  async run({ args }) {
+    const path2 = args.limit ? `/api/me/sessions?limit=${encodeURIComponent(String(args.limit))}` : "/api/me/sessions";
+    const result = await apiFetch(path2);
+    if (args.json) {
+      process.stdout.write(`${JSON.stringify(result, null, 2)}
+`);
+      return;
+    }
+    if (result.data.length === 0) {
+      consola31.info("No active sessions.");
+      return;
+    }
+    for (const f of result.data) {
+      const created = new Date(f.createdAt).toISOString();
+      const expires = new Date(f.expiresAt).toISOString();
+      console.log(`${f.familyId}  client=${f.clientId}  created=${created}  expires=${expires}`);
+    }
+  }
+});
+
+// src/commands/sessions/remove.ts
+import { defineCommand as defineCommand39 } from "citty";
+import consola32 from "consola";
+var sessionsRemoveCommand = defineCommand39({
+  meta: {
+    name: "remove",
+    description: "Revoke one of your active refresh-token families by id."
+  },
+  args: {
+    familyId: {
+      type: "positional",
+      required: true,
+      description: "Family id (from `apes sessions list`)."
+    }
+  },
+  async run({ args }) {
+    const id = String(args.familyId).trim();
+    if (!id) throw new CliError("familyId required");
+    await apiFetch(`/api/me/sessions/${encodeURIComponent(id)}`, { method: "DELETE" });
+    consola32.success(`Session ${id} revoked. The device using it will need to \`apes login\` again on its next refresh.`);
+  }
+});
+
+// src/commands/sessions/index.ts
+var sessionsCommand = defineCommand40({
+  meta: {
+    name: "sessions",
+    description: "Manage your active refresh-token sessions across devices"
+  },
+  subCommands: {
+    list: sessionsListCommand,
+    remove: sessionsRemoveCommand
+  }
+});
+
+// src/commands/dns-check.ts
+import { defineCommand as defineCommand41 } from "citty";
+import consola33 from "consola";
 import { resolveDDISA as resolveDDISA3 } from "@openape/core";
-var dnsCheckCommand = defineCommand38({
+var dnsCheckCommand = defineCommand41({
   meta: {
     name: "dns-check",
     description: "Validate DDISA DNS TXT records for a domain"
@@ -4188,7 +4260,7 @@ var dnsCheckCommand = defineCommand38({
   },
   async run({ args }) {
     const domain = args.domain;
-    consola31.start(`Checking _ddisa.${domain}...`);
+    consola33.start(`Checking _ddisa.${domain}...`);
     try {
       const result = await resolveDDISA3(domain);
       if (!result) {
@@ -4197,7 +4269,7 @@ var dnsCheckCommand = defineCommand38({
         console.log(`  _ddisa.${domain} TXT "v=ddisa1 idp=https://id.${domain}"`);
         throw new CliError(`No DDISA record found for ${domain}`);
       }
-      consola31.success(`_ddisa.${domain} \u2192 ${result.idp}`);
+      consola33.success(`_ddisa.${domain} \u2192 ${result.idp}`);
       console.log("");
       console.log(`  Version:  ${result.version || "ddisa1"}`);
       console.log(`  IdP URL:  ${result.idp}`);
@@ -4206,14 +4278,14 @@ var dnsCheckCommand = defineCommand38({
       if (result.priority !== void 0)
         console.log(`  Priority: ${result.priority}`);
       console.log("");
-      consola31.start(`Verifying IdP at ${result.idp}...`);
+      consola33.start(`Verifying IdP at ${result.idp}...`);
       const discoResp = await fetch(`${result.idp}/.well-known/openid-configuration`);
       if (!discoResp.ok) {
-        consola31.warn(`IdP discovery failed (${discoResp.status}). Is the IdP running at ${result.idp}?`);
+        consola33.warn(`IdP discovery failed (${discoResp.status}). Is the IdP running at ${result.idp}?`);
         return;
       }
       const disco = await discoResp.json();
-      consola31.success(`IdP is reachable`);
+      consola33.success(`IdP is reachable`);
       console.log(`  Issuer:   ${disco.issuer}`);
       console.log(`  DDISA:    v${disco.ddisa_version || "?"}`);
       if (disco.ddisa_auth_methods_supported) {
@@ -4231,7 +4303,7 @@ var dnsCheckCommand = defineCommand38({
 // src/commands/health.ts
 import { exec } from "child_process";
 import { promisify } from "util";
-import { defineCommand as defineCommand39 } from "citty";
+import { defineCommand as defineCommand42 } from "citty";
 var execAsync = promisify(exec);
 async function resolveApeShellPath() {
   try {
@@ -4267,7 +4339,7 @@ async function bestEffortGrantCount(idp) {
   }
 }
 async function runHealth(args) {
-  const version = true ? "0.17.0" : "0.0.0";
+  const version = true ? "0.19.0" : "0.0.0";
   const auth = loadAuth();
   if (!auth) {
     throw new CliError("Not logged in. Run `apes login` first.", 1);
@@ -4330,7 +4402,7 @@ async function runHealth(args) {
     throw new CliError(`IdP ${auth.idp} unreachable: ${idpProbe.error}`, 1);
   }
 }
-var healthCommand = defineCommand39({
+var healthCommand = defineCommand42({
   meta: {
     name: "health",
     description: "Report CLI diagnostic state (auth, IdP, grants, binaries)"
@@ -4348,8 +4420,8 @@ var healthCommand = defineCommand39({
 });
 
 // src/commands/workflows.ts
-import { defineCommand as defineCommand40 } from "citty";
-import consola32 from "consola";
+import { defineCommand as defineCommand43 } from "citty";
+import consola34 from "consola";
 
 // src/guides/index.ts
 var guides = [
@@ -4399,7 +4471,7 @@ var guides = [
 ];
 
 // src/commands/workflows.ts
-var workflowsCommand = defineCommand40({
+var workflowsCommand = defineCommand43({
   meta: {
     name: "workflows",
     description: "Discover workflow guides"
@@ -4420,7 +4492,7 @@ var workflowsCommand = defineCommand40({
     if (args.id) {
       const guide = guides.find((g) => g.id === String(args.id));
       if (!guide) {
-        consola32.info(`Available: ${guides.map((g) => g.id).join(", ")}`);
+        consola34.info(`Available: ${guides.map((g) => g.id).join(", ")}`);
         throw new CliError(`Guide not found: ${args.id}`);
       }
       if (args.json) {
@@ -4469,10 +4541,10 @@ if (shellRewrite) {
   if (shellRewrite.action === "rewrite") {
     process.argv = shellRewrite.argv;
   } else if (shellRewrite.action === "version") {
-    console.log(`ape-shell ${"0.17.0"} (OpenApe DDISA shell wrapper)`);
+    console.log(`ape-shell ${"0.19.0"} (OpenApe DDISA shell wrapper)`);
     process.exit(0);
   } else if (shellRewrite.action === "help") {
-    console.log(`ape-shell ${"0.17.0"} \u2014 OpenApe DDISA shell wrapper`);
+    console.log(`ape-shell ${"0.19.0"} \u2014 OpenApe DDISA shell wrapper`);
     console.log("");
     console.log("Usage:");
     console.log("  ape-shell                 Start interactive grant-mediated REPL");
@@ -4487,7 +4559,7 @@ if (shellRewrite) {
     console.log("  --help, -h      Show this help message");
     process.exit(0);
   } else if (shellRewrite.action === "interactive") {
-    const { runInteractiveShell } = await import("./orchestrator-PUAO57CY.js");
+    const { runInteractiveShell } = await import("./orchestrator-FJVDWH45.js");
     await runInteractiveShell();
     process.exit(0);
   } else {
@@ -4496,7 +4568,7 @@ if (shellRewrite) {
   }
 }
 var debug = process.argv.includes("--debug");
-var grantsCommand = defineCommand41({
+var grantsCommand = defineCommand44({
   meta: {
     name: "grants",
     description: "Grant management"
@@ -4517,7 +4589,7 @@ var grantsCommand = defineCommand41({
     "delegation-revoke": delegationRevokeCommand
   }
 });
-var configCommand = defineCommand41({
+var configCommand = defineCommand44({
   meta: {
     name: "config",
     description: "Configuration management"
@@ -4527,10 +4599,10 @@ var configCommand = defineCommand41({
     set: configSetCommand
   }
 });
-var main = defineCommand41({
+var main = defineCommand44({
   meta: {
     name: "apes",
-    version: "0.17.0",
+    version: "0.19.0",
     description: "Unified CLI for OpenApe"
   },
   subCommands: {
@@ -4539,6 +4611,7 @@ var main = defineCommand41({
     "register-user": registerUserCommand,
     "dns-check": dnsCheckCommand,
     utils: utilsCommand,
+    sessions: sessionsCommand,
     login: loginCommand,
     logout: logoutCommand,
     whoami: whoamiCommand,
@@ -4556,18 +4629,46 @@ var main = defineCommand41({
     workflows: workflowsCommand
   }
 });
+var NO_REFRESH_COMMANDS = /* @__PURE__ */ new Set([
+  "login",
+  "logout",
+  "init",
+  "enroll",
+  "register-user",
+  "dns-check",
+  "utils",
+  "explain",
+  "workflows",
+  "--help",
+  "-h",
+  "help",
+  "--version",
+  "-v"
+]);
+async function maybeRefreshAuth() {
+  const sub = process.argv[2];
+  if (!sub || NO_REFRESH_COMMANDS.has(sub)) return;
+  const { loadAuth: loadAuth2 } = await import("./config-JH2IEPIR.js");
+  if (!loadAuth2()) return;
+  try {
+    const { ensureFreshToken } = await import("./http-JZT4XV5I.js");
+    await ensureFreshToken();
+  } catch {
+  }
+}
+await maybeRefreshAuth();
 runMain(main).catch((err) => {
   if (err instanceof CliExit) {
     process.exit(err.exitCode);
   }
   if (err instanceof CliError) {
-    consola33.error(err.message);
+    consola35.error(err.message);
     process.exit(err.exitCode);
   }
   if (debug) {
-    consola33.error(err);
+    consola35.error(err);
   } else {
-    consola33.error(err instanceof ApiError ? err.message : err instanceof Error ? err.message : String(err));
+    consola35.error(err instanceof ApiError ? err.message : err instanceof Error ? err.message : String(err));
   }
   process.exit(1);
 });