@padua/cli 1.0.0

package/README.md

@@ -0,0 +1,158 @@
+# Padua CLI
+
+A unified CLI for AWS infrastructure management—authentication, tunneling, and container tools in one place.
+
+## Installation
+
+```bash
+npm install -g @padua/cli
+```
+
+### Prerequisites
+
+- [Node.js](https://nodejs.org/) v18+
+- [AWS CLI v2](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
+- [Session Manager Plugin](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) (for tunneling)
+- [Docker](https://www.docker.com/) (optional, for ECR)
+
+## Quick Start
+
+```bash
+# 1. Create config file
+cp padua.config.example.json padua.config.json
+
+# 2. Edit with your AWS account details
+# 3. Run login
+padua login
+```
+
+## Features
+
+| Category | Feature | Description |
+|----------|---------|-------------|
+| **Auth** | SSO Login | AWS SSO authentication and session management |
+| | Profiles | Multiple AWS CLI profile management |
+| | CodeArtifact | Automatic npm registry authentication |
+| | ECR | Docker registry authentication |
+| **Tunnel** | RDS/Aurora | PostgreSQL & MySQL via Session Manager |
+| | OpenSearch | Kibana dashboard access |
+| | EC2 | Direct SSM sessions to instances |
+| **ECS** | Exec | Container command execution with pre-flight checks |
+
+## Login Command
+
+Authenticate to AWS SSO, CodeArtifact (npm), and ECR (Docker) with a single command.
+
+### Basic Usage
+
+```bash
+padua login                    # Full login (SSO + CodeArtifact + ECR)
+padua login --profile staging  # Use specific AWS profile
+padua login --sso-only         # SSO only, skip CodeArtifact and ECR
+```
+
+### Options
+
+| Flag | Description |
+|------|-------------|
+| `-p, --profile <name>` | AWS SSO profile to use |
+| `--sso-only` | Only authenticate to SSO |
+| `-v, --verbose` | Show detailed output |
+| `-q, --quiet` | Suppress non-error output |
+| `--no-color` | Disable colored output |
+
+### Exit Codes
+
+| Code | Meaning |
+|------|---------|
+| 0 | Success (SSO + at least one other service) |
+| 1 | SSO succeeded but CodeArtifact and ECR both failed |
+| 2 | SSO failed (other services not attempted) |
+
+### What `padua login` replaces
+
+```bash
+# Before: 3 separate commands
+aws sso login --profile development
+aws codeartifact login --tool npm --repository npm-repo --domain my-domain \
+  --domain-owner 123456789012 --region ap-southeast-2 --profile development
+aws ecr get-login-password --region ap-southeast-2 | \
+  docker login --username AWS --password-stdin 123456789012.dkr.ecr.ap-southeast-2.amazonaws.com
+
+# After: 1 command
+padua login
+```
+
+### Example Output
+
+```
+[1/3] AWS SSO ...
+      ✓ authenticated (profile: development)
+[2/3] CodeArtifact (npm) ...
+      ✓ configured
+[3/3] ECR (Docker) ...
+      ✓ configured
+
+=== Login Results ===
+SSO: ✓ OK
+CodeArtifact: ✓ OK
+ECR: ✓ OK
+
+Total: 3/3 services authenticated
+```
+
+## Configuration
+
+Create a `padua.config.json` file in your project root or `~/.padua/`:
+
+```json
+{
+  "defaultProfile": "development",
+  "region": "ap-southeast-2",
+  "codeartifact": {
+    "domain": "my-domain",
+    "domainOwner": "123456789012",
+    "repository": "npm-repo"
+  },
+  "ecr": {
+    "accountId": "123456789012",
+    "region": "ap-southeast-2"
+  }
+}
+```
+
+### Config Priority
+
+1. CLI flags (`--profile`)
+2. Environment variables (`PADUA_PROFILE`)
+3. `padua.config.json` in current directory
+4. `~/.padua/padua.config.json`
+5. Default values
+
+## Other Commands
+
+```bash
+padua tunnel rds                 # RDS PostgreSQL via jumpbox
+padua tunnel aurora              # Aurora PostgreSQL via jumpbox
+padua tunnel rds --legacy        # MySQL via bastion-host (roma)
+padua tunnel opensearch          # OpenSearch/Kibana dashboard
+padua tunnel ec2 <name>          # SSM session to EC2 instance
+
+padua ecs exec <cluster> <task>  # Execute in ECS container
+```
+
+## Development
+
+```bash
+git clone <repository-url>
+cd padua-cli
+npm install
+npm run build
+npm link           # Makes 'padua' available globally
+npm test           # Run tests
+npm run test:coverage  # Run tests with coverage
+```
+
+## License
+
+MIT

package/dist/commands/login/codeartifact.d.ts

@@ -0,0 +1,11 @@
+import { ServiceResult, LoginOptions, CodeArtifactConfig } from './types';
+/**
+ * Configure npm to use CodeArtifact registry
+ *
+ * @param config - CodeArtifact configuration
+ * @param profile - AWS profile to use
+ * @param options - Login command options
+ * @returns ServiceResult indicating success/failure
+ */
+export declare function configureCodeArtifact(config: CodeArtifactConfig, profile: string, options: LoginOptions): Promise<ServiceResult>;
+//# sourceMappingURL=codeartifact.d.ts.map

package/dist/commands/login/codeartifact.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"codeartifact.d.ts","sourceRoot":"","sources":["../../../src/commands/login/codeartifact.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AAK1E;;;;;;;GAOG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,kBAAkB,EAC1B,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,aAAa,CAAC,CAuExB"}

package/dist/commands/login/codeartifact.js

@@ -0,0 +1,77 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configureCodeArtifact = configureCodeArtifact;
+const child_process_1 = require("child_process");
+const utils_1 = require("./utils");
+const CODEARTIFACT_TIMEOUT_MS = 30000; // 30 seconds
+/**
+ * Configure npm to use CodeArtifact registry
+ *
+ * @param config - CodeArtifact configuration
+ * @param profile - AWS profile to use
+ * @param options - Login command options
+ * @returns ServiceResult indicating success/failure
+ */
+async function configureCodeArtifact(config, profile, options) {
+    (0, utils_1.validateProfileName)(profile);
+    if (options.verbose) {
+        console.log(`  [verbose] Configuring CodeArtifact: ${config.domain}/${config.repository}`);
+    }
+    // Use aws codeartifact login which handles token and npm config
+    const args = [
+        'codeartifact', 'login',
+        '--tool', 'npm',
+        '--repository', config.repository,
+        '--domain', config.domain,
+        '--domain-owner', config.domainOwner,
+        '--profile', profile,
+    ];
+    if (options.verbose) {
+        console.log(`  [verbose] Running: aws ${args.join(' ')}`);
+    }
+    const result = (0, child_process_1.spawnSync)('aws', args, {
+        shell: false,
+        timeout: CODEARTIFACT_TIMEOUT_MS,
+        maxBuffer: 1024 * 1024,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        env: {
+            ...(0, utils_1.getSubprocessEnv)(),
+            AWS_PROFILE: profile,
+        },
+    });
+    if (result.error) {
+        if (result.error.message.includes('ENOENT')) {
+            throw new Error('AWS CLI not found. Please install AWS CLI v2.');
+        }
+        if (result.error.message.includes('ETIMEDOUT')) {
+            throw new Error('CodeArtifact login timed out.');
+        }
+        throw new Error((0, utils_1.sanitizeOutput)(result.error.message));
+    }
+    if (result.status !== 0) {
+        const stderr = result.stderr?.toString() || '';
+        const stdout = result.stdout?.toString() || '';
+        // Parse common error conditions
+        if (stderr.includes('ResourceNotFoundException')) {
+            throw new Error(`CodeArtifact domain '${config.domain}' or repository '${config.repository}' not found.`);
+        }
+        if (stderr.includes('AccessDeniedException')) {
+            throw new Error(`Access denied to CodeArtifact. Check IAM permissions for profile '${profile}'.`);
+        }
+        if (stderr.includes('ExpiredTokenException') || stderr.includes('credentials')) {
+            throw new Error('AWS credentials expired. SSO session may have ended.');
+        }
+        const errorOutput = (0, utils_1.sanitizeOutput)(stderr || stdout || 'Unknown error');
+        throw new Error(`CodeArtifact login failed: ${errorOutput}`);
+    }
+    if (options.verbose) {
+        const stdout = result.stdout?.toString() || '';
+        console.log(`  [verbose] CodeArtifact configured: ${(0, utils_1.sanitizeOutput)(stdout)}`);
+    }
+    return {
+        success: true,
+        skipped: false,
+        duration: 0,
+    };
+}
+//# sourceMappingURL=codeartifact.js.map

package/dist/commands/login/codeartifact.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"codeartifact.js","sourceRoot":"","sources":["../../../src/commands/login/codeartifact.ts"],"names":[],"mappings":";;AAcA,sDA2EC;AAzFD,iDAA0C;AAE1C,mCAAgF;AAEhF,MAAM,uBAAuB,GAAG,KAAK,CAAC,CAAC,aAAa;AAEpD;;;;;;;GAOG;AACI,KAAK,UAAU,qBAAqB,CACzC,MAA0B,EAC1B,OAAe,EACf,OAAqB;IAErB,IAAA,2BAAmB,EAAC,OAAO,CAAC,CAAC;IAE7B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,yCAAyC,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;IAC7F,CAAC;IAED,gEAAgE;IAChE,MAAM,IAAI,GAAG;QACX,cAAc,EAAE,OAAO;QACvB,QAAQ,EAAE,KAAK;QACf,cAAc,EAAE,MAAM,CAAC,UAAU;QACjC,UAAU,EAAE,MAAM,CAAC,MAAM;QACzB,gBAAgB,EAAE,MAAM,CAAC,WAAW;QACpC,WAAW,EAAE,OAAO;KACrB,CAAC;IAEF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,4BAA4B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAS,EAAC,KAAK,EAAE,IAAI,EAAE;QACpC,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,IAAI,GAAG,IAAI;QACtB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAC/B,GAAG,EAAE;YACH,GAAG,IAAA,wBAAgB,GAAE;YACrB,WAAW,EAAE,OAAO;SACrB;KACF,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,IAAA,sBAAc,EAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAE/C,gCAAgC;QAChC,IAAI,MAAM,CAAC,QAAQ,CAAC,2BAA2B,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,wBAAwB,MAAM,CAAC,MAAM,oBAAoB,MAAM,CAAC,UAAU,cAAc,CAAC,CAAC;QAC5G,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,qEAAqE,OAAO,IAAI,CAAC,CAAC;QACpG,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAC/E,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QAED,MAAM,WAAW,GAAG,IAAA,sBAAc,EAAC,MAAM,IAAI,MAAM,IAAI,eAAe,CAAC,CAAC;QACxE,MAAM,IAAI,KAAK,CAAC,8BAA8B,WAAW,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC/C,OAAO,CAAC,GAAG,CAAC,wCAAwC,IAAA,sBAAc,EAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,KAAK;QACd,QAAQ,EAAE,CAAC;KACZ,CAAC;AACJ,CAAC"}

package/dist/commands/login/config.d.ts

@@ -0,0 +1,11 @@
+import { PaduaConfig } from './types';
+/**
+ * Load configuration from padua.config.json
+ * Returns null if no config file found
+ */
+export declare function loadConfig(): Promise<PaduaConfig | null>;
+/**
+ * Save configuration to padua.config.json
+ */
+export declare function saveConfig(config: PaduaConfig, location?: 'local' | 'global'): Promise<void>;
+//# sourceMappingURL=config.d.ts.map

package/dist/commands/login/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/commands/login/config.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAwBtC;;;GAGG;AACH,wBAAsB,UAAU,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAc9D;AAED;;GAEG;AACH,wBAAsB,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,GAAE,OAAO,GAAG,QAAkB,GAAG,OAAO,CAAC,IAAI,CAAC,CAkB3G"}

package/dist/commands/login/config.js

@@ -0,0 +1,99 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadConfig = loadConfig;
+exports.saveConfig = saveConfig;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const CONFIG_FILENAME = 'padua.config.json';
+/**
+ * Get the path to the config file
+ * Priority: 1) Current directory, 2) ~/.padua/
+ */
+function getConfigPath() {
+    // Check current directory first
+    const localPath = path.join(process.cwd(), CONFIG_FILENAME);
+    if (fs.existsSync(localPath)) {
+        return localPath;
+    }
+    // Check ~/.padua/ directory
+    const globalPath = path.join(os.homedir(), '.padua', CONFIG_FILENAME);
+    if (fs.existsSync(globalPath)) {
+        return globalPath;
+    }
+    return null;
+}
+/**
+ * Load configuration from padua.config.json
+ * Returns null if no config file found
+ */
+async function loadConfig() {
+    const configPath = getConfigPath();
+    if (!configPath) {
+        return null;
+    }
+    try {
+        const content = fs.readFileSync(configPath, 'utf-8');
+        const config = JSON.parse(content);
+        return config;
+    }
+    catch (error) {
+        throw new Error(`Failed to load config from ${configPath}: ${error.message}`);
+    }
+}
+/**
+ * Save configuration to padua.config.json
+ */
+async function saveConfig(config, location = 'local') {
+    let configPath;
+    if (location === 'global') {
+        const paduaDir = path.join(os.homedir(), '.padua');
+        if (!fs.existsSync(paduaDir)) {
+            fs.mkdirSync(paduaDir, { recursive: true });
+        }
+        configPath = path.join(paduaDir, CONFIG_FILENAME);
+    }
+    else {
+        configPath = path.join(process.cwd(), CONFIG_FILENAME);
+    }
+    try {
+        fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
+    }
+    catch (error) {
+        throw new Error(`Failed to save config to ${configPath}: ${error.message}`);
+    }
+}
+//# sourceMappingURL=config.js.map

package/dist/commands/login/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/commands/login/config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+BA,gCAcC;AAKD,gCAkBC;AApED,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAGzB,MAAM,eAAe,GAAG,mBAAmB,CAAC;AAE5C;;;GAGG;AACH,SAAS,aAAa;IACpB,gCAAgC;IAChC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,eAAe,CAAC,CAAC;IAC5D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC7B,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,4BAA4B;IAC5B,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,eAAe,CAAC,CAAC;IACtE,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,UAAU;IAC9B,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;IAEnC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAgB,CAAC;QAClD,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,8BAA8B,UAAU,KAAM,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;IAC3F,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,UAAU,CAAC,MAAmB,EAAE,WAA+B,OAAO;IAC1F,IAAI,UAAkB,CAAC;IAEvB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;QACD,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IACpD,CAAC;SAAM,CAAC;QACN,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,eAAe,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,CAAC;QACH,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;IAChF,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,4BAA4B,UAAU,KAAM,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;IACzF,CAAC;AACH,CAAC"}

package/dist/commands/login/ecr.d.ts

@@ -0,0 +1,11 @@
+import { ServiceResult, LoginOptions, EcrConfig } from './types';
+/**
+ * Configure Docker to use ECR registry
+ *
+ * @param config - ECR configuration
+ * @param profile - AWS profile to use
+ * @param options - Login command options
+ * @returns ServiceResult indicating success/failure
+ */
+export declare function configureECR(config: EcrConfig, profile: string, options: LoginOptions): Promise<ServiceResult>;
+//# sourceMappingURL=ecr.d.ts.map

package/dist/commands/login/ecr.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecr.d.ts","sourceRoot":"","sources":["../../../src/commands/login/ecr.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAKjE;;;;;;;GAOG;AACH,wBAAsB,YAAY,CAChC,MAAM,EAAE,SAAS,EACjB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,aAAa,CAAC,CA6GxB"}

package/dist/commands/login/ecr.js

@@ -0,0 +1,107 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configureECR = configureECR;
+const child_process_1 = require("child_process");
+const utils_1 = require("./utils");
+const ECR_TIMEOUT_MS = 30000; // 30 seconds
+/**
+ * Configure Docker to use ECR registry
+ *
+ * @param config - ECR configuration
+ * @param profile - AWS profile to use
+ * @param options - Login command options
+ * @returns ServiceResult indicating success/failure
+ */
+async function configureECR(config, profile, options) {
+    (0, utils_1.validateProfileName)(profile);
+    const registryUrl = `${config.accountId}.dkr.ecr.${config.region}.amazonaws.com`;
+    if (options.verbose) {
+        console.log(`  [verbose] Configuring ECR: ${registryUrl}`);
+    }
+    // Check if Docker is running
+    const dockerCheck = (0, child_process_1.spawnSync)('docker', ['info'], {
+        shell: false,
+        timeout: 5000,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        env: (0, utils_1.getSubprocessEnv)(),
+    });
+    if (dockerCheck.status !== 0) {
+        throw new Error('Docker is not running. Please start Docker Desktop or Docker daemon.');
+    }
+    // Get ECR login password
+    if (options.verbose) {
+        console.log(`  [verbose] Running: aws ecr get-login-password --region ${config.region} --profile ${profile}`);
+    }
+    const getPasswordResult = (0, child_process_1.spawnSync)('aws', [
+        'ecr', 'get-login-password',
+        '--region', config.region,
+        '--profile', profile,
+    ], {
+        shell: false,
+        timeout: ECR_TIMEOUT_MS,
+        maxBuffer: 1024 * 1024,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        env: {
+            ...(0, utils_1.getSubprocessEnv)(),
+            AWS_PROFILE: profile,
+        },
+    });
+    if (getPasswordResult.error) {
+        if (getPasswordResult.error.message.includes('ENOENT')) {
+            throw new Error('AWS CLI not found. Please install AWS CLI v2.');
+        }
+        if (getPasswordResult.error.message.includes('ETIMEDOUT')) {
+            throw new Error('ECR get-login-password timed out.');
+        }
+        throw new Error((0, utils_1.sanitizeOutput)(getPasswordResult.error.message));
+    }
+    if (getPasswordResult.status !== 0) {
+        const stderr = getPasswordResult.stderr?.toString() || '';
+        if (stderr.includes('ExpiredTokenException') || stderr.includes('credentials')) {
+            throw new Error('AWS credentials expired. SSO session may have ended.');
+        }
+        if (stderr.includes('AccessDeniedException')) {
+            throw new Error(`Access denied to ECR. Check IAM permissions for profile '${profile}'.`);
+        }
+        const errorOutput = (0, utils_1.sanitizeOutput)(stderr || 'Unknown error');
+        throw new Error(`ECR get-login-password failed: ${errorOutput}`);
+    }
+    const password = getPasswordResult.stdout?.toString().trim();
+    if (!password) {
+        throw new Error('ECR returned empty password.');
+    }
+    // Docker login using the password
+    if (options.verbose) {
+        console.log(`  [verbose] Running: docker login --username AWS --password-stdin ${registryUrl}`);
+    }
+    const dockerLoginResult = (0, child_process_1.spawnSync)('docker', [
+        'login',
+        '--username', 'AWS',
+        '--password-stdin',
+        registryUrl,
+    ], {
+        shell: false,
+        timeout: ECR_TIMEOUT_MS,
+        maxBuffer: 1024 * 1024,
+        input: password,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        env: (0, utils_1.getSubprocessEnv)(),
+    });
+    if (dockerLoginResult.error) {
+        throw new Error((0, utils_1.sanitizeOutput)(dockerLoginResult.error.message));
+    }
+    if (dockerLoginResult.status !== 0) {
+        const stderr = dockerLoginResult.stderr?.toString() || '';
+        const errorOutput = (0, utils_1.sanitizeOutput)(stderr || 'Unknown error');
+        throw new Error(`Docker login failed: ${errorOutput}`);
+    }
+    if (options.verbose) {
+        console.log('  [verbose] ECR authentication successful');
+    }
+    return {
+        success: true,
+        skipped: false,
+        duration: 0,
+    };
+}
+//# sourceMappingURL=ecr.js.map

package/dist/commands/login/ecr.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecr.js","sourceRoot":"","sources":["../../../src/commands/login/ecr.ts"],"names":[],"mappings":";;AAcA,oCAiHC;AA/HD,iDAA0C;AAE1C,mCAAgF;AAEhF,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,aAAa;AAE3C;;;;;;;GAOG;AACI,KAAK,UAAU,YAAY,CAChC,MAAiB,EACjB,OAAe,EACf,OAAqB;IAErB,IAAA,2BAAmB,EAAC,OAAO,CAAC,CAAC;IAE7B,MAAM,WAAW,GAAG,GAAG,MAAM,CAAC,SAAS,YAAY,MAAM,CAAC,MAAM,gBAAgB,CAAC;IAEjF,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,gCAAgC,WAAW,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,6BAA6B;IAC7B,MAAM,WAAW,GAAG,IAAA,yBAAS,EAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,EAAE;QAChD,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAC/B,GAAG,EAAE,IAAA,wBAAgB,GAAE;KACxB,CAAC,CAAC;IAEH,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;IAC1F,CAAC;IAED,yBAAyB;IACzB,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,4DAA4D,MAAM,CAAC,MAAM,cAAc,OAAO,EAAE,CAAC,CAAC;IAChH,CAAC;IAED,MAAM,iBAAiB,GAAG,IAAA,yBAAS,EAAC,KAAK,EAAE;QACzC,KAAK,EAAE,oBAAoB;QAC3B,UAAU,EAAE,MAAM,CAAC,MAAM;QACzB,WAAW,EAAE,OAAO;KACrB,EAAE;QACD,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,cAAc;QACvB,SAAS,EAAE,IAAI,GAAG,IAAI;QACtB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAC/B,GAAG,EAAE;YACH,GAAG,IAAA,wBAAgB,GAAE;YACrB,WAAW,EAAE,OAAO;SACrB;KACF,CAAC,CAAC;IAEH,IAAI,iBAAiB,CAAC,KAAK,EAAE,CAAC;QAC5B,IAAI,iBAAiB,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QACD,IAAI,iBAAiB,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC1D,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,IAAA,sBAAc,EAAC,iBAAiB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAE1D,IAAI,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;YAC/E,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC1E,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,4DAA4D,OAAO,IAAI,CAAC,CAAC;QAC3F,CAAC;QAED,MAAM,WAAW,GAAG,IAAA,sBAAc,EAAC,MAAM,IAAI,eAAe,CAAC,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,kCAAkC,WAAW,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,QAAQ,GAAG,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,CAAC,IAAI,EAAE,CAAC;IAE7D,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAClD,CAAC;IAED,kCAAkC;IAClC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,qEAAqE,WAAW,EAAE,CAAC,CAAC;IAClG,CAAC;IAED,MAAM,iBAAiB,GAAG,IAAA,yBAAS,EAAC,QAAQ,EAAE;QAC5C,OAAO;QACP,YAAY,EAAE,KAAK;QACnB,kBAAkB;QAClB,WAAW;KACZ,EAAE;QACD,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,cAAc;QACvB,SAAS,EAAE,IAAI,GAAG,IAAI;QACtB,KAAK,EAAE,QAAQ;QACf,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAC/B,GAAG,EAAE,IAAA,wBAAgB,GAAE;KACxB,CAAC,CAAC;IAEH,IAAI,iBAAiB,CAAC,KAAK,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,IAAA,sBAAc,EAAC,iBAAiB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;IACnE,CAAC;IAED,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,iBAAiB,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC1D,MAAM,WAAW,GAAG,IAAA,sBAAc,EAAC,MAAM,IAAI,eAAe,CAAC,CAAC;QAC9D,MAAM,IAAI,KAAK,CAAC,wBAAwB,WAAW,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,KAAK;QACd,QAAQ,EAAE,CAAC;KACZ,CAAC;AACJ,CAAC"}

package/dist/commands/login/index.d.ts

@@ -0,0 +1,6 @@
+import { Command } from 'commander';
+/**
+ * Main login command that orchestrates SSO, CodeArtifact, and ECR authentication
+ */
+export declare const loginCommand: Command;
+//# sourceMappingURL=index.d.ts.map

package/dist/commands/login/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/commands/login/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAepC;;GAEG;AACH,eAAO,MAAM,YAAY,SAOH,CAAC"}

package/dist/commands/login/index.js

@@ -0,0 +1,177 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loginCommand = void 0;
+const commander_1 = require("commander");
+const chalk_1 = __importDefault(require("chalk"));
+const config_1 = require("./config");
+const sso_1 = require("./sso");
+const codeartifact_1 = require("./codeartifact");
+const ecr_1 = require("./ecr");
+const types_1 = require("./types");
+/**
+ * Main login command that orchestrates SSO, CodeArtifact, and ECR authentication
+ */
+exports.loginCommand = new commander_1.Command('login')
+    .description('Authenticate to AWS SSO, CodeArtifact (npm), and ECR (Docker)')
+    .option('-p, --profile <name>', 'AWS SSO profile to use')
+    .option('--sso-only', 'Only authenticate to SSO, skip CodeArtifact and ECR')
+    .option('--no-color', 'Disable colored output')
+    .option('-q, --quiet', 'Suppress non-error output')
+    .option('-v, --verbose', 'Show detailed output')
+    .action(handleLogin);
+/**
+ * Handle the login command execution
+ */
+async function handleLogin(options) {
+    const config = await (0, config_1.loadConfig)();
+    const profile = (0, types_1.getEffectiveProfile)(options, config ?? undefined);
+    const result = {
+        sso: { success: false, skipped: false, duration: 0 },
+        codeartifact: { success: false, skipped: false, duration: 0 },
+        ecr: { success: false, skipped: false, duration: 0 },
+    };
+    // Step 1: SSO Authentication (REQUIRED)
+    if (!options.quiet) {
+        console.log(chalk_1.default.blue(`[1/3] AWS SSO ...`));
+    }
+    const ssoStart = Date.now();
+    try {
+        result.sso = await (0, sso_1.authenticateSSO)(profile, options);
+        result.sso.duration = Date.now() - ssoStart;
+        if (!options.quiet) {
+            console.log(chalk_1.default.green(`      ✓ authenticated (profile: ${profile})`));
+        }
+    }
+    catch (error) {
+        result.sso = {
+            success: false,
+            skipped: false,
+            error: error.message,
+            duration: Date.now() - ssoStart,
+        };
+        // SSO failed - skip remaining services
+        result.codeartifact = { success: false, skipped: true, duration: 0 };
+        result.ecr = { success: false, skipped: true, duration: 0 };
+        reportResults(result, options);
+        process.exit(2); // Exit code 2 = SSO failure
+    }
+    // Check if --sso-only flag is set
+    if (options.ssoOnly) {
+        result.codeartifact = { success: false, skipped: true, duration: 0 };
+        result.ecr = { success: false, skipped: true, duration: 0 };
+        reportResults(result, options);
+        process.exit(0);
+    }
+    // Step 2: CodeArtifact (npm) - depends on SSO
+    if (!options.quiet) {
+        console.log(chalk_1.default.blue(`[2/3] CodeArtifact (npm) ...`));
+    }
+    if (config && (0, types_1.hasCodeArtifactConfig)(config)) {
+        const caStart = Date.now();
+        try {
+            result.codeartifact = await (0, codeartifact_1.configureCodeArtifact)(config.codeartifact, profile, options);
+            result.codeartifact.duration = Date.now() - caStart;
+            if (!options.quiet) {
+                console.log(chalk_1.default.green(`      ✓ configured`));
+            }
+        }
+        catch (error) {
+            result.codeartifact = {
+                success: false,
+                skipped: false,
+                error: error.message,
+                duration: Date.now() - caStart,
+            };
+            if (!options.quiet) {
+                console.log(chalk_1.default.yellow(`      ⚠ failed: ${error.message}`));
+            }
+        }
+    }
+    else {
+        result.codeartifact = { success: false, skipped: true, duration: 0 };
+        if (!options.quiet) {
+            console.log(chalk_1.default.gray(`      ○ skipped (not configured)`));
+        }
+    }
+    // Step 3: ECR (Docker) - depends on SSO, independent of CodeArtifact
+    if (!options.quiet) {
+        console.log(chalk_1.default.blue(`[3/3] ECR (Docker) ...`));
+    }
+    if (config && (0, types_1.hasEcrConfig)(config)) {
+        const ecrStart = Date.now();
+        try {
+            result.ecr = await (0, ecr_1.configureECR)(config.ecr, profile, options);
+            result.ecr.duration = Date.now() - ecrStart;
+            if (!options.quiet) {
+                console.log(chalk_1.default.green(`      ✓ configured`));
+            }
+        }
+        catch (error) {
+            result.ecr = {
+                success: false,
+                skipped: false,
+                error: error.message,
+                duration: Date.now() - ecrStart,
+            };
+            if (!options.quiet) {
+                console.log(chalk_1.default.yellow(`      ⚠ failed: ${error.message}`));
+            }
+        }
+    }
+    else {
+        result.ecr = { success: false, skipped: true, duration: 0 };
+        if (!options.quiet) {
+            console.log(chalk_1.default.gray(`      ○ skipped (not configured)`));
+        }
+    }
+    reportResults(result, options);
+    // Exit codes:
+    // 0 = SSO succeeded + at least one of (CodeArtifact, ECR) succeeded or was skipped intentionally
+    // 1 = SSO succeeded but both CodeArtifact and ECR failed (not skipped)
+    const caOk = result.codeartifact.success || result.codeartifact.skipped;
+    const ecrOk = result.ecr.success || result.ecr.skipped;
+    const postSsoSuccess = caOk || ecrOk;
+    process.exit(postSsoSuccess ? 0 : 1);
+}
+/**
+ * Report login results to console
+ */
+function reportResults(result, options) {
+    if (options.quiet)
+        return;
+    console.log('');
+    console.log('=== Login Results ===');
+    const services = [
+        { name: 'SSO', result: result.sso },
+        { name: 'CodeArtifact', result: result.codeartifact },
+        { name: 'ECR', result: result.ecr },
+    ];
+    let successCount = 0;
+    let skippedCount = 0;
+    for (const service of services) {
+        let status;
+        if (service.result.skipped) {
+            status = chalk_1.default.gray('○ SKIPPED');
+            skippedCount++;
+        }
+        else if (service.result.success) {
+            status = chalk_1.default.green('✓ OK');
+            successCount++;
+        }
+        else {
+            status = chalk_1.default.red('✗ FAILED');
+        }
+        console.log(`${service.name}: ${status}`);
+        if (!service.result.success && !service.result.skipped && service.result.error) {
+            console.log(chalk_1.default.red(`  → ${service.result.error}`));
+        }
+    }
+    const total = services.length - skippedCount;
+    console.log('');
+    console.log(`Total: ${successCount}/${total} services authenticated`);
+    console.log('');
+}
+//# sourceMappingURL=index.js.map

package/dist/commands/login/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/commands/login/index.ts"],"names":[],"mappings":";;;;;;AAAA,yCAAoC;AACpC,kDAA0B;AAC1B,qCAAsC;AACtC,+BAAwC;AACxC,iDAAuD;AACvD,+BAAqC;AACrC,mCAOiB;AAEjB;;GAEG;AACU,QAAA,YAAY,GAAG,IAAI,mBAAO,CAAC,OAAO,CAAC;KAC7C,WAAW,CAAC,+DAA+D,CAAC;KAC5E,MAAM,CAAC,sBAAsB,EAAE,wBAAwB,CAAC;KACxD,MAAM,CAAC,YAAY,EAAE,qDAAqD,CAAC;KAC3E,MAAM,CAAC,YAAY,EAAE,wBAAwB,CAAC;KAC9C,MAAM,CAAC,aAAa,EAAE,2BAA2B,CAAC;KAClD,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC;KAC/C,MAAM,CAAC,WAAW,CAAC,CAAC;AAEvB;;GAEG;AACH,KAAK,UAAU,WAAW,CAAC,OAAqB;IAC9C,MAAM,MAAM,GAAG,MAAM,IAAA,mBAAU,GAAE,CAAC;IAClC,MAAM,OAAO,GAAG,IAAA,2BAAmB,EAAC,OAAO,EAAE,MAAM,IAAI,SAAS,CAAC,CAAC;IAElE,MAAM,MAAM,GAAgB;QAC1B,GAAG,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE;QACpD,YAAY,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE;QAC7D,GAAG,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE;KACrD,CAAC;IAEF,wCAAwC;IACxC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC5B,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,GAAG,MAAM,IAAA,qBAAe,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,CAAC,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;QAE5C,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,mCAAmC,OAAO,GAAG,CAAC,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,GAAG,GAAG;YACX,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,KAAK;YACd,KAAK,EAAG,KAAe,CAAC,OAAO;YAC/B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ;SAChC,CAAC;QAEF,uCAAuC;QACvC,MAAM,CAAC,YAAY,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QACrE,MAAM,CAAC,GAAG,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QAE5D,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,4BAA4B;IAC/C,CAAC;IAED,kCAAkC;IAClC,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,CAAC,YAAY,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QACrE,MAAM,CAAC,GAAG,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QAC5D,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC/B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,8CAA8C;IAC9C,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,IAAI,MAAM,IAAI,IAAA,6BAAqB,EAAC,MAAM,CAAC,EAAE,CAAC;QAC5C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,MAAM,CAAC,YAAY,GAAG,MAAM,IAAA,oCAAqB,EAAC,MAAM,CAAC,YAAa,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAC1F,MAAM,CAAC,YAAY,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC;YAEpD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,YAAY,GAAG;gBACpB,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,KAAK;gBACd,KAAK,EAAG,KAAe,CAAC,OAAO;gBAC/B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO;aAC/B,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,mBAAoB,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,YAAY,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QACrE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,IAAI,MAAM,IAAI,IAAA,oBAAY,EAAC,MAAM,CAAC,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC5B,IAAI,CAAC;YACH,MAAM,CAAC,GAAG,GAAG,MAAM,IAAA,kBAAY,EAAC,MAAM,CAAC,GAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAC/D,MAAM,CAAC,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC;YAE5C,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,GAAG,GAAG;gBACX,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,KAAK;gBACd,KAAK,EAAG,KAAe,CAAC,OAAO;gBAC/B,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ;aAChC,CAAC;YAEF,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,mBAAoB,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,GAAG,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;QAC5D,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAE/B,cAAc;IACd,iGAAiG;IACjG,uEAAuE;IACvE,MAAM,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,OAAO,IAAI,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC;IACxE,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;IACvD,MAAM,cAAc,GAAG,IAAI,IAAI,KAAK,CAAC;IAErC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,MAAmB,EAAE,OAAqB;IAC/D,IAAI,OAAO,CAAC,KAAK;QAAE,OAAO;IAE1B,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;IAErC,MAAM,QAAQ,GAAG;QACf,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE;QACnC,EAAE,IAAI,EAAE,cAAc,EAAE,MAAM,EAAE,MAAM,CAAC,YAAY,EAAE;QACrD,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE;KACpC,CAAC;IAEF,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,YAAY,GAAG,CAAC,CAAC;IAErB,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,IAAI,MAAc,CAAC;QACnB,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAC3B,MAAM,GAAG,eAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACjC,YAAY,EAAE,CAAC;QACjB,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,GAAG,eAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YAC7B,YAAY,EAAE,CAAC;QACjB,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,eAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC,CAAC;QAC1C,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAC/E,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,GAAG,CAAC,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,CAAC,MAAM,GAAG,YAAY,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAChB,OAAO,CAAC,GAAG,CAAC,UAAU,YAAY,IAAI,KAAK,yBAAyB,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC"}

package/dist/commands/login/sso.d.ts

@@ -0,0 +1,17 @@
+import { ServiceResult, LoginOptions } from './types';
+/**
+ * Authenticate to AWS SSO using the AWS CLI
+ *
+ * @param profile - AWS profile name to authenticate with
+ * @param options - Login command options
+ * @returns ServiceResult indicating success/failure
+ */
+export declare function authenticateSSO(profile: string, options: LoginOptions): Promise<ServiceResult>;
+/**
+ * Check if SSO session is valid for the given profile
+ *
+ * @param profile - AWS profile name to check
+ * @returns true if session is valid, false otherwise
+ */
+export declare function checkSSOSession(profile: string): Promise<boolean>;
+//# sourceMappingURL=sso.d.ts.map

package/dist/commands/login/sso.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso.d.ts","sourceRoot":"","sources":["../../../src/commands/login/sso.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAKtD;;;;;;GAMG;AACH,wBAAsB,eAAe,CACnC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,aAAa,CAAC,CA2DxB;AAED;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAevE"}

package/dist/commands/login/sso.js

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authenticateSSO = authenticateSSO;
+exports.checkSSOSession = checkSSOSession;
+const child_process_1 = require("child_process");
+const utils_1 = require("./utils");
+const SSO_TIMEOUT_MS = 60000; // 60 seconds for browser interaction
+/**
+ * Authenticate to AWS SSO using the AWS CLI
+ *
+ * @param profile - AWS profile name to authenticate with
+ * @param options - Login command options
+ * @returns ServiceResult indicating success/failure
+ */
+async function authenticateSSO(profile, options) {
+    // Validate profile name to prevent injection
+    (0, utils_1.validateProfileName)(profile);
+    if (options.verbose) {
+        console.log(`  [verbose] Running: aws sso login --profile ${profile}`);
+    }
+    const result = (0, child_process_1.spawnSync)('aws', ['sso', 'login', '--profile', profile], {
+        shell: false,
+        timeout: SSO_TIMEOUT_MS,
+        maxBuffer: 1024 * 1024,
+        stdio: ['inherit', 'pipe', 'pipe'], // inherit stdin for browser interaction
+        env: {
+            ...(0, utils_1.getSubprocessEnv)(),
+            AWS_PROFILE: profile,
+        },
+    });
+    if (result.error) {
+        // Handle spawn errors (command not found, timeout, etc.)
+        if (result.error.message.includes('ENOENT')) {
+            throw new Error('AWS CLI not found. Please install AWS CLI v2: https://aws.amazon.com/cli/');
+        }
+        if (result.error.message.includes('ETIMEDOUT')) {
+            throw new Error('SSO login timed out. Please try again.');
+        }
+        throw new Error((0, utils_1.sanitizeOutput)(result.error.message));
+    }
+    if (result.status !== 0) {
+        const stderr = result.stderr?.toString() || '';
+        const stdout = result.stdout?.toString() || '';
+        // Parse common error conditions
+        if (stderr.includes('profile') && stderr.includes('not found')) {
+            throw new Error(`Profile '${profile}' not found. Run: aws configure list-profiles`);
+        }
+        if (stderr.includes('Token has expired')) {
+            throw new Error('SSO session expired. Browser authentication required.');
+        }
+        if (stderr.includes('No SSO configuration')) {
+            throw new Error(`Profile '${profile}' is not configured for SSO. Check ~/.aws/config`);
+        }
+        // Generic error with sanitized output
+        const errorOutput = (0, utils_1.sanitizeOutput)(stderr || stdout || 'Unknown error');
+        throw new Error(`SSO login failed: ${errorOutput}`);
+    }
+    if (options.verbose) {
+        console.log('  [verbose] SSO authentication successful');
+    }
+    return {
+        success: true,
+        skipped: false,
+        duration: 0, // Will be set by caller
+    };
+}
+/**
+ * Check if SSO session is valid for the given profile
+ *
+ * @param profile - AWS profile name to check
+ * @returns true if session is valid, false otherwise
+ */
+async function checkSSOSession(profile) {
+    (0, utils_1.validateProfileName)(profile);
+    const result = (0, child_process_1.spawnSync)('aws', ['sts', 'get-caller-identity', '--profile', profile], {
+        shell: false,
+        timeout: 10000,
+        maxBuffer: 1024 * 1024,
+        stdio: ['pipe', 'pipe', 'pipe'],
+        env: {
+            ...(0, utils_1.getSubprocessEnv)(),
+            AWS_PROFILE: profile,
+        },
+    });
+    return result.status === 0;
+}
+//# sourceMappingURL=sso.js.map

package/dist/commands/login/sso.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sso.js","sourceRoot":"","sources":["../../../src/commands/login/sso.ts"],"names":[],"mappings":";;AAaA,0CA8DC;AAQD,0CAeC;AAlGD,iDAA0C;AAE1C,mCAAgF;AAEhF,MAAM,cAAc,GAAG,KAAK,CAAC,CAAC,qCAAqC;AAEnE;;;;;;GAMG;AACI,KAAK,UAAU,eAAe,CACnC,OAAe,EACf,OAAqB;IAErB,6CAA6C;IAC7C,IAAA,2BAAmB,EAAC,OAAO,CAAC,CAAC;IAE7B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,gDAAgD,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAS,EAAC,KAAK,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE;QACtE,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,cAAc;QACvB,SAAS,EAAE,IAAI,GAAG,IAAI;QACtB,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,wCAAwC;QAC5E,GAAG,EAAE;YACH,GAAG,IAAA,wBAAgB,GAAE;YACrB,WAAW,EAAE,OAAO;SACrB;KACF,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,yDAAyD;QACzD,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,IAAA,sBAAc,EAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAE/C,gCAAgC;QAChC,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,YAAY,OAAO,+CAA+C,CAAC,CAAC;QACtF,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,YAAY,OAAO,kDAAkD,CAAC,CAAC;QACzF,CAAC;QAED,sCAAsC;QACtC,MAAM,WAAW,GAAG,IAAA,sBAAc,EAAC,MAAM,IAAI,MAAM,IAAI,eAAe,CAAC,CAAC;QACxE,MAAM,IAAI,KAAK,CAAC,qBAAqB,WAAW,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO;QACL,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,KAAK;QACd,QAAQ,EAAE,CAAC,EAAE,wBAAwB;KACtC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,eAAe,CAAC,OAAe;IACnD,IAAA,2BAAmB,EAAC,OAAO,CAAC,CAAC;IAE7B,MAAM,MAAM,GAAG,IAAA,yBAAS,EAAC,KAAK,EAAE,CAAC,KAAK,EAAE,qBAAqB,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE;QACpF,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,KAAK;QACd,SAAS,EAAE,IAAI,GAAG,IAAI;QACtB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;QAC/B,GAAG,EAAE;YACH,GAAG,IAAA,wBAAgB,GAAE;YACrB,WAAW,EAAE,OAAO;SACrB;KACF,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC;AAC7B,CAAC"}

package/dist/commands/login/types.d.ts

@@ -0,0 +1,100 @@
+/**
+ * Data Models for Full Login Feature
+ *
+ * Defines TypeScript interfaces for the Padua CLI login workflow including:
+ * - Configuration schema (padua.config.json)
+ * - Authentication service results
+ * - Login command outcomes
+ * - CLI command options
+ */
+/**
+ * PaduaConfig - Main configuration object persisted to padua.config.json
+ */
+export interface PaduaConfig {
+    /** Default AWS SSO profile to use if not specified via CLI flag */
+    defaultProfile?: string;
+    /** Default AWS region for all service operations (default: "us-east-1") */
+    region?: string;
+    /** CodeArtifact repository configuration for npm authentication */
+    codeartifact?: CodeArtifactConfig;
+    /** ECR registry configuration for Docker authentication */
+    ecr?: EcrConfig;
+}
+/**
+ * CodeArtifactConfig - Configuration for AWS CodeArtifact npm repository access
+ */
+export interface CodeArtifactConfig {
+    /** CodeArtifact domain name (1-127 chars, alphanumeric with hyphens) */
+    domain: string;
+    /** AWS account ID owning the CodeArtifact domain (12-digit) */
+    domainOwner: string;
+    /** Repository name within the CodeArtifact domain */
+    repository: string;
+}
+/**
+ * EcrConfig - Configuration for AWS ECR Docker registry access
+ */
+export interface EcrConfig {
+    /** AWS account ID containing the ECR registry (12-digit) */
+    accountId: string;
+    /** AWS region containing the ECR registry */
+    region: string;
+}
+/**
+ * ServiceResult - Outcome of authenticating to a single service
+ */
+export interface ServiceResult {
+    /** Whether authentication succeeded */
+    success: boolean;
+    /** Whether this service was skipped (not attempted) */
+    skipped: boolean;
+    /** Error message if authentication failed */
+    error?: string;
+    /** Time in milliseconds for this authentication operation */
+    duration: number;
+}
+/**
+ * LoginResult - Aggregated outcome of the full login operation
+ */
+export interface LoginResult {
+    /** AWS SSO authentication result */
+    sso: ServiceResult;
+    /** CodeArtifact npm repository authentication result */
+    codeartifact: ServiceResult;
+    /** ECR Docker registry authentication result */
+    ecr: ServiceResult;
+}
+/**
+ * LoginOptions - Command-line options and flags for `padua login`
+ */
+export interface LoginOptions {
+    /** AWS SSO profile to authenticate with */
+    profile?: string;
+    /** Authenticate to SSO only, skip CodeArtifact and ECR */
+    ssoOnly?: boolean;
+    /** Disable colored output in terminal */
+    noColor?: boolean;
+    /** Suppress all output except errors */
+    quiet?: boolean;
+    /** Enable verbose output with debugging information */
+    verbose?: boolean;
+}
+/** Check if a value is a valid AWS account ID (12-digit string) */
+export declare function isValidAccountId(value: string): boolean;
+/** Check if a value is a valid AWS region code */
+export declare function isValidRegion(value: string): boolean;
+/** Check if a value is a valid profile name (alphanumeric, hyphens, underscores) */
+export declare function isValidProfileName(value: string): boolean;
+/** Check if a value is a valid domain name (alphanumeric, hyphens) */
+export declare function isValidDomainName(value: string): boolean;
+/** Check if a value is a valid repository name (lowercase alphanumeric, hyphens) */
+export declare function isValidRepositoryName(value: string): boolean;
+/** Check if configuration has CodeArtifact configured */
+export declare function hasCodeArtifactConfig(config: PaduaConfig): boolean;
+/** Check if configuration has ECR configured */
+export declare function hasEcrConfig(config: PaduaConfig): boolean;
+/** Get the effective profile to use (preference order: options, config, default) */
+export declare function getEffectiveProfile(options: LoginOptions, config?: PaduaConfig): string;
+/** Get the effective region to use (preference order: config, default) */
+export declare function getEffectiveRegion(config?: PaduaConfig): string;
+//# sourceMappingURL=types.d.ts.map

package/dist/commands/login/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/commands/login/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,mEAAmE;IACnE,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,2EAA2E;IAC3E,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,mEAAmE;IACnE,YAAY,CAAC,EAAE,kBAAkB,CAAC;IAElC,2DAA2D;IAC3D,GAAG,CAAC,EAAE,SAAS,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,wEAAwE;IACxE,MAAM,EAAE,MAAM,CAAC;IAEf,+DAA+D;IAC/D,WAAW,EAAE,MAAM,CAAC;IAEpB,qDAAqD;IACrD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,4DAA4D;IAC5D,SAAS,EAAE,MAAM,CAAC;IAElB,6CAA6C;IAC7C,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IAEjB,uDAAuD;IACvD,OAAO,EAAE,OAAO,CAAC;IAEjB,6CAA6C;IAC7C,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf,6DAA6D;IAC7D,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,oCAAoC;IACpC,GAAG,EAAE,aAAa,CAAC;IAEnB,wDAAwD;IACxD,YAAY,EAAE,aAAa,CAAC;IAE5B,gDAAgD;IAChD,GAAG,EAAE,aAAa,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,0DAA0D;IAC1D,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,yCAAyC;IACzC,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB,wCAAwC;IACxC,KAAK,CAAC,EAAE,OAAO,CAAC;IAEhB,uDAAuD;IACvD,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAID,mEAAmE;AACnE,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED,kDAAkD;AAClD,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAapD;AAED,oFAAoF;AACpF,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAEzD;AAED,sEAAsE;AACtE,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAExD;AAED,oFAAoF;AACpF,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAE5D;AAED,yDAAyD;AACzD,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAElE;AAED,gDAAgD;AAChD,wBAAgB,YAAY,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAEzD;AAED,oFAAoF;AACpF,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,WAAW,GAAG,MAAM,CAEvF;AAED,0EAA0E;AAC1E,wBAAgB,kBAAkB,CAAC,MAAM,CAAC,EAAE,WAAW,GAAG,MAAM,CAE/D"}

package/dist/commands/login/types.js

@@ -0,0 +1,69 @@
+"use strict";
+/**
+ * Data Models for Full Login Feature
+ *
+ * Defines TypeScript interfaces for the Padua CLI login workflow including:
+ * - Configuration schema (padua.config.json)
+ * - Authentication service results
+ * - Login command outcomes
+ * - CLI command options
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isValidAccountId = isValidAccountId;
+exports.isValidRegion = isValidRegion;
+exports.isValidProfileName = isValidProfileName;
+exports.isValidDomainName = isValidDomainName;
+exports.isValidRepositoryName = isValidRepositoryName;
+exports.hasCodeArtifactConfig = hasCodeArtifactConfig;
+exports.hasEcrConfig = hasEcrConfig;
+exports.getEffectiveProfile = getEffectiveProfile;
+exports.getEffectiveRegion = getEffectiveRegion;
+// Type Guards
+/** Check if a value is a valid AWS account ID (12-digit string) */
+function isValidAccountId(value) {
+    return /^\d{12}$/.test(value);
+}
+/** Check if a value is a valid AWS region code */
+function isValidRegion(value) {
+    const validRegions = [
+        'us-east-1', 'us-east-2', 'us-west-1', 'us-west-2',
+        'eu-west-1', 'eu-west-2', 'eu-west-3', 'eu-central-1', 'eu-north-1',
+        'ap-northeast-1', 'ap-northeast-2', 'ap-northeast-3',
+        'ap-southeast-1', 'ap-southeast-2',
+        'ap-south-1',
+        'ca-central-1',
+        'sa-east-1',
+        'af-south-1',
+        'me-south-1',
+    ];
+    return validRegions.includes(value);
+}
+/** Check if a value is a valid profile name (alphanumeric, hyphens, underscores) */
+function isValidProfileName(value) {
+    return /^[a-zA-Z0-9\-_]{1,128}$/.test(value);
+}
+/** Check if a value is a valid domain name (alphanumeric, hyphens) */
+function isValidDomainName(value) {
+    return /^[a-z0-9\-]{1,127}$/.test(value) && !value.startsWith('-') && !value.endsWith('-');
+}
+/** Check if a value is a valid repository name (lowercase alphanumeric, hyphens) */
+function isValidRepositoryName(value) {
+    return /^[a-z0-9\-]{1,100}$/.test(value) && !value.startsWith('-') && !value.endsWith('-');
+}
+/** Check if configuration has CodeArtifact configured */
+function hasCodeArtifactConfig(config) {
+    return !!(config.codeartifact?.domain && config.codeartifact?.domainOwner && config.codeartifact?.repository);
+}
+/** Check if configuration has ECR configured */
+function hasEcrConfig(config) {
+    return !!(config.ecr?.accountId && config.ecr?.region);
+}
+/** Get the effective profile to use (preference order: options, config, default) */
+function getEffectiveProfile(options, config) {
+    return options.profile || config?.defaultProfile || 'default';
+}
+/** Get the effective region to use (preference order: config, default) */
+function getEffectiveRegion(config) {
+    return config?.region || 'us-east-1';
+}
+//# sourceMappingURL=types.js.map

package/dist/commands/login/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/commands/login/types.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;AAkGH,4CAEC;AAGD,sCAaC;AAGD,gDAEC;AAGD,8CAEC;AAGD,sDAEC;AAGD,sDAEC;AAGD,oCAEC;AAGD,kDAEC;AAGD,gDAEC;AAxDD,cAAc;AAEd,mEAAmE;AACnE,SAAgB,gBAAgB,CAAC,KAAa;IAC5C,OAAO,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC;AAED,kDAAkD;AAClD,SAAgB,aAAa,CAAC,KAAa;IACzC,MAAM,YAAY,GAAG;QACnB,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW;QAClD,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,cAAc,EAAE,YAAY;QACnE,gBAAgB,EAAE,gBAAgB,EAAE,gBAAgB;QACpD,gBAAgB,EAAE,gBAAgB;QAClC,YAAY;QACZ,cAAc;QACd,WAAW;QACX,YAAY;QACZ,YAAY;KACb,CAAC;IACF,OAAO,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACtC,CAAC;AAED,oFAAoF;AACpF,SAAgB,kBAAkB,CAAC,KAAa;IAC9C,OAAO,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC/C,CAAC;AAED,sEAAsE;AACtE,SAAgB,iBAAiB,CAAC,KAAa;IAC7C,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC7F,CAAC;AAED,oFAAoF;AACpF,SAAgB,qBAAqB,CAAC,KAAa;IACjD,OAAO,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC7F,CAAC;AAED,yDAAyD;AACzD,SAAgB,qBAAqB,CAAC,MAAmB;IACvD,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,IAAI,MAAM,CAAC,YAAY,EAAE,WAAW,IAAI,MAAM,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;AAChH,CAAC;AAED,gDAAgD;AAChD,SAAgB,YAAY,CAAC,MAAmB;IAC9C,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,SAAS,IAAI,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;AACzD,CAAC;AAED,oFAAoF;AACpF,SAAgB,mBAAmB,CAAC,OAAqB,EAAE,MAAoB;IAC7E,OAAO,OAAO,CAAC,OAAO,IAAI,MAAM,EAAE,cAAc,IAAI,SAAS,CAAC;AAChE,CAAC;AAED,0EAA0E;AAC1E,SAAgB,kBAAkB,CAAC,MAAoB;IACrD,OAAO,MAAM,EAAE,MAAM,IAAI,WAAW,CAAC;AACvC,CAAC"}

package/dist/commands/login/utils.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Validate profile name before using in subprocess
+ * Throws if invalid to prevent injection attacks
+ */
+export declare function validateProfileName(profile: string): void;
+/**
+ * Sanitize tokens and credentials from output
+ * Removes AWS access keys, session tokens, and other sensitive data
+ */
+export declare function sanitizeOutput(output: string): string;
+/**
+ * Sanitize error messages before displaying to user
+ */
+export declare function sanitizeErrorMessage(error: string): string;
+/**
+ * Get environment variables safe to pass to subprocesses
+ * Only passes necessary variables to minimize exposure
+ */
+export declare function getSubprocessEnv(): NodeJS.ProcessEnv;
+/**
+ * Format duration in milliseconds to human readable string
+ */
+export declare function formatDuration(ms: number): string;
+//# sourceMappingURL=utils.d.ts.map

package/dist/commands/login/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/commands/login/utils.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAIzD;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAoBrD;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAAC,UAAU,CAqCpD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM,CAKjD"}

package/dist/commands/login/utils.js

@@ -0,0 +1,93 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateProfileName = validateProfileName;
+exports.sanitizeOutput = sanitizeOutput;
+exports.sanitizeErrorMessage = sanitizeErrorMessage;
+exports.getSubprocessEnv = getSubprocessEnv;
+exports.formatDuration = formatDuration;
+const types_1 = require("./types");
+/**
+ * Validate profile name before using in subprocess
+ * Throws if invalid to prevent injection attacks
+ */
+function validateProfileName(profile) {
+    if (!(0, types_1.isValidProfileName)(profile)) {
+        throw new Error(`Invalid profile name: ${profile}. Profile names must be alphanumeric with hyphens/underscores (1-128 chars).`);
+    }
+}
+/**
+ * Sanitize tokens and credentials from output
+ * Removes AWS access keys, session tokens, and other sensitive data
+ */
+function sanitizeOutput(output) {
+    // Remove AWS access key IDs (AKIA...)
+    let sanitized = output.replace(/AKIA[A-Z0-9]{16}/g, '[REDACTED_ACCESS_KEY]');
+    // Remove AWS secret access keys (40 char base64)
+    sanitized = sanitized.replace(/[A-Za-z0-9/+=]{40}/g, (match) => {
+        // Only redact if it looks like a secret key (contains mixed case and special chars)
+        if (/[A-Z]/.test(match) && /[a-z]/.test(match) && /[/+=]/.test(match)) {
+            return '[REDACTED_SECRET]';
+        }
+        return match;
+    });
+    // Remove session tokens (long base64 strings)
+    sanitized = sanitized.replace(/[A-Za-z0-9/+=]{100,}/g, '[REDACTED_TOKEN]');
+    // Remove password-like patterns after common keywords
+    sanitized = sanitized.replace(/(password|token|secret|credential)[\s:=]+\S+/gi, '$1=[REDACTED]');
+    return sanitized;
+}
+/**
+ * Sanitize error messages before displaying to user
+ */
+function sanitizeErrorMessage(error) {
+    return sanitizeOutput(error);
+}
+/**
+ * Get environment variables safe to pass to subprocesses
+ * Only passes necessary variables to minimize exposure
+ */
+function getSubprocessEnv() {
+    const safeEnv = {};
+    // Whitelist of environment variables to pass
+    const whitelist = [
+        'PATH',
+        'HOME',
+        'USER',
+        'SHELL',
+        'TERM',
+        'AWS_PROFILE',
+        'AWS_DEFAULT_REGION',
+        'AWS_CONFIG_FILE',
+        'AWS_SHARED_CREDENTIALS_FILE',
+        // Required for Windows
+        'SYSTEMROOT',
+        'COMSPEC',
+        'PATHEXT',
+        'APPDATA',
+        'LOCALAPPDATA',
+        'USERPROFILE',
+        'TEMP',
+        'TMP',
+        'HOMEDRIVE',
+        'HOMEPATH',
+        // Required for macOS/Linux
+        'TMPDIR',
+        'XDG_CONFIG_HOME',
+    ];
+    for (const key of whitelist) {
+        if (process.env[key]) {
+            safeEnv[key] = process.env[key];
+        }
+    }
+    return safeEnv;
+}
+/**
+ * Format duration in milliseconds to human readable string
+ */
+function formatDuration(ms) {
+    if (ms < 1000) {
+        return `${ms}ms`;
+    }
+    return `${(ms / 1000).toFixed(1)}s`;
+}
+//# sourceMappingURL=utils.js.map

package/dist/commands/login/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/commands/login/utils.ts"],"names":[],"mappings":";;AAMA,kDAIC;AAMD,wCAoBC;AAKD,oDAEC;AAMD,4CAqCC;AAKD,wCAKC;AAhGD,mCAA6C;AAE7C;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,OAAe;IACjD,IAAI,CAAC,IAAA,0BAAkB,EAAC,OAAO,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,yBAAyB,OAAO,8EAA8E,CAAC,CAAC;IAClI,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,cAAc,CAAC,MAAc;IAC3C,sCAAsC;IACtC,IAAI,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,mBAAmB,EAAE,uBAAuB,CAAC,CAAC;IAE7E,iDAAiD;IACjD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAC,KAAK,EAAE,EAAE;QAC7D,oFAAoF;QACpF,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YACtE,OAAO,mBAAmB,CAAC;QAC7B,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,8CAA8C;IAC9C,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,uBAAuB,EAAE,kBAAkB,CAAC,CAAC;IAE3E,sDAAsD;IACtD,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,gDAAgD,EAAE,eAAe,CAAC,CAAC;IAEjG,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAAC,KAAa;IAChD,OAAO,cAAc,CAAC,KAAK,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,SAAgB,gBAAgB;IAC9B,MAAM,OAAO,GAAsB,EAAE,CAAC;IAEtC,6CAA6C;IAC7C,MAAM,SAAS,GAAG;QAChB,MAAM;QACN,MAAM;QACN,MAAM;QACN,OAAO;QACP,MAAM;QACN,aAAa;QACb,oBAAoB;QACpB,iBAAiB;QACjB,6BAA6B;QAC7B,uBAAuB;QACvB,YAAY;QACZ,SAAS;QACT,SAAS;QACT,SAAS;QACT,cAAc;QACd,aAAa;QACb,MAAM;QACN,KAAK;QACL,WAAW;QACX,UAAU;QACV,2BAA2B;QAC3B,QAAQ;QACR,iBAAiB;KAClB,CAAC;IAEF,KAAK,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;QAC5B,IAAI,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,EAAU;IACvC,IAAI,EAAE,GAAG,IAAI,EAAE,CAAC;QACd,OAAO,GAAG,EAAE,IAAI,CAAC;IACnB,CAAC;IACD,OAAO,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC;AACtC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,14 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const login_1 = require("./commands/login");
+const program = new commander_1.Command();
+program
+    .name('padua')
+    .description('Unified AWS infrastructure management CLI')
+    .version('1.0.0');
+// Register commands
+program.addCommand(login_1.loginCommand);
+program.parse();
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAEA,yCAAoC;AACpC,4CAAgD;AAEhD,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,OAAO,CAAC;KACb,WAAW,CAAC,2CAA2C,CAAC;KACxD,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,oBAAoB;AACpB,OAAO,CAAC,UAAU,CAAC,oBAAY,CAAC,CAAC;AAEjC,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@padua/cli",
+  "version": "1.0.0",
+  "description": "Unified AWS infrastructure management CLI",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "padua": "dist/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node dist/index.js",
+    "lint": "eslint src --ext .ts",
+    "type-check": "tsc --noEmit",
+    "test": "jest",
+    "test:watch": "jest --watch",
+    "test:coverage": "jest --coverage",
+    "prepublishOnly": "npm run build"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "dist"
+  ],
+  "keywords": [
+    "aws",
+    "sso",
+    "cli",
+    "codeartifact",
+    "ecr",
+    "authentication"
+  ],
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "commander": "^12.1.0",
+    "chalk": "^4.1.2"
+  },
+  "devDependencies": {
+    "@types/node": "^20.10.0",
+    "typescript": "^5.3.0",
+    "@typescript-eslint/eslint-plugin": "^6.13.0",
+    "@typescript-eslint/parser": "^6.13.0",
+    "eslint": "^8.55.0",
+    "jest": "^29.7.0",
+    "@types/jest": "^29.5.0",
+    "ts-jest": "^29.1.0"
+  }
+}