npm - @padua/cli - Versions diffs - 1.2.0 → 1.3.0 - Mend

@padua/cli 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/commands/init/aws-profile.d.ts +21 -0
package/dist/commands/init/aws-profile.d.ts.map +1 -1
package/dist/commands/init/aws-profile.js +91 -0
package/dist/commands/init/aws-profile.js.map +1 -1
package/dist/commands/init/index.d.ts +21 -17
package/dist/commands/init/index.d.ts.map +1 -1
package/dist/commands/init/index.js +280 -181
package/dist/commands/init/index.js.map +1 -1
package/dist/commands/init/init.d.ts +24 -0
package/dist/commands/init/init.d.ts.map +1 -1
package/dist/commands/init/init.js +78 -0
package/dist/commands/init/init.js.map +1 -1
package/dist/commands/init/sso-discovery.d.ts +114 -0
package/dist/commands/init/sso-discovery.d.ts.map +1 -0
package/dist/commands/init/sso-discovery.js +363 -0
package/dist/commands/init/sso-discovery.js.map +1 -0
package/dist/commands/status/checks.d.ts.map +1 -1
package/dist/commands/status/checks.js +21 -5
package/dist/commands/status/checks.js.map +1 -1
package/package.json +1 -1

package/dist/commands/init/init.js CHANGED Viewed

@@ -39,8 +39,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.initializeConfig = initializeConfig;
 exports.formatConfigJson = formatConfigJson;
 exports.displayNextSteps = displayNextSteps;
+exports.getPaduaConfigDir = getPaduaConfigDir;
+exports.getPaduaConfigPath = getPaduaConfigPath;
+exports.initializeGlobalConfig = initializeGlobalConfig;
+exports.displayGlobalNextSteps = displayGlobalNextSteps;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const os = __importStar(require("os"));
 const chalk_1 = __importDefault(require("chalk"));
 /**
  * Initialize config by writing to padua.config.json
@@ -120,4 +125,77 @@ function displayNextSteps(config, noColor = false) {
     }
     console.log('');
 }
+/**
+ * Get the padua config directory path (cross-platform)
+ * ~/.padua on Unix, %USERPROFILE%\.padua on Windows
+ */
+function getPaduaConfigDir() {
+    return path.join(os.homedir(), '.padua');
+}
+/**
+ * Get the padua config file path
+ */
+function getPaduaConfigPath() {
+    return path.join(getPaduaConfigDir(), 'padua.config.json');
+}
+/**
+ * Initialize config by writing to ~/.padua/padua.config.json (global config)
+ *
+ * @param config - Configuration object to write
+ * @returns Path to the config file
+ * @throws Error if file write fails
+ */
+async function initializeGlobalConfig(config) {
+    const configDir = getPaduaConfigDir();
+    const configPath = getPaduaConfigPath();
+    // Ensure ~/.padua directory exists
+    if (!fs.existsSync(configDir)) {
+        fs.mkdirSync(configDir, { recursive: true, mode: 0o700 });
+    }
+    try {
+        const formatted = formatConfigJson(config);
+        fs.writeFileSync(configPath, formatted, 'utf-8');
+        fs.chmodSync(configPath, 0o644);
+        return configPath;
+    }
+    catch (error) {
+        const err = error;
+        if (err.code === 'EACCES') {
+            throw new Error('Permission denied. Check directory write permissions.');
+        }
+        else if (err.code === 'ENOSPC') {
+            throw new Error('No disk space available.');
+        }
+        else if (err.code === 'EROFS') {
+            throw new Error('File system is read-only.');
+        }
+        else {
+            throw new Error(`Failed to write config file: ${err.message}`);
+        }
+    }
+}
+/**
+ * Display next steps for global config
+ *
+ * @param configPath - Path where config was saved
+ * @param noColor - Whether to disable colored output
+ */
+function displayGlobalNextSteps(configPath, noColor = false) {
+    console.log('');
+    if (!noColor) {
+        console.log(chalk_1.default.cyan.bold('Next steps:'));
+        console.log(chalk_1.default.gray(`  1. Review configuration:  cat ${configPath}`));
+        console.log(chalk_1.default.gray('  2. Authenticate:          padua login'));
+        console.log(chalk_1.default.gray('  3. Check status:          padua status'));
+        console.log(chalk_1.default.gray('  4. View help:             padua --help'));
+    }
+    else {
+        console.log('Next steps:');
+        console.log(`  1. Review configuration:  cat ${configPath}`);
+        console.log('  2. Authenticate:          padua login');
+        console.log('  3. Check status:          padua status');
+        console.log('  4. View help:             padua --help');
+    }
+    console.log('');
+}
 //# sourceMappingURL=init.js.map

package/dist/commands/init/init.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"init.js","sourceRoot":"","sources":["../../../src/commands/init/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;~~AAYA~~,4CA0BC;AAQD,4CAkBC;AAQD,4CAgBC;~~AAxFD~~,uCAAyB;AACzB,2CAA6B;AAC7B,kDAA0B;AAG1B;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB,CAAC,MAAmB,EAAE,UAAmB;IAC7E,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,mBAAmB,CAAC,CAAC;IAEjE,IAAI,CAAC;QACH,uCAAuC;QACvC,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAE3C,gBAAgB;QAChB,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAEjD,kCAAkC;QAClC,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,+DAA+D;QAC/D,MAAM,GAAG,GAAG,KAA8B,CAAC;QAE3C,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,MAAmB;IAClD,4DAA4D;IAC5D,MAAM,OAAO,GAAgB;QAC3B,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC;IAEF,gDAAgD;IAChD,IAAI,MAAM,CAAC,YAAY,EAAE,MAAM,IAAI,MAAM,CAAC,YAAY,EAAE,WAAW,IAAI,MAAM,CAAC,YAAY,EAAE,UAAU,EAAE,CAAC;QACvG,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;IAC7C,CAAC;IAED,uCAAuC;IACvC,IAAI,MAAM,CAAC,GAAG,EAAE,SAAS,IAAI,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC;QAChD,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;IAC3B,CAAC;IAED,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,MAAmB,EAAE,UAAmB,KAAK;IAC5E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC,CAAC;IACvE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC"}
1	+ {"version":3,"file":"init.js","sourceRoot":"","sources":["../../../src/commands/init/init.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAaA,4CA0BC;AAQD,4CAkBC;AAQD,4CAgBC;AAMD,8CAEC;AAKD,gDAEC;AASD,wDA0BC;AAQD,wDAkBC;AArKD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AACzB,kDAA0B;AAG1B;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB,CAAC,MAAmB,EAAE,UAAmB;IAC7E,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,mBAAmB,CAAC,CAAC;IAEjE,IAAI,CAAC;QACH,uCAAuC;QACvC,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAE3C,gBAAgB;QAChB,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAEjD,kCAAkC;QAClC,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,+DAA+D;QAC/D,MAAM,GAAG,GAAG,KAA8B,CAAC;QAE3C,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,MAAmB;IAClD,4DAA4D;IAC5D,MAAM,OAAO,GAAgB;QAC3B,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC;IAEF,gDAAgD;IAChD,IAAI,MAAM,CAAC,YAAY,EAAE,MAAM,IAAI,MAAM,CAAC,YAAY,EAAE,WAAW,IAAI,MAAM,CAAC,YAAY,EAAE,UAAU,EAAE,CAAC;QACvG,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;IAC7C,CAAC;IAED,uCAAuC;IACvC,IAAI,MAAM,CAAC,GAAG,EAAE,SAAS,IAAI,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC;QAChD,OAAO,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;IAC3B,CAAC;IAED,OAAO,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,MAAmB,EAAE,UAAmB,KAAK;IAC5E,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC,CAAC;QAC7E,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC,CAAC;IACvE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,SAAgB,iBAAiB;IAC/B,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,mBAAmB,CAAC,CAAC;AAC7D,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,sBAAsB,CAAC,MAAmB;IAC9D,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;IACtC,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IAExC,mCAAmC;IACnC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9B,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5D,CAAC;IAED,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAC3C,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QACjD,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QAChC,OAAO,UAAU,CAAC;IACpB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,KAA8B,CAAC;QAC3C,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC9C,CAAC;aAAM,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,UAAkB,EAAE,UAAmB,KAAK;IACjF,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAEhB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QAC5C,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,mCAAmC,UAAU,EAAE,CAAC,CAAC,CAAC;QACzE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC,CAAC;QACnE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC,CAAC;QACpE,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC,CAAC;IACtE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,mCAAmC,UAAU,EAAE,CAAC,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;QACxD,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;AAClB,CAAC"}

package/dist/commands/init/sso-discovery.d.ts ADDED Viewed

@@ -0,0 +1,114 @@
+/**
+ * SSO Session configuration for ~/.aws/config
+ */
+export interface SSOSessionConfig {
+    sessionName: string;
+    startUrl: string;
+    region: string;
+    registrationScopes: string;
+}
+/**
+ * AWS Account information from SSO
+ */
+export interface SSOAccount {
+    accountId: string;
+    accountName: string;
+    emailAddress?: string;
+}
+/**
+ * AWS Role information from SSO
+ */
+export interface SSORole {
+    roleName: string;
+    accountId: string;
+}
+/**
+ * Combined account with roles
+ */
+export interface AccountWithRoles {
+    account: SSOAccount;
+    roles: SSORole[];
+}
+/**
+ * Profile to be created
+ */
+export interface ProfileConfig {
+    name: string;
+    accountId: string;
+    roleName: string;
+}
+/**
+ * Padua SSO defaults
+ */
+export declare const PADUA_SSO_DEFAULTS: {
+    sessionName: string;
+    startUrl: string;
+    region: string;
+    registrationScopes: string;
+};
+/**
+ * Padua CodeArtifact defaults (hardcoded)
+ */
+export declare const PADUA_CODEARTIFACT_DEFAULTS: {
+    domain: string;
+    domainOwner: string;
+    repository: string;
+};
+/**
+ * Padua ECR defaults (hardcoded)
+ */
+export declare const PADUA_ECR_DEFAULTS: {
+    accountId: string;
+    region: string;
+};
+/**
+ * Get cached SSO access token if valid
+ */
+export declare function getCachedAccessToken(startUrl: string): string | null;
+/**
+ * Register OIDC client with SSO
+ */
+export declare function registerSSOClient(startUrl: string, region: string): Promise<{
+    clientId: string;
+    clientSecret: string;
+}>;
+/**
+ * Start device authorization flow
+ */
+export declare function startDeviceAuthorization(clientId: string, clientSecret: string, startUrl: string, region: string): Promise<{
+    deviceCode: string;
+    userCode: string;
+    verificationUri: string;
+    expiresIn: number;
+}>;
+/**
+ * Poll for access token after user authorization
+ */
+export declare function pollForToken(clientId: string, clientSecret: string, deviceCode: string, region: string, expiresIn: number): Promise<string>;
+/**
+ * Authenticate with SSO and get access token
+ * Uses cached token if valid, otherwise initiates device authorization flow
+ */
+export declare function authenticateSSO(startUrl?: string, region?: string, onBrowserOpen?: (url: string, userCode: string) => void): Promise<string>;
+/**
+ * List all AWS accounts the user has access to via SSO
+ */
+export declare function listSSOAccounts(accessToken: string, region?: string): Promise<SSOAccount[]>;
+/**
+ * List all roles for a specific account
+ */
+export declare function listAccountRoles(accessToken: string, accountId: string, region?: string): Promise<SSORole[]>;
+/**
+ * Discover all accounts and roles the user has access to
+ */
+export declare function discoverAccountsAndRoles(accessToken: string, region?: string): Promise<AccountWithRoles[]>;
+/**
+ * Generate profile name from account name
+ * Converts to lowercase, replaces spaces/special chars with hyphens
+ */
+export declare function generateProfileName(accountName: string): string;
+/**
+ * Build profile configurations from discovered accounts and roles
+ */
+export declare function buildProfileConfigs(accountsWithRoles: AccountWithRoles[], selectedRole?: string): ProfileConfig[];
+//# sourceMappingURL=sso-discovery.d.ts.map

package/dist/commands/init/sso-discovery.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sso-discovery.d.ts","sourceRoot":"","sources":["../../../src/commands/init/sso-discovery.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,UAAU,CAAC;IACpB,KAAK,EAAE,OAAO,EAAE,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;;;CAK9B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,2BAA2B;;;;CAIvC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB;;;CAG9B,CAAC;AAIF;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAgCpE;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CAgCrD;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,eAAe,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,CA+B/F;AASD;;GAEG;AACH,wBAAsB,YAAY,CAChC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC,CAkDjB;AAED;;;GAGG;AACH,wBAAsB,eAAe,CACnC,QAAQ,GAAE,MAAoC,EAC9C,MAAM,GAAE,MAAkC,EAC1C,aAAa,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,IAAI,GACtD,OAAO,CAAC,MAAM,CAAC,CA6BjB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,WAAW,EAAE,MAAM,EACnB,MAAM,GAAE,MAAkC,GACzC,OAAO,CAAC,UAAU,EAAE,CAAC,CA6CvB;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,EACjB,MAAM,GAAE,MAAkC,GACzC,OAAO,CAAC,OAAO,EAAE,CAAC,CA0CpB;AAED;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,WAAW,EAAE,MAAM,EACnB,MAAM,GAAE,MAAkC,GACzC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAa7B;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAM/D;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,iBAAiB,EAAE,gBAAgB,EAAE,EACrC,YAAY,CAAC,EAAE,MAAM,GACpB,aAAa,EAAE,CAoBjB"}

package/dist/commands/init/sso-discovery.js ADDED Viewed

@@ -0,0 +1,363 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PADUA_ECR_DEFAULTS = exports.PADUA_CODEARTIFACT_DEFAULTS = exports.PADUA_SSO_DEFAULTS = void 0;
+exports.getCachedAccessToken = getCachedAccessToken;
+exports.registerSSOClient = registerSSOClient;
+exports.startDeviceAuthorization = startDeviceAuthorization;
+exports.pollForToken = pollForToken;
+exports.authenticateSSO = authenticateSSO;
+exports.listSSOAccounts = listSSOAccounts;
+exports.listAccountRoles = listAccountRoles;
+exports.discoverAccountsAndRoles = discoverAccountsAndRoles;
+exports.generateProfileName = generateProfileName;
+exports.buildProfileConfigs = buildProfileConfigs;
+const child_process_1 = require("child_process");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+/**
+ * Padua SSO defaults
+ */
+exports.PADUA_SSO_DEFAULTS = {
+    sessionName: 'padua',
+    startUrl: 'https://paduasolutions.awsapps.com/start',
+    region: 'ap-southeast-2',
+    registrationScopes: 'sso:account:access',
+};
+/**
+ * Padua CodeArtifact defaults (hardcoded)
+ */
+exports.PADUA_CODEARTIFACT_DEFAULTS = {
+    domain: 'paduafg',
+    domainOwner: '361485743373',
+    repository: 'paduafg',
+};
+/**
+ * Padua ECR defaults (hardcoded)
+ */
+exports.PADUA_ECR_DEFAULTS = {
+    accountId: '361485743373',
+    region: 'ap-southeast-2',
+};
+const SSO_CACHE_DIR = path.join(os.homedir(), '.aws', 'sso', 'cache');
+/**
+ * Get cached SSO access token if valid
+ */
+function getCachedAccessToken(startUrl) {
+    try {
+        if (!fs.existsSync(SSO_CACHE_DIR)) {
+            return null;
+        }
+        const cacheFiles = fs.readdirSync(SSO_CACHE_DIR).filter(f => f.endsWith('.json'));
+        for (const file of cacheFiles) {
+            try {
+                const filePath = path.join(SSO_CACHE_DIR, file);
+                const content = fs.readFileSync(filePath, 'utf-8');
+                const cached = JSON.parse(content);
+                // Check if this cache is for our SSO start URL
+                if (cached.startUrl === startUrl && cached.accessToken) {
+                    // Check if token is expired
+                    const expiresAt = new Date(cached.expiresAt);
+                    if (expiresAt > new Date()) {
+                        return cached.accessToken;
+                    }
+                }
+            }
+            catch {
+                // Skip invalid cache files
+                continue;
+            }
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Register OIDC client with SSO
+ */
+async function registerSSOClient(startUrl, region) {
+    const result = (0, child_process_1.spawnSync)('aws', [
+        'sso-oidc', 'register-client',
+        '--client-name', 'padua-cli',
+        '--client-type', 'public',
+        '--scopes', 'sso:account:access',
+        '--region', region,
+        '--output', 'json',
+    ], {
+        shell: false,
+        timeout: 30000,
+        maxBuffer: 1024 * 1024,
+        stdio: ['pipe', 'pipe', 'pipe'],
+    });
+    if (result.error || result.status !== 0) {
+        const stderr = result.stderr?.toString() || '';
+        if (stderr.includes('ENOENT')) {
+            throw new Error('AWS CLI not found. Please install AWS CLI v2: https://aws.amazon.com/cli/');
+        }
+        throw new Error(`Failed to register SSO client: ${stderr}`);
+    }
+    const output = JSON.parse(result.stdout.toString());
+    return {
+        clientId: output.clientId,
+        clientSecret: output.clientSecret,
+    };
+}
+/**
+ * Start device authorization flow
+ */
+async function startDeviceAuthorization(clientId, clientSecret, startUrl, region) {
+    const result = (0, child_process_1.spawnSync)('aws', [
+        'sso-oidc', 'start-device-authorization',
+        '--client-id', clientId,
+        '--client-secret', clientSecret,
+        '--start-url', startUrl,
+        '--region', region,
+        '--output', 'json',
+    ], {
+        shell: false,
+        timeout: 30000,
+        maxBuffer: 1024 * 1024,
+        stdio: ['pipe', 'pipe', 'pipe'],
+    });
+    if (result.error || result.status !== 0) {
+        const stderr = result.stderr?.toString() || '';
+        throw new Error(`Failed to start device authorization: ${stderr}`);
+    }
+    const output = JSON.parse(result.stdout.toString());
+    return {
+        deviceCode: output.deviceCode,
+        userCode: output.userCode,
+        verificationUri: output.verificationUriComplete || output.verificationUri,
+        expiresIn: output.expiresIn,
+    };
+}
+/**
+ * Sleep helper
+ */
+function sleep(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+}
+/**
+ * Poll for access token after user authorization
+ */
+async function pollForToken(clientId, clientSecret, deviceCode, region, expiresIn) {
+    const pollInterval = 5000; // 5 seconds
+    const maxAttempts = Math.floor((expiresIn * 1000) / pollInterval);
+    for (let attempt = 0; attempt < maxAttempts; attempt++) {
+        const result = (0, child_process_1.spawnSync)('aws', [
+            'sso-oidc', 'create-token',
+            '--client-id', clientId,
+            '--client-secret', clientSecret,
+            '--grant-type', 'urn:ietf:params:oauth:grant-type:device_code',
+            '--device-code', deviceCode,
+            '--region', region,
+            '--output', 'json',
+        ], {
+            shell: false,
+            timeout: 30000,
+            maxBuffer: 1024 * 1024,
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        if (result.status === 0) {
+            const output = JSON.parse(result.stdout.toString());
+            return output.accessToken;
+        }
+        const stderr = result.stderr?.toString() || '';
+        if (stderr.includes('AuthorizationPendingException') || stderr.includes('authorization_pending')) {
+            // User hasn't authorized yet, wait and retry
+            await sleep(pollInterval);
+            continue;
+        }
+        if (stderr.includes('SlowDownException') || stderr.includes('slow_down')) {
+            // Rate limited, wait longer
+            await sleep(pollInterval * 2);
+            continue;
+        }
+        if (stderr.includes('ExpiredTokenException') || stderr.includes('expired_token')) {
+            throw new Error('Authorization expired. Please try again.');
+        }
+        throw new Error(`Failed to get access token: ${stderr}`);
+    }
+    throw new Error('Authorization timed out. Please try again.');
+}
+/**
+ * Authenticate with SSO and get access token
+ * Uses cached token if valid, otherwise initiates device authorization flow
+ */
+async function authenticateSSO(startUrl = exports.PADUA_SSO_DEFAULTS.startUrl, region = exports.PADUA_SSO_DEFAULTS.region, onBrowserOpen) {
+    // Check for cached valid token first
+    const cachedToken = getCachedAccessToken(startUrl);
+    if (cachedToken) {
+        return cachedToken;
+    }
+    // No valid cached token, start device authorization flow
+    const client = await registerSSOClient(startUrl, region);
+    const auth = await startDeviceAuthorization(client.clientId, client.clientSecret, startUrl, region);
+    // Notify caller to open browser
+    if (onBrowserOpen) {
+        onBrowserOpen(auth.verificationUri, auth.userCode);
+    }
+    // Poll for token
+    return pollForToken(client.clientId, client.clientSecret, auth.deviceCode, region, auth.expiresIn);
+}
+/**
+ * List all AWS accounts the user has access to via SSO
+ */
+async function listSSOAccounts(accessToken, region = exports.PADUA_SSO_DEFAULTS.region) {
+    const accounts = [];
+    let nextToken;
+    do {
+        const args = [
+            'sso', 'list-accounts',
+            '--access-token', accessToken,
+            '--region', region,
+            '--output', 'json',
+        ];
+        if (nextToken) {
+            args.push('--starting-token', nextToken);
+        }
+        const result = (0, child_process_1.spawnSync)('aws', args, {
+            shell: false,
+            timeout: 30000,
+            maxBuffer: 1024 * 1024,
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        if (result.error || result.status !== 0) {
+            const stderr = result.stderr?.toString() || '';
+            if (stderr.includes('UnauthorizedException') || stderr.includes('Token is invalid')) {
+                throw new Error('SSO session expired. Please authenticate again.');
+            }
+            throw new Error(`Failed to list SSO accounts: ${stderr}`);
+        }
+        const output = JSON.parse(result.stdout.toString());
+        for (const account of output.accountList || []) {
+            accounts.push({
+                accountId: account.accountId,
+                accountName: account.accountName,
+                emailAddress: account.emailAddress,
+            });
+        }
+        nextToken = output.nextToken;
+    } while (nextToken);
+    return accounts;
+}
+/**
+ * List all roles for a specific account
+ */
+async function listAccountRoles(accessToken, accountId, region = exports.PADUA_SSO_DEFAULTS.region) {
+    const roles = [];
+    let nextToken;
+    do {
+        const args = [
+            'sso', 'list-account-roles',
+            '--access-token', accessToken,
+            '--account-id', accountId,
+            '--region', region,
+            '--output', 'json',
+        ];
+        if (nextToken) {
+            args.push('--starting-token', nextToken);
+        }
+        const result = (0, child_process_1.spawnSync)('aws', args, {
+            shell: false,
+            timeout: 30000,
+            maxBuffer: 1024 * 1024,
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        if (result.error || result.status !== 0) {
+            const stderr = result.stderr?.toString() || '';
+            throw new Error(`Failed to list account roles: ${stderr}`);
+        }
+        const output = JSON.parse(result.stdout.toString());
+        for (const role of output.roleList || []) {
+            roles.push({
+                roleName: role.roleName,
+                accountId: accountId,
+            });
+        }
+        nextToken = output.nextToken;
+    } while (nextToken);
+    return roles;
+}
+/**
+ * Discover all accounts and roles the user has access to
+ */
+async function discoverAccountsAndRoles(accessToken, region = exports.PADUA_SSO_DEFAULTS.region) {
+    const accounts = await listSSOAccounts(accessToken, region);
+    const result = [];
+    for (const account of accounts) {
+        const roles = await listAccountRoles(accessToken, account.accountId, region);
+        result.push({ account, roles });
+    }
+    // Sort by account name for consistent output
+    result.sort((a, b) => a.account.accountName.localeCompare(b.account.accountName));
+    return result;
+}
+/**
+ * Generate profile name from account name
+ * Converts to lowercase, replaces spaces/special chars with hyphens
+ */
+function generateProfileName(accountName) {
+    return accountName
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '-')
+        .replace(/^-|-$/g, '')
+        .substring(0, 128);
+}
+/**
+ * Build profile configurations from discovered accounts and roles
+ */
+function buildProfileConfigs(accountsWithRoles, selectedRole) {
+    const profiles = [];
+    for (const { account, roles } of accountsWithRoles) {
+        // If a specific role is selected, use only that role
+        // Otherwise, use the first available role (usually the highest permission)
+        const roleToUse = selectedRole
+            ? roles.find(r => r.roleName === selectedRole)
+            : roles[0];
+        if (roleToUse) {
+            profiles.push({
+                name: generateProfileName(account.accountName),
+                accountId: account.accountId,
+                roleName: roleToUse.roleName,
+            });
+        }
+    }
+    return profiles;
+}
+//# sourceMappingURL=sso-discovery.js.map

package/dist/commands/init/sso-discovery.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sso-discovery.js","sourceRoot":"","sources":["../../../src/commands/init/sso-discovery.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiFA,oDAgCC;AAKD,8CAmCC;AAKD,4DAoCC;AAYD,oCAwDC;AAMD,0CAiCC;AAKD,0CAgDC;AAKD,4CA8CC;AAKD,4DAgBC;AAMD,kDAMC;AAKD,kDAuBC;AAldD,iDAA0C;AAC1C,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AA8CzB;;GAEG;AACU,QAAA,kBAAkB,GAAG;IAChC,WAAW,EAAE,OAAO;IACpB,QAAQ,EAAE,0CAA0C;IACpD,MAAM,EAAE,gBAAgB;IACxB,kBAAkB,EAAE,oBAAoB;CACzC,CAAC;AAEF;;GAEG;AACU,QAAA,2BAA2B,GAAG;IACzC,MAAM,EAAE,SAAS;IACjB,WAAW,EAAE,cAAc;IAC3B,UAAU,EAAE,SAAS;CACtB,CAAC;AAEF;;GAEG;AACU,QAAA,kBAAkB,GAAG;IAChC,SAAS,EAAE,cAAc;IACzB,MAAM,EAAE,gBAAgB;CACzB,CAAC;AAEF,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;AAEtE;;GAEG;AACH,SAAgB,oBAAoB,CAAC,QAAgB;IACnD,IAAI,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YAClC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,UAAU,GAAG,EAAE,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;QAElF,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;gBAChD,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACnD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAEnC,+CAA+C;gBAC/C,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;oBACvD,4BAA4B;oBAC5B,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;oBAC7C,IAAI,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;wBAC3B,OAAO,MAAM,CAAC,WAAW,CAAC;oBAC5B,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,2BAA2B;gBAC3B,SAAS;YACX,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iBAAiB,CACrC,QAAgB,EAChB,MAAc;IAEd,MAAM,MAAM,GAAG,IAAA,yBAAS,EACtB,KAAK,EACL;QACE,UAAU,EAAE,iBAAiB;QAC7B,eAAe,EAAE,WAAW;QAC5B,eAAe,EAAE,QAAQ;QACzB,UAAU,EAAE,oBAAoB;QAChC,UAAU,EAAE,MAAM;QAClB,UAAU,EAAE,MAAM;KACnB,EACD;QACE,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,KAAK;QACd,SAAS,EAAE,IAAI,GAAG,IAAI;QACtB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;KAChC,CACF,CAAC;IAEF,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC/C,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;QAC/F,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,kCAAkC,MAAM,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IACpD,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,MAAM,CAAC,YAAY;KAClC,CAAC;AACJ,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,wBAAwB,CAC5C,QAAgB,EAChB,YAAoB,EACpB,QAAgB,EAChB,MAAc;IAEd,MAAM,MAAM,GAAG,IAAA,yBAAS,EACtB,KAAK,EACL;QACE,UAAU,EAAE,4BAA4B;QACxC,aAAa,EAAE,QAAQ;QACvB,iBAAiB,EAAE,YAAY;QAC/B,aAAa,EAAE,QAAQ;QACvB,UAAU,EAAE,MAAM;QAClB,UAAU,EAAE,MAAM;KACnB,EACD;QACE,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,KAAK;QACd,SAAS,EAAE,IAAI,GAAG,IAAI;QACtB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;KAChC,CACF,CAAC;IAEF,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,yCAAyC,MAAM,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;IACpD,OAAO;QACL,UAAU,EAAE,MAAM,CAAC,UAAU;QAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,eAAe,EAAE,MAAM,CAAC,uBAAuB,IAAI,MAAM,CAAC,eAAe;QACzE,SAAS,EAAE,MAAM,CAAC,SAAS;KAC5B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,YAAY,CAChC,QAAgB,EAChB,YAAoB,EACpB,UAAkB,EAClB,MAAc,EACd,SAAiB;IAEjB,MAAM,YAAY,GAAG,IAAI,CAAC,CAAC,YAAY;IACvC,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;IAElE,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,WAAW,EAAE,OAAO,EAAE,EAAE,CAAC;QACvD,MAAM,MAAM,GAAG,IAAA,yBAAS,EACtB,KAAK,EACL;YACE,UAAU,EAAE,cAAc;YAC1B,aAAa,EAAE,QAAQ;YACvB,iBAAiB,EAAE,YAAY;YAC/B,cAAc,EAAE,8CAA8C;YAC9D,eAAe,EAAE,UAAU;YAC3B,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,MAAM;SACnB,EACD;YACE,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,KAAK;YACd,SAAS,EAAE,IAAI,GAAG,IAAI;YACtB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CACF,CAAC;QAEF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;YACpD,OAAO,MAAM,CAAC,WAAW,CAAC;QAC5B,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC/C,IAAI,MAAM,CAAC,QAAQ,CAAC,+BAA+B,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;YACjG,6CAA6C;YAC7C,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;YAC1B,SAAS;QACX,CAAC;QAED,IAAI,MAAM,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACzE,4BAA4B;YAC5B,MAAM,KAAK,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC;YAC9B,SAAS;QACX,CAAC;QAED,IAAI,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YACjF,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,+BAA+B,MAAM,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;AAChE,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,eAAe,CACnC,WAAmB,0BAAkB,CAAC,QAAQ,EAC9C,SAAiB,0BAAkB,CAAC,MAAM,EAC1C,aAAuD;IAEvD,qCAAqC;IACrC,MAAM,WAAW,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IACnD,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,yDAAyD;IACzD,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACzD,MAAM,IAAI,GAAG,MAAM,wBAAwB,CACzC,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,YAAY,EACnB,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,gCAAgC;IAChC,IAAI,aAAa,EAAE,CAAC;QAClB,aAAa,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED,iBAAiB;IACjB,OAAO,YAAY,CACjB,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,UAAU,EACf,MAAM,EACN,IAAI,CAAC,SAAS,CACf,CAAC;AACJ,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,eAAe,CACnC,WAAmB,EACnB,SAAiB,0BAAkB,CAAC,MAAM;IAE1C,MAAM,QAAQ,GAAiB,EAAE,CAAC;IAClC,IAAI,SAA6B,CAAC;IAElC,GAAG,CAAC;QACF,MAAM,IAAI,GAAG;YACX,KAAK,EAAE,eAAe;YACtB,gBAAgB,EAAE,WAAW;YAC7B,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,MAAM;SACnB,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,yBAAS,EAAC,KAAK,EAAE,IAAI,EAAE;YACpC,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,KAAK;YACd,SAAS,EAAE,IAAI,GAAG,IAAI;YACtB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;YAC/C,IAAI,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACpF,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,gCAAgC,MAAM,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEpD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC;gBACZ,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,YAAY,EAAE,OAAO,CAAC,YAAY;aACnC,CAAC,CAAC;QACL,CAAC;QAED,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;IAC/B,CAAC,QAAQ,SAAS,EAAE;IAEpB,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,gBAAgB,CACpC,WAAmB,EACnB,SAAiB,EACjB,SAAiB,0BAAkB,CAAC,MAAM;IAE1C,MAAM,KAAK,GAAc,EAAE,CAAC;IAC5B,IAAI,SAA6B,CAAC;IAElC,GAAG,CAAC;QACF,MAAM,IAAI,GAAG;YACX,KAAK,EAAE,oBAAoB;YAC3B,gBAAgB,EAAE,WAAW;YAC7B,cAAc,EAAE,SAAS;YACzB,UAAU,EAAE,MAAM;YAClB,UAAU,EAAE,MAAM;SACnB,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,yBAAS,EAAC,KAAK,EAAE,IAAI,EAAE;YACpC,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,KAAK;YACd,SAAS,EAAE,IAAI,GAAG,IAAI;YACtB,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;SAChC,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,iCAAiC,MAAM,EAAE,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAEpD,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC;YACzC,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,SAAS,EAAE,SAAS;aACrB,CAAC,CAAC;QACL,CAAC;QAED,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;IAC/B,CAAC,QAAQ,SAAS,EAAE;IAEpB,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,wBAAwB,CAC5C,WAAmB,EACnB,SAAiB,0BAAkB,CAAC,MAAM;IAE1C,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAC5D,MAAM,MAAM,GAAuB,EAAE,CAAC;IAEtC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;QAC/B,MAAM,KAAK,GAAG,MAAM,gBAAgB,CAAC,WAAW,EAAE,OAAO,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC7E,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,6CAA6C;IAC7C,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAElF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAgB,mBAAmB,CAAC,WAAmB;IACrD,OAAO,WAAW;SACf,WAAW,EAAE;SACb,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC;SAC3B,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;SACrB,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CACjC,iBAAqC,EACrC,YAAqB;IAErB,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,KAAK,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,iBAAiB,EAAE,CAAC;QACnD,qDAAqD;QACrD,2EAA2E;QAC3E,MAAM,SAAS,GAAG,YAAY;YAC5B,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,YAAY,CAAC;YAC9C,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAEb,IAAI,SAAS,EAAE,CAAC;YACd,QAAQ,CAAC,IAAI,CAAC;gBACZ,IAAI,EAAE,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC;gBAC9C,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,QAAQ,EAAE,SAAS,CAAC,QAAQ;aAC7B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/commands/status/checks.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"checks.d.ts","sourceRoot":"","sources":["../../../src/commands/status/checks.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAe,MAAM,SAAS,CAAC;AAChF,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAK/D;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAiFxE;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAuDrG;AA4BD;;GAEG;AACH,wBAAsB,cAAc,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,~~CAqE1E~~;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAmBrD"}
1	+ {"version":3,"file":"checks.d.ts","sourceRoot":"","sources":["../../../src/commands/status/checks.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,SAAS,EAAE,kBAAkB,EAAE,SAAS,EAAe,MAAM,SAAS,CAAC;AAChF,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAK/D;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAiFxE;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAuDrG;AA4BD;;GAEG;AACH,wBAAsB,cAAc,CAAC,MAAM,EAAE,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC,CAwF1E;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,IAAI,GAAG,MAAM,CAmBrD"}

package/dist/commands/status/checks.js CHANGED Viewed

@@ -211,12 +211,11 @@ async function checkECRStatus(config) {
     try {
         const content = fs.readFileSync(dockerConfigPath, 'utf-8');
         const dockerConfig = JSON.parse(content);
-        // Check if using credential helper (common on macOS)
+        // Check if using credential helper for specific registries
         if (dockerConfig.credHelpers) {
             const helperKey = Object.keys(dockerConfig.credHelpers).find(k => k.includes('ecr') && k.includes(config.region));
             if (helperKey) {
                 // Credential helper is configured - assume authenticated
-                // (we can't easily check helper-stored credentials)
                 return {
                     authenticated: true,
                     registry,
@@ -233,15 +232,32 @@ async function checkECRStatus(config) {
         }
         // Look for ECR registry entry
         const ecrEntry = Object.keys(dockerConfig.auths).find(k => k.includes(config.accountId) && k.includes('ecr') && k.includes(config.region));
-        if (!ecrEntry || !dockerConfig.auths[ecrEntry]?.auth) {
+        if (!ecrEntry) {
             return {
                 authenticated: false,
                 registry,
                 error: 'No ECR credentials found',
             };
         }
-        // ECR auth exists - tokens are valid for 12 hours but we can't check expiry
-        // from the stored credential alone
+        // Check if using global credsStore (e.g., Docker Desktop)
+        // When credsStore is set, auths entries may be empty {} but credentials
+        // are stored in the system credential store
+        if (dockerConfig.credsStore && !dockerConfig.auths[ecrEntry]?.auth) {
+            // Registry entry exists + credsStore configured = credentials in external store
+            return {
+                authenticated: true,
+                registry,
+            };
+        }
+        // Check for inline auth token
+        if (!dockerConfig.auths[ecrEntry]?.auth) {
+            return {
+                authenticated: false,
+                registry,
+                error: 'No ECR credentials found',
+            };
+        }
+        // ECR auth exists inline
         return {
             authenticated: true,
             registry,