@posthog/wizard 1.13.2 → 1.15.0

package/dist/src/utils/oauth.js

@@ -0,0 +1,212 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.performOAuthFlow = performOAuthFlow;
+const crypto = __importStar(require("node:crypto"));
+const http = __importStar(require("node:http"));
+const axios_1 = __importDefault(require("axios"));
+const chalk_1 = __importDefault(require("chalk"));
+const opn_1 = __importDefault(require("opn"));
+const zod_1 = require("zod");
+const clack_1 = __importDefault(require("./clack"));
+const constants_1 = require("../lib/constants");
+const clack_utils_1 = require("./clack-utils");
+const analytics_1 = require("./analytics");
+const urls_1 = require("./urls");
+const OAuthTokenResponseSchema = zod_1.z.object({
+    access_token: zod_1.z.string(),
+    expires_in: zod_1.z.number(),
+    token_type: zod_1.z.string(),
+    scope: zod_1.z.string(),
+    refresh_token: zod_1.z.string(),
+    scoped_teams: zod_1.z.array(zod_1.z.number()).optional(),
+    scoped_organizations: zod_1.z.array(zod_1.z.string()).optional(),
+});
+function generateCodeVerifier() {
+    return crypto.randomBytes(32).toString('base64url');
+}
+function generateCodeChallenge(verifier) {
+    return crypto.createHash('sha256').update(verifier).digest('base64url');
+}
+async function startCallbackServer(authUrl, signupUrl) {
+    return new Promise((resolve, reject) => {
+        let callbackResolve;
+        let callbackReject;
+        const waitForCallback = () => new Promise((res, rej) => {
+            callbackResolve = res;
+            callbackReject = rej;
+        });
+        const server = http.createServer((req, res) => {
+            if (!req.url) {
+                res.writeHead(400);
+                res.end();
+                return;
+            }
+            const url = new URL(req.url, `http://localhost:${constants_1.OAUTH_PORT}`);
+            if (url.pathname === '/authorize') {
+                const isSignup = url.searchParams.get('signup') === 'true';
+                const redirectUrl = isSignup ? signupUrl : authUrl;
+                res.writeHead(302, { Location: redirectUrl });
+                res.end();
+                return;
+            }
+            const code = url.searchParams.get('code');
+            const error = url.searchParams.get('error');
+            if (error) {
+                const isAccessDenied = error === 'access_denied';
+                res.writeHead(isAccessDenied ? 200 : 400, {
+                    'Content-Type': 'text/html',
+                });
+                res.end(`
+          <html>
+            <body>
+              <p>${isAccessDenied
+                    ? 'Authorization cancelled.'
+                    : `Authorization failed.`}</p>
+              <p>Return to your terminal. This window will close automatically.</p>
+              <script>window.close();</script>
+            </body>
+          </html>
+        `);
+                callbackReject(new Error(`OAuth error: ${error}`));
+                return;
+            }
+            if (code) {
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(`
+          <html>
+            <body>
+              <p>Authorization successful! Return to your terminal.</p>
+              <script>window.close();</script>
+            </body>
+          </html>
+        `);
+                callbackResolve(code);
+            }
+            else {
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(`
+          <html>
+            <body>
+              <p>Invalid request - no authorization code received.</p>
+              <p>You can close this window.</p>
+            </body>
+          </html>
+        `);
+            }
+        });
+        server.listen(constants_1.OAUTH_PORT, () => {
+            resolve({ server, waitForCallback });
+        });
+        server.on('error', reject);
+    });
+}
+async function exchangeCodeForToken(code, codeVerifier, config) {
+    const cloudUrl = (0, urls_1.getCloudUrlFromRegion)(config.cloudRegion);
+    const response = await axios_1.default.post(`${cloudUrl}/oauth/token`, {
+        grant_type: 'authorization_code',
+        code,
+        redirect_uri: `http://localhost:${constants_1.OAUTH_PORT}/callback`,
+        client_id: (0, urls_1.getOauthClientIdFromRegion)(config.cloudRegion),
+        code_verifier: codeVerifier,
+    }, {
+        headers: {
+            'Content-Type': 'application/json',
+        },
+    });
+    return OAuthTokenResponseSchema.parse(response.data);
+}
+async function performOAuthFlow(config) {
+    const cloudUrl = (0, urls_1.getCloudUrlFromRegion)(config.cloudRegion);
+    const codeVerifier = generateCodeVerifier();
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    const authUrl = new URL(`${cloudUrl}/oauth/authorize`);
+    authUrl.searchParams.set('client_id', (0, urls_1.getOauthClientIdFromRegion)(config.cloudRegion));
+    authUrl.searchParams.set('redirect_uri', `http://localhost:${constants_1.OAUTH_PORT}/callback`);
+    authUrl.searchParams.set('response_type', 'code');
+    authUrl.searchParams.set('code_challenge', codeChallenge);
+    authUrl.searchParams.set('code_challenge_method', 'S256');
+    authUrl.searchParams.set('scope', config.scopes.join(' '));
+    authUrl.searchParams.set('required_access_level', 'project');
+    const signupUrl = new URL(`${cloudUrl}/signup?next=${encodeURIComponent(authUrl.toString())}`);
+    const localSignupUrl = `http://localhost:${constants_1.OAUTH_PORT}/authorize?signup=true`;
+    const localLoginUrl = `http://localhost:${constants_1.OAUTH_PORT}/authorize`;
+    const urlToOpen = config.signup ? localSignupUrl : localLoginUrl;
+    const { server, waitForCallback } = await startCallbackServer(authUrl.toString(), signupUrl.toString());
+    clack_1.default.log.info(`${chalk_1.default.bold("If the browser window didn't open automatically, please open the following link to be redirected to PostHog:")}\n\n${chalk_1.default.cyan(urlToOpen)}${config.signup
+        ? `\n\nIf you already have an account, you can use this link:\n\n${chalk_1.default.cyan(localLoginUrl)}`
+        : ``}`);
+    if (process.env.NODE_ENV !== 'test') {
+        (0, opn_1.default)(urlToOpen, { wait: false }).catch(() => {
+            // opn throws in environments without a browser
+        });
+    }
+    const loginSpinner = clack_1.default.spinner();
+    loginSpinner.start('Waiting for authorization...');
+    try {
+        const code = await Promise.race([
+            waitForCallback(),
+            new Promise((_, reject) => setTimeout(() => reject(new Error('Authorization timed out')), 60_000)),
+        ]);
+        const token = await exchangeCodeForToken(code, codeVerifier, config);
+        server.close();
+        loginSpinner.stop('Authorization complete!');
+        return token;
+    }
+    catch (e) {
+        loginSpinner.stop('Authorization failed.');
+        server.close();
+        const error = e instanceof Error ? e : new Error('Unknown error');
+        if (error.message.includes('timeout')) {
+            clack_1.default.log.error('Authorization timed out. Please try again.');
+        }
+        else if (error.message.includes('access_denied')) {
+            clack_1.default.log.info(`${chalk_1.default.yellow('Authorization was cancelled.')}\n\nYou denied access to PostHog. To use the wizard, you need to authorize access to your PostHog account.\n\n${chalk_1.default.dim('You can try again by re-running the wizard.')}`);
+        }
+        else {
+            clack_1.default.log.error(`${chalk_1.default.red('Authorization failed:')}\n\n${error.message}\n\n${chalk_1.default.dim(`If you think this is a bug in the PostHog wizard, please create an issue:\n${constants_1.ISSUES_URL}`)}`);
+        }
+        analytics_1.analytics.captureException(error, {
+            step: 'oauth_flow',
+            cloud_region: config.cloudRegion,
+        });
+        await (0, clack_utils_1.abort)();
+        throw error;
+    }
+}
+//# sourceMappingURL=oauth.js.map

package/dist/src/utils/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../../src/utils/oauth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2JA,4CAyGC;AApQD,oDAAsC;AACtC,gDAAkC;AAClC,kDAA0B;AAC1B,kDAA0B;AAC1B,8CAAsB;AACtB,6BAAwB;AACxB,oDAA4B;AAC5B,gDAA0D;AAC1D,+CAAsC;AACtC,2CAAwC;AAExC,iCAA2E;AAE3E,MAAM,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;IACtB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;IACtB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE;IACzB,YAAY,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC5C,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrD,CAAC,CAAC;AAUH,SAAS,oBAAoB;IAC3B,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAC1E,CAAC;AAED,KAAK,UAAU,mBAAmB,CAChC,OAAe,EACf,SAAiB;IAKjB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,eAAuC,CAAC;QAC5C,IAAI,cAAsC,CAAC;QAE3C,MAAM,eAAe,GAAG,GAAG,EAAE,CAC3B,IAAI,OAAO,CAAS,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YAC/B,eAAe,GAAG,GAAG,CAAC;YACtB,cAAc,GAAG,GAAG,CAAC;QACvB,CAAC,CAAC,CAAC;QAEL,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YAC5C,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YACD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,oBAAoB,sBAAU,EAAE,CAAC,CAAC;YAE/D,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;gBAClC,MAAM,QAAQ,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,KAAK,MAAM,CAAC;gBAC3D,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC;gBACnD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;gBAC9C,GAAG,CAAC,GAAG,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAE5C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,cAAc,GAAG,KAAK,KAAK,eAAe,CAAC;gBACjD,GAAG,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE;oBACxC,cAAc,EAAE,WAAW;iBAC5B,CAAC,CAAC;gBACH,GAAG,CAAC,GAAG,CAAC;;;mBAIA,cAAc;oBACZ,CAAC,CAAC,0BAA0B;oBAC5B,CAAC,CAAC,uBACN;;;;;SAKL,CAAC,CAAC;gBACH,cAAc,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,IAAI,IAAI,EAAE,CAAC;gBACT,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;SAOP,CAAC,CAAC;gBACH,eAAe,CAAC,IAAI,CAAC,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;SAOP,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,sBAAU,EAAE,GAAG,EAAE;YAC7B,OAAO,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,oBAAoB,CACjC,IAAY,EACZ,YAAoB,EACpB,MAAmB;IAEnB,MAAM,QAAQ,GAAG,IAAA,4BAAqB,EAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAE3D,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,IAAI,CAC/B,GAAG,QAAQ,cAAc,EACzB;QACE,UAAU,EAAE,oBAAoB;QAChC,IAAI;QACJ,YAAY,EAAE,oBAAoB,sBAAU,WAAW;QACvD,SAAS,EAAE,IAAA,iCAA0B,EAAC,MAAM,CAAC,WAAW,CAAC;QACzD,aAAa,EAAE,YAAY;KAC5B,EACD;QACE,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;SACnC;KACF,CACF,CAAC;IAEF,OAAO,wBAAwB,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACvD,CAAC;AAEM,KAAK,UAAU,gBAAgB,CACpC,MAAmB;IAEnB,MAAM,QAAQ,GAAG,IAAA,4BAAqB,EAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC3D,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;IAC5C,MAAM,aAAa,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;IAE1D,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,QAAQ,kBAAkB,CAAC,CAAC;IACvD,OAAO,CAAC,YAAY,CAAC,GAAG,CACtB,WAAW,EACX,IAAA,iCAA0B,EAAC,MAAM,CAAC,WAAW,CAAC,CAC/C,CAAC;IACF,OAAO,CAAC,YAAY,CAAC,GAAG,CACtB,cAAc,EACd,oBAAoB,sBAAU,WAAW,CAC1C,CAAC;IACF,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,SAAS,CAAC,CAAC;IAE7D,MAAM,SAAS,GAAG,IAAI,GAAG,CACvB,GAAG,QAAQ,gBAAgB,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,EAAE,CACpE,CAAC;IAEF,MAAM,cAAc,GAAG,oBAAoB,sBAAU,wBAAwB,CAAC;IAC9E,MAAM,aAAa,GAAG,oBAAoB,sBAAU,YAAY,CAAC;IAEjE,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,aAAa,CAAC;IAEjE,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,mBAAmB,CAC3D,OAAO,CAAC,QAAQ,EAAE,EAClB,SAAS,CAAC,QAAQ,EAAE,CACrB,CAAC;IAEF,eAAK,CAAC,GAAG,CAAC,IAAI,CACZ,GAAG,eAAK,CAAC,IAAI,CACX,8GAA8G,CAC/G,OAAO,eAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAC3B,MAAM,CAAC,MAAM;QACX,CAAC,CAAC,iEAAiE,eAAK,CAAC,IAAI,CACzE,aAAa,CACd,EAAE;QACL,CAAC,CAAC,EACN,EAAE,CACH,CAAC;IAEF,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACpC,IAAA,aAAG,EAAC,SAAS,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;YACzC,+CAA+C;QACjD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,YAAY,GAAG,eAAK,CAAC,OAAO,EAAE,CAAC;IACrC,YAAY,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAEnD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;YAC9B,eAAe,EAAE;YACjB,IAAI,OAAO,CAAQ,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAC/B,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,EAAE,MAAM,CAAC,CACvE;SACF,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,MAAM,oBAAoB,CAAC,IAAI,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;QAErE,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,YAAY,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAE7C,OAAO,KAAK,CAAC;IACf,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,YAAY,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QAC3C,MAAM,CAAC,KAAK,EAAE,CAAC;QAEf,MAAM,KAAK,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QAElE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,eAAK,CAAC,GAAG,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;aAAM,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YACnD,eAAK,CAAC,GAAG,CAAC,IAAI,CACZ,GAAG,eAAK,CAAC,MAAM,CACb,8BAA8B,CAC/B,iHAAiH,eAAK,CAAC,GAAG,CACzH,6CAA6C,CAC9C,EAAE,CACJ,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,eAAK,CAAC,GAAG,CAAC,KAAK,CACb,GAAG,eAAK,CAAC,GAAG,CAAC,uBAAuB,CAAC,OACnC,KAAK,CAAC,OACR,OAAO,eAAK,CAAC,GAAG,CACd,8EAA8E,sBAAU,EAAE,CAC3F,EAAE,CACJ,CAAC;QACJ,CAAC;QAED,qBAAS,CAAC,gBAAgB,CAAC,KAAK,EAAE;YAChC,IAAI,EAAE,YAAY;YAClB,YAAY,EAAE,MAAM,CAAC,WAAW;SACjC,CAAC,CAAC;QAEH,MAAM,IAAA,mBAAK,GAAE,CAAC;QACd,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC","sourcesContent":["import * as crypto from 'node:crypto';\nimport * as http from 'node:http';\nimport axios from 'axios';\nimport chalk from 'chalk';\nimport opn from 'opn';\nimport { z } from 'zod';\nimport clack from './clack';\nimport { ISSUES_URL, OAUTH_PORT } from '../lib/constants';\nimport { abort } from './clack-utils';\nimport { analytics } from './analytics';\nimport type { CloudRegion } from './types';\nimport { getCloudUrlFromRegion, getOauthClientIdFromRegion } from './urls';\n\nconst OAuthTokenResponseSchema = z.object({\n  access_token: z.string(),\n  expires_in: z.number(),\n  token_type: z.string(),\n  scope: z.string(),\n  refresh_token: z.string(),\n  scoped_teams: z.array(z.number()).optional(),\n  scoped_organizations: z.array(z.string()).optional(),\n});\n\nexport type OAuthTokenResponse = z.infer<typeof OAuthTokenResponseSchema>;\n\ninterface OAuthConfig {\n  scopes: string[];\n  cloudRegion: CloudRegion;\n  signup?: boolean;\n}\n\nfunction generateCodeVerifier(): string {\n  return crypto.randomBytes(32).toString('base64url');\n}\n\nfunction generateCodeChallenge(verifier: string): string {\n  return crypto.createHash('sha256').update(verifier).digest('base64url');\n}\n\nasync function startCallbackServer(\n  authUrl: string,\n  signupUrl: string,\n): Promise<{\n  server: http.Server;\n  waitForCallback: () => Promise<string>;\n}> {\n  return new Promise((resolve, reject) => {\n    let callbackResolve: (code: string) => void;\n    let callbackReject: (error: Error) => void;\n\n    const waitForCallback = () =>\n      new Promise<string>((res, rej) => {\n        callbackResolve = res;\n        callbackReject = rej;\n      });\n\n    const server = http.createServer((req, res) => {\n      if (!req.url) {\n        res.writeHead(400);\n        res.end();\n        return;\n      }\n      const url = new URL(req.url, `http://localhost:${OAUTH_PORT}`);\n\n      if (url.pathname === '/authorize') {\n        const isSignup = url.searchParams.get('signup') === 'true';\n        const redirectUrl = isSignup ? signupUrl : authUrl;\n        res.writeHead(302, { Location: redirectUrl });\n        res.end();\n        return;\n      }\n\n      const code = url.searchParams.get('code');\n      const error = url.searchParams.get('error');\n\n      if (error) {\n        const isAccessDenied = error === 'access_denied';\n        res.writeHead(isAccessDenied ? 200 : 400, {\n          'Content-Type': 'text/html',\n        });\n        res.end(`\n          <html>\n            <body>\n              <p>${\n                isAccessDenied\n                  ? 'Authorization cancelled.'\n                  : `Authorization failed.`\n              }</p>\n              <p>Return to your terminal. This window will close automatically.</p>\n              <script>window.close();</script>\n            </body>\n          </html>\n        `);\n        callbackReject(new Error(`OAuth error: ${error}`));\n        return;\n      }\n\n      if (code) {\n        res.writeHead(200, { 'Content-Type': 'text/html' });\n        res.end(`\n          <html>\n            <body>\n              <p>Authorization successful! Return to your terminal.</p>\n              <script>window.close();</script>\n            </body>\n          </html>\n        `);\n        callbackResolve(code);\n      } else {\n        res.writeHead(400, { 'Content-Type': 'text/html' });\n        res.end(`\n          <html>\n            <body>\n              <p>Invalid request - no authorization code received.</p>\n              <p>You can close this window.</p>\n            </body>\n          </html>\n        `);\n      }\n    });\n\n    server.listen(OAUTH_PORT, () => {\n      resolve({ server, waitForCallback });\n    });\n\n    server.on('error', reject);\n  });\n}\n\nasync function exchangeCodeForToken(\n  code: string,\n  codeVerifier: string,\n  config: OAuthConfig,\n): Promise<OAuthTokenResponse> {\n  const cloudUrl = getCloudUrlFromRegion(config.cloudRegion);\n\n  const response = await axios.post(\n    `${cloudUrl}/oauth/token`,\n    {\n      grant_type: 'authorization_code',\n      code,\n      redirect_uri: `http://localhost:${OAUTH_PORT}/callback`,\n      client_id: getOauthClientIdFromRegion(config.cloudRegion),\n      code_verifier: codeVerifier,\n    },\n    {\n      headers: {\n        'Content-Type': 'application/json',\n      },\n    },\n  );\n\n  return OAuthTokenResponseSchema.parse(response.data);\n}\n\nexport async function performOAuthFlow(\n  config: OAuthConfig,\n): Promise<OAuthTokenResponse> {\n  const cloudUrl = getCloudUrlFromRegion(config.cloudRegion);\n  const codeVerifier = generateCodeVerifier();\n  const codeChallenge = generateCodeChallenge(codeVerifier);\n\n  const authUrl = new URL(`${cloudUrl}/oauth/authorize`);\n  authUrl.searchParams.set(\n    'client_id',\n    getOauthClientIdFromRegion(config.cloudRegion),\n  );\n  authUrl.searchParams.set(\n    'redirect_uri',\n    `http://localhost:${OAUTH_PORT}/callback`,\n  );\n  authUrl.searchParams.set('response_type', 'code');\n  authUrl.searchParams.set('code_challenge', codeChallenge);\n  authUrl.searchParams.set('code_challenge_method', 'S256');\n  authUrl.searchParams.set('scope', config.scopes.join(' '));\n  authUrl.searchParams.set('required_access_level', 'project');\n\n  const signupUrl = new URL(\n    `${cloudUrl}/signup?next=${encodeURIComponent(authUrl.toString())}`,\n  );\n\n  const localSignupUrl = `http://localhost:${OAUTH_PORT}/authorize?signup=true`;\n  const localLoginUrl = `http://localhost:${OAUTH_PORT}/authorize`;\n\n  const urlToOpen = config.signup ? localSignupUrl : localLoginUrl;\n\n  const { server, waitForCallback } = await startCallbackServer(\n    authUrl.toString(),\n    signupUrl.toString(),\n  );\n\n  clack.log.info(\n    `${chalk.bold(\n      \"If the browser window didn't open automatically, please open the following link to be redirected to PostHog:\",\n    )}\\n\\n${chalk.cyan(urlToOpen)}${\n      config.signup\n        ? `\\n\\nIf you already have an account, you can use this link:\\n\\n${chalk.cyan(\n            localLoginUrl,\n          )}`\n        : ``\n    }`,\n  );\n\n  if (process.env.NODE_ENV !== 'test') {\n    opn(urlToOpen, { wait: false }).catch(() => {\n      // opn throws in environments without a browser\n    });\n  }\n\n  const loginSpinner = clack.spinner();\n  loginSpinner.start('Waiting for authorization...');\n\n  try {\n    const code = await Promise.race([\n      waitForCallback(),\n      new Promise<never>((_, reject) =>\n        setTimeout(() => reject(new Error('Authorization timed out')), 60_000),\n      ),\n    ]);\n\n    const token = await exchangeCodeForToken(code, codeVerifier, config);\n\n    server.close();\n    loginSpinner.stop('Authorization complete!');\n\n    return token;\n  } catch (e) {\n    loginSpinner.stop('Authorization failed.');\n    server.close();\n\n    const error = e instanceof Error ? e : new Error('Unknown error');\n\n    if (error.message.includes('timeout')) {\n      clack.log.error('Authorization timed out. Please try again.');\n    } else if (error.message.includes('access_denied')) {\n      clack.log.info(\n        `${chalk.yellow(\n          'Authorization was cancelled.',\n        )}\\n\\nYou denied access to PostHog. To use the wizard, you need to authorize access to your PostHog account.\\n\\n${chalk.dim(\n          'You can try again by re-running the wizard.',\n        )}`,\n      );\n    } else {\n      clack.log.error(\n        `${chalk.red('Authorization failed:')}\\n\\n${\n          error.message\n        }\\n\\n${chalk.dim(\n          `If you think this is a bug in the PostHog wizard, please create an issue:\\n${ISSUES_URL}`,\n        )}`,\n      );\n    }\n\n    analytics.captureException(error, {\n      step: 'oauth_flow',\n      cloud_region: config.cloudRegion,\n    });\n\n    await abort();\n    throw error;\n  }\n}\n"]}

package/dist/src/utils/query.d.ts

@@ -5,6 +5,7 @@ export interface QueryOptions<S> {
     model?: AIModel;
     region: CloudRegion;
     schema: ZodSchema<S>;
-    wizardHash: string;
+    accessToken: string;
+    projectId: number;
 }
-export declare const query: <S>({ message, model, region, schema, wizardHash, }: QueryOptions<S>) => Promise<S>;
+export declare const query: <S>({ message, model, region, schema, accessToken, projectId: _, }: QueryOptions<S>) => Promise<S>;

package/dist/src/utils/query.js

@@ -1,4 +1,37 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -10,13 +43,21 @@ const urls_1 = require("./urls");
 const analytics_1 = require("./analytics");
 const axios_2 = require("axios");
 const debug_1 = require("./debug");
-const query = async ({ message, model = 'o4-mini', region, schema, wizardHash, }) => {
+const errors_1 = require("./errors");
+const crypto = __importStar(require("node:crypto"));
+const generateTraceId = () => {
+    const randomBytes = crypto.randomBytes(32);
+    return crypto.createHash('sha256').update(randomBytes).digest('hex');
+};
+const TRACE_ID = generateTraceId();
+const query = async ({ message, model = 'o4-mini', region, schema, accessToken, projectId: _, // TODO: Use this to switch the wizard query endpoint over to the new LLM Gateway
+ }) => {
     const fullSchema = (0, zod_to_json_schema_1.zodToJsonSchema)(schema, 'schema');
     const jsonSchema = fullSchema.definitions;
     (0, debug_1.debug)('Full schema:', JSON.stringify(fullSchema, null, 2));
     (0, debug_1.debug)('Query request:', {
         url: `${(0, urls_1.getCloudUrlFromRegion)(region)}/api/wizard/query`,
-        wizardHash,
+        accessToken,
         message: message.substring(0, 100) + '...',
         json_schema: { ...jsonSchema, name: 'schema', strict: true },
     });
@@ -27,7 +68,8 @@ const query = async ({ message, model = 'o4-mini', region, schema, wizardHash, }
         json_schema: { ...jsonSchema, name: 'schema', strict: true },
     }, {
         headers: {
-            'X-PostHog-Wizard-Hash': wizardHash,
+            Authorization: `Bearer ${accessToken}`,
+            'X-PostHog-Trace-Id': TRACE_ID,
             ...(process.env.RECORD_FIXTURES === 'true'
                 ? { 'X-PostHog-Wizard-Fixture-Generation': true }
                 : {}),
@@ -43,6 +85,9 @@ const query = async ({ message, model = 'o4-mini', region, schema, wizardHash, }
                 json_schema: jsonSchema,
                 type: 'wizard_query_error',
             });
+            if (error.response?.status === 429) {
+                throw new errors_1.RateLimitError();
+            }
         }
         throw error;
     });

package/dist/src/utils/query.js.map

@@ -1 +1 @@
-{"version":3,"file":"query.js","sourceRoot":"","sources":["../../../src/utils/query.ts"],"names":[],"mappings":";;;;;;AAAA,kDAA0B;AAE1B,2DAAqD;AAErD,iCAA+C;AAC/C,2CAAwC;AACxC,iCAAmC;AACnC,mCAAgC;AAUzB,MAAM,KAAK,GAAG,KAAK,EAAK,EAC7B,OAAO,EACP,KAAK,GAAG,SAAS,EACjB,MAAM,EACN,MAAM,EACN,UAAU,GACM,EAAc,EAAE;IAChC,MAAM,UAAU,GAAG,IAAA,oCAAe,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,UAAU,CAAC,WAAW,CAAC;IAE1C,IAAA,aAAK,EAAC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3D,IAAA,aAAK,EAAC,gBAAgB,EAAE;QACtB,GAAG,EAAE,GAAG,IAAA,4BAAqB,EAAC,MAAM,CAAC,mBAAmB;QACxD,UAAU;QACV,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK;QAC1C,WAAW,EAAE,EAAE,GAAG,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE;KAC7D,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,eAAK;SACzB,IAAI,CACH,GAAG,IAAA,4BAAqB,EAAC,MAAM,CAAC,mBAAmB,EACnD;QACE,OAAO;QACP,KAAK;QACL,WAAW,EAAE,EAAE,GAAG,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE;KAC7D,EACD;QACE,OAAO,EAAE;YACP,uBAAuB,EAAE,UAAU;YACnC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM;gBACxC,CAAC,CAAC,EAAE,qCAAqC,EAAE,IAAI,EAAE;gBACjD,CAAC,CAAC,EAAE,CAAC;SACR;KACF,CACF;SACA,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QACf,IAAA,aAAK,EAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QAE7B,IAAI,KAAK,YAAY,kBAAU,EAAE,CAAC;YAChC,qBAAS,CAAC,gBAAgB,CAAC,KAAK,EAAE;gBAChC,oBAAoB,EAAE,KAAK,CAAC,QAAQ,EAAE,MAAM;gBAC5C,OAAO;gBACP,KAAK;gBACL,WAAW,EAAE,UAAU;gBACvB,IAAI,EAAE,oBAAoB;aAC3B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,KAAK,CAAC;IACd,CAAC,CAAC,CAAC;IAEL,IAAA,aAAK,EAAC,iBAAiB,EAAE;QACvB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,IAAI,EAAE,QAAQ,CAAC,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAExD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,IAAA,aAAK,EAAC,mBAAmB,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;QAC7C,MAAM,IAAI,KAAK,CACb,iCAAiC,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,CAC5D,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACpC,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CACrC,0CAA0C,CAC3C,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC;YACjC,OAAO;YACP,KAAK;YACL,WAAW,EAAE,EAAE,GAAG,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE;SAC7D,CAAC,CAAC;QAEH,cAAc,CAAC,gBAAgB,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,UAAU,CAAC,IAAI,CAAC;AACzB,CAAC,CAAC;AAhFW,QAAA,KAAK,SAgFhB","sourcesContent":["import axios from 'axios';\nimport type { ZodSchema } from 'zod';\nimport { zodToJsonSchema } from 'zod-to-json-schema';\nimport type { AIModel, CloudRegion } from './types';\nimport { getCloudUrlFromRegion } from './urls';\nimport { analytics } from './analytics';\nimport { AxiosError } from 'axios';\nimport { debug } from './debug';\n\nexport interface QueryOptions<S> {\n  message: string;\n  model?: AIModel;\n  region: CloudRegion;\n  schema: ZodSchema<S>;\n  wizardHash: string;\n}\n\nexport const query = async <S>({\n  message,\n  model = 'o4-mini',\n  region,\n  schema,\n  wizardHash,\n}: QueryOptions<S>): Promise<S> => {\n  const fullSchema = zodToJsonSchema(schema, 'schema');\n  const jsonSchema = fullSchema.definitions;\n\n  debug('Full schema:', JSON.stringify(fullSchema, null, 2));\n  debug('Query request:', {\n    url: `${getCloudUrlFromRegion(region)}/api/wizard/query`,\n    wizardHash,\n    message: message.substring(0, 100) + '...',\n    json_schema: { ...jsonSchema, name: 'schema', strict: true },\n  });\n\n  const response = await axios\n    .post<{ data: unknown }>(\n      `${getCloudUrlFromRegion(region)}/api/wizard/query`,\n      {\n        message,\n        model,\n        json_schema: { ...jsonSchema, name: 'schema', strict: true },\n      },\n      {\n        headers: {\n          'X-PostHog-Wizard-Hash': wizardHash,\n          ...(process.env.RECORD_FIXTURES === 'true'\n            ? { 'X-PostHog-Wizard-Fixture-Generation': true }\n            : {}),\n        },\n      },\n    )\n    .catch((error) => {\n      debug('Query error:', error);\n\n      if (error instanceof AxiosError) {\n        analytics.captureException(error, {\n          response_status_code: error.response?.status,\n          message,\n          model,\n          json_schema: jsonSchema,\n          type: 'wizard_query_error',\n        });\n      }\n\n      throw error;\n    });\n\n  debug('Query response:', {\n    status: response.status,\n    data: response.data,\n  });\n\n  const validation = schema.safeParse(response.data.data);\n\n  if (!validation.success) {\n    debug('Validation error:', validation.error);\n    throw new Error(\n      `Invalid response from wizard: ${validation.error.message}`,\n    );\n  }\n\n  if (process.env.NODE_ENV === 'test') {\n    const { fixtureTracker } = await import(\n      '../../e2e-tests/mocks/fixture-tracker.js'\n    );\n\n    const requestBody = JSON.stringify({\n      message,\n      model,\n      json_schema: { ...jsonSchema, name: 'schema', strict: true },\n    });\n\n    fixtureTracker.saveQueryFixture(requestBody, validation.data);\n  }\n\n  return validation.data;\n};\n"]}
+{"version":3,"file":"query.js","sourceRoot":"","sources":["../../../src/utils/query.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,kDAA0B;AAE1B,2DAAqD;AAErD,iCAA+C;AAC/C,2CAAwC;AACxC,iCAAmC;AACnC,mCAAgC;AAChC,qCAA0C;AAC1C,oDAAsC;AAEtC,MAAM,eAAe,GAAG,GAAG,EAAE;IAC3B,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3C,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACvE,CAAC,CAAC;AAEF,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;AAW5B,MAAM,KAAK,GAAG,KAAK,EAAK,EAC7B,OAAO,EACP,KAAK,GAAG,SAAS,EACjB,MAAM,EACN,MAAM,EACN,WAAW,EACX,SAAS,EAAE,CAAC,EAAE,iFAAiF;EAC/E,EAAc,EAAE;IAChC,MAAM,UAAU,GAAG,IAAA,oCAAe,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,UAAU,CAAC,WAAW,CAAC;IAE1C,IAAA,aAAK,EAAC,cAAc,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3D,IAAA,aAAK,EAAC,gBAAgB,EAAE;QACtB,GAAG,EAAE,GAAG,IAAA,4BAAqB,EAAC,MAAM,CAAC,mBAAmB;QACxD,WAAW;QACX,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK;QAC1C,WAAW,EAAE,EAAE,GAAG,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE;KAC7D,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,eAAK;SACzB,IAAI,CACH,GAAG,IAAA,4BAAqB,EAAC,MAAM,CAAC,mBAAmB,EACnD;QACE,OAAO;QACP,KAAK;QACL,WAAW,EAAE,EAAE,GAAG,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE;KAC7D,EACD;QACE,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,oBAAoB,EAAE,QAAQ;YAC9B,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,KAAK,MAAM;gBACxC,CAAC,CAAC,EAAE,qCAAqC,EAAE,IAAI,EAAE;gBACjD,CAAC,CAAC,EAAE,CAAC;SACR;KACF,CACF;SACA,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;QACf,IAAA,aAAK,EAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QAE7B,IAAI,KAAK,YAAY,kBAAU,EAAE,CAAC;YAChC,qBAAS,CAAC,gBAAgB,CAAC,KAAK,EAAE;gBAChC,oBAAoB,EAAE,KAAK,CAAC,QAAQ,EAAE,MAAM;gBAC5C,OAAO;gBACP,KAAK;gBACL,WAAW,EAAE,UAAU;gBACvB,IAAI,EAAE,oBAAoB;aAC3B,CAAC,CAAC;YAEH,IAAI,KAAK,CAAC,QAAQ,EAAE,MAAM,KAAK,GAAG,EAAE,CAAC;gBACnC,MAAM,IAAI,uBAAc,EAAE,CAAC;YAC7B,CAAC;QACH,CAAC;QAED,MAAM,KAAK,CAAC;IACd,CAAC,CAAC,CAAC;IAEL,IAAA,aAAK,EAAC,iBAAiB,EAAE;QACvB,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,IAAI,EAAE,QAAQ,CAAC,IAAI;KACpB,CAAC,CAAC;IAEH,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAExD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;QACxB,IAAA,aAAK,EAAC,mBAAmB,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;QAC7C,MAAM,IAAI,KAAK,CACb,iCAAiC,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,CAC5D,CAAC;IACJ,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QACpC,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CACrC,0CAA0C,CAC3C,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC;YACjC,OAAO;YACP,KAAK;YACL,WAAW,EAAE,EAAE,GAAG,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE;SAC7D,CAAC,CAAC;QAEH,cAAc,CAAC,gBAAgB,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC;IAChE,CAAC;IAED,OAAO,UAAU,CAAC,IAAI,CAAC;AACzB,CAAC,CAAC;AAtFW,QAAA,KAAK,SAsFhB","sourcesContent":["import axios from 'axios';\nimport type { ZodSchema } from 'zod';\nimport { zodToJsonSchema } from 'zod-to-json-schema';\nimport type { AIModel, CloudRegion } from './types';\nimport { getCloudUrlFromRegion } from './urls';\nimport { analytics } from './analytics';\nimport { AxiosError } from 'axios';\nimport { debug } from './debug';\nimport { RateLimitError } from './errors';\nimport * as crypto from 'node:crypto';\n\nconst generateTraceId = () => {\n  const randomBytes = crypto.randomBytes(32);\n  return crypto.createHash('sha256').update(randomBytes).digest('hex');\n};\n\nconst TRACE_ID = generateTraceId();\n\nexport interface QueryOptions<S> {\n  message: string;\n  model?: AIModel;\n  region: CloudRegion;\n  schema: ZodSchema<S>;\n  accessToken: string;\n  projectId: number;\n}\n\nexport const query = async <S>({\n  message,\n  model = 'o4-mini',\n  region,\n  schema,\n  accessToken,\n  projectId: _, // TODO: Use this to switch the wizard query endpoint over to the new LLM Gateway\n}: QueryOptions<S>): Promise<S> => {\n  const fullSchema = zodToJsonSchema(schema, 'schema');\n  const jsonSchema = fullSchema.definitions;\n\n  debug('Full schema:', JSON.stringify(fullSchema, null, 2));\n  debug('Query request:', {\n    url: `${getCloudUrlFromRegion(region)}/api/wizard/query`,\n    accessToken,\n    message: message.substring(0, 100) + '...',\n    json_schema: { ...jsonSchema, name: 'schema', strict: true },\n  });\n\n  const response = await axios\n    .post<{ data: unknown }>(\n      `${getCloudUrlFromRegion(region)}/api/wizard/query`,\n      {\n        message,\n        model,\n        json_schema: { ...jsonSchema, name: 'schema', strict: true },\n      },\n      {\n        headers: {\n          Authorization: `Bearer ${accessToken}`,\n          'X-PostHog-Trace-Id': TRACE_ID,\n          ...(process.env.RECORD_FIXTURES === 'true'\n            ? { 'X-PostHog-Wizard-Fixture-Generation': true }\n            : {}),\n        },\n      },\n    )\n    .catch((error) => {\n      debug('Query error:', error);\n\n      if (error instanceof AxiosError) {\n        analytics.captureException(error, {\n          response_status_code: error.response?.status,\n          message,\n          model,\n          json_schema: jsonSchema,\n          type: 'wizard_query_error',\n        });\n\n        if (error.response?.status === 429) {\n          throw new RateLimitError();\n        }\n      }\n\n      throw error;\n    });\n\n  debug('Query response:', {\n    status: response.status,\n    data: response.data,\n  });\n\n  const validation = schema.safeParse(response.data.data);\n\n  if (!validation.success) {\n    debug('Validation error:', validation.error);\n    throw new Error(\n      `Invalid response from wizard: ${validation.error.message}`,\n    );\n  }\n\n  if (process.env.NODE_ENV === 'test') {\n    const { fixtureTracker } = await import(\n      '../../e2e-tests/mocks/fixture-tracker.js'\n    );\n\n    const requestBody = JSON.stringify({\n      message,\n      model,\n      json_schema: { ...jsonSchema, name: 'schema', strict: true },\n    });\n\n    fixtureTracker.saveQueryFixture(requestBody, validation.data);\n  }\n\n  return validation.data;\n};\n"]}

package/dist/src/utils/types.d.ts

@@ -46,4 +46,4 @@ export type FileChange = {
     newContent: string;
 };
 export type CloudRegion = 'us' | 'eu';
-export type AIModel = 'o4-mini' | 'gemini-2.5-flash' | 'gemini-2.5-pro';
+export type AIModel = 'gpt-5-mini' | 'o4-mini' | 'gemini-2.5-flash' | 'gemini-2.5-pro';

package/dist/src/utils/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/utils/types.ts"],"names":[],"mappings":"","sourcesContent":["export type PostHogProjectData = Record<string, unknown>;\n\nexport type PreselectedProject = {\n  project: PostHogProjectData;\n  authToken: string;\n};\n\nexport type WizardOptions = {\n  /**\n   * Whether to enable debug mode.\n   */\n  debug: boolean;\n\n  /**\n   * Whether to force install the SDK package to continue with the installation in case\n   * any package manager checks are failing (e.g. peer dependency versions).\n   *\n   * Use with caution and only if you know what you're doing.\n   *\n   * Does not apply to all wizard flows (currently NPM only)\n   */\n  forceInstall: boolean;\n\n  /**\n   * The directory to run the wizard in.\n   */\n  installDir: string;\n\n  /**\n   * The cloud region to use.\n   */\n  cloudRegion?: CloudRegion;\n\n  /**\n   * Whether to select the default option for all questions automatically.\n   */\n  default: boolean;\n\n  /**\n   * Whether to create a new PostHog account during setup.\n   */\n  signup: boolean;\n};\n\nexport interface Feature {\n  id: string;\n  prompt: string;\n  enabledHint?: string;\n  disabledHint?: string;\n}\n\nexport type FileChange = {\n  filePath: string;\n  oldContent?: string;\n  newContent: string;\n};\n\nexport type CloudRegion = 'us' | 'eu';\n\nexport type AIModel = 'o4-mini' | 'gemini-2.5-flash' | 'gemini-2.5-pro';\n"]}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/utils/types.ts"],"names":[],"mappings":"","sourcesContent":["export type PostHogProjectData = Record<string, unknown>;\n\nexport type PreselectedProject = {\n  project: PostHogProjectData;\n  authToken: string;\n};\n\nexport type WizardOptions = {\n  /**\n   * Whether to enable debug mode.\n   */\n  debug: boolean;\n\n  /**\n   * Whether to force install the SDK package to continue with the installation in case\n   * any package manager checks are failing (e.g. peer dependency versions).\n   *\n   * Use with caution and only if you know what you're doing.\n   *\n   * Does not apply to all wizard flows (currently NPM only)\n   */\n  forceInstall: boolean;\n\n  /**\n   * The directory to run the wizard in.\n   */\n  installDir: string;\n\n  /**\n   * The cloud region to use.\n   */\n  cloudRegion?: CloudRegion;\n\n  /**\n   * Whether to select the default option for all questions automatically.\n   */\n  default: boolean;\n\n  /**\n   * Whether to create a new PostHog account during setup.\n   */\n  signup: boolean;\n};\n\nexport interface Feature {\n  id: string;\n  prompt: string;\n  enabledHint?: string;\n  disabledHint?: string;\n}\n\nexport type FileChange = {\n  filePath: string;\n  oldContent?: string;\n  newContent: string;\n};\n\nexport type CloudRegion = 'us' | 'eu';\n\nexport type AIModel =\n  | 'gpt-5-mini'\n  | 'o4-mini'\n  | 'gemini-2.5-flash'\n  | 'gemini-2.5-pro';\n"]}

package/dist/src/utils/urls.d.ts

@@ -1,4 +1,6 @@
 import type { CloudRegion } from './types';
 export declare const getAssetHostFromHost: (host: string) => string;
 export declare const getUiHostFromHost: (host: string) => string;
+export declare const getHostFromRegion: (region: CloudRegion) => "http://localhost:8010" | "https://us.i.posthog.com" | "https://eu.i.posthog.com";
 export declare const getCloudUrlFromRegion: (region: CloudRegion) => "http://localhost:8010" | "https://us.posthog.com" | "https://eu.posthog.com";
+export declare const getOauthClientIdFromRegion: (region: CloudRegion) => "c4Rdw8DIxgtQfA80IiSnGKlNX8QN00cFWF00QQhM" | "bx2C5sZRN03TkdjraCcetvQFPGH6N2Y9vRLkcKEy" | "DC5uRLVbGI02YQ82grxgnK6Qn12SXWpCqdPb60oZ";

package/dist/src/utils/urls.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCloudUrlFromRegion = exports.getUiHostFromHost = exports.getAssetHostFromHost = void 0;
+exports.getOauthClientIdFromRegion = exports.getCloudUrlFromRegion = exports.getHostFromRegion = exports.getUiHostFromHost = exports.getAssetHostFromHost = void 0;
 const constants_1 = require("../lib/constants");
 const getAssetHostFromHost = (host) => {
     if (host.includes('us.i.posthog.com')) {
@@ -22,14 +22,34 @@ const getUiHostFromHost = (host) => {
     return host;
 };
 exports.getUiHostFromHost = getUiHostFromHost;
+const getHostFromRegion = (region) => {
+    if (constants_1.IS_DEV) {
+        return 'http://localhost:8010';
+    }
+    if (region === 'eu') {
+        return 'https://eu.i.posthog.com';
+    }
+    return 'https://us.i.posthog.com';
+};
+exports.getHostFromRegion = getHostFromRegion;
 const getCloudUrlFromRegion = (region) => {
     if (constants_1.IS_DEV) {
         return 'http://localhost:8010';
     }
-    if (region === 'us') {
-        return 'https://us.posthog.com';
+    if (region === 'eu') {
+        return 'https://eu.posthog.com';
     }
-    return 'https://eu.posthog.com';
+    return 'https://us.posthog.com';
 };
 exports.getCloudUrlFromRegion = getCloudUrlFromRegion;
+const getOauthClientIdFromRegion = (region) => {
+    if (constants_1.IS_DEV) {
+        return constants_1.POSTHOG_DEV_CLIENT_ID;
+    }
+    if (region === 'us') {
+        return constants_1.POSTHOG_US_CLIENT_ID;
+    }
+    return constants_1.POSTHOG_EU_CLIENT_ID;
+};
+exports.getOauthClientIdFromRegion = getOauthClientIdFromRegion;
 //# sourceMappingURL=urls.js.map

package/dist/src/utils/urls.js.map

@@ -1 +1 @@
-{"version":3,"file":"urls.js","sourceRoot":"","sources":["../../../src/utils/urls.ts"],"names":[],"mappings":";;;AAAA,gDAA0C;AAGnC,MAAM,oBAAoB,GAAG,CAAC,IAAY,EAAE,EAAE;IACnD,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,OAAO,iCAAiC,CAAC;IAC3C,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,OAAO,iCAAiC,CAAC;IAC3C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAVW,QAAA,oBAAoB,wBAU/B;AAEK,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAE,EAAE;IAChD,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,OAAO,wBAAwB,CAAC;IAClC,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,OAAO,wBAAwB,CAAC;IAClC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAVW,QAAA,iBAAiB,qBAU5B;AAEK,MAAM,qBAAqB,GAAG,CAAC,MAAmB,EAAE,EAAE;IAC3D,IAAI,kBAAM,EAAE,CAAC;QACX,OAAO,uBAAuB,CAAC;IACjC,CAAC;IAED,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,wBAAwB,CAAC;IAClC,CAAC;IACD,OAAO,wBAAwB,CAAC;AAClC,CAAC,CAAC;AATW,QAAA,qBAAqB,yBAShC","sourcesContent":["import { IS_DEV } from '../lib/constants';\nimport type { CloudRegion } from './types';\n\nexport const getAssetHostFromHost = (host: string) => {\n  if (host.includes('us.i.posthog.com')) {\n    return 'https://us-assets.i.posthog.com';\n  }\n\n  if (host.includes('eu.i.posthog.com')) {\n    return 'https://eu-assets.i.posthog.com';\n  }\n\n  return host;\n};\n\nexport const getUiHostFromHost = (host: string) => {\n  if (host.includes('us.i.posthog.com')) {\n    return 'https://us.posthog.com';\n  }\n\n  if (host.includes('eu.i.posthog.com')) {\n    return 'https://eu.posthog.com';\n  }\n\n  return host;\n};\n\nexport const getCloudUrlFromRegion = (region: CloudRegion) => {\n  if (IS_DEV) {\n    return 'http://localhost:8010';\n  }\n\n  if (region === 'us') {\n    return 'https://us.posthog.com';\n  }\n  return 'https://eu.posthog.com';\n};\n"]}
+{"version":3,"file":"urls.js","sourceRoot":"","sources":["../../../src/utils/urls.ts"],"names":[],"mappings":";;;AAAA,gDAK0B;AAGnB,MAAM,oBAAoB,GAAG,CAAC,IAAY,EAAE,EAAE;IACnD,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,OAAO,iCAAiC,CAAC;IAC3C,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,OAAO,iCAAiC,CAAC;IAC3C,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAVW,QAAA,oBAAoB,wBAU/B;AAEK,MAAM,iBAAiB,GAAG,CAAC,IAAY,EAAE,EAAE;IAChD,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,OAAO,wBAAwB,CAAC;IAClC,CAAC;IAED,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACtC,OAAO,wBAAwB,CAAC;IAClC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAVW,QAAA,iBAAiB,qBAU5B;AAEK,MAAM,iBAAiB,GAAG,CAAC,MAAmB,EAAE,EAAE;IACvD,IAAI,kBAAM,EAAE,CAAC;QACX,OAAO,uBAAuB,CAAC;IACjC,CAAC;IAED,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,0BAA0B,CAAC;IACpC,CAAC;IAED,OAAO,0BAA0B,CAAC;AACpC,CAAC,CAAC;AAVW,QAAA,iBAAiB,qBAU5B;AAEK,MAAM,qBAAqB,GAAG,CAAC,MAAmB,EAAE,EAAE;IAC3D,IAAI,kBAAM,EAAE,CAAC;QACX,OAAO,uBAAuB,CAAC;IACjC,CAAC;IAED,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,wBAAwB,CAAC;IAClC,CAAC;IAED,OAAO,wBAAwB,CAAC;AAClC,CAAC,CAAC;AAVW,QAAA,qBAAqB,yBAUhC;AAEK,MAAM,0BAA0B,GAAG,CAAC,MAAmB,EAAE,EAAE;IAChE,IAAI,kBAAM,EAAE,CAAC;QACX,OAAO,iCAAqB,CAAC;IAC/B,CAAC;IAED,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACpB,OAAO,gCAAoB,CAAC;IAC9B,CAAC;IACD,OAAO,gCAAoB,CAAC;AAC9B,CAAC,CAAC;AATW,QAAA,0BAA0B,8BASrC","sourcesContent":["import {\n  IS_DEV,\n  POSTHOG_DEV_CLIENT_ID,\n  POSTHOG_EU_CLIENT_ID,\n  POSTHOG_US_CLIENT_ID,\n} from '../lib/constants';\nimport type { CloudRegion } from './types';\n\nexport const getAssetHostFromHost = (host: string) => {\n  if (host.includes('us.i.posthog.com')) {\n    return 'https://us-assets.i.posthog.com';\n  }\n\n  if (host.includes('eu.i.posthog.com')) {\n    return 'https://eu-assets.i.posthog.com';\n  }\n\n  return host;\n};\n\nexport const getUiHostFromHost = (host: string) => {\n  if (host.includes('us.i.posthog.com')) {\n    return 'https://us.posthog.com';\n  }\n\n  if (host.includes('eu.i.posthog.com')) {\n    return 'https://eu.posthog.com';\n  }\n\n  return host;\n};\n\nexport const getHostFromRegion = (region: CloudRegion) => {\n  if (IS_DEV) {\n    return 'http://localhost:8010';\n  }\n\n  if (region === 'eu') {\n    return 'https://eu.i.posthog.com';\n  }\n\n  return 'https://us.i.posthog.com';\n};\n\nexport const getCloudUrlFromRegion = (region: CloudRegion) => {\n  if (IS_DEV) {\n    return 'http://localhost:8010';\n  }\n\n  if (region === 'eu') {\n    return 'https://eu.posthog.com';\n  }\n\n  return 'https://us.posthog.com';\n};\n\nexport const getOauthClientIdFromRegion = (region: CloudRegion) => {\n  if (IS_DEV) {\n    return POSTHOG_DEV_CLIENT_ID;\n  }\n\n  if (region === 'us') {\n    return POSTHOG_US_CLIENT_ID;\n  }\n  return POSTHOG_EU_CLIENT_ID;\n};\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@posthog/wizard",
-  "version": "1.13.2",
+  "version": "1.15.0",
   "homepage": "https://github.com/posthog/wizard",
   "repository": "https://github.com/posthog/wizard",
   "description": "The PostHog wizard helps you to configure your project",
@@ -85,7 +85,7 @@
     "typescript": "^5.0.4"
   },
   "engines": {
-    "node": "18.x || 20.x",
+    "node": ">=18",
     "npm": ">=3.10.7"
   },
   "jest": {
@@ -122,7 +122,7 @@
   "author": "PostHog",
   "license": "MIT",
   "volta": {
-    "node": "18.20.8",
+    "node": "20.18.2",
     "pnpm": "9.15.5"
   },
   "scripts": {