@primitivedotdev/cli 0.26.1 → 0.26.3

package/dist/oclif/commands/functions-test-function.js

@@ -1,238 +0,0 @@
-import { Command, Flags } from "@oclif/core";
-import { getEmail, PrimitiveApiClient, testFunction, } from "@primitivedotdev/sdk/api";
-import { API_BASE_URL_1_FLAG_DESCRIPTION, API_BASE_URL_2_FLAG_DESCRIPTION, baseUrlOverriddenFromFlags, extractErrorPayload, removeStaleSavedCredentialOnUnauthorized, runWithTiming, TIME_FLAG_DESCRIPTION, writeErrorWithHints, } from "../api-command.js";
-import { resolveCliAuth } from "../auth.js";
-import { DEFAULT_EMAIL_POLL_INTERVAL_SECONDS, fetchEmailSearchPage, sleep, } from "./emails-poll.js";
-// `primitive functions:test-function` is the agent-grade shortcut for
-// triggering a real round-trip and (optionally) waiting for the
-// function to actually run before exiting. The underlying
-// `POST /functions/{id}/test` operation only kicks off a synthetic
-// inbound through MX and returns the queued send id; AGX walkthroughs
-// flagged the missing wait-and-show-sends step as the single biggest
-// time-sink in the verification loop.
-//
-// Shapes:
-//   primitive functions:test-function --id <fn-id>
-//       Fire-and-forget. Returns the TestInvocationResult JSON
-//       (recipient, poll_since, watch_url). Same behavior as the
-//       auto-generated functions:test-function it replaces.
-//
-//   primitive functions:test-function --id <fn-id> --wait
-//       Blocks until the test inbound has arrived AND the function's
-//       webhook has fired (or --timeout elapses). Exits non-zero on
-//       timeout or on exhausted retries.
-//
-//   primitive functions:test-function --id <fn-id> --wait --show-sends
-//       Same as --wait, plus prints the inbound's `replies` array
-//       (every outbound the function emitted while processing the
-//       test inbound), with each send's id, status, recipient,
-//       subject, and queue id.
-//
-// The auto-generated functions:test-function entry is filtered out
-// of the generated-command set in oclif/index.ts so this hand-rolled
-// version owns the id.
-const DEFAULT_WAIT_TIMEOUT_SECONDS = 60;
-// Terminal states from the EmailWebhookStatus enum. `fired` means the
-// function returned 2xx; `exhausted` means all retries are spent and
-// the delivery is permanently failed. `pending` / `in_flight` /
-// `failed` are intermediate (`failed` is a temporary failure that may
-// retry into `fired` or eventually `exhausted`), so we keep polling.
-const TERMINAL_WEBHOOK_STATUSES = new Set(["fired", "exhausted"]);
-class FunctionsTestFunctionCommand extends Command {
-    static description = "Send a real test email through MX to trigger this function. With --wait, blocks until the function has processed the inbound; with --show-sends, also prints any outbound sends the function emitted in response.";
-    static summary = "Trigger a test invocation; with --wait, watch it land";
-    static examples = [
-        "<%= config.bin %> functions:test-function --id <fn-id>",
-        "<%= config.bin %> functions:test-function --id <fn-id> --local-part summarize",
-        "<%= config.bin %> functions:test-function --id <fn-id> --wait --show-sends",
-        "<%= config.bin %> functions:test-function --id <fn-id> --local-part summarize --wait --timeout 120",
-    ];
-    static flags = {
-        "api-key": Flags.string({
-            description: "Primitive API key (defaults to PRIMITIVE_API_KEY or saved `primitive login` credentials)",
-            env: "PRIMITIVE_API_KEY",
-        }),
-        "api-base-url-1": Flags.string({
-            description: API_BASE_URL_1_FLAG_DESCRIPTION,
-            env: "PRIMITIVE_API_BASE_URL_1",
-            hidden: true,
-        }),
-        "api-base-url-2": Flags.string({
-            description: API_BASE_URL_2_FLAG_DESCRIPTION,
-            env: "PRIMITIVE_API_BASE_URL_2",
-            hidden: true,
-        }),
-        id: Flags.string({
-            description: "Function id (UUID).",
-            required: true,
-        }),
-        "local-part": Flags.string({
-            description: "Override the synthetic local-part the test inbound is addressed to. Otherwise the runtime picks `__primitive_function_test+<random>`.",
-        }),
-        wait: Flags.boolean({
-            description: "Block until the function has processed the test inbound (webhook status is `fired` or `exhausted`) or --timeout elapses. Exits non-zero on timeout or on exhausted retries.",
-        }),
-        "show-sends": Flags.boolean({
-            description: "When the wait resolves, also print the outbound emails the function emitted while processing the test inbound (id, status, to, subject). Implies --wait.",
-        }),
-        timeout: Flags.integer({
-            default: DEFAULT_WAIT_TIMEOUT_SECONDS,
-            description: "Seconds to wait before exiting non-zero when --wait is set; 0 waits forever.",
-            min: 0,
-        }),
-        "poll-interval": Flags.integer({
-            default: DEFAULT_EMAIL_POLL_INTERVAL_SECONDS,
-            description: "Seconds between polls while waiting.",
-            min: 1,
-        }),
-        time: Flags.boolean({
-            description: TIME_FLAG_DESCRIPTION,
-        }),
-    };
-    async run() {
-        const { flags } = await this.parse(FunctionsTestFunctionCommand);
-        // --show-sends implies --wait. You can't print what was sent
-        // until the function has actually run.
-        const shouldWait = flags.wait || flags["show-sends"];
-        const shouldShowSends = flags["show-sends"];
-        const baseUrlOverridden = baseUrlOverriddenFromFlags(flags);
-        const auth = resolveCliAuth({
-            apiKey: flags["api-key"],
-            apiBaseUrl1: flags["api-base-url-1"],
-            apiBaseUrl2: flags["api-base-url-2"],
-            configDir: this.config.configDir,
-        });
-        const apiClient = new PrimitiveApiClient({
-            apiKey: auth.apiKey,
-            apiBaseUrl1: auth.apiBaseUrl1,
-            apiBaseUrl2: auth.apiBaseUrl2,
-        });
-        await runWithTiming(flags.time, async () => {
-            // 1. Trigger the test send.
-            const triggerResult = await testFunction({
-                client: apiClient.client,
-                path: { id: flags.id },
-                body: flags["local-part"]
-                    ? { local_part: flags["local-part"] }
-                    : undefined,
-                responseStyle: "fields",
-            });
-            if (triggerResult.error) {
-                const payload = extractErrorPayload(triggerResult.error);
-                writeErrorWithHints(payload);
-                removeStaleSavedCredentialOnUnauthorized({
-                    auth,
-                    baseUrlOverridden,
-                    configDir: this.config.configDir,
-                    payload,
-                });
-                process.exitCode = 1;
-                return;
-            }
-            const invocation = triggerResult.data
-                .data;
-            if (!shouldWait) {
-                // Fire-and-forget path: print the TestInvocationResult JSON
-                // unchanged. Same shape the auto-generated command emitted.
-                this.log(JSON.stringify(invocation, null, 2));
-                return;
-            }
-            const startedAt = Date.now();
-            const timeoutMs = flags.timeout * 1000;
-            const pollIntervalMs = flags["poll-interval"] * 1000;
-            const isExpired = () => flags.timeout > 0 && Date.now() - startedAt > timeoutMs;
-            // 2. Wait for the test inbound to arrive. The synthetic
-            // recipient is unique per call (random suffix in the local-part
-            // unless --local-part overrides), so `to` + `since` uniquely
-            // identifies the test inbound row.
-            this.log(`Waiting for test inbound to arrive at ${invocation.to}...`);
-            let inboundId;
-            while (!isExpired()) {
-                const page = await fetchEmailSearchPage({
-                    apiClient,
-                    filters: { to: invocation.to },
-                    pageSize: 25,
-                    since: invocation.poll_since,
-                });
-                if (!page.ok) {
-                    const payload = extractErrorPayload(page.error);
-                    writeErrorWithHints(payload);
-                    removeStaleSavedCredentialOnUnauthorized({
-                        auth,
-                        baseUrlOverridden,
-                        configDir: this.config.configDir,
-                        payload,
-                    });
-                    process.exitCode = 1;
-                    return;
-                }
-                const found = page.rows[0];
-                if (found) {
-                    inboundId = found.id;
-                    break;
-                }
-                await sleep(pollIntervalMs);
-            }
-            if (!inboundId) {
-                this.error(`Timed out after ${flags.timeout}s waiting for test inbound ${invocation.to} to land. Browse ${invocation.watch_url} for the live view.`, { exit: 2 });
-            }
-            // 3. Wait for the function (webhook) to actually run. We poll
-            // the email-detail endpoint because it already carries both the
-            // webhook_status terminal state and the `replies` array we'll
-            // print under --show-sends. No second endpoint needed.
-            this.log(`Inbound landed (${inboundId}). Waiting for function to run...`);
-            let detail;
-            while (!isExpired()) {
-                const result = await getEmail({
-                    client: apiClient.client,
-                    path: { id: inboundId },
-                    responseStyle: "fields",
-                });
-                if (result.error) {
-                    const payload = extractErrorPayload(result.error);
-                    writeErrorWithHints(payload);
-                    removeStaleSavedCredentialOnUnauthorized({
-                        auth,
-                        baseUrlOverridden,
-                        configDir: this.config.configDir,
-                        payload,
-                    });
-                    process.exitCode = 1;
-                    return;
-                }
-                const fetched = result.data.data;
-                if (fetched.webhook_status &&
-                    TERMINAL_WEBHOOK_STATUSES.has(fetched.webhook_status)) {
-                    detail = fetched;
-                    break;
-                }
-                await sleep(pollIntervalMs);
-            }
-            if (!detail) {
-                this.error(`Timed out after ${flags.timeout}s waiting for function webhook to fire for inbound ${inboundId}. Browse ${invocation.watch_url} for the live view.`, { exit: 2 });
-            }
-            // 4. Emit the outcome.
-            const elapsedSeconds = Math.round((Date.now() - startedAt) / 1000);
-            const outcome = {
-                function_id: flags.id,
-                inbound_id: inboundId,
-                inbound_to: invocation.to,
-                webhook_status: detail.webhook_status,
-                webhook_attempt_count: detail.webhook_attempt_count,
-                webhook_last_status_code: detail.webhook_last_status_code,
-                webhook_last_error: detail.webhook_last_error,
-                elapsed_seconds: elapsedSeconds,
-            };
-            if (shouldShowSends) {
-                outcome.sent_emails = detail.replies;
-            }
-            this.log(JSON.stringify(outcome, null, 2));
-            // Exit non-zero when the function failed permanently so CI
-            // scripts can gate on the exit code.
-            if (detail.webhook_status === "exhausted") {
-                process.exitCode = 1;
-            }
-        });
-    }
-}
-export default FunctionsTestFunctionCommand;

package/dist/oclif/commands/login.js

@@ -1,236 +0,0 @@
-import { spawn } from "node:child_process";
-import { hostname } from "node:os";
-import { Command, Errors, Flags } from "@oclif/core";
-import { getAccount, PrimitiveApiClient, pollCliLogin, startCliLogin, } from "@primitivedotdev/sdk/api";
-import { API_ERROR_CODES, extractErrorCode, extractErrorPayload, removeStaleSavedCredentialOnUnauthorized, writeErrorWithHints, } from "../api-command.js";
-import { acquireCliCredentialsLock, credentialsPath, loadCliCredentials, normalizeApiBaseUrl1, normalizeApiBaseUrl2, saveCliCredentials, } from "../auth.js";
-const MAX_CLI_LOGIN_POLL_INTERVAL_SECONDS = 60;
-function cliError(message) {
-    return new Errors.CLIError(message, { exit: 1 });
-}
-function sleep(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-}
-function openBrowser(url) {
-    const command = process.platform === "darwin"
-        ? "open"
-        : process.platform === "win32"
-            ? "cmd"
-            : "xdg-open";
-    const args = process.platform === "win32" ? ["/c", "start", "", url] : [url];
-    const child = spawn(command, args, { detached: true, stdio: "ignore" });
-    child.on("error", () => undefined);
-    child.unref();
-}
-function unwrapData(value) {
-    const envelope = value;
-    return envelope?.data ?? null;
-}
-function retryAfterSeconds(result) {
-    const response = result.response;
-    const raw = response?.headers.get("retry-after");
-    if (!raw)
-        return null;
-    const parsed = Number.parseInt(raw, 10);
-    return Number.isFinite(parsed) && parsed > 0 ? parsed : null;
-}
-export async function checkExistingLogin(params) {
-    const baseUrlOverridden = params.apiBaseUrl1 !== undefined;
-    const probeApiBaseUrl1 = baseUrlOverridden
-        ? normalizeApiBaseUrl1(params.apiBaseUrl1)
-        : params.credentials.api_base_url_1;
-    const apiClient = new PrimitiveApiClient({
-        apiKey: params.credentials.api_key,
-        apiBaseUrl1: probeApiBaseUrl1,
-    });
-    const result = await (params.checkAccount ??
-        ((client) => getAccount({
-            client: client.client,
-            responseStyle: "fields",
-        })))(apiClient);
-    if (!result.error)
-        return { status: "valid" };
-    const payload = extractErrorPayload(result.error);
-    const auth = {
-        apiKey: params.credentials.api_key,
-        apiBaseUrl1: probeApiBaseUrl1,
-        // Host-2 isn't relevant to checkExistingLogin (login is on host-1
-        // only), but the auth shape requires it. Use the default.
-        apiBaseUrl2: normalizeApiBaseUrl2(undefined),
-        credentials: params.credentials,
-        source: "stored",
-    };
-    const removed = removeStaleSavedCredentialOnUnauthorized({
-        auth,
-        baseUrlOverridden,
-        configDir: params.configDir,
-        payload,
-    });
-    if (removed)
-        return { status: "removed_stale" };
-    const code = extractErrorCode(payload);
-    return {
-        status: "blocked",
-        payload,
-        message: code === API_ERROR_CODES.unauthorized
-            ? "Saved Primitive CLI credentials were rejected. Run `primitive logout` to remove them before logging in again."
-            : "A saved Primitive CLI login exists, but the CLI could not verify whether it is still valid. Run `primitive logout` before logging in again.",
-    };
-}
-class LoginCommand extends Command {
-    static description = "Log in by opening Primitive in your browser and saving an org-scoped CLI API key locally.";
-    static summary = "Log in with browser approval";
-    static examples = [
-        "<%= config.bin %> login",
-        "<%= config.bin %> login --device-name work-laptop",
-        "<%= config.bin %> login --force",
-    ];
-    static flags = {
-        "api-base-url-1": Flags.string({
-            description: "Override the primary API base URL. Internal testing only; not documented to customers.",
-            env: "PRIMITIVE_API_BASE_URL_1",
-            hidden: true,
-        }),
-        "device-name": Flags.string({
-            description: "Device name shown in the browser approval screen",
-        }),
-        "no-browser": Flags.boolean({
-            description: "Do not attempt to open the browser automatically",
-        }),
-        force: Flags.boolean({
-            char: "f",
-            description: "Replace saved credentials without first verifying the existing login",
-        }),
-    };
-    async run() {
-        const { flags } = await this.parse(LoginCommand);
-        let releaseCredentialsLock;
-        try {
-            releaseCredentialsLock = acquireCliCredentialsLock(this.config.configDir);
-        }
-        catch (error) {
-            const detail = error instanceof Error ? error.message : String(error);
-            throw cliError(detail);
-        }
-        try {
-            await this.runWithCredentialLock(flags);
-        }
-        finally {
-            releaseCredentialsLock();
-        }
-    }
-    async runWithCredentialLock(flags) {
-        const apiBaseUrl1 = normalizeApiBaseUrl1(flags["api-base-url-1"]);
-        let existing;
-        try {
-            existing = loadCliCredentials(this.config.configDir);
-        }
-        catch (error) {
-            if (!flags.force)
-                throw error;
-            const detail = error instanceof Error ? error.message : String(error);
-            process.stderr.write(`Replacing unreadable Primitive CLI credentials because --force was set: ${detail}\n`);
-            existing = null;
-        }
-        if (existing && flags.force) {
-            process.stderr.write("Replacing saved Primitive CLI credentials after browser approval because --force was set.\n");
-        }
-        else if (existing) {
-            const existingStatus = await checkExistingLogin({
-                apiBaseUrl1: flags["api-base-url-1"],
-                configDir: this.config.configDir,
-                credentials: existing,
-            });
-            if (existingStatus.status === "removed_stale") {
-                process.stderr.write("Continuing with a new Primitive CLI login...\n");
-            }
-            else if (existingStatus.status === "blocked") {
-                writeErrorWithHints(existingStatus.payload);
-                throw cliError(existingStatus.message);
-            }
-            else {
-                const org = existing.org_name ? ` for ${existing.org_name}` : "";
-                throw cliError(`Already logged in${org}. Run \`primitive logout\` before logging in again.`);
-            }
-        }
-        const apiClient = new PrimitiveApiClient({ apiBaseUrl1 });
-        const deviceName = flags["device-name"] ?? hostname();
-        const started = await startCliLogin({
-            body: {
-                device_name: deviceName,
-            },
-            client: apiClient.client,
-            responseStyle: "fields",
-        });
-        if (started.error) {
-            writeErrorWithHints(extractErrorPayload(started.error));
-            throw cliError("Could not start Primitive CLI login.");
-        }
-        const start = unwrapData(started.data);
-        if (!start) {
-            throw cliError("Primitive API returned an empty CLI login response.");
-        }
-        process.stderr.write(`Your login code is: ${start.user_code}\n`);
-        if (!flags["no-browser"]) {
-            openBrowser(start.verification_uri_complete);
-            process.stderr.write("Opening Primitive in your browser...\n");
-        }
-        process.stderr.write(`If the browser did not open, visit: ${start.verification_uri_complete}\n`);
-        process.stderr.write("Waiting for browser approval...\n");
-        const deadline = Date.now() + start.expires_in * 1000;
-        let interval = Math.min(Math.max(1, start.interval), MAX_CLI_LOGIN_POLL_INTERVAL_SECONDS);
-        let nextPollDelay = 1;
-        while (Date.now() < deadline) {
-            await sleep(nextPollDelay * 1000);
-            nextPollDelay = interval;
-            const polled = await pollCliLogin({
-                body: { device_code: start.device_code },
-                client: apiClient.client,
-                responseStyle: "fields",
-            });
-            if (polled.data) {
-                const login = unwrapData(polled.data);
-                if (!login) {
-                    throw cliError("Primitive API returned an empty CLI poll response.");
-                }
-                saveCliCredentials(this.config.configDir, {
-                    api_key: login.api_key,
-                    api_base_url_1: apiBaseUrl1,
-                    created_at: new Date().toISOString(),
-                    key_id: login.key_id,
-                    key_prefix: login.key_prefix,
-                    org_id: login.org_id,
-                    org_name: login.org_name,
-                });
-                const org = login.org_name ? ` (${login.org_name})` : "";
-                process.stderr.write(`Logged in to org ${login.org_id}${org}.\n`);
-                process.stderr.write(`Saved credentials to ${credentialsPath(this.config.configDir)}.\n`);
-                return;
-            }
-            const payload = extractErrorPayload(polled.error);
-            const code = extractErrorCode(payload);
-            if (code === API_ERROR_CODES.authorizationPending) {
-                nextPollDelay = interval;
-                continue;
-            }
-            if (code === API_ERROR_CODES.slowDown) {
-                interval = Math.min(retryAfterSeconds(polled) ?? interval + 5, MAX_CLI_LOGIN_POLL_INTERVAL_SECONDS);
-                nextPollDelay = interval;
-                continue;
-            }
-            if (code === API_ERROR_CODES.accessDenied) {
-                throw cliError("Primitive CLI login was denied in the browser.");
-            }
-            if (code === API_ERROR_CODES.expiredToken) {
-                throw cliError("Primitive CLI login expired. Run `primitive login` again.");
-            }
-            if (code === API_ERROR_CODES.invalidDeviceCode) {
-                throw cliError("Primitive CLI login device code is invalid. Run `primitive login` again.");
-            }
-            writeErrorWithHints(payload);
-            throw cliError("Primitive CLI login failed while polling for approval.");
-        }
-        throw cliError("Primitive CLI login expired. Run `primitive login` again.");
-    }
-}
-export default LoginCommand;

package/dist/oclif/commands/logout.js

@@ -1,87 +0,0 @@
-import { Command, Errors, Flags } from "@oclif/core";
-import { cliLogout, PrimitiveApiClient } from "@primitivedotdev/sdk/api";
-import { API_ERROR_CODES, extractErrorCode, extractErrorPayload, writeErrorWithHints, } from "../api-command.js";
-import { acquireCliCredentialsLock, deleteCliCredentials, loadCliCredentials, normalizeApiBaseUrl1, } from "../auth.js";
-function cliError(message) {
-    return new Errors.CLIError(message, { exit: 1 });
-}
-function unwrapData(value) {
-    const envelope = value;
-    return envelope?.data ?? null;
-}
-class LogoutCommand extends Command {
-    static description = "Log out by revoking the saved Primitive CLI API key and deleting local credentials.";
-    static summary = "Log out and revoke the saved CLI key";
-    static examples = ["<%= config.bin %> logout"];
-    static flags = {
-        "api-base-url-1": Flags.string({
-            description: "Override the primary API base URL. Internal testing only; not documented to customers.",
-            env: "PRIMITIVE_API_BASE_URL_1",
-            hidden: true,
-        }),
-    };
-    async run() {
-        const { flags } = await this.parse(LogoutCommand);
-        let releaseCredentialsLock;
-        try {
-            releaseCredentialsLock = acquireCliCredentialsLock(this.config.configDir);
-        }
-        catch (error) {
-            const detail = error instanceof Error ? error.message : String(error);
-            throw cliError(detail);
-        }
-        try {
-            await this.runWithCredentialLock(flags);
-        }
-        finally {
-            releaseCredentialsLock();
-        }
-    }
-    async runWithCredentialLock(flags) {
-        let credentials;
-        try {
-            credentials = loadCliCredentials(this.config.configDir);
-        }
-        catch (error) {
-            deleteCliCredentials(this.config.configDir);
-            const detail = error instanceof Error ? error.message : String(error);
-            process.stderr.write(`Removed unreadable Primitive CLI credentials. Backing API key was not revoked: ${detail}\n`);
-            process.exitCode = 1;
-            return;
-        }
-        if (!credentials) {
-            throw cliError("Not logged in. Run `primitive login` to create saved CLI credentials.");
-        }
-        const apiBaseUrl1 = flags["api-base-url-1"]
-            ? normalizeApiBaseUrl1(flags["api-base-url-1"])
-            : credentials.api_base_url_1;
-        const apiClient = new PrimitiveApiClient({
-            apiKey: credentials.api_key,
-            apiBaseUrl1,
-        });
-        const result = await cliLogout({
-            body: { key_id: credentials.key_id },
-            client: apiClient.client,
-            responseStyle: "fields",
-        });
-        if (result.error) {
-            const payload = extractErrorPayload(result.error);
-            const code = extractErrorCode(payload);
-            if (code === API_ERROR_CODES.unauthorized ||
-                code === API_ERROR_CODES.notFound) {
-                deleteCliCredentials(this.config.configDir);
-                writeErrorWithHints(payload);
-                process.stderr.write("Removed saved Primitive CLI credentials because the backing API key is already unavailable.\n");
-                process.exitCode = 1;
-                return;
-            }
-            writeErrorWithHints(payload);
-            throw cliError("Could not revoke the saved Primitive CLI API key.");
-        }
-        const logout = unwrapData(result.data);
-        deleteCliCredentials(this.config.configDir);
-        const keyId = logout?.key_id ?? credentials.key_id;
-        process.stderr.write(`Logged out and revoked API key ${keyId}.\n`);
-    }
-}
-export default LogoutCommand;