@salesforce/b2c-tooling-sdk 0.9.0 → 0.11.0

package/data/content-schemas/image.json

@@ -0,0 +1,37 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+
+  "type":"object",
+
+  "definitions": {
+    "fraction" : {
+      "type": "number",
+      "minimum": 0,
+      "maximum": 1
+    },
+    "focal_point": {
+      "type": "object",
+      "properties": {
+        "x" : { "$ref": "#/definitions/fraction" },
+        "y" : { "$ref": "#/definitions/fraction" }
+      },
+      "required": ["x","y"]
+    },
+    "meta_data": {
+      "type": "object",
+      "properties": {
+        "height" : { "type": "integer" },
+        "width" : { "type": "integer" }
+      },
+      "required": ["height","width"]
+    }
+  },
+
+  "properties": {
+    "path": {"type": "string"},
+    "focal_point": {"$ref":"#/definitions/focal_point"},
+    "meta_data": {"$ref":"#/definitions/meta_data"}
+  },
+  "required": ["path"],
+  "additionalProperties": false
+}

package/data/content-schemas/pagetype.json

@@ -0,0 +1,38 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+   
+  "type":"object",
+  
+  "properties": {
+    "name": {
+      "$ref": "common.json#/definitions/name"
+    },
+    "description": {
+      "$ref": "common.json#/definitions/description"
+    },
+    "arch_type": {
+      "$ref": "common.json#/definitions/arch_type"
+    },
+    "route": {
+      "$ref": "common.json#/definitions/route"
+    },
+    "region_definitions": {
+      "type": "array",
+      "items": {"$ref": "regiondefinition.json"}
+    },
+    "supported_aspect_types": {
+      "type": "array",
+      "items": {"$ref":"common.json#/definitions/full_qualified_id"}
+    },
+    "attribute_definition_groups": {
+      "type": "array",
+      "items": {
+        "$ref": "attributedefinitiongroup.json"
+      }
+    }
+  },
+  "required": [
+    "region_definitions"
+  ],
+  "additionalProperties": false
+}

package/data/content-schemas/regiondefinition.json

@@ -0,0 +1,33 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  
+  "type":"object",
+  
+  "properties": {
+    "id": {"$ref":"common.json#/definitions/id"},
+    "name": {"$ref":"common.json#/definitions/name"},
+    "max_components": {
+      "type": "integer",
+      "minimum": 1
+    },
+    "component_type_exclusions": {
+      "type": "array",
+      "items": {"$ref": "componenttypeexclusion.json"}
+    },
+    "component_type_inclusions": {
+      "type": "array",
+      "items": {"$ref": "componenttypeinclusion.json"}
+    },
+    "default_component_constructors": {
+      "type": "array",
+      "items": {"$ref": "componentconstructor.json"}
+    }
+  },
+  "required": ["id"],
+  "additionalProperties": false,
+  "anyOf": [
+    {"required":  ["component_type_exclusions"], "not":  {"required":  ["component_type_inclusions"]}},
+    {"required":  ["component_type_inclusions"], "not":  {"required":  ["component_type_exclusions"]}},
+    {"not":  {"required":  ["component_type_exclusions", "component_type_inclusions"]}}
+  ]
+}

package/data/content-schemas/visibilityrule.json

@@ -0,0 +1,70 @@
+{
+  "$schema": "http://json-schema.org/draft-04/schema#",
+  
+  "type":"object",
+  
+  "definitions": {
+    "time_period": {
+      "type": "object",
+      "properties": {
+        "valid_from": {
+          "format": "date-time"
+        },
+        "valid_to": {
+          "format": "date-time"
+        }
+      },
+      "additionalProperties": false
+    },
+    "customer_group_id_listing": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
+    "locale_id_listing": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    },
+    "campaign_qualifier": {
+      "type": "object",
+      "properties": {
+        "campaign_id": {
+          "type": "string"
+        },
+        "promotion_id": {
+          "type": "string"
+        }
+      },
+      "additionalProperties": false
+    },
+    "aspect_attribute_qualifiers": {
+      "type": "array",
+      "items": { "$ref": "#/definitions/aspect_attribute_qualifier" }
+    },
+    "aspect_attribute_qualifier": {
+      "type": "object",
+      "properties": {
+        "id": {"$ref":"common.json#/definitions/id"},
+        "values": {
+          "type": "array",
+          "maxItems": 20,
+          "items": {}
+        }
+      },
+      "required": ["id", "values"],
+      "additionalProperties": false
+    }
+  },
+  
+  "properties": {
+    "schedule": {"$ref": "#/definitions/time_period"},
+    "customer_group_ids": {"$ref": "#/definitions/customer_group_id_listing"},
+    "locale_ids": {"$ref": "#/definitions/locale_id_listing"},
+    "campaign_qualifier": {"$ref": "#/definitions/campaign_qualifier"},
+    "aspect_attribute_qualifiers" : {"$ref": "#/definitions/aspect_attribute_qualifiers"}
+  },
+  "additionalProperties": false
+}

package/dist/cjs/auth/index.d.ts

@@ -61,6 +61,10 @@ export type { OAuthConfig } from './oauth.js';
 export { ImplicitOAuthStrategy } from './oauth-implicit.js';
 export type { ImplicitOAuthConfig } from './oauth-implicit.js';
 export { ApiKeyStrategy } from './api-key.js';
+export { StatefulOAuthStrategy } from './stateful-oauth-strategy.js';
+export type { StatefulOAuthStrategyOptions } from './stateful-oauth-strategy.js';
+export { initializeStatefulStore, getStoredSession, setStoredSession, clearStoredSession, isStatefulTokenValid, resetStatefulStoreForTesting, } from './stateful-store.js';
+export type { StatefulSession } from './stateful-store.js';
 export { resolveAuthStrategy, checkAvailableAuthMethods } from './resolve.js';
 export type { ResolveAuthStrategyOptions, AvailableAuthMethods } from './resolve.js';
 export { globalAuthMiddlewareRegistry, AuthMiddlewareRegistry, applyAuthRequestMiddleware, applyAuthResponseMiddleware, } from './middleware.js';

package/dist/cjs/auth/index.js

@@ -64,6 +64,9 @@ export { BasicAuthStrategy } from './basic.js';
 export { OAuthStrategy, decodeJWT } from './oauth.js';
 export { ImplicitOAuthStrategy } from './oauth-implicit.js';
 export { ApiKeyStrategy } from './api-key.js';
+export { StatefulOAuthStrategy } from './stateful-oauth-strategy.js';
+// Stateful auth store
+export { initializeStatefulStore, getStoredSession, setStoredSession, clearStoredSession, isStatefulTokenValid, resetStatefulStoreForTesting, } from './stateful-store.js';
 // Resolution helpers
 export { resolveAuthStrategy, checkAvailableAuthMethods } from './resolve.js';
 // Auth middleware

package/dist/cjs/auth/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AAeH,OAAO,EAAC,gBAAgB,EAAC,MAAM,YAAY,CAAC;AAE5C,aAAa;AACb,OAAO,EAAC,iBAAiB,EAAC,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAC,aAAa,EAAE,SAAS,EAAC,MAAM,YAAY,CAAC;AAEpD,OAAO,EAAC,qBAAqB,EAAC,MAAM,qBAAqB,CAAC;AAE1D,OAAO,EAAC,cAAc,EAAC,MAAM,cAAc,CAAC;AAE5C,qBAAqB;AACrB,OAAO,EAAC,mBAAmB,EAAE,yBAAyB,EAAC,MAAM,cAAc,CAAC;AAG5E,kBAAkB;AAClB,OAAO,EACL,4BAA4B,EAC5B,sBAAsB,EACtB,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,iBAAiB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AAeH,OAAO,EAAC,gBAAgB,EAAC,MAAM,YAAY,CAAC;AAE5C,aAAa;AACb,OAAO,EAAC,iBAAiB,EAAC,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAC,aAAa,EAAE,SAAS,EAAC,MAAM,YAAY,CAAC;AAEpD,OAAO,EAAC,qBAAqB,EAAC,MAAM,qBAAqB,CAAC;AAE1D,OAAO,EAAC,cAAc,EAAC,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAC,qBAAqB,EAAC,MAAM,8BAA8B,CAAC;AAGnE,sBAAsB;AACtB,OAAO,EACL,uBAAuB,EACvB,gBAAgB,EAChB,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,EACpB,4BAA4B,GAC7B,MAAM,qBAAqB,CAAC;AAG7B,qBAAqB;AACrB,OAAO,EAAC,mBAAmB,EAAE,yBAAyB,EAAC,MAAM,cAAc,CAAC;AAG5E,kBAAkB;AAClB,OAAO,EACL,4BAA4B,EAC5B,sBAAsB,EACtB,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,iBAAiB,CAAC"}

package/dist/cjs/auth/stateful-oauth-strategy.d.ts

@@ -0,0 +1,39 @@
+/**
+ * OAuth strategy that uses stateful (persisted) tokens from the same store as sfcc-ci.
+ * Uses stateful auth only when present and valid; on 401 attempts refresh when renew
+ * credentials or refresh_token are stored.
+ *
+ * @module auth/stateful-oauth-strategy
+ */
+import type { AuthStrategy, AccessTokenResponse, DecodedJWT, FetchInit } from './types.js';
+import { type StatefulSession } from './stateful-store.js';
+export interface StatefulOAuthStrategyOptions {
+    accountManagerHost: string;
+    scopes?: string[];
+}
+/**
+ * Auth strategy that uses the stateful store (sfcc-ci compatible).
+ * On 401, attempts to refresh using stored refresh_token or client_credentials (renew base);
+ * on refresh failure clears the stored session.
+ */
+export declare class StatefulOAuthStrategy implements AuthStrategy {
+    private accountManagerHost;
+    private scopes;
+    private _session;
+    private _hasHadSuccess;
+    constructor(session: StatefulSession, options: StatefulOAuthStrategyOptions);
+    fetch(url: string, init?: FetchInit): Promise<Response>;
+    getAuthorizationHeader(): Promise<string>;
+    /**
+     * Returns the current token as AccessTokenResponse (expires/scopes from JWT).
+     */
+    getTokenResponse(): Promise<AccessTokenResponse>;
+    getJWT(): Promise<DecodedJWT>;
+    invalidateToken(): void;
+    private getAccessToken;
+    /**
+     * Attempts to refresh the access token using stored refresh_token or client_credentials (renew base).
+     * Requires SFCC_CLIENT_RENEW_BASE (client:secret) for both flows; updates store on success.
+     */
+    private tryRefresh;
+}

package/dist/cjs/auth/stateful-oauth-strategy.js

@@ -0,0 +1,136 @@
+import { getLogger } from '../logging/logger.js';
+import { decodeJWT } from './oauth.js';
+import { DEFAULT_ACCOUNT_MANAGER_HOST } from '../defaults.js';
+import { getStoredSession, setStoredSession, clearStoredSession } from './stateful-store.js';
+import { globalAuthMiddlewareRegistry, applyAuthRequestMiddleware, applyAuthResponseMiddleware } from './middleware.js';
+/**
+ * Auth strategy that uses the stateful store (sfcc-ci compatible).
+ * On 401, attempts to refresh using stored refresh_token or client_credentials (renew base);
+ * on refresh failure clears the stored session.
+ */
+export class StatefulOAuthStrategy {
+    accountManagerHost;
+    scopes;
+    _session;
+    _hasHadSuccess = false;
+    constructor(session, options) {
+        this._session = session;
+        this.accountManagerHost = options.accountManagerHost || DEFAULT_ACCOUNT_MANAGER_HOST;
+        this.scopes = options.scopes ?? [];
+    }
+    async fetch(url, init = {}) {
+        const logger = getLogger();
+        const token = await this.getAccessToken();
+        const headers = new Headers(init.headers);
+        headers.set('Authorization', `Bearer ${token}`);
+        headers.set('x-dw-client-id', this._session.clientId);
+        let res = await fetch(url, { ...init, headers });
+        if (res.status !== 401) {
+            this._hasHadSuccess = true;
+        }
+        if (res.status === 401 && this._hasHadSuccess) {
+            logger.debug('[StatefulAuth] 401 received, attempting refresh');
+            const refreshed = await this.tryRefresh();
+            if (refreshed) {
+                const newToken = await this.getAccessToken();
+                headers.set('Authorization', `Bearer ${newToken}`);
+                res = await fetch(url, { ...init, headers });
+            }
+        }
+        return res;
+    }
+    async getAuthorizationHeader() {
+        const token = await this.getAccessToken();
+        return `Bearer ${token}`;
+    }
+    /**
+     * Returns the current token as AccessTokenResponse (expires/scopes from JWT).
+     */
+    async getTokenResponse() {
+        const token = await this.getAccessToken();
+        const decoded = decodeJWT(token);
+        const exp = decoded.payload.exp ?? 0;
+        const scope = decoded.payload.scope;
+        const scopes = scope == null ? [] : Array.isArray(scope) ? scope : scope.split(' ');
+        return {
+            accessToken: token,
+            expires: new Date(exp * 1000),
+            scopes,
+        };
+    }
+    async getJWT() {
+        const token = await this.getAccessToken();
+        return decodeJWT(token);
+    }
+    invalidateToken() {
+        clearStoredSession();
+        this._session = { ...this._session, accessToken: '' };
+    }
+    async getAccessToken() {
+        const session = getStoredSession();
+        if (session?.accessToken) {
+            this._session = session;
+            return session.accessToken;
+        }
+        throw new Error('Stateful session lost; please run auth:login or configure client credentials.');
+    }
+    /**
+     * Attempts to refresh the access token using stored refresh_token or client_credentials (renew base).
+     * Requires SFCC_CLIENT_RENEW_BASE (client:secret) for both flows; updates store on success.
+     */
+    async tryRefresh() {
+        const logger = getLogger();
+        const session = getStoredSession();
+        if (!session?.renewBase) {
+            logger.debug('[StatefulAuth] No renew credentials (SFCC_CLIENT_RENEW_BASE); cannot refresh');
+            clearStoredSession();
+            return false;
+        }
+        const url = `https://${this.accountManagerHost}/dwsso/oauth2/access_token`;
+        const grantPayload = session.refreshToken != null && session.refreshToken !== ''
+            ? { grant_type: 'refresh_token', refresh_token: session.refreshToken }
+            : { grant_type: 'client_credentials' };
+        if (this.scopes.length > 0) {
+            grantPayload.scope = this.scopes.join(' ');
+        }
+        const body = new URLSearchParams(grantPayload).toString();
+        let request = new Request(url, {
+            method: 'POST',
+            headers: {
+                Authorization: `Basic ${session.renewBase}`,
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+            body,
+        });
+        const middleware = globalAuthMiddlewareRegistry.getMiddleware();
+        request = await applyAuthRequestMiddleware(request, middleware);
+        let response;
+        try {
+            response = await fetch(request);
+            response = await applyAuthResponseMiddleware(request, response, middleware);
+        }
+        catch (err) {
+            logger.debug({ err }, '[StatefulAuth] Refresh request failed');
+            clearStoredSession();
+            return false;
+        }
+        if (!response.ok) {
+            const text = await response.text();
+            logger.debug({ status: response.status, body: text }, '[StatefulAuth] Refresh failed');
+            clearStoredSession();
+            return false;
+        }
+        const data = (await response.json());
+        setStoredSession({
+            clientId: session.clientId,
+            accessToken: data.access_token,
+            refreshToken: data.refresh_token ?? session.refreshToken ?? null,
+            renewBase: session.renewBase ?? null,
+            user: session.user ?? null,
+        });
+        this._session = getStoredSession();
+        logger.debug('[StatefulAuth] Token refreshed successfully');
+        return true;
+    }
+}
+//# sourceMappingURL=stateful-oauth-strategy.js.map

package/dist/cjs/auth/stateful-oauth-strategy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stateful-oauth-strategy.js","sourceRoot":"","sources":["../../../src/auth/stateful-oauth-strategy.ts"],"names":[],"mappings":"AAaA,OAAO,EAAC,SAAS,EAAC,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAC,SAAS,EAAC,MAAM,YAAY,CAAC;AACrC,OAAO,EAAC,4BAA4B,EAAC,MAAM,gBAAgB,CAAC;AAC5D,OAAO,EAAC,gBAAgB,EAAE,gBAAgB,EAAE,kBAAkB,EAAuB,MAAM,qBAAqB,CAAC;AACjH,OAAO,EAAC,4BAA4B,EAAE,0BAA0B,EAAE,2BAA2B,EAAC,MAAM,iBAAiB,CAAC;AAOtH;;;;GAIG;AACH,MAAM,OAAO,qBAAqB;IACxB,kBAAkB,CAAS;IAC3B,MAAM,CAAW;IACjB,QAAQ,CAAkB;IAC1B,cAAc,GAAG,KAAK,CAAC;IAE/B,YAAY,OAAwB,EAAE,OAAqC;QACzE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;QACxB,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,IAAI,4BAA4B,CAAC;QACrF,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,GAAW,EAAE,OAAkB,EAAE;QAC3C,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAE1C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,KAAK,EAAE,CAAC,CAAC;QAChD,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAEtD,IAAI,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAC,GAAG,IAAI,EAAE,OAAO,EAAgB,CAAC,CAAC;QAE9D,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YACvB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC7B,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC9C,MAAM,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;YAChE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,EAAE,CAAC;YAC1C,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC7C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,QAAQ,EAAE,CAAC,CAAC;gBACnD,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,EAAC,GAAG,IAAI,EAAE,OAAO,EAAgB,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,KAAK,CAAC,sBAAsB;QAC1B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC1C,OAAO,UAAU,KAAK,EAAE,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB;QACpB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC1C,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,GAAG,GAAI,OAAO,CAAC,OAAO,CAAC,GAAc,IAAI,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,KAAsC,CAAC;QACrE,MAAM,MAAM,GAAG,KAAK,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpF,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,OAAO,EAAE,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC;YAC7B,MAAM;SACP,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC1C,OAAO,SAAS,CAAC,KAAK,CAAC,CAAC;IAC1B,CAAC;IAED,eAAe;QACb,kBAAkB,EAAE,CAAC;QACrB,IAAI,CAAC,QAAQ,GAAG,EAAC,GAAG,IAAI,CAAC,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAC,CAAC;IACtD,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,MAAM,OAAO,GAAG,gBAAgB,EAAE,CAAC;QACnC,IAAI,OAAO,EAAE,WAAW,EAAE,CAAC;YACzB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;YACxB,OAAO,OAAO,CAAC,WAAW,CAAC;QAC7B,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAC;IACnG,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,UAAU;QACtB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,gBAAgB,EAAE,CAAC;QACnC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,CAAC;YACxB,MAAM,CAAC,KAAK,CAAC,8EAA8E,CAAC,CAAC;YAC7F,kBAAkB,EAAE,CAAC;YACrB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,GAAG,GAAG,WAAW,IAAI,CAAC,kBAAkB,4BAA4B,CAAC;QAC3E,MAAM,YAAY,GAChB,OAAO,CAAC,YAAY,IAAI,IAAI,IAAI,OAAO,CAAC,YAAY,KAAK,EAAE;YACzD,CAAC,CAAC,EAAC,UAAU,EAAE,eAAe,EAAE,aAAa,EAAE,OAAO,CAAC,YAAY,EAAC;YACpE,CAAC,CAAC,EAAC,UAAU,EAAE,oBAAoB,EAAC,CAAC;QACzC,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,YAAY,CAAC,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC1D,IAAI,OAAO,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE;YAC7B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,SAAS,OAAO,CAAC,SAAS,EAAE;gBAC3C,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI;SACL,CAAC,CAAC;QACH,MAAM,UAAU,GAAG,4BAA4B,CAAC,aAAa,EAAE,CAAC;QAChE,OAAO,GAAG,MAAM,0BAA0B,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAEhE,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;YAChC,QAAQ,GAAG,MAAM,2BAA2B,CAAC,OAAO,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QAC9E,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,EAAC,GAAG,EAAC,EAAE,uCAAuC,CAAC,CAAC;YAC7D,kBAAkB,EAAE,CAAC;YACrB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,CAAC,KAAK,CAAC,EAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,EAAC,EAAE,+BAA+B,CAAC,CAAC;YACrF,kBAAkB,EAAE,CAAC;YACrB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAKlC,CAAC;QAEF,gBAAgB,CAAC;YACf,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,WAAW,EAAE,IAAI,CAAC,YAAY;YAC9B,YAAY,EAAE,IAAI,CAAC,aAAa,IAAI,OAAO,CAAC,YAAY,IAAI,IAAI;YAChE,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI;YACpC,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI;SAC3B,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,GAAG,gBAAgB,EAAG,CAAC;QACpC,MAAM,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;QAC5D,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/cjs/auth/stateful-store.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Initialize the stateful store with the oclif data directory.
+ * Call this from BaseCommand.init() with this.config.dataDir so the session
+ * file is stored alongside other CLI data (e.g. ~/Library/Application Support/@salesforce/b2c-cli).
+ */
+export declare function initializeStatefulStore(dataDir: string): void;
+/**
+ * Stored session persisted by stateful auth commands.
+ */
+export interface StatefulSession {
+    clientId: string;
+    accessToken: string;
+    refreshToken?: string | null;
+    /** Base64-encoded "clientId:clientSecret" for token renewal. */
+    renewBase?: string | null;
+    user?: string | null;
+}
+/**
+ * Reads the current stateful session from the JSON file.
+ * Returns null if no session file exists or the file is invalid.
+ */
+export declare function getStoredSession(): StatefulSession | null;
+/**
+ * Writes a session to the JSON file, creating the directory if needed.
+ */
+export declare function setStoredSession(session: StatefulSession): void;
+/**
+ * Clears the stored session by removing the session file.
+ */
+export declare function clearStoredSession(): void;
+/**
+ * Checks whether the stored access token is present and valid: not expired
+ * (with a small buffer), optionally satisfies required scopes, and optionally
+ * matches the expected client ID.
+ * Does not perform network calls.
+ *
+ * @param session - Session from getStoredSession()
+ * @param requiredScopes - If provided, token must include all of these scopes
+ * @param expiryBufferSec - Seconds before exp to treat token as expired (default 60)
+ * @param requiredClientId - If provided, session clientId must match
+ * @returns true if token is present and valid for use
+ */
+export declare function isStatefulTokenValid(session: StatefulSession, requiredScopes?: string[], expiryBufferSec?: number, requiredClientId?: string): boolean;
+/**
+ * Resets the store path (for tests). After calling this, the next operation
+ * will use the default data directory unless initializeStatefulStore() is called again.
+ * @internal
+ */
+export declare function resetStatefulStoreForTesting(): void;

package/dist/cjs/auth/stateful-store.js

@@ -0,0 +1,168 @@
+/*
+ * Copyright (c) 2025, Salesforce, Inc.
+ * SPDX-License-Identifier: Apache-2
+ * For full license text, see the license.txt file in the repo root or http://www.apache.org/licenses/LICENSE-2.0
+ */
+/**
+ * Stateful auth store backed by a JSON file in the oclif data directory
+ * (e.g. ~/Library/Application Support/@salesforce/b2c-cli/auth-session.json on macOS).
+ *
+ * Initialize via initializeStatefulStore(dataDir) from BaseCommand.init() so the
+ * session file is co-located with other CLI data. Falls back to an OS-appropriate
+ * default path when used standalone (outside a CLI command).
+ *
+ * The stateful auth workflow (b2c auth client / b2c auth login / b2c auth logout)
+ * is compatible with sfcc-ci command patterns. Session data is stored internally
+ * in the CLI data directory, not in the sfcc-ci config store.
+ *
+ * @module auth/stateful-store
+ */
+import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir, platform } from 'node:os';
+import { decodeJWT } from './oauth.js';
+import { getLogger } from '../logging/logger.js';
+const STATEFUL_AUTH_SESSION_STORE = 'auth-session.json';
+/** Default buffer (seconds) before token exp to consider it expired */
+const EXPIRY_BUFFER_SEC = 60;
+let storePath = null;
+/**
+ * Computes the oclif-compatible data directory for @salesforce/b2c-cli.
+ * Used as a fallback when initializeStatefulStore() has not been called.
+ */
+function getDefaultDataDir() {
+    const home = homedir();
+    const name = '@salesforce/b2c-cli';
+    switch (platform()) {
+        case 'darwin':
+            return join(home, 'Library', 'Application Support', name);
+        case 'win32':
+            return join(process.env.LOCALAPPDATA ?? join(home, 'AppData', 'Local'), name);
+        default:
+            return join(process.env.XDG_DATA_HOME ?? join(home, '.local', 'share'), name);
+    }
+}
+function getSessionFilePath() {
+    return join(storePath ?? getDefaultDataDir(), STATEFUL_AUTH_SESSION_STORE);
+}
+/**
+ * Initialize the stateful store with the oclif data directory.
+ * Call this from BaseCommand.init() with this.config.dataDir so the session
+ * file is stored alongside other CLI data (e.g. ~/Library/Application Support/@salesforce/b2c-cli).
+ */
+export function initializeStatefulStore(dataDir) {
+    storePath = dataDir;
+}
+/**
+ * Reads the current stateful session from the JSON file.
+ * Returns null if no session file exists or the file is invalid.
+ */
+export function getStoredSession() {
+    const filePath = getSessionFilePath();
+    if (!existsSync(filePath)) {
+        return null;
+    }
+    try {
+        const data = JSON.parse(readFileSync(filePath, 'utf8'));
+        if (!data.clientId || !data.accessToken) {
+            return null;
+        }
+        return {
+            clientId: data.clientId,
+            accessToken: data.accessToken,
+            refreshToken: data.refreshToken ?? null,
+            renewBase: data.renewBase ?? null,
+            user: data.user ?? null,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Writes a session to the JSON file, creating the directory if needed.
+ */
+export function setStoredSession(session) {
+    const filePath = getSessionFilePath();
+    const dir = join(filePath, '..');
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+    const data = {
+        clientId: session.clientId,
+        accessToken: session.accessToken,
+        refreshToken: session.refreshToken ?? null,
+        renewBase: session.renewBase ?? null,
+        user: session.user ?? null,
+    };
+    writeFileSync(filePath, JSON.stringify(data, null, 2), 'utf8');
+}
+/**
+ * Clears the stored session by removing the session file.
+ */
+export function clearStoredSession() {
+    const filePath = getSessionFilePath();
+    if (existsSync(filePath)) {
+        try {
+            unlinkSync(filePath);
+        }
+        catch {
+            // ignore — file may have already been removed
+        }
+    }
+}
+/**
+ * Checks whether the stored access token is present and valid: not expired
+ * (with a small buffer), optionally satisfies required scopes, and optionally
+ * matches the expected client ID.
+ * Does not perform network calls.
+ *
+ * @param session - Session from getStoredSession()
+ * @param requiredScopes - If provided, token must include all of these scopes
+ * @param expiryBufferSec - Seconds before exp to treat token as expired (default 60)
+ * @param requiredClientId - If provided, session clientId must match
+ * @returns true if token is present and valid for use
+ */
+export function isStatefulTokenValid(session, requiredScopes = [], expiryBufferSec = EXPIRY_BUFFER_SEC, requiredClientId) {
+    const logger = getLogger();
+    try {
+        if (requiredClientId && session.clientId !== requiredClientId) {
+            logger.debug({ storedClientId: session.clientId, requiredClientId }, '[StatefulAuth] Token client ID mismatch');
+            return false;
+        }
+        const decoded = decodeJWT(session.accessToken);
+        const exp = decoded.payload.exp;
+        if (typeof exp !== 'number') {
+            logger.debug('[StatefulAuth] Token has no exp claim; treating as invalid');
+            return false;
+        }
+        const nowSec = Math.floor(Date.now() / 1000);
+        if (nowSec >= exp - expiryBufferSec) {
+            logger.debug('[StatefulAuth] Token missing or expired');
+            return false;
+        }
+        if (requiredScopes.length > 0) {
+            const tokenScopes = decoded.payload.scope ?? [];
+            const scopeList = Array.isArray(tokenScopes) ? tokenScopes : tokenScopes.split(' ');
+            const hasAll = requiredScopes.every((s) => scopeList.includes(s));
+            if (!hasAll) {
+                logger.debug({ requiredScopes, tokenScopes: scopeList }, '[StatefulAuth] Token missing required scopes');
+                return false;
+            }
+        }
+        return true;
+    }
+    catch (e) {
+        logger.debug({ err: e }, '[StatefulAuth] Token invalid (e.g. not a JWT)');
+        return false;
+    }
+}
+/**
+ * Resets the store path (for tests). After calling this, the next operation
+ * will use the default data directory unless initializeStatefulStore() is called again.
+ * @internal
+ */
+export function resetStatefulStoreForTesting() {
+    storePath = null;
+}
+//# sourceMappingURL=stateful-store.js.map

package/dist/cjs/auth/stateful-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stateful-store.js","sourceRoot":"","sources":["../../../src/auth/stateful-store.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAC,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,aAAa,EAAC,MAAM,SAAS,CAAC;AACvF,OAAO,EAAC,IAAI,EAAC,MAAM,WAAW,CAAC;AAC/B,OAAO,EAAC,OAAO,EAAE,QAAQ,EAAC,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAC,SAAS,EAAC,MAAM,YAAY,CAAC;AACrC,OAAO,EAAC,SAAS,EAAC,MAAM,sBAAsB,CAAC;AAE/C,MAAM,2BAA2B,GAAG,mBAAmB,CAAC;AAExD,uEAAuE;AACvE,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAE7B,IAAI,SAAS,GAAkB,IAAI,CAAC;AAEpC;;;GAGG;AACH,SAAS,iBAAiB;IACxB,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IACvB,MAAM,IAAI,GAAG,qBAAqB,CAAC;IACnC,QAAQ,QAAQ,EAAE,EAAE,CAAC;QACnB,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,qBAAqB,EAAE,IAAI,CAAC,CAAC;QAC5D,KAAK,OAAO;YACV,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,CAAC;QAChF;YACE,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,IAAI,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,CAAC;IAClF,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB;IACzB,OAAO,IAAI,CAAC,SAAS,IAAI,iBAAiB,EAAE,EAAE,2BAA2B,CAAC,CAAC;AAC7E,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAe;IACrD,SAAS,GAAG,OAAO,CAAC;AACtB,CAAC;AAcD;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IACtC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAA6B,CAAC;QACpF,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,YAAY,EAAE,IAAI,CAAC,YAAY,IAAI,IAAI;YACvC,SAAS,EAAE,IAAI,CAAC,SAAS,IAAI,IAAI;YACjC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI;SACxB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAwB;IACvD,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IACtC,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACjC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,SAAS,CAAC,GAAG,EAAE,EAAC,SAAS,EAAE,IAAI,EAAC,CAAC,CAAC;IACpC,CAAC;IACD,MAAM,IAAI,GAAoB;QAC5B,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,YAAY,EAAE,OAAO,CAAC,YAAY,IAAI,IAAI;QAC1C,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,IAAI;QACpC,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,IAAI;KAC3B,CAAC;IACF,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AACjE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IACtC,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC;YACH,UAAU,CAAC,QAAQ,CAAC,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;QAChD,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAAwB,EACxB,iBAA2B,EAAE,EAC7B,kBAA0B,iBAAiB,EAC3C,gBAAyB;IAEzB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;IAC3B,IAAI,CAAC;QACH,IAAI,gBAAgB,IAAI,OAAO,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;YAC9D,MAAM,CAAC,KAAK,CAAC,EAAC,cAAc,EAAE,OAAO,CAAC,QAAQ,EAAE,gBAAgB,EAAC,EAAE,yCAAyC,CAAC,CAAC;YAC9G,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC;QAChC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5B,MAAM,CAAC,KAAK,CAAC,4DAA4D,CAAC,CAAC;YAC3E,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7C,IAAI,MAAM,IAAI,GAAG,GAAG,eAAe,EAAE,CAAC;YACpC,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;YACxD,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,MAAM,WAAW,GAAI,OAAO,CAAC,OAAO,CAAC,KAAuC,IAAI,EAAE,CAAC;YACnF,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACpF,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,CAAC,KAAK,CAAC,EAAC,cAAc,EAAE,WAAW,EAAE,SAAS,EAAC,EAAE,8CAA8C,CAAC,CAAC;gBACvG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,CAAC,EAAC,GAAG,EAAE,CAAC,EAAC,EAAE,+CAA+C,CAAC,CAAC;QACxE,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,4BAA4B;IAC1C,SAAS,GAAG,IAAI,CAAC;AACnB,CAAC"}

package/dist/cjs/cli/am-command.d.ts

@@ -30,7 +30,7 @@ export declare abstract class AmCommand<T extends typeof Command> extends OAuthC
     /**
      * Gets the auth method type that was used, based on the stored strategy.
      */
-    protected get authMethodUsed(): 'implicit' | 'client-credentials' | undefined;
+    protected get authMethodUsed(): 'implicit' | 'client-credentials' | 'stateful' | undefined;
     /**
      * Gets the unified Account Manager client, creating it if necessary.
      * This provides direct access to all Account Manager API methods (users, roles, orgs).