@seclai/sdk 1.1.1 → 1.1.3

package/README.md

@@ -51,7 +51,7 @@ Credentials are resolved via a chain (first match wins):
 1. Explicit `apiKey` option
 2. Explicit `accessToken` option (string or `() => string | Promise<string>`)
 3. `SECLAI_API_KEY` environment variable
-4. SSO profile from `~/.seclai/config` with cached tokens in `~/.seclai/sso/cache/`
+4. SSO — cached tokens from `~/.seclai/sso/cache/` (requires a prior `seclai auth login`)
 
 ```ts
 // API key
@@ -81,18 +81,30 @@ const client = new Seclai({ profile: "my-profile" });
 const client = new Seclai();
 ```
 
-To set up SSO authentication, install the [Seclai CLI](https://www.npmjs.com/package/seclai) and run:
+#### SSO authentication
+
+SSO is the default fallback when no explicit credentials are provided. The SDK
+includes built-in production SSO defaults, so `seclai configure sso` is not
+required. You only need to log in once to populate the token cache:
 
 ```bash
-seclai configure sso    # set up an SSO profile
-seclai auth login       # authenticate via browser
+npx @seclai/cli auth login    # authenticate via browser — no prior setup needed
 ```
 
+To customize SSO settings (e.g. for a staging environment), use `seclai configure sso`
+or set environment variables:
+
+| Variable | Description | Default |
+|---|---|---|
+| `SECLAI_SSO_DOMAIN` | Cognito domain | `auth.seclai.com` |
+| `SECLAI_SSO_CLIENT_ID` | Cognito app client ID | `4bgf8v9qmc5puivbaqon9n5lmr` |
+| `SECLAI_SSO_REGION` | AWS region | `us-west-2` |
+
 ## API documentation
 
 Online API documentation (latest):
 
-https://seclai.github.io/seclai-javascript/1.1.1/
+https://seclai.github.io/seclai-javascript/1.1.3/
 
 ## Resources
 

package/dist/index.cjs

@@ -30,13 +30,21 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/index.ts
 var index_exports = {};
 __export(index_exports, {
+  DEFAULT_SSO_CLIENT_ID: () => DEFAULT_SSO_CLIENT_ID,
+  DEFAULT_SSO_DOMAIN: () => DEFAULT_SSO_DOMAIN,
+  DEFAULT_SSO_REGION: () => DEFAULT_SSO_REGION,
   SECLAI_API_URL: () => SECLAI_API_URL,
   Seclai: () => Seclai,
   SeclaiAPIStatusError: () => SeclaiAPIStatusError,
   SeclaiAPIValidationError: () => SeclaiAPIValidationError,
   SeclaiConfigurationError: () => SeclaiConfigurationError,
   SeclaiError: () => SeclaiError,
-  SeclaiStreamingError: () => SeclaiStreamingError
+  SeclaiStreamingError: () => SeclaiStreamingError,
+  deleteSsoCache: () => deleteSsoCache,
+  isTokenValid: () => isTokenValid,
+  loadSsoProfile: () => loadSsoProfile,
+  readSsoCache: () => readSsoCache,
+  writeSsoCache: () => writeSsoCache
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -96,6 +104,9 @@ var SSO_CACHE_DIR = "sso/cache";
 var CONFIG_FILE = "config";
 var EXPIRY_BUFFER_MS = 3e4;
 var DEFAULT_API_KEY_HEADER = "x-api-key";
+var DEFAULT_SSO_DOMAIN = "auth.seclai.com";
+var DEFAULT_SSO_CLIENT_ID = "4bgf8v9qmc5puivbaqon9n5lmr";
+var DEFAULT_SSO_REGION = "us-west-2";
 function getEnv(name) {
   const p = globalThis?.process;
   return p?.env?.[name];
@@ -169,19 +180,21 @@ async function resolveConfigDir(override) {
 async function loadSsoProfile(configDir, profileName) {
   const fs = await getFs();
   const pathMod = await getPath();
+  let merged = {};
   const configPath = pathMod.join(configDir, CONFIG_FILE);
-  if (!fs.existsSync(configPath)) return null;
-  const content = fs.readFileSync(configPath, "utf-8");
-  const sections = parseIni(content);
-  const defaultSection = sections["default"] ?? {};
-  const profileSection = profileName === "default" ? defaultSection : sections[profileName];
-  if (!profileSection) return null;
-  const merged = profileName === "default" ? profileSection : { ...defaultSection, ...profileSection };
-  const ssoAccountId = merged["sso_account_id"];
-  const ssoRegion = merged["sso_region"];
-  const ssoClientId = merged["sso_client_id"];
-  const ssoDomain = merged["sso_domain"];
-  if (!ssoAccountId || !ssoRegion || !ssoClientId || !ssoDomain) return null;
+  if (fs.existsSync(configPath)) {
+    const content = fs.readFileSync(configPath, "utf-8");
+    const sections = parseIni(content);
+    const defaultSection = sections["default"] ?? {};
+    const profileSection = profileName === "default" ? defaultSection : sections[profileName];
+    if (profileSection) {
+      merged = profileName === "default" ? profileSection : { ...defaultSection, ...profileSection };
+    }
+  }
+  const ssoDomain = getEnv("SECLAI_SSO_DOMAIN") ?? merged["sso_domain"] ?? DEFAULT_SSO_DOMAIN;
+  const ssoClientId = getEnv("SECLAI_SSO_CLIENT_ID") ?? merged["sso_client_id"] ?? DEFAULT_SSO_CLIENT_ID;
+  const ssoRegion = getEnv("SECLAI_SSO_REGION") ?? merged["sso_region"] ?? DEFAULT_SSO_REGION;
+  const ssoAccountId = merged["sso_account_id"] || void 0;
   return { ssoAccountId, ssoRegion, ssoClientId, ssoDomain };
 }
 async function resolveCachePath(configDir, profile) {
@@ -216,6 +229,13 @@ async function writeSsoCache(configDir, profile, entry) {
   }
   fs.renameSync(tmpPath, cachePath);
 }
+async function deleteSsoCache(configDir, profile) {
+  const fs = await getFs();
+  const cachePath = await resolveCachePath(configDir, profile);
+  if (fs.existsSync(cachePath)) {
+    fs.unlinkSync(cachePath);
+  }
+}
 function isTokenValid(entry) {
   const expiresAt = new Date(entry.expiresAt).getTime();
   return Date.now() + EXPIRY_BUFFER_MS < expiresAt;
@@ -291,17 +311,15 @@ async function resolveCredentialChain(opts) {
     const configDir = await resolveConfigDir(opts.configDir);
     const profileName = opts.profile ?? getEnv("SECLAI_PROFILE") ?? "default";
     const ssoProfile = await loadSsoProfile(configDir, profileName);
-    if (ssoProfile) {
-      return {
-        mode: "sso",
-        apiKeyHeader,
-        accountId: opts.accountId ?? ssoProfile.ssoAccountId,
-        ssoProfile,
-        configDir,
-        autoRefresh: opts.autoRefresh !== false,
-        fetcher: opts.fetch
-      };
-    }
+    return {
+      mode: "sso",
+      apiKeyHeader,
+      accountId: opts.accountId ?? ssoProfile.ssoAccountId,
+      ssoProfile,
+      configDir,
+      autoRefresh: opts.autoRefresh !== false,
+      fetcher: opts.fetch
+    };
   } catch {
   }
   throw new Error(
@@ -371,7 +389,9 @@ function getEnv2(name) {
   return p?.env?.[name];
 }
 function buildURL(baseUrl, path, query) {
-  const url = new URL(path, baseUrl);
+  const base = baseUrl.endsWith("/") ? baseUrl : `${baseUrl}/`;
+  const relative = path.startsWith("/") ? path.slice(1) : path;
+  const url = new URL(relative, base);
   if (query) {
     for (const [key, value] of Object.entries(query)) {
       if (value === void 0 || value === null) continue;
@@ -2273,12 +2293,20 @@ var Seclai = class {
 };
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  DEFAULT_SSO_CLIENT_ID,
+  DEFAULT_SSO_DOMAIN,
+  DEFAULT_SSO_REGION,
   SECLAI_API_URL,
   Seclai,
   SeclaiAPIStatusError,
   SeclaiAPIValidationError,
   SeclaiConfigurationError,
   SeclaiError,
-  SeclaiStreamingError
+  SeclaiStreamingError,
+  deleteSsoCache,
+  isTokenValid,
+  loadSsoProfile,
+  readSsoCache,
+  writeSsoCache
 });
 //# sourceMappingURL=index.cjs.map