@sembix/cli 1.2.1 → 1.4.0

package/dist/services/cognito-auth.js

@@ -0,0 +1,319 @@
+import { createServer } from 'http';
+import { randomBytes, createHash } from 'crypto';
+import { saveTokens, loadTokens, isTokenValid } from '../utils/studio-config.js';
+/**
+ * CognitoAuthService handles OAuth 2.0 Authorization Code flow with PKCE
+ * for Cognito authentication. It manages the browser-based login flow,
+ * token exchange, and token refresh operations.
+ */
+export class CognitoAuthService {
+    profile;
+    constructor(profile) {
+        this.profile = profile;
+    }
+    /**
+     * Initiates the OAuth login flow by starting a local callback server,
+     * generating PKCE parameters, and exchanging the authorization code for tokens.
+     *
+     * @returns Promise resolving to authentication tokens
+     * @throws Error if authentication fails or times out
+     */
+    async initiateLogin() {
+        // Generate PKCE parameters for secure OAuth flow
+        const { verifier, challenge } = this.generatePKCE();
+        // Start local HTTP server to receive OAuth callback
+        const { port, codePromise } = await this.startLocalServer();
+        // Build authorization URL
+        const redirectUri = `http://localhost:${port}/callback`;
+        const state = randomBytes(16).toString('base64url');
+        const authUrl = this.buildAuthorizationUrl(redirectUri, challenge, state);
+        // Display instructions to user
+        console.log('\nOpening browser for authentication...');
+        console.log(`If browser doesn't open automatically, visit:\n${authUrl}\n`);
+        try {
+            // Attempt to open browser (best effort)
+            await this.openBrowser(authUrl);
+        }
+        catch {
+            // Browser opening failed, user will use manual URL
+            console.log('Could not open browser automatically. Please use the URL above.');
+        }
+        // Wait for OAuth callback with authorization code (5 minute timeout)
+        const code = await Promise.race([
+            codePromise,
+            new Promise((_, reject) => setTimeout(() => reject(new Error('Authentication timeout after 5 minutes')), 300000))
+        ]);
+        // Exchange authorization code for tokens
+        const tokenSet = await this.exchangeCodeForTokens(code, verifier, redirectUri);
+        // Convert to StudioAuthTokens format and calculate expiry
+        const expiresAt = new Date(Date.now() + tokenSet.expires_in * 1000).toISOString();
+        const tokens = {
+            accessToken: tokenSet.access_token,
+            idToken: tokenSet.id_token,
+            refreshToken: tokenSet.refresh_token,
+            expiresAt
+        };
+        // Store tokens securely
+        await saveTokens(this.profile.name, tokens);
+        return tokens;
+    }
+    /**
+     * Refreshes expired access tokens using the refresh token.
+     *
+     * @param refreshToken - The refresh token from previous authentication
+     * @returns Promise resolving to new authentication tokens
+     * @throws Error if token refresh fails
+     */
+    async refreshTokens(refreshToken) {
+        const tokenEndpoint = `${this.profile.cognitoDomain}/oauth2/token`;
+        const params = new URLSearchParams({
+            grant_type: 'refresh_token',
+            client_id: this.profile.cognitoClientId,
+            refresh_token: refreshToken
+        });
+        const response = await fetch(tokenEndpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded'
+            },
+            body: params.toString()
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw new Error(`Token refresh failed: ${response.statusText}. ${errorText}`);
+        }
+        const tokenSet = await response.json();
+        // Calculate new expiry time
+        const expiresAt = new Date(Date.now() + tokenSet.expires_in * 1000).toISOString();
+        const tokens = {
+            accessToken: tokenSet.access_token,
+            idToken: tokenSet.id_token,
+            refreshToken: tokenSet.refresh_token || refreshToken, // Use new refresh token if provided, otherwise keep existing
+            expiresAt
+        };
+        // Update stored tokens
+        await saveTokens(this.profile.name, tokens);
+        return tokens;
+    }
+    /**
+     * Authenticates using OAuth 2.0 Client Credentials flow
+     * Used for machine-to-machine authentication (CI/CD)
+     *
+     * @param clientId - M2M client ID
+     * @param clientSecret - M2M client secret
+     * @returns Promise resolving to authentication tokens
+     * @throws Error if authentication fails
+     */
+    async authenticateWithClientCredentials(clientId, clientSecret) {
+        const tokenEndpoint = `${this.profile.cognitoDomain}/oauth2/token`;
+        const params = new URLSearchParams({
+            grant_type: 'client_credentials',
+            client_id: clientId,
+            client_secret: clientSecret,
+            scope: 'sembix-api/projects.read sembix-api/workflows.read sembix-api/workflows.execute'
+        });
+        const response = await fetch(tokenEndpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded'
+            },
+            body: params.toString()
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw new Error(`Client credentials authentication failed: ${response.statusText}. ${errorText}`);
+        }
+        const tokenSet = await response.json();
+        // Validate response
+        if (!tokenSet.access_token) {
+            throw new Error('Invalid token response: missing access_token');
+        }
+        // Client credentials flow doesn't return id_token or refresh_token
+        return {
+            accessToken: tokenSet.access_token,
+            idToken: '', // Not provided in client credentials
+            refreshToken: '', // Not provided in client credentials
+            expiresAt: new Date(Date.now() + tokenSet.expires_in * 1000).toISOString()
+        };
+    }
+    /**
+     * Generates PKCE code verifier and challenge for secure OAuth flow.
+     * Uses SHA256 hashing as required by OAuth 2.0 PKCE specification.
+     *
+     * @returns Object containing base64url-encoded verifier and challenge
+     */
+    generatePKCE() {
+        // Generate cryptographically secure random verifier (43-128 characters)
+        const verifier = randomBytes(32).toString('base64url');
+        // Create SHA256 hash of verifier for challenge
+        const challenge = createHash('sha256')
+            .update(verifier)
+            .digest('base64url');
+        return { verifier, challenge };
+    }
+    /**
+     * Starts a temporary HTTP server on localhost to receive OAuth callback.
+     * Finds an available port in the range 3000-9000.
+     *
+     * @returns Promise resolving to server port and a promise for the authorization code
+     */
+    async startLocalServer() {
+        return new Promise((resolve, reject) => {
+            let codeResolver;
+            let codeRejector;
+            const codePromise = new Promise((res, rej) => {
+                codeResolver = res;
+                codeRejector = rej;
+            });
+            const server = createServer((req, res) => {
+                const url = new URL(req.url || '', `http://localhost`);
+                if (url.pathname === '/callback') {
+                    const code = url.searchParams.get('code');
+                    const error = url.searchParams.get('error');
+                    if (error) {
+                        const errorDescription = url.searchParams.get('error_description') || error;
+                        res.writeHead(400, { 'Content-Type': 'text/html' });
+                        res.end(`<html><body><h1>Authentication Failed</h1><p>${errorDescription}</p></body></html>`);
+                        codeRejector(new Error(`OAuth error: ${errorDescription}`));
+                        server.close();
+                        return;
+                    }
+                    if (!code) {
+                        res.writeHead(400, { 'Content-Type': 'text/html' });
+                        res.end('<html><body><h1>Authentication Failed</h1><p>No authorization code received</p></body></html>');
+                        codeRejector(new Error('No authorization code received'));
+                        server.close();
+                        return;
+                    }
+                    // Success response
+                    res.writeHead(200, { 'Content-Type': 'text/html' });
+                    res.end('<html><body><h1>Authentication Successful</h1><p>You can close this window and return to the CLI.</p></body></html>');
+                    codeResolver(code);
+                    server.close();
+                }
+                else {
+                    res.writeHead(404);
+                    res.end('Not Found');
+                }
+            });
+            // Try to find an available port in range 3000-9000
+            const tryPort = (port) => {
+                server.listen(port, 'localhost', () => {
+                    resolve({ port, codePromise });
+                });
+                server.on('error', (err) => {
+                    if (err.code === 'EADDRINUSE' && port < 9000) {
+                        // Port in use, try next one
+                        tryPort(port + 1);
+                    }
+                    else {
+                        reject(new Error(`Failed to start callback server: ${err.message}`));
+                    }
+                });
+            };
+            tryPort(3000);
+        });
+    }
+    /**
+     * Builds the Cognito authorization URL with PKCE parameters.
+     *
+     * @param redirectUri - Callback URL for OAuth flow
+     * @param codeChallenge - PKCE code challenge
+     * @param state - Random state parameter for CSRF protection
+     * @returns Complete authorization URL
+     */
+    buildAuthorizationUrl(redirectUri, codeChallenge, state) {
+        const params = new URLSearchParams({
+            response_type: 'code',
+            client_id: this.profile.cognitoClientId,
+            redirect_uri: redirectUri,
+            code_challenge: codeChallenge,
+            code_challenge_method: 'S256',
+            state,
+            scope: 'openid email' // OpenID Connect scopes for CLI authentication
+        });
+        return `${this.profile.cognitoDomain}/oauth2/authorize?${params.toString()}`;
+    }
+    /**
+     * Exchanges authorization code for access tokens via Cognito token endpoint.
+     *
+     * @param code - Authorization code from OAuth callback
+     * @param codeVerifier - PKCE code verifier
+     * @param redirectUri - Must match the redirect_uri used in authorization request
+     * @returns Promise resolving to token set
+     * @throws Error if token exchange fails
+     */
+    async exchangeCodeForTokens(code, codeVerifier, redirectUri) {
+        const tokenEndpoint = `${this.profile.cognitoDomain}/oauth2/token`;
+        const params = new URLSearchParams({
+            grant_type: 'authorization_code',
+            client_id: this.profile.cognitoClientId,
+            code,
+            code_verifier: codeVerifier,
+            redirect_uri: redirectUri
+        });
+        const response = await fetch(tokenEndpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded'
+            },
+            body: params.toString()
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            throw new Error(`Token exchange failed: ${response.statusText}. ${errorText}`);
+        }
+        const tokenSet = await response.json();
+        // Validate required fields
+        if (!tokenSet.access_token || !tokenSet.id_token || !tokenSet.refresh_token) {
+            throw new Error('Invalid token response: missing required tokens');
+        }
+        return tokenSet;
+    }
+    /**
+     * Attempts to open the authorization URL in the default browser.
+     * Uses platform-specific commands (open on macOS, start on Windows, xdg-open on Linux).
+     *
+     * @param url - URL to open
+     * @throws Error if browser cannot be opened (non-fatal, user can use manual URL)
+     */
+    async openBrowser(url) {
+        const { exec } = await import('child_process');
+        const { promisify } = await import('util');
+        const execAsync = promisify(exec);
+        const platform = process.platform;
+        let command;
+        switch (platform) {
+            case 'darwin':
+                command = `open "${url}"`;
+                break;
+            case 'win32':
+                command = `start "" "${url}"`;
+                break;
+            default: // Linux and others
+                command = `xdg-open "${url}"`;
+                break;
+        }
+        await execAsync(command);
+    }
+}
+/**
+ * Validates if a token is still valid based on expiration time.
+ *
+ * @param tokens - Authentication tokens to validate
+ * @returns true if token is valid, false if expired
+ */
+export function validateToken(tokens) {
+    return isTokenValid(tokens);
+}
+/**
+ * Loads stored tokens for a profile.
+ *
+ * @param profileName - Name of the profile
+ * @returns Promise resolving to tokens or null if not found
+ */
+export async function getStoredTokens(profileName) {
+    const tokens = await loadTokens(profileName);
+    return tokens ?? null;
+}
+//# sourceMappingURL=cognito-auth.js.map

package/dist/services/cognito-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cognito-auth.js","sourceRoot":"","sources":["../../src/services/cognito-auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEjD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAEjF;;;;GAIG;AACH,MAAM,OAAO,kBAAkB;IACT;IAApB,YAAoB,OAAsB;QAAtB,YAAO,GAAP,OAAO,CAAe;IAAG,CAAC;IAE9C;;;;;;OAMG;IACH,KAAK,CAAC,aAAa;QACjB,iDAAiD;QACjD,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAEpD,oDAAoD;QACpD,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAE5D,0BAA0B;QAC1B,MAAM,WAAW,GAAG,oBAAoB,IAAI,WAAW,CAAC;QACxD,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,CAAC,qBAAqB,CAAC,WAAW,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QAE1E,+BAA+B;QAC/B,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,kDAAkD,OAAO,IAAI,CAAC,CAAC;QAE3E,IAAI,CAAC;YACH,wCAAwC;YACxC,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAClC,CAAC;QAAC,MAAM,CAAC;YACP,mDAAmD;YACnD,OAAO,CAAC,GAAG,CAAC,iEAAiE,CAAC,CAAC;QACjF,CAAC;QAED,qEAAqE;QACrE,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;YAC9B,WAAW;YACX,IAAI,OAAO,CAAS,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE,CAChC,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC,EAAE,MAAM,CAAC,CACtF;SACF,CAAC,CAAC;QAEH,yCAAyC;QACzC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;QAE/E,0DAA0D;QAC1D,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAClF,MAAM,MAAM,GAAqB;YAC/B,WAAW,EAAE,QAAQ,CAAC,YAAY;YAClC,OAAO,EAAE,QAAQ,CAAC,QAAQ;YAC1B,YAAY,EAAE,QAAQ,CAAC,aAAa;YACpC,SAAS;SACV,CAAC;QAEF,wBAAwB;QACxB,MAAM,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAE5C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,aAAa,CAAC,YAAoB;QACtC,MAAM,aAAa,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,eAAe,CAAC;QAEnE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,eAAe;YACvC,aAAa,EAAE,YAAY;SAC5B,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACxB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAc,CAAC;QAEnD,4BAA4B;QAC5B,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAElF,MAAM,MAAM,GAAqB;YAC/B,WAAW,EAAE,QAAQ,CAAC,YAAY;YAClC,OAAO,EAAE,QAAQ,CAAC,QAAQ;YAC1B,YAAY,EAAE,QAAQ,CAAC,aAAa,IAAI,YAAY,EAAE,6DAA6D;YACnH,SAAS;SACV,CAAC;QAEF,uBAAuB;QACvB,MAAM,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAE5C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,iCAAiC,CACrC,QAAgB,EAChB,YAAoB;QAEpB,MAAM,aAAa,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,eAAe,CAAC;QAEnE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,KAAK,EAAE,iFAAiF;SACzF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACxB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,6CAA6C,QAAQ,CAAC,UAAU,KAAK,SAAS,EAAE,CACjF,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAc,CAAC;QAEnD,oBAAoB;QACpB,IAAI,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QAClE,CAAC;QAED,mEAAmE;QACnE,OAAO;YACL,WAAW,EAAE,QAAQ,CAAC,YAAY;YAClC,OAAO,EAAE,EAAE,EAAE,qCAAqC;YAClD,YAAY,EAAE,EAAE,EAAE,qCAAqC;YACvD,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;SAC3E,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACK,YAAY;QAClB,wEAAwE;QACxE,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAEvD,+CAA+C;QAC/C,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC;aACnC,MAAM,CAAC,QAAQ,CAAC;aAChB,MAAM,CAAC,WAAW,CAAC,CAAC;QAEvB,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACjC,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,gBAAgB;QAC5B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,YAAoC,CAAC;YACzC,IAAI,YAAoC,CAAC;YAEzC,MAAM,WAAW,GAAG,IAAI,OAAO,CAAS,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBACnD,YAAY,GAAG,GAAG,CAAC;gBACnB,YAAY,GAAG,GAAG,CAAC;YACrB,CAAC,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBACvC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,kBAAkB,CAAC,CAAC;gBAEvD,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACjC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;oBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;oBAE5C,IAAI,KAAK,EAAE,CAAC;wBACV,MAAM,gBAAgB,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,KAAK,CAAC;wBAC5E,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBACpD,GAAG,CAAC,GAAG,CAAC,gDAAgD,gBAAgB,oBAAoB,CAAC,CAAC;wBAC9F,YAAY,CAAC,IAAI,KAAK,CAAC,gBAAgB,gBAAgB,EAAE,CAAC,CAAC,CAAC;wBAC5D,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,OAAO;oBACT,CAAC;oBAED,IAAI,CAAC,IAAI,EAAE,CAAC;wBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;wBACpD,GAAG,CAAC,GAAG,CAAC,+FAA+F,CAAC,CAAC;wBACzG,YAAY,CAAC,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;wBAC1D,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,OAAO;oBACT,CAAC;oBAED,mBAAmB;oBACnB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,qHAAqH,CAAC,CAAC;oBAE/H,YAAY,CAAC,IAAI,CAAC,CAAC;oBACnB,MAAM,CAAC,KAAK,EAAE,CAAC;gBACjB,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,mDAAmD;YACnD,MAAM,OAAO,GAAG,CAAC,IAAY,EAAE,EAAE;gBAC/B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;oBACpC,OAAO,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC,CAAC;gBACjC,CAAC,CAAC,CAAC;gBAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;oBAChD,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,GAAG,IAAI,EAAE,CAAC;wBAC7C,4BAA4B;wBAC5B,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC;oBACpB,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,IAAI,KAAK,CAAC,oCAAoC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;oBACvE,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC,CAAC;YAEF,OAAO,CAAC,IAAI,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IACK,qBAAqB,CAAC,WAAmB,EAAE,aAAqB,EAAE,KAAa;QACrF,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,aAAa,EAAE,MAAM;YACrB,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,eAAe;YACvC,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,aAAa;YAC7B,qBAAqB,EAAE,MAAM;YAC7B,KAAK;YACL,KAAK,EAAE,cAAc,CAAC,+CAA+C;SACtE,CAAC,CAAC;QAEH,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,qBAAqB,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC/E,CAAC;IAED;;;;;;;;OAQG;IACK,KAAK,CAAC,qBAAqB,CACjC,IAAY,EACZ,YAAoB,EACpB,WAAmB;QAEnB,MAAM,aAAa,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,eAAe,CAAC;QAEnE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,eAAe;YACvC,IAAI;YACJ,aAAa,EAAE,YAAY;YAC3B,YAAY,EAAE,WAAW;SAC1B,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,EAAE;YAC1C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;YACD,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACxB,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC,CAAC;QACjF,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAc,CAAC;QAEnD,2BAA2B;QAC3B,IAAI,CAAC,QAAQ,CAAC,YAAY,IAAI,CAAC,QAAQ,CAAC,QAAQ,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC5E,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACrE,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,WAAW,CAAC,GAAW;QACnC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,CAAC;QAC/C,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,OAAe,CAAC;QAEpB,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,QAAQ;gBACX,OAAO,GAAG,SAAS,GAAG,GAAG,CAAC;gBAC1B,MAAM;YACR,KAAK,OAAO;gBACV,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;gBAC9B,MAAM;YACR,SAAS,mBAAmB;gBAC1B,OAAO,GAAG,aAAa,GAAG,GAAG,CAAC;gBAC9B,MAAM;QACV,CAAC;QAED,MAAM,SAAS,CAAC,OAAO,CAAC,CAAC;IAC3B,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,MAAwB;IACpD,OAAO,YAAY,CAAC,MAAM,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,WAAmB;IACvD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,WAAW,CAAC,CAAC;IAC7C,OAAO,MAAM,IAAI,IAAI,CAAC;AACxB,CAAC"}

package/dist/services/studio-api-client.d.ts

@@ -0,0 +1,127 @@
+import type { StudioProfile, StudioAuthTokens, Project, ProjectSearchParams, ProjectListResponse, Workflow, WorkflowSearchParams, WorkflowListResponse, WorkflowTemplate, WorkflowTemplateSearchParams, WorkflowTemplateListResponse, StartWorkflowConfiguration, WorkflowStartResponse, FetchWorkflowRunResponse, FetchWorkflowRunListItem, SearchParams } from '../types.js';
+/**
+ * Client for interacting with Sembix Studio API endpoints.
+ * Handles authenticated requests, automatic token refresh, and error handling.
+ */
+export declare class StudioApiClient {
+    private profile;
+    private tokens;
+    private cognitoService;
+    constructor(profile: StudioProfile, tokens: StudioAuthTokens);
+    /**
+     * Search for projects by name or IDs.
+     * @param params - Search parameters (projectName, projectIds)
+     * @returns Promise resolving to project list response
+     */
+    searchProjects(params?: ProjectSearchParams): Promise<ProjectListResponse>;
+    /**
+     * Get a specific project by ID.
+     * Note: API doesn't have a direct GET endpoint, so we search with projectIds filter.
+     * @param projectId - The project ID
+     * @returns Promise resolving to project or null if not found
+     */
+    getProject(projectId: string): Promise<Project | null>;
+    /**
+     * List workflows with optional filters.
+     * @param params - Filter parameters (projectId, workflowId, workflowTemplateIds, parentWorkflowId)
+     * @returns Promise resolving to workflow list response
+     */
+    listWorkflows(params?: WorkflowSearchParams): Promise<WorkflowListResponse>;
+    /**
+     * Get a specific workflow by ID.
+     * @param projectId - The project ID
+     * @param workflowId - The workflow ID
+     * @returns Promise resolving to workflow details
+     */
+    getWorkflow(projectId: string, workflowId: string): Promise<Workflow>;
+    /**
+     * Find a workflow by name within a project.
+     * Searches all workflows in the project and returns the first match.
+     * API returns only parent workflows by default (unless parentWorkflowId is specified).
+     * @param projectId - The project ID
+     * @param workflowName - The workflow name (case-insensitive)
+     * @returns Promise resolving to workflow or null if not found
+     */
+    findWorkflowByName(projectId: string, workflowName: string): Promise<Workflow | null>;
+    /**
+     * Resolves a parent workflow to its published child workflow with the highest version.
+     * This is required because workflow lists show parent workflows, but you must start child workflows.
+     * @param projectId - The project ID
+     * @param parentWorkflowId - The parent workflow ID to resolve
+     * @returns Promise resolving to the published child workflow with highest version
+     * @throws Error if no published children found
+     */
+    resolveToPublishedChild(projectId: string, parentWorkflowId: string): Promise<Workflow>;
+    /**
+     * Start a workflow execution.
+     * @param projectId - The project ID
+     * @param workflowId - The workflow ID
+     * @param startConfiguration - Workflow start configuration with input variables
+     * @returns Promise resolving to workflow start response with runId and taskArn
+     */
+    startWorkflow(projectId: string, workflowId: string, startConfiguration: StartWorkflowConfiguration): Promise<WorkflowStartResponse>;
+    /**
+     * Get details of a specific workflow run.
+     * @param workflowId - The workflow ID
+     * @param runId - The run ID
+     * @returns Promise resolving to workflow run details
+     */
+    getWorkflowRun(workflowId: string, runId: string): Promise<FetchWorkflowRunResponse>;
+    /**
+     * Search workflow runs with optional filters.
+     * @param params - Search parameters for filtering and pagination
+     * @returns Promise resolving to list of workflow runs
+     */
+    searchWorkflowRuns(params: SearchParams): Promise<FetchWorkflowRunListItem>;
+    /**
+     * Stop a running workflow.
+     * @param projectId - The project ID
+     * @param workflowId - The workflow ID
+     * @param runId - The run ID to stop
+     * @returns Promise resolving when workflow is stopped
+     */
+    stopWorkflowRun(projectId: string, workflowId: string, runId: string): Promise<void>;
+    /**
+     * Get a specific workflow template by ID.
+     * @param projectId - The project ID
+     * @param templateId - The workflow template ID
+     * @returns Promise resolving to template details
+     */
+    getWorkflowTemplate(projectId: string, templateId: string): Promise<WorkflowTemplate>;
+    /**
+     * List workflow templates with optional filters.
+     * @param params - Filter parameters (templateIds, category, tags)
+     * @returns Promise resolving to template list response
+     */
+    listWorkflowTemplates(params?: WorkflowTemplateSearchParams): Promise<WorkflowTemplateListResponse>;
+    /**
+     * Get workflow template for a specific workflow.
+     * Convenience method that fetches workflow and then its template.
+     * @param projectId - The project ID
+     * @param workflowId - The workflow ID
+     * @returns Promise resolving to template details or null if workflow has no template
+     */
+    getWorkflowTemplateForWorkflow(projectId: string, workflowId: string): Promise<WorkflowTemplate | null>;
+    /**
+     * Make an authenticated HTTP request to the Studio API.
+     * Handles token refresh on 401 responses and retries the request.
+     * @param method - HTTP method
+     * @param path - API endpoint path
+     * @param body - Optional request body
+     * @param queryParams - Optional query parameters
+     * @returns Promise resolving to parsed response
+     */
+    private _makeRequest;
+    /**
+     * Handle HTTP response, parsing JSON or throwing errors.
+     * @param response - Fetch response object
+     * @returns Promise resolving to parsed response body
+     */
+    private _handleResponse;
+    /**
+     * Refresh authentication tokens and update stored tokens.
+     * @throws Error if token refresh fails
+     */
+    private _refreshTokensAndRetry;
+}
+//# sourceMappingURL=studio-api-client.d.ts.map

package/dist/services/studio-api-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"studio-api-client.d.ts","sourceRoot":"","sources":["../../src/services/studio-api-client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,aAAa,EACb,gBAAgB,EAChB,OAAO,EACP,mBAAmB,EACnB,mBAAmB,EACnB,QAAQ,EACR,oBAAoB,EACpB,oBAAoB,EACpB,gBAAgB,EAChB,4BAA4B,EAC5B,4BAA4B,EAC5B,0BAA0B,EAC1B,qBAAqB,EACrB,wBAAwB,EACxB,wBAAwB,EACxB,YAAY,EACb,MAAM,aAAa,CAAC;AAKrB;;;GAGG;AACH,qBAAa,eAAe;IAC1B,OAAO,CAAC,OAAO,CAAgB;IAC/B,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,cAAc,CAAqB;gBAE/B,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,gBAAgB;IAM5D;;;;OAIG;IACG,cAAc,CAAC,MAAM,GAAE,mBAAwB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAIpF;;;;;OAKG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAK5D;;;;OAIG;IACG,aAAa,CAAC,MAAM,GAAE,oBAAyB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAIrF;;;;;OAKG;IACG,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAK3E;;;;;;;OAOG;IACG,kBAAkB,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAa3F;;;;;;;OAOG;IACG,uBAAuB,CAAC,SAAS,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IA4B7F;;;;;;OAMG;IACG,aAAa,CACjB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,kBAAkB,EAAE,0BAA0B,GAC7C,OAAO,CAAC,qBAAqB,CAAC;IAMjC;;;;;OAKG;IACG,cAAc,CAClB,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,wBAAwB,CAAC;IAKpC;;;;OAIG;IACG,kBAAkB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAKjF;;;;;;OAMG;IACG,eAAe,CACnB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC;IAKhB;;;;;OAKG;IACG,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAK3F;;;;OAIG;IACG,qBAAqB,CAAC,MAAM,GAAE,4BAAiC,GAAG,OAAO,CAAC,4BAA4B,CAAC;IAI7G;;;;;;OAMG;IACG,8BAA8B,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAQ7G;;;;;;;;OAQG;YACW,YAAY;IA6D1B;;;;OAIG;YACW,eAAe;IAmC7B;;;OAGG;YACW,sBAAsB;CAmBrC"}