@sitecore-content-sdk/cli 0.2.0-beta.1 → 0.2.0-beta.11

package/README.md

@@ -1,4 +1,4 @@
-# Sitecore Content SDK CLI Tools
+# Sitecore Content SDK CLI
 
 This module is provided as a part of Sitecore Contents SDK. It contains the Sitecore Content SDK command line interface.
 

package/dist/cjs/bin/sitecore-tools.js

@@ -50,16 +50,18 @@ const commands = __importStar(require("../scripts"));
         // library from a package.json. Instead, include it from a relative
         // path to this script file (which is likely a globally installed
         // npm package).
-        // Not erroring here because we might use this in future for scaffolding.
+        // Not erroring here because cli can be used in global mode.
         cli = require('../cli').default;
         console.warn('Sitecore Content SDK CLI is running in global mode because it was not installed in the local node_modules folder.');
     }
     else {
         // No error implies a projectLocalCli, which will load whatever
-        // version of jss-cli you have installed in a local package.json
+        // version of content sdk cli you have installed in a local package.json
         cli = require(projectLocalCli).default;
-        // Since we are in context of a project, load its environment variables
-        (0, process_env_1.default)(process.cwd());
     }
+    // load environment variables from current working directory
+    // if the current working directory is not an app project root .env file will be missing and nothing will be loaded
+    // in that case loading environment variables will be handled by the actual cli command
+    (0, process_env_1.default)(process.cwd());
     cli(commands);
 });

package/dist/cjs/cli.js

@@ -48,18 +48,22 @@ function cli(commands) {
                 }
             }
         }
-        appCommands.command({
+        appCommands
+            .command({
             command: '*',
             handler: (argv) => {
                 if (argv._.length > 0) {
-                    console.error(`Command not found: "${argv._[0]}". Use --help to see available commands.`);
+                    console.error(`Command not found: "${argv._[0]}"`);
                 }
                 else {
-                    console.error('No command provided. Use --help to see available commands.');
+                    console.error('No command provided');
                 }
+                yargs_1.default.showHelp();
                 process.exit(1);
             },
-        });
+        })
+            .demandCommand(1, 'You need to specify a command to run')
+            .strict();
         yield appCommands.argv;
     });
 }

package/dist/cjs/scripts/auth/index.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.builder = builder;
+const login_1 = require("./login");
+const logout_1 = require("./logout");
+const status_1 = require("./status");
+const list_1 = require("./list");
+/**
+ * Registers the `auth` command group and its subcommands (`login`, `logout`, `status`, `list`) with Yargs.
+ * @param {Argv} yargs - The Yargs instance used to define CLI commands.
+ * @returns The configured Yargs command group for authentication operations.
+ */
+function builder(yargs) {
+    return yargs.command({
+        command: 'auth',
+        describe: 'Performs authentication for content services',
+        builder: (_yargs) => {
+            return _yargs
+                .command([login_1.login, logout_1.logout, status_1.status, list_1.list])
+                .strict()
+                .demandCommand(1, 'You need to specify a command to run')
+                .help();
+        },
+        handler: () => { },
+    });
+}

package/dist/cjs/scripts/auth/list.js

@@ -0,0 +1,36 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.list = void 0;
+const tenant_store_1 = require("../../utils/auth/tenant-store");
+exports.list = {
+    command: 'list',
+    describe: 'List all known tenants',
+    handler: () => __awaiter(void 0, void 0, void 0, function* () {
+        const tenants = (0, tenant_store_1.getAllTenantsInfo)();
+        if (tenants.length === 0) {
+            console.log('\n No tenant information found.');
+            return;
+        }
+        console.log('\n Known tenants:\n');
+        tenants.forEach((tenant, index) => {
+            console.log(`Tenant ${index + 1}:`);
+            console.log(`  Tenant ID       : ${tenant.tenantId}`);
+            console.log(`  Tenant Name     : ${tenant.tenantName || 'N/A'}`);
+            console.log(`  Organization ID : ${tenant.organizationId}`);
+            console.log(`  Client ID       : ${tenant.clientId}`);
+            console.log(`  Authority       : ${tenant.authority || 'N/A'}`);
+            console.log(`  Audience        : ${tenant.audience || 'N/A'}`);
+            console.log(`  Base URL        : ${tenant.baseUrl || 'N/A'}`);
+            console.log();
+        });
+    }),
+};

package/dist/cjs/scripts/auth/login.js

@@ -0,0 +1,112 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.login = void 0;
+const flow_1 = require("../../utils/auth/flow");
+const tenant_store_1 = require("../../utils/auth/tenant-store");
+const tenant_state_1 = require("../../utils/auth/tenant-state");
+exports.login = {
+    command: 'login',
+    describe: 'Login into a tenant',
+    builder: (yargs) => yargs
+        .option('clientId', {
+        type: 'string',
+        requiresArg: true,
+        demandOption: true,
+        describe: 'Client ID for authentication',
+    })
+        .option('clientSecret', {
+        type: 'string',
+        demandOption: false,
+        describe: 'Client secret for authentication',
+    })
+        .option('tenantId', {
+        type: 'string',
+        demandOption: false,
+        describe: 'Tenant ID to login into.',
+    })
+        .option('organizationId', {
+        type: 'string',
+        demandOption: false,
+        describe: 'Organization ID to authenticate against.',
+    })
+        .option('authority', {
+        type: 'string',
+        demandOption: false,
+        describe: 'OAuth 2.0 authority URL for authentication.',
+    })
+        .option('audience', {
+        type: 'string',
+        demandOption: false,
+        describe: 'Intended recipient of the token, usually the API base URL.',
+    })
+        .option('baseUrl', {
+        type: 'string',
+        demandOption: false,
+        describe: 'Base URL for the API, used to construct the audience.',
+    })
+        .group([
+        'clientId',
+        'clientSecret',
+        'tenantId',
+        'organizationId',
+        'authority',
+        'audience',
+        'baseUrl',
+    ], 'Login Options:'),
+    handler: (argv) => __awaiter(void 0, void 0, void 0, function* () {
+        const { clientId } = argv;
+        let authResult, tenantId, organizationId, tenantName;
+        if (argv.clientSecret) {
+            try {
+                const authData = yield (0, flow_1.clientCredentialsFlow)({
+                    clientId,
+                    clientSecret: argv.clientSecret,
+                    organizationId: argv.organizationId,
+                    tenantId: argv.tenantId,
+                    audience: argv.audience,
+                    authority: argv.authority,
+                    baseUrl: argv.baseUrl,
+                });
+                authResult = authData.data;
+                tenantId = authData.tokenTenantId;
+                organizationId = authData.tokenOrgId;
+                tenantName = authData.tokenTenantName;
+            }
+            catch (err) {
+                console.error(`\n Login failed: ${err.message}`);
+                process.exit(1);
+            }
+        }
+        else {
+            // TODO: Implement Device Authorization Flow when clientSecret is not provided.
+            console.log('\n Please provide client secret for authentication.');
+            process.exit(1);
+        }
+        yield (0, tenant_store_1.writeTenantAuthInfo)(tenantId, {
+            clientSecret: argv.clientSecret,
+            access_token: authResult.access_token,
+            expires_in: authResult.expires_in,
+            expires_at: new Date(Date.now() + authResult.expires_in * 1000).toISOString(),
+        });
+        yield (0, tenant_store_1.writeTenantInfo)({
+            tenantId,
+            organizationId,
+            clientId,
+            tenantName,
+            authority: argv.authority || flow_1.AUTH0_DOMAIN,
+            audience: argv.audience || flow_1.AUDIENCE,
+            baseUrl: argv.baseUrl || flow_1.BASE_URL,
+        });
+        (0, tenant_state_1.setActiveTenant)(tenantId);
+        console.info(`\n Logged in successfully to tenant ${tenantId}.`);
+    }),
+};

package/dist/cjs/scripts/auth/logout.js

@@ -0,0 +1,28 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.logout = void 0;
+const tenant_state_1 = require("../../utils/auth/tenant-state");
+const tenant_store_1 = require("../../utils/auth/tenant-store");
+exports.logout = {
+    command: 'logout',
+    describe: 'Logout from the active tenant',
+    handler: () => __awaiter(void 0, void 0, void 0, function* () {
+        const tenantId = (0, tenant_state_1.getActiveTenant)();
+        if (!tenantId) {
+            console.error('\n No active tenant found. Please login first.');
+            return;
+        }
+        (0, tenant_state_1.clearActiveTenant)();
+        (0, tenant_store_1.deleteTenantAuthInfo)(tenantId);
+        console.info(`\n Logged out from tenant ${tenantId}`);
+    }),
+};

package/dist/cjs/scripts/auth/models.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/cjs/scripts/auth/status.js

@@ -0,0 +1,34 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.status = void 0;
+const tenant_store_1 = require("../../utils/auth/tenant-store");
+const renewal_1 = require("../../utils/auth/renewal");
+exports.status = {
+    command: 'status',
+    describe: 'Show current status of active tenant',
+    handler: () => __awaiter(void 0, void 0, void 0, function* () {
+        const context = yield (0, renewal_1.renewAuthIfExpired)();
+        if (!context) {
+            console.log('\n No valid authentication found. Please login.');
+            return;
+        }
+        const tenantInfo = yield (0, tenant_store_1.readTenantInfo)(context.tenantId);
+        console.log('\n Active tenant:');
+        console.log(`  Tenant ID       : ${context.tenantId}`);
+        console.log(`  Tenant Name     : ${(tenantInfo === null || tenantInfo === void 0 ? void 0 : tenantInfo.tenantName) || 'N/A'}`);
+        console.log(`  Organization ID : ${tenantInfo === null || tenantInfo === void 0 ? void 0 : tenantInfo.organizationId}`);
+        console.log(`  Client ID       : ${tenantInfo === null || tenantInfo === void 0 ? void 0 : tenantInfo.clientId}`);
+        console.log(`  Authority       : ${(tenantInfo === null || tenantInfo === void 0 ? void 0 : tenantInfo.authority) || 'N/A'}`);
+        console.log(`  Audience        : ${(tenantInfo === null || tenantInfo === void 0 ? void 0 : tenantInfo.audience) || 'N/A'}`);
+        console.log(`  Base URL        : ${(tenantInfo === null || tenantInfo === void 0 ? void 0 : tenantInfo.baseUrl) || 'N/A'}`);
+    }),
+};

package/dist/cjs/scripts/index.js

@@ -35,8 +35,8 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.scaffold = exports.build = void 0;
-const build = __importStar(require("./build"));
-exports.build = build;
-const scaffold = __importStar(require("./scaffold"));
-exports.scaffold = scaffold;
+exports.auth = exports.project = void 0;
+const project = __importStar(require("./project"));
+exports.project = project;
+const auth = __importStar(require("./auth"));
+exports.auth = auth;

package/dist/cjs/scripts/{build.js → project/build.js}

@@ -14,9 +14,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.builder = exports.describe = exports.command = void 0;
 exports.handler = handler;
-const load_config_1 = __importDefault(require("../utils/load-config"));
+const load_config_1 = __importDefault(require("../../utils/load-config"));
 exports.command = 'build';
-exports.describe = 'Handles build time automation';
+exports.describe = 'Performs build time automation';
 exports.builder = {
     config: {
         requiresArg: false,

package/dist/cjs/scripts/project/component/index.js

@@ -0,0 +1,55 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.builder = builder;
+const scaffold = __importStar(require("./scaffold"));
+/**
+ * @param {Argv} yargs
+ */
+function builder(yargs) {
+    return yargs.command({
+        command: 'component',
+        describe: 'Performs component level operations',
+        builder: (_yargs) => {
+            _yargs = _yargs
+                .command([scaffold])
+                .strict()
+                .demandCommand(1, 'You need to specify a command to run');
+            _yargs = scaffold.builder(_yargs);
+            return _yargs;
+        },
+        handler: () => { },
+    });
+}

package/dist/cjs/scripts/{scaffold.js → project/component/scaffold.js}

@@ -7,13 +7,13 @@ exports.builder = builder;
 exports.args = args;
 exports.handler = handler;
 const tools_1 = require("@sitecore-content-sdk/core/tools");
-const load_config_1 = __importDefault(require("../utils/load-config"));
+const load_config_1 = __importDefault(require("../../../utils/load-config"));
 const config_1 = require("@sitecore-content-sdk/core/config");
 /**
  * @param {Argv} yargs
  */
 function builder(yargs) {
-    return yargs.command('scaffold <componentName>', 'Scaffolds a new component. Use `sitecore-tools scaffold --help` for available options.', args, handler);
+    return yargs.command('scaffold <componentName>', 'Scaffolds a new component', args, handler);
 }
 /**
  * @param {Argv} yargs

package/dist/cjs/scripts/project/index.js

@@ -0,0 +1,56 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.builder = builder;
+const build = __importStar(require("./build"));
+const component = __importStar(require("./component"));
+/**
+ * @param {Argv} yargs
+ */
+function builder(yargs) {
+    return yargs.command({
+        command: 'project',
+        describe: 'Performs project level operations',
+        builder: (_yargs) => {
+            _yargs = _yargs
+                .command([build, component])
+                .strict()
+                .demandCommand(1, 'You need to specify a command to run');
+            _yargs = component.builder(_yargs);
+            return _yargs;
+        },
+        handler: () => { },
+    });
+}

package/dist/cjs/utils/auth/flow.js

@@ -0,0 +1,72 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BASE_URL = exports.AUDIENCE = exports.AUTH0_DOMAIN = void 0;
+exports.clientCredentialsFlow = clientCredentialsFlow;
+const tenant_store_1 = require("./tenant-store");
+exports.AUTH0_DOMAIN = 'https://auth.sitecorecloud.io';
+exports.AUDIENCE = 'https://api.sitecorecloud.io';
+exports.BASE_URL = 'https://edge-platform.sitecorecloud.io/cs/api';
+const GRANT_TYPE = 'client_credentials';
+/**
+ * Performs the OAuth 2.0 client credentials flow to obtain a JWT access token
+ * from the Sitecore Identity Provider using the provided client credentials.
+ * @param {object} [args] - The arguments for client credentials flow
+ * @param {string} [args.clientId] - The client ID registered with Sitecore Identity
+ * @param {string} [args.clientSecret] - The client secret associated with the client ID
+ * @param {string} [args.organizationId] - The ID of the organization the client belongs to
+ * @param {string} [args.tenantId] - The tenant ID representing the specific Sitecore environment
+ * @param {string} [args.audience] - The API audience the token is intended for. Defaults to `AUDIENCE`
+ * @param {string} [args.authority] - The auth server base URL. Defaults to `AUTH0_DOMAIN`
+ * @param {string} [args.baseUrl] - The base URL for the API, used to construct the audience
+ * @returns A Promise that resolves to the access token response (including access token, token type, expiry, etc.)
+ * @throws Will log and exit the process if the request fails or returns a non-OK status
+ */
+function clientCredentialsFlow(_a) {
+    return __awaiter(this, arguments, void 0, function* ({ clientId, clientSecret, organizationId, tenantId, audience = exports.AUDIENCE, authority = exports.AUTH0_DOMAIN, baseUrl = exports.BASE_URL, }) {
+        const params = new URLSearchParams({
+            client_id: clientId,
+            client_secret: clientSecret !== null && clientSecret !== void 0 ? clientSecret : '',
+            organization_id: organizationId !== null && organizationId !== void 0 ? organizationId : '',
+            tenant_id: tenantId !== null && tenantId !== void 0 ? tenantId : '',
+            audience,
+            grant_type: GRANT_TYPE,
+            baseUrl: baseUrl !== null && baseUrl !== void 0 ? baseUrl : '',
+        });
+        try {
+            const response = yield fetch(`${authority}/oauth/token`, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                body: params.toString(),
+            });
+            const data = yield response.json();
+            if (!response.ok) {
+                throw new Error(data.error_description || data.error || 'Error during client credentials flow');
+            }
+            const decodedPayload = (0, tenant_store_1.decodeJwtPayload)(data.access_token) || {};
+            if (!(decodedPayload === null || decodedPayload === void 0 ? void 0 : decodedPayload.tokenTenantId) || !decodedPayload.tokenOrgId) {
+                throw new Error('\n Token is missing required claims tenant_id or org_id.');
+            }
+            const { tokenTenantId, tokenOrgId, tokenTenantName } = decodedPayload;
+            if (tenantId && tenantId !== tokenTenantId) {
+                throw new Error('\n Mismatch: Provided tenant ID does not match claims tenant ID.');
+            }
+            if (organizationId && organizationId !== tokenOrgId) {
+                throw new Error('\n Mismatch: Provided organization ID does not match claims organization ID.');
+            }
+            return { data, tokenOrgId, tokenTenantId, tokenTenantName };
+        }
+        catch (error) {
+            console.error('\n Error during client credentials flow:', error instanceof Error ? error.message : error);
+            throw error;
+        }
+    });
+}

package/dist/cjs/utils/auth/renewal.js

@@ -0,0 +1,95 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateAuthInfo = validateAuthInfo;
+exports.renewClientToken = renewClientToken;
+exports.renewAuthIfExpired = renewAuthIfExpired;
+const tenant_state_1 = require("./tenant-state");
+const flow_1 = require("./flow");
+const tenant_store_1 = require("./tenant-store");
+/**
+ * Validates whether a given auth config is still valid (i.e., not expired).
+ * @param {TenantAuth} authInfo - The tenant auth configuration.
+ * @returns True if the token is still valid, false if expired.
+ */
+function validateAuthInfo(authInfo) {
+    const now = new Date();
+    const expiry = new Date(authInfo.expires_at);
+    return now < expiry;
+}
+/**
+ * Renews the token for a given tenant using stored credentials.
+ * @param {TenantAuth} authInfo - Current authentication info for the tenant.
+ * @param {TenantInfo} tenantInfo - Public metadata about the tenant (e.g., clientId).
+ * @returns Promise<void>
+ * @throws If credentials are missing or renewal fails.
+ */
+function renewClientToken(authInfo, tenantInfo) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const result = yield (0, flow_1.clientCredentialsFlow)({
+            clientId: tenantInfo.clientId,
+            clientSecret: authInfo.clientSecret,
+            organizationId: tenantInfo.organizationId,
+            tenantId: tenantInfo.tenantId,
+            audience: tenantInfo.audience,
+            authority: tenantInfo.authority,
+            baseUrl: tenantInfo.baseUrl,
+        });
+        const tenantId = tenantInfo.tenantId;
+        yield (0, tenant_store_1.writeTenantAuthInfo)(tenantId, {
+            clientSecret: authInfo.clientSecret,
+            access_token: result.data.access_token,
+            expires_in: result.data.expires_in,
+            expires_at: new Date(Date.now() + result.data.expires_in * 1000).toISOString(),
+        });
+        console.info(`\n Token for tenant ${tenantId} renewed.`);
+    });
+}
+/**
+ * Ensures a valid token exists, renews it if expired.
+ * Returns tenant context if successful, otherwise null.
+ */
+function renewAuthIfExpired() {
+    return __awaiter(this, void 0, void 0, function* () {
+        const tenantId = (0, tenant_state_1.getActiveTenant)();
+        if (!tenantId)
+            return null;
+        const authInfo = yield (0, tenant_store_1.readTenantAuthInfo)(tenantId);
+        if (!authInfo)
+            return null;
+        const isValid = validateAuthInfo(authInfo);
+        if (isValid) {
+            return { tenantId };
+        }
+        const tenantInfo = yield (0, tenant_store_1.readTenantInfo)(tenantId);
+        if (!tenantInfo)
+            return null;
+        console.info(`\n Token for tenant ${tenantId} is expired. Renewing...`);
+        try {
+            if (authInfo.clientSecret) {
+                yield renewClientToken(authInfo, tenantInfo);
+            }
+            else {
+                // <TODO>: Implement Device auth token renewal.
+                throw new Error('\n Please use clientSecret for authentication.');
+            }
+            return { tenantId };
+        }
+        catch (err) {
+            console.error(`\n Failed to renew token for tenant '${tenantId}'`);
+            console.warn(`\n Cleaning up stale authentication data for tenant '${tenantId}'...`);
+            yield (0, tenant_store_1.deleteTenantAuthInfo)(tenantId);
+            (0, tenant_state_1.clearActiveTenant)();
+            console.info('\n You will need to login again to re-authenticate.');
+            process.exit(1);
+        }
+    });
+}