@switchbot/openapi-cli 2.2.1 → 2.4.0

package/dist/utils/output.js

@@ -1,7 +1,7 @@
 import Table from 'cli-table3';
 import chalk from 'chalk';
 import { ApiError, DryRunSignal } from '../api/client.js';
-import { getFormat } from './flags.js';
+import { getFormat, getTableStyle } from './flags.js';
 export const SCHEMA_VERSION = '1.1';
 export function isJsonMode() {
     return process.argv.includes('--json') || getFormat() === 'json';
@@ -9,33 +9,96 @@ export function isJsonMode() {
 export function printJson(data) {
     console.log(JSON.stringify({ schemaVersion: SCHEMA_VERSION, data }, null, 2));
 }
+function escapeMarkdownCell(s) {
+    // Pipes break markdown table layout; backslash-escape them. Collapse
+    // newlines into <br> so each row stays on one line.
+    return s.replace(/\|/g, '\\|').replace(/\r?\n/g, '<br>');
+}
+function formatCell(cell, style) {
+    if (cell === null || cell === undefined)
+        return style === 'markdown' ? '—' : chalk.grey('—');
+    if (typeof cell === 'boolean') {
+        if (style === 'markdown')
+            return cell ? 'Yes' : 'No';
+        return cell ? chalk.green('✓') : chalk.red('✗');
+    }
+    return String(cell);
+}
+function renderMarkdownTable(headers, rows) {
+    const head = `| ${headers.map(escapeMarkdownCell).join(' | ')} |`;
+    const sep = `| ${headers.map(() => '---').join(' | ')} |`;
+    const body = rows.map((r) => `| ${r
+        .map((c) => escapeMarkdownCell(formatCell(c, 'markdown')))
+        .join(' | ')} |`);
+    return [head, sep, ...body].join('\n');
+}
+function renderSimpleTable(headers, rows) {
+    const widths = headers.map((h, i) => Math.max(h.length, ...rows.map((r) => String(formatCell(r[i], 'simple')).length)));
+    const fmt = (cells) => cells.map((c, i) => c.padEnd(widths[i])).join('  ').trimEnd();
+    return [
+        fmt(headers),
+        ...rows.map((r) => fmt(r.map((c) => String(formatCell(c, 'simple'))))),
+    ].join('\n');
+}
+const ASCII_BORDER_CHARS = {
+    top: '-', 'top-mid': '+', 'top-left': '+', 'top-right': '+',
+    bottom: '-', 'bottom-mid': '+', 'bottom-left': '+', 'bottom-right': '+',
+    left: '|', 'left-mid': '+', mid: '-', 'mid-mid': '+',
+    right: '|', 'right-mid': '+', middle: '|',
+};
 export function printTable(headers, rows) {
-    const table = new Table({
-        head: headers.map((h) => chalk.cyan(h)),
-        style: { border: ['grey'] },
-    });
+    const style = getTableStyle();
+    if (style === 'markdown') {
+        console.log(renderMarkdownTable(headers, rows));
+        return;
+    }
+    if (style === 'simple') {
+        console.log(renderSimpleTable(headers, rows));
+        return;
+    }
+    const tableOpts = {
+        head: headers.map((h) => (style === 'ascii' ? h : chalk.cyan(h))),
+        style: style === 'ascii' ? { border: [], head: [] } : { border: ['grey'] },
+    };
+    if (style === 'ascii') {
+        tableOpts.chars = ASCII_BORDER_CHARS;
+    }
+    const table = new Table(tableOpts);
     for (const row of rows) {
-        table.push(row.map((cell) => {
-            if (cell === null || cell === undefined)
-                return chalk.grey('—');
-            if (typeof cell === 'boolean')
-                return cell ? chalk.green('✓') : chalk.red('✗');
-            return String(cell);
-        }));
+        table.push(row.map((cell) => formatCell(cell, style)));
     }
     console.log(table.toString());
 }
 export function printKeyValue(data) {
-    const table = new Table({
-        style: { border: ['grey'] },
-    });
+    const style = getTableStyle();
+    if (style === 'markdown') {
+        const entries = Object.entries(data).filter(([, v]) => v !== null && v !== undefined);
+        const rows = entries.map(([k, v]) => [k, typeof v === 'object' ? JSON.stringify(v) : String(v)]);
+        console.log(renderMarkdownTable(['Key', 'Value'], rows));
+        return;
+    }
+    if (style === 'simple') {
+        for (const [key, value] of Object.entries(data)) {
+            if (value === null || value === undefined)
+                continue;
+            const displayValue = typeof value === 'object' ? JSON.stringify(value) : String(value);
+            console.log(`${key}  ${displayValue}`);
+        }
+        return;
+    }
+    const tableOpts = {
+        style: style === 'ascii' ? { border: [], head: [] } : { border: ['grey'] },
+    };
+    if (style === 'ascii') {
+        tableOpts.chars = ASCII_BORDER_CHARS;
+    }
+    const table = new Table(tableOpts);
     for (const [key, value] of Object.entries(data)) {
         if (value === null || value === undefined)
             continue;
-        const displayValue = typeof value === 'object'
-            ? JSON.stringify(value)
-            : String(value);
-        table.push({ [chalk.cyan(key)]: displayValue });
+        const displayValue = typeof value === 'object' ? JSON.stringify(value) : String(value);
+        const keyLabel = style === 'ascii' ? key : chalk.cyan(key);
+        table.push({ [keyLabel]: displayValue });
     }
     console.log(table.toString());
 }
@@ -82,6 +145,35 @@ export function buildErrorPayload(error) {
     if (error instanceof UsageError) {
         return { code: 2, kind: 'usage', message: error.message, errorClass: 'usage', transient: false };
     }
+    // Idempotency conflict → exit 2 with kind:guard so scripts can react.
+    if (error instanceof Error && error.name === 'IdempotencyConflictError') {
+        return {
+            code: 2,
+            kind: 'guard',
+            message: error.message,
+            errorClass: 'guard',
+            transient: false,
+            context: {
+                existingShape: error.existingShape,
+                newShape: error.newShape,
+            },
+        };
+    }
+    // Local daily-cap refusal → exit 2 (usage-style refusal before touching net).
+    if (error instanceof Error && error.name === 'DailyCapExceededError') {
+        return {
+            code: 2,
+            kind: 'guard',
+            message: error.message,
+            errorClass: 'guard',
+            transient: false,
+            context: {
+                cap: error.cap,
+                total: error.total,
+                profile: error.profile,
+            },
+        };
+    }
     const code = error instanceof ApiError ? error.code : 1;
     const kind = error instanceof ApiError ? 'api' : 'runtime';
     const message = error instanceof Error ? error.message : 'An unknown error occurred';
@@ -127,6 +219,10 @@ export function handleError(error) {
         console.error(payload.message);
         process.exit(2);
     }
+    if (payload.kind === 'guard') {
+        console.error(chalk.yellow(`Guard: ${payload.message}`));
+        process.exit(payload.code === 2 ? 2 : 1);
+    }
     if (error instanceof ApiError) {
         console.error(chalk.red(`Error (code ${error.code}): ${payload.message}`));
         if (payload.hint)

package/dist/utils/quota.js

@@ -211,3 +211,17 @@ export function todayUsage(now = new Date()) {
         endpoints: { ...bucket.endpoints },
     };
 }
+/**
+ * Check whether today's call count is at or over the given cap. Returns the
+ * current counter either way so callers can render a helpful refusal message.
+ * Undefined cap → returns { over: false } without loading anything.
+ */
+export function checkDailyCap(dailyCap, now = new Date()) {
+    const date = today(now);
+    if (!dailyCap || dailyCap <= 0) {
+        return { over: false, total: 0, date };
+    }
+    const data = loadQuota();
+    const total = data.days[date]?.total ?? 0;
+    return { over: total >= dailyCap, total, cap: dailyCap, date };
+}

package/dist/utils/redact.js

@@ -0,0 +1,68 @@
+/**
+ * Header/value redaction utilities for verbose traces.
+ *
+ * C6 contract: any header whose name matches a sensitive pattern is mid-masked
+ * (first 2 chars + `*` run + last 2 chars) before it is written to stderr. The
+ * `--trace-unsafe` flag turns masking off — with a prominent one-time warning.
+ */
+import { isTraceUnsafe } from './flags.js';
+const SENSITIVE_HEADER_PATTERNS = [
+    /^authorization$/i,
+    /^token$/i,
+    /^sign$/i,
+    /^nonce$/i,
+    /^x-api-key$/i,
+    /^cookie$/i,
+    /^set-cookie$/i,
+    /^x-auth-token$/i,
+];
+// The `t` header (timestamp) is treated as sensitive alongside sign because
+// together they reconstruct the HMAC signature — anyone watching the logs
+// shouldn't be able to replay the exact timestamp that was used.
+const SENSITIVE_EXACT_KEYS = new Set(['t']);
+export function isSensitiveHeader(name) {
+    if (SENSITIVE_EXACT_KEYS.has(name))
+        return true;
+    return SENSITIVE_HEADER_PATTERNS.some((re) => re.test(name));
+}
+export function maskValue(value) {
+    if (value.length <= 4)
+        return '****';
+    return `${value.slice(0, 2)}${'*'.repeat(Math.max(4, value.length - 4))}${value.slice(-2)}`;
+}
+/**
+ * Redact the sensitive entries of a headers object. Returns a new object
+ * alongside the count of entries that were masked.
+ */
+export function redactHeaders(headers) {
+    const safe = {};
+    let redactedCount = 0;
+    if (!headers)
+        return { safe, redactedCount };
+    const unsafe = isTraceUnsafe();
+    for (const [k, v] of Object.entries(headers)) {
+        const strVal = typeof v === 'string' ? v : v == null ? '' : String(v);
+        if (!unsafe && isSensitiveHeader(k)) {
+            safe[k] = maskValue(strVal);
+            redactedCount++;
+        }
+        else {
+            safe[k] = strVal;
+        }
+    }
+    return { safe, redactedCount };
+}
+let unsafeBannerShown = false;
+/**
+ * Print the big "REDACTION DISABLED" banner once per process when
+ * --trace-unsafe is on. Callers should invoke this once before any
+ * header-spilling output.
+ */
+export function warnOnceIfUnsafe() {
+    if (unsafeBannerShown)
+        return;
+    if (!isTraceUnsafe())
+        return;
+    unsafeBannerShown = true;
+    process.stderr.write('⚠️  --trace-unsafe: sensitive headers will be printed UNMASKED. Do not share this output.\n');
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@switchbot/openapi-cli",
-  "version": "2.2.1",
+  "version": "2.4.0",
   "description": "SwitchBot smart home CLI — control devices, run scenes, stream real-time events, and integrate AI agents via MCP. Full API v1.1 coverage.",
   "keywords": [
     "switchbot",