@switchbot/openapi-cli 3.1.0 → 3.2.0

package/dist/commands/webhook.js

@@ -1,182 +0,0 @@
-import { stringArg } from '../utils/arg-parsers.js';
-import { createClient } from '../api/client.js';
-import { printKeyValue, printJson, isJsonMode, handleError, UsageError } from '../utils/output.js';
-import chalk from 'chalk';
-function assertValidUrl(url) {
-    let parsed;
-    try {
-        parsed = new URL(url);
-    }
-    catch {
-        throw new UsageError(`Invalid URL "${url}" (expected absolute URL, e.g. https://example.com/hook)`);
-    }
-    if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
-        throw new UsageError(`URL must use http:// or https:// (got "${parsed.protocol}")`);
-    }
-}
-export function registerWebhookCommand(program) {
-    const webhook = program
-        .command('webhook')
-        .description('Manage SwitchBot Webhook configuration')
-        .addHelpText('after', `
-A webhook lets SwitchBot POST device state-change events to a URL you host.
-Only one webhook URL can be active per account; "setup" registers it for ALL devices.
-`);
-    // switchbot webhook setup <url>
-    webhook
-        .command('setup')
-        .description('Configure the webhook receiver URL (receives events from all devices)')
-        .argument('<url>', 'Absolute http(s):// URL where SwitchBot will POST events')
-        .addHelpText('after', `
-Example:
-  $ switchbot webhook setup https://example.com/switchbot/events
-`)
-        .action(async (url) => {
-        try {
-            assertValidUrl(url);
-            const client = createClient();
-            await client.post('/v1.1/webhook/setupWebhook', {
-                action: 'setupWebhook',
-                url,
-                deviceList: 'ALL',
-            });
-            if (isJsonMode()) {
-                printJson({ ok: true, url });
-            }
-            else {
-                console.log(chalk.green(`✓ Webhook configured: ${url}`));
-            }
-        }
-        catch (error) {
-            handleError(error);
-        }
-    });
-    // switchbot webhook query [--details <url>]
-    webhook
-        .command('query')
-        .description('Query webhook configuration')
-        .option('--details <url>', 'Query detailed configuration (enable/deviceList/timestamps) for a specific URL', stringArg('--details'))
-        .addHelpText('after', `
-Without --details, lists all configured webhook URLs.
-With --details, prints enable/deviceList/createTime/lastUpdateTime for the given URL.
-
-Examples:
-  $ switchbot webhook query
-  $ switchbot webhook query --details https://example.com/hook
-  $ switchbot webhook query --json
-`)
-        .action(async (options) => {
-        try {
-            const client = createClient();
-            if (options.details) {
-                const res = await client.post('/v1.1/webhook/queryWebhook', { action: 'queryDetails', urls: [options.details] });
-                if (isJsonMode()) {
-                    printJson(res.data.body);
-                    return;
-                }
-                const details = res.data.body;
-                if (!details || details.length === 0) {
-                    console.log('No webhook configuration found for this URL');
-                    return;
-                }
-                for (const d of details) {
-                    printKeyValue({
-                        url: d.url,
-                        enable: d.enable,
-                        deviceList: d.deviceList,
-                        createTime: new Date(d.createTime).toLocaleString(),
-                        lastUpdateTime: new Date(d.lastUpdateTime).toLocaleString(),
-                    });
-                }
-            }
-            else {
-                const res = await client.post('/v1.1/webhook/queryWebhook', { action: 'queryUrl' });
-                if (isJsonMode()) {
-                    printJson(res.data.body);
-                    return;
-                }
-                const urls = res.data.body.urls ?? [];
-                if (urls.length === 0) {
-                    console.log('No webhooks configured');
-                    return;
-                }
-                console.log('Configured Webhook URLs:');
-                urls.forEach((u) => console.log(`  ${chalk.cyan(u)}`));
-            }
-        }
-        catch (error) {
-            handleError(error);
-        }
-    });
-    // switchbot webhook update <url> [--enable | --disable]
-    webhook
-        .command('update')
-        .description('Update webhook configuration (enable / disable a registered URL)')
-        .argument('<url>', 'URL of the webhook to update (must already be configured)')
-        .option('--enable', 'Enable the webhook')
-        .option('--disable', 'Disable the webhook')
-        .addHelpText('after', `
---enable and --disable are mutually exclusive. If neither is provided, the
-webhook is re-submitted with no change to its enabled state.
-
-Examples:
-  $ switchbot webhook update https://example.com/hook --enable
-  $ switchbot webhook update https://example.com/hook --disable
-`)
-        .action(async (url, options) => {
-        try {
-            if (options.enable && options.disable) {
-                throw new UsageError('--enable and --disable are mutually exclusive');
-            }
-            assertValidUrl(url);
-            const client = createClient();
-            const config = { url };
-            if (options.enable)
-                config.enable = true;
-            if (options.disable)
-                config.enable = false;
-            await client.post('/v1.1/webhook/updateWebhook', {
-                action: 'updateWebhook',
-                config,
-            });
-            const statusText = options.enable ? 'enabled' : options.disable ? 'disabled' : 'updated';
-            if (isJsonMode()) {
-                printJson({ ok: true, url, status: statusText });
-            }
-            else {
-                console.log(chalk.green(`✓ Webhook ${statusText}: ${url}`));
-            }
-        }
-        catch (error) {
-            handleError(error);
-        }
-    });
-    // switchbot webhook delete <url>
-    webhook
-        .command('delete')
-        .description('Delete webhook configuration')
-        .argument('<url>', 'URL of the webhook to remove')
-        .addHelpText('after', `
-Example:
-  $ switchbot webhook delete https://example.com/hook
-`)
-        .action(async (url) => {
-        try {
-            assertValidUrl(url);
-            const client = createClient();
-            await client.post('/v1.1/webhook/deleteWebhook', {
-                action: 'deleteWebhook',
-                url,
-            });
-            if (isJsonMode()) {
-                printJson({ ok: true, url });
-            }
-            else {
-                console.log(chalk.green(`✓ Webhook deleted: ${url}`));
-            }
-        }
-        catch (error) {
-            handleError(error);
-        }
-    });
-}

package/dist/config.js

@@ -1,258 +0,0 @@
-import fs from 'node:fs';
-import path from 'node:path';
-import os from 'node:os';
-import { getConfigPath } from './utils/flags.js';
-import { getActiveProfile } from './lib/request-context.js';
-import { emitJsonError, isJsonMode } from './utils/output.js';
-import { getPrimedCredentials } from './credentials/prime.js';
-function sanitizeOptionalString(v) {
-    if (typeof v !== 'string')
-        return undefined;
-    const trimmed = v.trim();
-    return trimmed ? trimmed : undefined;
-}
-/**
- * Credential file resolution priority:
- *   1. --config <path> (absolute override — wins over everything)
- *   2. active profile (ALS request context, else --profile flag) → ~/.switchbot/profiles/<name>.json
- *   3. default        → ~/.switchbot/config.json
- *
- * Env SWITCHBOT_TOKEN+SWITCHBOT_SECRET still take priority inside loadConfig.
- */
-export function configFilePath() {
-    const override = getConfigPath();
-    if (override)
-        return path.resolve(override);
-    const profile = getActiveProfile();
-    if (profile) {
-        return path.join(os.homedir(), '.switchbot', 'profiles', `${profile}.json`);
-    }
-    return path.join(os.homedir(), '.switchbot', 'config.json');
-}
-export function profileFilePath(profile) {
-    return path.join(os.homedir(), '.switchbot', 'profiles', `${profile}.json`);
-}
-export function listProfiles() {
-    const dir = path.join(os.homedir(), '.switchbot', 'profiles');
-    if (!fs.existsSync(dir))
-        return [];
-    return fs.readdirSync(dir)
-        .filter((f) => f.endsWith('.json'))
-        .map((f) => f.slice(0, -5))
-        .sort();
-}
-export function loadConfig() {
-    const envToken = process.env.SWITCHBOT_TOKEN;
-    const envSecret = process.env.SWITCHBOT_SECRET;
-    if (envToken && envSecret) {
-        return { token: envToken, secret: envSecret };
-    }
-    // After env, try the OS keychain (via the priming cache populated at
-    // command start). When --config is passed we skip the keychain so the
-    // override remains authoritative.
-    if (!getConfigPath()) {
-        const primed = getPrimedCredentials(getActiveProfile() ?? 'default');
-        if (primed)
-            return primed;
-    }
-    const file = configFilePath();
-    if (!fs.existsSync(file)) {
-        const profile = getActiveProfile();
-        const hint = profile
-            ? `No credentials configured for profile "${profile}". Run: switchbot --profile ${profile} config set-token <token> <secret>`
-            : 'No credentials configured. Run: switchbot config set-token <token> <secret>';
-        const msg = `${hint}\nOr set SWITCHBOT_TOKEN and SWITCHBOT_SECRET environment variables.`;
-        if (isJsonMode()) {
-            emitJsonError({ code: 1, kind: 'runtime', message: hint });
-        }
-        else {
-            console.error(msg);
-        }
-        process.exit(1);
-    }
-    try {
-        const raw = fs.readFileSync(file, 'utf-8');
-        const cfg = JSON.parse(raw);
-        if (!cfg.token || !cfg.secret) {
-            if (isJsonMode()) {
-                emitJsonError({ code: 1, kind: 'runtime', message: 'Invalid config format. Please re-run: switchbot config set-token' });
-            }
-            else {
-                console.error('Invalid config format. Please re-run: switchbot config set-token');
-            }
-            process.exit(1);
-        }
-        return cfg;
-    }
-    catch {
-        if (isJsonMode()) {
-            emitJsonError({ code: 1, kind: 'runtime', message: 'Failed to read config file. Please re-run: switchbot config set-token' });
-        }
-        else {
-            console.error('Failed to read config file. Please re-run: switchbot config set-token');
-        }
-        process.exit(1);
-    }
-}
-/**
- * Like loadConfig but returns null instead of exiting. Use this in code paths
- * that want graceful degradation (e.g. optional MQTT init in `mcp serve`).
- */
-export function tryLoadConfig() {
-    const envToken = process.env.SWITCHBOT_TOKEN;
-    const envSecret = process.env.SWITCHBOT_SECRET;
-    if (envToken && envSecret)
-        return { token: envToken, secret: envSecret };
-    if (!getConfigPath()) {
-        const primed = getPrimedCredentials(getActiveProfile() ?? 'default');
-        if (primed)
-            return primed;
-    }
-    const file = configFilePath();
-    if (!fs.existsSync(file))
-        return null;
-    try {
-        const raw = fs.readFileSync(file, 'utf-8');
-        const cfg = JSON.parse(raw);
-        if (!cfg.token || !cfg.secret)
-            return null;
-        return cfg;
-    }
-    catch {
-        return null;
-    }
-}
-export function saveConfig(token, secret, extras) {
-    const file = configFilePath();
-    const dir = path.dirname(file);
-    if (!fs.existsSync(dir)) {
-        fs.mkdirSync(dir, { recursive: true });
-    }
-    // Merge with existing file so label/limits/defaults aren't dropped when the
-    // user just rotates the token.
-    let existing = {};
-    if (fs.existsSync(file)) {
-        try {
-            existing = JSON.parse(fs.readFileSync(file, 'utf-8'));
-        }
-        catch {
-            existing = {};
-        }
-    }
-    const cfg = {
-        token,
-        secret,
-        ...(existing.label ? { label: existing.label } : {}),
-        ...(existing.description ? { description: existing.description } : {}),
-        ...(existing.limits ? { limits: existing.limits } : {}),
-        ...(existing.defaults ? { defaults: existing.defaults } : {}),
-    };
-    if (extras) {
-        const label = sanitizeOptionalString(extras.label);
-        const description = sanitizeOptionalString(extras.description);
-        if (label !== undefined)
-            cfg.label = label;
-        if (description !== undefined)
-            cfg.description = description;
-        if (extras.limits)
-            cfg.limits = { ...(cfg.limits ?? {}), ...extras.limits };
-        if (extras.defaults)
-            cfg.defaults = { ...(cfg.defaults ?? {}), ...extras.defaults };
-    }
-    fs.writeFileSync(file, JSON.stringify(cfg, null, 2), { mode: 0o600 });
-}
-/**
- * Read a profile's metadata (label / description / limits / defaults) without
- * exposing the token/secret. Returns null when the file is missing or invalid.
- */
-export function readProfileMeta(profile) {
-    const file = profile
-        ? profileFilePath(profile)
-        : path.join(os.homedir(), '.switchbot', 'config.json');
-    if (!fs.existsSync(file))
-        return null;
-    try {
-        const raw = fs.readFileSync(file, 'utf-8');
-        const cfg = JSON.parse(raw);
-        return {
-            label: cfg.label,
-            description: cfg.description,
-            limits: cfg.limits,
-            defaults: cfg.defaults,
-            path: file,
-        };
-    }
-    catch {
-        return null;
-    }
-}
-export function showConfig() {
-    const summary = getConfigSummary();
-    if (summary.source === 'env') {
-        console.log('Credential source: environment variables');
-        console.log(`token : ${summary.token ?? ''}`);
-        console.log(`secret: ${summary.secret ?? ''}`);
-        return;
-    }
-    if (summary.source === 'none') {
-        console.log('No credentials configured');
-        return;
-    }
-    if (summary.source === 'invalid') {
-        console.error('Failed to read config file');
-        return;
-    }
-    console.log(`Credential source: ${summary.path}`);
-    if (summary.label)
-        console.log(`label : ${summary.label}`);
-    if (summary.description)
-        console.log(`desc  : ${summary.description}`);
-    console.log(`token : ${summary.token ?? ''}`);
-    console.log(`secret: ${summary.secret ?? ''}`);
-    if (summary.dailyCap)
-        console.log(`limits: dailyCap=${summary.dailyCap}`);
-    if (summary.defaultFlags?.length)
-        console.log(`defaults: ${summary.defaultFlags.join(' ')}`);
-}
-export function getConfigSummary() {
-    const envToken = process.env.SWITCHBOT_TOKEN;
-    const envSecret = process.env.SWITCHBOT_SECRET;
-    if (envToken && envSecret) {
-        return {
-            source: 'env',
-            token: maskCredential(envToken),
-            secret: maskSecret(envSecret),
-        };
-    }
-    const file = configFilePath();
-    if (!fs.existsSync(file)) {
-        return { source: 'none' };
-    }
-    try {
-        const raw = fs.readFileSync(file, 'utf-8');
-        const cfg = JSON.parse(raw);
-        return {
-            source: 'file',
-            path: file,
-            label: cfg.label,
-            description: cfg.description,
-            token: maskCredential(cfg.token),
-            secret: maskSecret(cfg.secret),
-            dailyCap: cfg.limits?.dailyCap,
-            defaultFlags: cfg.defaults?.flags,
-        };
-    }
-    catch {
-        return { source: 'invalid', path: file };
-    }
-}
-function maskCredential(token) {
-    if (token.length <= 8)
-        return '*'.repeat(Math.max(4, token.length));
-    return token.slice(0, 4) + '*'.repeat(token.length - 8) + token.slice(-4);
-}
-function maskSecret(secret) {
-    if (secret.length <= 4)
-        return '****';
-    return secret.slice(0, 2) + '*'.repeat(secret.length - 4) + secret.slice(-2);
-}

package/dist/credentials/backends/file.js

@@ -1,101 +0,0 @@
-/**
- * File-backed credential store.
- *
- * Reads/writes the same `~/.switchbot/config.json` shape the CLI has
- * used since v1.0, so a fresh install on a machine without a keychain
- * still works and legacy users can migrate in-place via
- * `switchbot auth keychain migrate` without data loss.
- *
- * Profile layout (inherited from `src/config.ts`):
- *   - default profile → `~/.switchbot/config.json`
- *   - named profile   → `~/.switchbot/profiles/<name>.json`
- *
- * This backend only owns the `token` and `secret` fields — label /
- * description / limits / defaults are preserved on write by merging
- * with the existing JSON, keeping parity with `saveConfig()`.
- */
-import fs from 'node:fs';
-import os from 'node:os';
-import path from 'node:path';
-import { KeychainError, } from '../keychain.js';
-function profilePath(profile) {
-    if (profile === 'default') {
-        return path.join(os.homedir(), '.switchbot', 'config.json');
-    }
-    return path.join(os.homedir(), '.switchbot', 'profiles', `${profile}.json`);
-}
-function readJson(file) {
-    if (!fs.existsSync(file))
-        return null;
-    try {
-        const raw = fs.readFileSync(file, 'utf-8');
-        const parsed = JSON.parse(raw);
-        return parsed && typeof parsed === 'object' ? parsed : null;
-    }
-    catch {
-        return null;
-    }
-}
-export function createFileBackend() {
-    return {
-        name: 'file',
-        async get(profile) {
-            const file = profilePath(profile);
-            const data = readJson(file);
-            if (!data)
-                return null;
-            const token = typeof data.token === 'string' ? data.token : '';
-            const secret = typeof data.secret === 'string' ? data.secret : '';
-            if (!token || !secret)
-                return null;
-            return { token, secret };
-        },
-        async set(profile, creds) {
-            const file = profilePath(profile);
-            const dir = path.dirname(file);
-            try {
-                fs.mkdirSync(dir, { recursive: true });
-                const existing = readJson(file) ?? {};
-                const next = { ...existing, token: creds.token, secret: creds.secret };
-                fs.writeFileSync(file, JSON.stringify(next, null, 2), { mode: 0o600 });
-            }
-            catch (err) {
-                const msg = err instanceof Error ? err.message : String(err);
-                throw new KeychainError('file', 'set', msg);
-            }
-        },
-        async delete(profile) {
-            const file = profilePath(profile);
-            try {
-                if (!fs.existsSync(file))
-                    return;
-                const existing = readJson(file);
-                if (existing) {
-                    delete existing.token;
-                    delete existing.secret;
-                    if (Object.keys(existing).length === 0) {
-                        fs.unlinkSync(file);
-                    }
-                    else {
-                        fs.writeFileSync(file, JSON.stringify(existing, null, 2), { mode: 0o600 });
-                    }
-                }
-                else {
-                    fs.unlinkSync(file);
-                }
-            }
-            catch (err) {
-                const msg = err instanceof Error ? err.message : String(err);
-                throw new KeychainError('file', 'delete', msg);
-            }
-        },
-        describe() {
-            return {
-                backend: 'File (~/.switchbot/)',
-                tag: 'file',
-                writable: true,
-                notes: 'Last-resort fallback; credentials stored in a 0600 JSON file.',
-            };
-        },
-    };
-}

package/dist/credentials/backends/linux.js

@@ -1,129 +0,0 @@
-/**
- * Linux libsecret backend.
- *
- * Shells out to `secret-tool(1)` — the libsecret CLI shipped by most
- * distros when GNOME Keyring or KWallet is available. We intentionally
- * avoid a native binding so `npm install` doesn't drag in a build
- * toolchain on minimal CI images.
- *
- * On a fresh Linux box without secret-tool installed (or without a
- * secret service daemon running), `linuxAvailable()` returns false and
- * `selectCredentialStore()` falls back to the file backend. We do NOT
- * try to `apt install libsecret-tools` on the user's behalf.
- */
-import { spawn } from 'node:child_process';
-import { accountFor, CREDENTIAL_SERVICE, KeychainError, } from '../keychain.js';
-function run(cmd, args, stdin) {
-    return new Promise((resolve) => {
-        const proc = spawn(cmd, args, { stdio: ['pipe', 'pipe', 'pipe'] });
-        let stdout = '';
-        let stderr = '';
-        proc.stdout.on('data', (buf) => {
-            stdout += buf.toString('utf-8');
-        });
-        proc.stderr.on('data', (buf) => {
-            stderr += buf.toString('utf-8');
-        });
-        proc.on('error', () => resolve({ code: 127, stdout, stderr }));
-        proc.on('close', (code) => resolve({ code: code ?? 0, stdout, stderr }));
-        if (stdin !== undefined) {
-            proc.stdin.write(stdin);
-        }
-        proc.stdin.end();
-    });
-}
-export async function linuxAvailable() {
-    if (process.platform !== 'linux')
-        return false;
-    const which = await run('which', ['secret-tool']);
-    if (which.code !== 0 || which.stdout.trim().length === 0)
-        return false;
-    // Probe the secret service is actually running. `secret-tool search`
-    // with a bogus attribute returns 0 on miss but 1 when the D-Bus
-    // service isn't reachable — so we use the exit code to distinguish.
-    const probe = await run('secret-tool', ['search', 'service', CREDENTIAL_SERVICE]);
-    return probe.code === 0 || probe.code === 1;
-}
-async function readField(profile, field) {
-    const account = accountFor(profile, field);
-    const res = await run('secret-tool', [
-        'lookup',
-        'service', CREDENTIAL_SERVICE,
-        'account', account,
-    ]);
-    if (res.code !== 0)
-        return null;
-    const value = res.stdout.replace(/\n$/, '');
-    return value.length > 0 ? value : null;
-}
-async function writeField(profile, field, value) {
-    const account = accountFor(profile, field);
-    const label = `SwitchBot CLI (${account})`;
-    // `secret-tool store` reads the password from stdin.
-    const res = await run('secret-tool', ['store', '--label', label, 'service', CREDENTIAL_SERVICE, 'account', account], value);
-    if (res.code !== 0) {
-        throw new KeychainError('secret-service', 'set', `secret-tool exit ${res.code}`);
-    }
-}
-async function deleteField(profile, field) {
-    const account = accountFor(profile, field);
-    const res = await run('secret-tool', [
-        'clear',
-        'service', CREDENTIAL_SERVICE,
-        'account', account,
-    ]);
-    // secret-tool returns 0 even when nothing matched, so we tolerate
-    // both 0 and the "nothing to clear" path transparently.
-    if (res.code !== 0) {
-        throw new KeychainError('secret-service', 'delete', `secret-tool exit ${res.code}`);
-    }
-}
-async function restoreField(profile, field, value) {
-    try {
-        if (value === null) {
-            await deleteField(profile, field);
-            return;
-        }
-        await writeField(profile, field, value);
-    }
-    catch {
-        // Best effort only. The original write error is the actionable failure.
-    }
-}
-export function createLinuxBackend() {
-    return {
-        name: 'secret-service',
-        async get(profile) {
-            const token = await readField(profile, 'token');
-            const secret = await readField(profile, 'secret');
-            if (!token || !secret)
-                return null;
-            return { token, secret };
-        },
-        async set(profile, creds) {
-            const previousToken = await readField(profile, 'token');
-            const previousSecret = await readField(profile, 'secret');
-            try {
-                await writeField(profile, 'token', creds.token);
-                await writeField(profile, 'secret', creds.secret);
-            }
-            catch (err) {
-                await restoreField(profile, 'token', previousToken);
-                await restoreField(profile, 'secret', previousSecret);
-                throw err;
-            }
-        },
-        async delete(profile) {
-            await deleteField(profile, 'token');
-            await deleteField(profile, 'secret');
-        },
-        describe() {
-            return {
-                backend: 'Secret Service (libsecret)',
-                tag: 'secret-service',
-                writable: true,
-                notes: `Stored under service "${CREDENTIAL_SERVICE}" via secret-tool.`,
-            };
-        },
-    };
-}