@syngy/account-cli-auth 0.1.0

package/src/index.ts

@@ -0,0 +1,657 @@
+import { existsSync, mkdirSync, readdirSync, readFileSync, rmSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { Command } from "commander";
+import { z } from "zod";
+
+export interface AccountCLICredentials {
+  token: string;
+  refreshToken?: string;
+  expiresAt?: number;
+  userId: string;
+  phone?: string;
+  host: string;
+  accountHost: string;
+  accountWebHost: string;
+  scope: string;
+  defaultTeamId?: string;
+  defaultTeamName?: string;
+}
+
+export type AccountCLIConfigOptions = {
+  homeDir?: string;
+  configDirName?: string;
+};
+
+export type AccountCLICredentialsManagerOptions = AccountCLIConfigOptions & {
+  profile?: string;
+};
+
+export interface CLIJCodeSessionResponse {
+  session_id?: string;
+  sessionId?: string;
+  jcode?: string;
+  status?: string;
+  login_url?: string;
+  loginUrl?: string;
+  expires_at?: string;
+  expiresAt?: string;
+  client_name?: string;
+  clientName?: string;
+}
+
+export interface CLIJCodeExchangeResponse {
+  user?: {
+    id?: string;
+    phone?: string;
+    aud?: string;
+  };
+  session?: {
+    access_token?: string;
+    refresh_token?: string;
+    expires_at?: number;
+    expires_in?: number;
+    token_type?: string;
+  };
+}
+
+export type LoginWithAccountJCodeOptions = {
+  cliName: string;
+  cliVersion: string;
+  configDirName?: string;
+  homeDir?: string;
+  profile?: string;
+  host: string;
+  accountHost: string;
+  accountWebHost: string;
+  scope: string;
+  openBrowser?: boolean;
+  pollIntervalMs?: number;
+  maxPollAttempts?: number;
+  output?: (message: string) => void;
+};
+
+export type LoginWithAccountJCodeResult = {
+  profile: string;
+  credentials: AccountCLICredentials;
+};
+
+export type RefreshSessionResponse = {
+  user?: {
+    id?: string;
+    phone?: string;
+  };
+  session?: {
+    access_token?: string;
+    refresh_token?: string;
+    expires_at?: number;
+    expires_in?: number;
+    token_type?: string;
+  };
+};
+
+export type AccountAuthRuntime = {
+  host: string;
+  accountHost: string;
+  accountWebHost: string;
+  scope: string;
+  profile?: string;
+};
+
+export type CreateAccountAuthCommandOptions = {
+  cliName: string;
+  cliVersion: string;
+  configDirName?: string;
+  homeDir?: string | (() => string | undefined);
+  resolveRuntime: (profile?: string) => AccountAuthRuntime;
+  login?: (options: LoginWithAccountJCodeOptions) => Promise<LoginWithAccountJCodeResult>;
+  output?: (message: string) => void;
+};
+
+type PinResponse<T> = {
+  data?: T;
+  error?: {
+    key?: string;
+    code?: string;
+    message?: string;
+  };
+};
+
+const credentialsSchema = z
+  .object({
+    token: z.string().min(1),
+    refreshToken: z.string().min(1).optional(),
+    expiresAt: z.number().int().positive().optional(),
+    userId: z.string().min(1),
+    phone: z.string().min(1).optional(),
+    host: z.string().min(1),
+    accountHost: z.string().min(1),
+    accountWebHost: z.string().min(1),
+    scope: z.string().min(1),
+    defaultTeamId: z.string().min(1).optional(),
+    defaultTeamName: z.string().min(1).optional(),
+  })
+  .passthrough();
+
+const profileConfigSchema = z.object({
+  currentProfile: z.string().min(1).optional(),
+});
+
+const CREDS_FILE = "credentials.json";
+const CONFIG_FILE = "config.json";
+const PROFILES_DIR = "profiles";
+const DEFAULT_PROFILE = "default";
+const DEFAULT_CONFIG_DIR_NAME = "account-cli";
+const DEFAULT_POLL_INTERVAL_MS = 2000;
+const DEFAULT_MAX_POLL_ATTEMPTS = 150;
+
+export function getDefaultProfileName() {
+  return DEFAULT_PROFILE;
+}
+
+export function parseCredentials(input: unknown): AccountCLICredentials {
+  return credentialsSchema.parse(input) as AccountCLICredentials;
+}
+
+export function validateProfileName(profile: string): string {
+  const normalized = String(profile || "").trim();
+  if (!/^[a-zA-Z0-9][a-zA-Z0-9._-]{0,63}$/.test(normalized)) {
+    throw new Error("Invalid profile name. Use 1-64 letters, numbers, dots, underscores, or dashes; start with a letter or number.");
+  }
+  return normalized;
+}
+
+export function accountCLIConfigDir(options: AccountCLIConfigOptions = {}) {
+  const baseHome = options.homeDir || homedir();
+  return join(baseHome, ".config", options.configDirName || DEFAULT_CONFIG_DIR_NAME);
+}
+
+function ensureDir(path: string) {
+  if (!existsSync(path)) mkdirSync(path, { recursive: true });
+}
+
+export function loadCurrentProfile(options: AccountCLIConfigOptions = {}): string | null {
+  const path = join(accountCLIConfigDir(options), CONFIG_FILE);
+  if (!existsSync(path)) return null;
+  try {
+    const parsed = profileConfigSchema.parse(JSON.parse(readFileSync(path, "utf8")));
+    return parsed.currentProfile ? validateProfileName(parsed.currentProfile) : null;
+  } catch {
+    return null;
+  }
+}
+
+export function saveCurrentProfile(profile: string, options: AccountCLIConfigOptions = {}) {
+  const normalized = validateProfileName(profile);
+  const root = accountCLIConfigDir(options);
+  ensureDir(root);
+  writeFileSync(join(root, CONFIG_FILE), JSON.stringify({ currentProfile: normalized }, null, 2));
+}
+
+export function listProfiles(options: AccountCLIConfigOptions = {}): string[] {
+  const profilesRoot = join(accountCLIConfigDir(options), PROFILES_DIR);
+  if (!existsSync(profilesRoot)) return [];
+  return readdirSync(profilesRoot, { withFileTypes: true })
+    .filter((entry) => entry.isDirectory())
+    .map((entry) => entry.name)
+    .filter((name) => {
+      try {
+        validateProfileName(name);
+        return true;
+      } catch {
+        return false;
+      }
+    })
+    .sort();
+}
+
+export function deleteProfile(profile: string, options: AccountCLIConfigOptions = {}) {
+  const normalized = validateProfileName(profile);
+  const profileDir = join(accountCLIConfigDir(options), PROFILES_DIR, normalized);
+  if (existsSync(profileDir)) rmSync(profileDir, { recursive: true, force: true });
+  if (loadCurrentProfile(options) === normalized) saveCurrentProfile(DEFAULT_PROFILE, options);
+}
+
+export class AccountCLICredentialsManager {
+  private readonly profileDir: string;
+  readonly profile: string;
+
+  constructor(private readonly options: AccountCLICredentialsManagerOptions = {}) {
+    this.profile = validateProfileName(options.profile || loadCurrentProfile(options) || DEFAULT_PROFILE);
+    this.profileDir = join(accountCLIConfigDir(options), PROFILES_DIR, this.profile);
+    ensureDir(this.profileDir);
+  }
+
+  saveCredentials(creds: AccountCLICredentials) {
+    const path = join(this.profileDir, CREDS_FILE);
+    writeFileSync(path, JSON.stringify(creds, null, 2));
+    return path;
+  }
+
+  loadCredentials(): AccountCLICredentials | null {
+    const path = join(this.profileDir, CREDS_FILE);
+    if (!existsSync(path)) return null;
+    try {
+      return parseCredentials(JSON.parse(readFileSync(path, "utf8")));
+    } catch {
+      return null;
+    }
+  }
+
+  clearCredentials() {
+    const path = join(this.profileDir, CREDS_FILE);
+    if (existsSync(path)) writeFileSync(path, "{}");
+  }
+}
+
+export const CredentialsManager = AccountCLICredentialsManager;
+export type Credentials = AccountCLICredentials;
+
+function apiBase(host: string): string {
+  return String(host || "").replace(/\/$/, "");
+}
+
+async function parsePinResponse<T>(response: Response, action: string): Promise<T> {
+  let body: PinResponse<T> | T;
+  try {
+    body = (await response.json()) as PinResponse<T> | T;
+  } catch {
+    throw new Error(`${action}: invalid JSON response`);
+  }
+  if (!response.ok || (body as PinResponse<T>)?.error) {
+    const message = (body as PinResponse<T>)?.error?.message || `${response.status} ${response.statusText}`;
+    throw new Error(`${action}: ${message}`);
+  }
+  return ((body as PinResponse<T>)?.data ?? body) as T;
+}
+
+function assertSession(value: CLIJCodeSessionResponse, requireCreateFields = false): CLIJCodeSessionResponse {
+  const sessionId = value.session_id || value.sessionId;
+  if (!sessionId) throw new Error("JCode session response missing session_id");
+  if (!value.status) throw new Error("JCode session response missing status");
+  if (requireCreateFields) {
+    if (!value.jcode || !/^\d{8}$/.test(value.jcode)) throw new Error("JCode session response missing 8-digit jcode");
+    const loginUrl = value.login_url || value.loginUrl || "";
+    if (!loginUrl) throw new Error("JCode session response missing login_url");
+    const parsedLoginUrl = new URL(loginUrl);
+    if (parsedLoginUrl.searchParams.has("jcode") || parsedLoginUrl.search.includes(value.jcode)) {
+      throw new Error("JCode login URL must not contain jcode");
+    }
+  }
+  return value;
+}
+
+function assertExchange(value: CLIJCodeExchangeResponse): CLIJCodeExchangeResponse {
+  if (!value?.user?.id) throw new Error("JCode exchange response missing user.id");
+  if (!value?.session?.access_token) throw new Error("JCode exchange response missing access_token");
+  if (!value?.session?.refresh_token) throw new Error("JCode exchange response missing refresh_token");
+  return value;
+}
+
+export async function createCLIJCodeSession(input: {
+  accountHost: string;
+  accountWebHost: string;
+  cliName: string;
+  cliVersion: string;
+}): Promise<CLIJCodeSessionResponse> {
+  const response = await fetch(`${apiBase(input.accountHost)}/auth/v1/cli-jcode/sessions`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      client_name: input.cliName,
+      client_version: input.cliVersion,
+      web_base_url: input.accountWebHost,
+    }),
+  });
+  return assertSession(await parsePinResponse(response, "Failed to create jcode session"), true);
+}
+
+export async function getCLIJCodeSession(sessionId: string, accountHost: string): Promise<CLIJCodeSessionResponse> {
+  const response = await fetch(`${apiBase(accountHost)}/auth/v1/cli-jcode/sessions/${encodeURIComponent(sessionId)}`);
+  return assertSession(await parsePinResponse(response, "Failed to fetch jcode session"));
+}
+
+export async function exchangeCLIJCodeSession(sessionId: string, jcode: string, accountHost: string): Promise<CLIJCodeExchangeResponse> {
+  const response = await fetch(`${apiBase(accountHost)}/auth/v1/cli-jcode/exchange`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ session_id: sessionId, jcode }),
+  });
+  return assertExchange(await parsePinResponse(response, "Failed to exchange jcode session"));
+}
+
+export async function pollCLIJCodeSession(
+  sessionId: string,
+  accountHost: string,
+  intervalMs = DEFAULT_POLL_INTERVAL_MS,
+  maxAttempts = DEFAULT_MAX_POLL_ATTEMPTS,
+): Promise<CLIJCodeSessionResponse> {
+  let attempts = 0;
+  while (attempts < maxAttempts) {
+    const detail = await getCLIJCodeSession(sessionId, accountHost);
+    if (detail.status === "confirmed" || detail.status === "completed" || detail.status === "expired") {
+      return detail;
+    }
+    attempts += 1;
+    await new Promise((resolve) => setTimeout(resolve, intervalMs));
+  }
+  throw new Error("Login timeout. Please try again.");
+}
+
+function sessionIdOf(value: { session_id?: string; sessionId?: string }): string {
+  return String(value.session_id || value.sessionId || "").trim();
+}
+
+function loginUrlOf(value: { login_url?: string; loginUrl?: string }): string {
+  return String(value.login_url || value.loginUrl || "").trim();
+}
+
+function readJwtPayload(token: string): { exp?: unknown } | null {
+  const payload = token.split(".")[1];
+  if (!payload) return null;
+  try {
+    return JSON.parse(Buffer.from(payload.replace(/-/g, "+").replace(/_/g, "/"), "base64").toString("utf8")) as { exp?: unknown };
+  } catch {
+    return null;
+  }
+}
+
+export function resolveExpiresAt(accessToken: string, expiresAt?: number, expiresIn?: number): number | undefined {
+  if (typeof expiresAt === "number" && Number.isFinite(expiresAt) && expiresAt > 0) return Math.floor(expiresAt);
+  if (typeof expiresIn === "number" && Number.isFinite(expiresIn) && expiresIn > 0) {
+    return Math.floor(Date.now() / 1000) + Math.floor(expiresIn);
+  }
+  const exp = readJwtPayload(accessToken)?.exp;
+  return typeof exp === "number" ? exp : undefined;
+}
+
+export async function loginWithAccountJCode(options: LoginWithAccountJCodeOptions): Promise<LoginWithAccountJCodeResult> {
+  const output = options.output || console.log;
+  const manager = new AccountCLICredentialsManager({
+    homeDir: options.homeDir,
+    configDirName: options.configDirName || options.cliName,
+    profile: options.profile,
+  });
+  const created = await createCLIJCodeSession({
+    accountHost: options.accountHost,
+    accountWebHost: options.accountWebHost,
+    cliName: options.cliName,
+    cliVersion: options.cliVersion,
+  });
+  const sessionId = sessionIdOf(created);
+  const jcode = String(created.jcode || "").trim();
+  const loginUrl = loginUrlOf(created);
+  if (!sessionId) throw new Error("Failed to create jcode session: no session_id returned");
+  if (!/^\d{8}$/.test(jcode)) throw new Error("Failed to create jcode session: invalid jcode");
+  if (!loginUrl) throw new Error("Failed to create jcode session: no login_url returned");
+  const parsedLoginUrl = new URL(loginUrl);
+  if (parsedLoginUrl.searchParams.has("jcode") || parsedLoginUrl.search.includes(jcode)) {
+    throw new Error("Failed to create jcode session: login URL must not contain jcode");
+  }
+
+  output(`Open this URL to pair ${options.cliName}:`);
+  output(loginUrl);
+  output(`JCode: ${jcode}`);
+
+  if (options.openBrowser !== false) {
+    const mod = await import("open");
+    const openBrowser = (mod.default ?? mod) as (target: string) => Promise<unknown>;
+    await openBrowser(loginUrl);
+  }
+
+  const detail = await pollCLIJCodeSession(sessionId, options.accountHost, options.pollIntervalMs, options.maxPollAttempts);
+  if (detail.status === "expired") throw new Error("JCode session expired. Please try again.");
+  const exchanged = await exchangeCLIJCodeSession(sessionId, jcode, options.accountHost);
+  const accessToken = String(exchanged.session?.access_token || "");
+  const refreshToken = String(exchanged.session?.refresh_token || "");
+  const userId = String(exchanged.user?.id || "");
+  const phone = String(exchanged.user?.phone || "");
+  const credentials: AccountCLICredentials = {
+    token: accessToken,
+    refreshToken,
+    expiresAt: resolveExpiresAt(accessToken, exchanged.session?.expires_at, exchanged.session?.expires_in),
+    userId,
+    phone: phone || undefined,
+    host: options.host,
+    accountHost: options.accountHost,
+    accountWebHost: options.accountWebHost,
+    scope: options.scope,
+  };
+  manager.saveCredentials(credentials);
+  return { profile: manager.profile, credentials };
+}
+
+function resolveRequestUrl(input: RequestInfo | URL, baseUrl: string): URL {
+  if (input instanceof URL) return input;
+  if (typeof input === "string") return new URL(input, baseUrl);
+  return new URL(input.url, baseUrl);
+}
+
+function methodOf(input: RequestInfo | URL, init?: RequestInit): string {
+  return init?.method ?? (input instanceof Request ? input.method : "GET");
+}
+
+async function bodyOf(input: RequestInfo | URL, init?: RequestInit): Promise<BodyInit | null | undefined> {
+  if (init && "body" in init) return init.body;
+  if (input instanceof Request) return input.clone().body;
+  return undefined;
+}
+
+function headersOf(input: RequestInfo | URL, token: string, init?: RequestInit): Headers {
+  const headers = new Headers(input instanceof Request ? input.headers : undefined);
+  if (init?.headers) {
+    for (const [key, value] of new Headers(init.headers).entries()) {
+      headers.set(key, value);
+    }
+  }
+  headers.set("Authorization", `Bearer ${token}`);
+  return headers;
+}
+
+export async function isUnauthorizedResponse(response: Response): Promise<boolean> {
+  if (response.status === 401) return true;
+  try {
+    const payload = (await response.clone().json()) as PinResponse<unknown>;
+    const error = payload?.error;
+    return error?.key === "UNAUTHORIZED" || error?.code === "UNAUTHORIZED";
+  } catch {
+    return false;
+  }
+}
+
+export function refreshedCredentials(current: AccountCLICredentials, data: RefreshSessionResponse): AccountCLICredentials {
+  const accessToken = String(data.session?.access_token || "");
+  const refreshToken = String(data.session?.refresh_token || current.refreshToken || "");
+  if (!accessToken || !refreshToken) {
+    throw new Error("Refresh response missing token");
+  }
+  return {
+    ...current,
+    token: accessToken,
+    refreshToken,
+    expiresAt: data.session?.expires_at || current.expiresAt,
+    userId: data.user?.id || current.userId,
+    phone: data.user?.phone || current.phone,
+  };
+}
+
+export async function refreshCredentials(credentials: AccountCLICredentials): Promise<AccountCLICredentials> {
+  if (!credentials.refreshToken) {
+    throw new Error("Missing refresh token. Please login again.");
+  }
+  const response = await fetch(new URL("/auth/v1/token?grant_type=refresh_token", credentials.accountHost).toString(), {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ refresh_token: credentials.refreshToken }),
+  });
+  return refreshedCredentials(credentials, await parsePinResponse<RefreshSessionResponse>(response, "Failed to refresh token"));
+}
+
+export function createAuthenticatedFetch(input: {
+  credentialsManager: AccountCLICredentialsManager;
+  credentials: AccountCLICredentials;
+  host: string;
+}): typeof fetch {
+  return async (requestInput: RequestInfo | URL, init?: RequestInit) => {
+    const url = resolveRequestUrl(requestInput, input.host);
+    const body = await bodyOf(requestInput, init);
+    const firstInit: RequestInit = {
+      ...init,
+      method: methodOf(requestInput, init),
+      headers: headersOf(requestInput, input.credentials.token, init),
+      body,
+    };
+    const first = await fetch(url.toString(), firstInit);
+    if (!(await isUnauthorizedResponse(first))) {
+      return first;
+    }
+    const nextCredentials = await refreshCredentials(input.credentials);
+    input.credentialsManager.saveCredentials(nextCredentials);
+    const retryInit: RequestInit = {
+      ...init,
+      method: methodOf(requestInput, init),
+      headers: headersOf(requestInput, nextCredentials.token, init),
+      body,
+    };
+    return fetch(url.toString(), retryInit);
+  };
+}
+
+function resolveHomeDir(homeDir: CreateAccountAuthCommandOptions["homeDir"]): string | undefined {
+  return typeof homeDir === "function" ? homeDir() : homeDir;
+}
+
+function commandConfigOptions(options: CreateAccountAuthCommandOptions): AccountCLIConfigOptions {
+  return {
+    homeDir: resolveHomeDir(options.homeDir),
+    configDirName: options.configDirName || options.cliName,
+  };
+}
+
+function currentProfile(options: CreateAccountAuthCommandOptions) {
+  return loadCurrentProfile(commandConfigOptions(options)) || getDefaultProfileName();
+}
+
+export function createAccountAuthCommand(options: CreateAccountAuthCommandOptions) {
+  const output = options.output || console.log;
+  const auth = new Command("auth").description("Manage account login");
+
+  auth
+    .command("login")
+    .description("Login through account jcode pairing")
+    .option("--profile <name>", "Save credentials to a named profile")
+    .option("--no-open", "Skip automatic browser opening")
+    .action(async (commandOptions: { open?: boolean; profile?: string }) => {
+      const runtime = options.resolveRuntime(commandOptions.profile);
+      const login = options.login || loginWithAccountJCode;
+      const result = await login({
+        cliName: options.cliName,
+        cliVersion: options.cliVersion,
+        configDirName: options.configDirName || options.cliName,
+        homeDir: resolveHomeDir(options.homeDir),
+        profile: commandOptions.profile || runtime.profile,
+        host: runtime.host,
+        accountHost: runtime.accountHost,
+        accountWebHost: runtime.accountWebHost,
+        scope: runtime.scope,
+        openBrowser: commandOptions.open,
+        output,
+      });
+      output(`Logged in successfully as ${result.credentials.phone || result.credentials.userId} via ${options.cliName} ${options.cliVersion}`);
+    });
+
+  auth
+    .command("logout")
+    .description("Clear local credentials")
+    .option("--profile <name>", "Clear credentials for a named profile")
+    .action((commandOptions: { profile?: string }) => {
+      const runtime = options.resolveRuntime(commandOptions.profile);
+      const manager = new AccountCLICredentialsManager({
+        ...commandConfigOptions(options),
+        profile: commandOptions.profile || runtime.profile,
+      });
+      manager.clearCredentials();
+      output(`Logged out from profile "${manager.profile}".`);
+    });
+
+  auth
+    .command("whoami")
+    .description("Display the current login identity")
+    .option("--profile <name>", "Use a named login profile")
+    .option("--json", "Print JSON output")
+    .action((commandOptions: { json?: boolean; profile?: string }) => {
+      const runtime = options.resolveRuntime(commandOptions.profile);
+      const manager = new AccountCLICredentialsManager({
+        ...commandConfigOptions(options),
+        profile: commandOptions.profile || runtime.profile,
+      });
+      const credentials = manager.loadCredentials();
+      if (!credentials?.token) {
+        throw new Error(`Not logged in for profile "${manager.profile}". Please run: ${options.cliName} auth login --profile ${manager.profile}`);
+      }
+      const data = {
+        profile: manager.profile,
+        userId: credentials.userId,
+        phone: credentials.phone,
+        host: credentials.host,
+        scope: credentials.scope,
+      };
+      if (commandOptions.json) {
+        output(JSON.stringify(data, null, 2));
+        return;
+      }
+      output(`Logged in as ${credentials.phone || credentials.userId} [${credentials.scope}] @ ${credentials.host} profile=${manager.profile}`);
+    });
+
+  const profiles = new Command("profiles").description("Manage local login profiles");
+
+  profiles
+    .command("list")
+    .description("List local login profiles")
+    .option("--json", "Print JSON output")
+    .action((commandOptions: { json?: boolean }) => {
+      const current = currentProfile(options);
+      const rows = listProfiles(commandConfigOptions(options)).map((profile) => ({ profile, current: profile === current }));
+      if (commandOptions.json) {
+        output(JSON.stringify({ currentProfile: current, profiles: rows }, null, 2));
+        return;
+      }
+      output(rows.map((row) => `${row.current ? "*" : " "} ${row.profile}`).join("\n") || `* ${current}`);
+    });
+
+  profiles
+    .command("current")
+    .description("Display the current login profile")
+    .option("--json", "Print JSON output")
+    .action((commandOptions: { json?: boolean }) => {
+      const profile = currentProfile(options);
+      if (commandOptions.json) {
+        output(JSON.stringify({ currentProfile: profile }, null, 2));
+        return;
+      }
+      output(profile);
+    });
+
+  profiles
+    .command("use")
+    .description("Set the current login profile")
+    .argument("<profile>", "Profile name")
+    .action((profile: string) => {
+      const normalized = validateProfileName(profile);
+      saveCurrentProfile(normalized, commandConfigOptions(options));
+      output(`Current profile set to "${normalized}".`);
+    });
+
+  profiles
+    .command("delete")
+    .description("Delete a local login profile")
+    .argument("<profile>", "Profile name")
+    .action((profile: string) => {
+      const normalized = validateProfileName(profile);
+      deleteProfile(normalized, commandConfigOptions(options));
+      output(`Deleted profile "${normalized}".`);
+    });
+
+  auth.addCommand(profiles);
+  return auth;
+}

package/tsconfig.json

@@ -0,0 +1,18 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "declaration": true,
+    "sourceMap": true,
+    "outDir": "dist",
+    "rootDir": "src",
+    "types": ["node", "vitest/globals"]
+  },
+  "include": ["src/**/*.ts"],
+  "exclude": ["src/__tests__/**"]
+}