@tolinax/ayoune-cli 2026.3.0 → 2026.4.0

package/lib/helpers/handleResponseFormatOptions.js

@@ -1,5 +1,15 @@
 import yaml from "js-yaml";
 import jmespath from "jmespath";
+/**
+ * Maps CLI response format to the API-compatible format.
+ * The API only supports json, yaml, csv — not table.
+ * Table formatting is done client-side from JSON data.
+ */
+export function getApiResponseFormat(cliFormat) {
+    if (cliFormat === "table")
+        return "json";
+    return cliFormat;
+}
 function filterColumns(data, columns) {
     const fields = columns.split(",").map((c) => c.trim());
     if (Array.isArray(data)) {
@@ -28,24 +38,63 @@ export function handleResponseFormatOptions(opts, res) {
     let meta = {};
     let content;
     if (opts.responseFormat && opts.responseFormat === "yaml") {
-        plainResult = yaml.load(res);
-        result = plainResult.payload;
-        meta = plainResult.meta;
+        // API returns YAML string when responseFormat=yaml, but locally-constructed
+        // responses (sync status, dry-run) are already objects — handle both
+        if (typeof res === "string") {
+            plainResult = yaml.load(res);
+        }
+        else {
+            plainResult = res;
+        }
+        // With hideMeta, API returns raw data (no {payload, meta} wrapper)
+        // Without hideMeta, API returns {payload, meta} wrapper
+        if (plainResult && plainResult.payload !== undefined) {
+            result = plainResult.payload;
+            meta = plainResult.meta || {};
+        }
+        else {
+            result = plainResult;
+            meta = {};
+        }
     }
     if (opts.responseFormat && opts.responseFormat === "csv") {
-        plainResult = res;
-        result = res.payload;
-        meta = res.meta;
+        // API returns raw CSV string when responseFormat=csv — no {payload,meta} wrapper
+        if (typeof res === "string") {
+            plainResult = res;
+            result = res;
+            meta = {};
+        }
+        else {
+            plainResult = res;
+            result = res.payload;
+            meta = res.meta || {};
+        }
     }
     if (opts.responseFormat && opts.responseFormat === "table") {
         plainResult = res;
-        result = res.payload;
-        meta = res.meta;
+        if (res && res.payload !== undefined) {
+            result = res.payload;
+            meta = res.meta || {};
+        }
+        else if (Array.isArray(res)) {
+            result = res;
+        }
+        else {
+            result = res;
+        }
     }
     if (opts.responseFormat && opts.responseFormat === "json") {
         plainResult = res;
-        result = res.payload;
-        meta = res.meta;
+        if (res && res.payload !== undefined) {
+            result = res.payload;
+            meta = res.meta || {};
+        }
+        else if (Array.isArray(res)) {
+            result = res;
+        }
+        else {
+            result = res;
+        }
     }
     // Apply --columns filter
     if (opts.columns && result) {

package/lib/helpers/logo.js

@@ -0,0 +1,48 @@
+import chalk from "chalk";
+import figlet from "figlet";
+export const BRAND_PURPLE = "#6B3FA0";
+export const BRAND_BLUE = "#2B8DC6";
+export const BRAND_PINK = "#E91E8C";
+export function getLogo() {
+    try {
+        const raw = figlet.textSync("aYOUne", { font: "Slant" });
+        return colorizeByColumns(raw);
+    }
+    catch (_a) {
+        // Fallback: simple colored text
+        return ("\n  " +
+            chalk.hex(BRAND_PURPLE).bold("a") +
+            chalk.hex(BRAND_BLUE).bold("YOU") +
+            chalk.hex(BRAND_PINK).bold("ne") +
+            "\n");
+    }
+}
+function colorizeByColumns(text) {
+    const lines = text.split("\n");
+    const colored = lines.map((line) => {
+        let result = "";
+        for (let i = 0; i < line.length; i++) {
+            const ch = line[i];
+            if (ch === " ") {
+                result += ch;
+            }
+            else if (i < 7) {
+                result += chalk.hex(BRAND_PURPLE)(ch);
+            }
+            else if (i < 26) {
+                result += chalk.hex(BRAND_BLUE)(ch);
+            }
+            else {
+                result += chalk.hex(BRAND_PINK)(ch);
+            }
+        }
+        return result;
+    });
+    return "\n" + colored.join("\n") + "\n";
+}
+export function getDescription() {
+    return (chalk.hex(BRAND_PURPLE)("a") +
+        chalk.hex(BRAND_BLUE)("YOU") +
+        chalk.hex(BRAND_PINK)("ne") +
+        chalk.dim(" — Business as a Service CLI"));
+}

package/lib/helpers/resolveCollectionArgs.js

@@ -0,0 +1,36 @@
+import { getModuleFromCollection } from "../models/getModuleFromCollection.js";
+import { aYOUneModules } from "../../data/modules.js";
+import { isSuperUser } from "./tokenPayload.js";
+/**
+ * Resolves module and collection from CLI arguments.
+ * Supports both `ay list consumers` and `ay list crm consumers`.
+ * Blocks access to superuser-only modules for non-superusers.
+ *
+ * @param arg1 - Collection name, or module name if arg2 is provided
+ * @param arg2 - Collection name when arg1 is a module
+ */
+export function resolveCollectionArgs(arg1, arg2) {
+    if (arg2) {
+        // ay list crm consumers → arg1=module, arg2=collection
+        enforceSuperUserAccess(arg1);
+        return { module: arg1, collection: arg2.toLowerCase() };
+    }
+    // Check if arg1 is a module name (user forgot the collection)
+    const isModule = aYOUneModules.some((mod) => mod.module === arg1.toLowerCase());
+    if (isModule) {
+        throw new Error(`"${arg1}" is a module name, not a collection. Use: ay <command> ${arg1} <collection>`);
+    }
+    // ay list consumers → lookup module from collection (throws if unknown)
+    const m = getModuleFromCollection(arg1.toLowerCase());
+    enforceSuperUserAccess(m.module);
+    return { module: m.module, collection: arg1.toLowerCase() };
+}
+/**
+ * Throws if the resolved module is superuser-only and the current user is not a superuser.
+ */
+function enforceSuperUserAccess(module) {
+    const mod = aYOUneModules.find((m) => m.module === module.toLowerCase());
+    if ((mod === null || mod === void 0 ? void 0 : mod.superuserOnly) && !isSuperUser()) {
+        throw new Error(`Module "${module}" requires superuser access. Log in as a superuser to use this module.`);
+    }
+}

package/lib/helpers/sanitizeFields.js

@@ -0,0 +1,18 @@
+import { EXIT_MISUSE } from "../exitCodes.js";
+import { cliError } from "./cliError.js";
+const VALID_FIELD_PATTERN = /^-?[a-zA-Z_][a-zA-Z0-9_.$]*$/;
+/**
+ * Validates and sanitizes field names for MongoDB projections.
+ * Rejects MongoDB operators ($where, $function, etc.) and injection attempts.
+ * Accepts dot-notation paths (e.g., "address.city") and sort prefixes ("-createdAt").
+ */
+export function sanitizeFields(fields) {
+    const fieldArray = Array.isArray(fields)
+        ? fields.flatMap((f) => f.split(",").map((s) => s.trim()))
+        : fields.split(",").map((s) => s.trim());
+    const invalid = fieldArray.filter((f) => !VALID_FIELD_PATTERN.test(f));
+    if (invalid.length > 0) {
+        cliError(`Invalid field name(s): ${invalid.join(", ")}. Field names must be alphanumeric (with dots for nested paths).`, EXIT_MISUSE, "invalid_fields");
+    }
+    return fieldArray;
+}

package/lib/helpers/secureStorage.js

@@ -0,0 +1,72 @@
+import crypto from "crypto";
+import os from "os";
+import { localStorage } from "./localStorage.js";
+const ALGORITHM = "aes-256-cbc";
+const SENSITIVE_KEYS = new Set(["token", "refreshToken"]);
+/**
+ * Derives a deterministic 32-byte encryption key from machine identity.
+ * Uses hostname + username as seed — not bulletproof, but prevents
+ * casual file theft from being useful without the same machine context.
+ */
+function deriveKey() {
+    const seed = `ayoune-cli:${os.hostname()}:${os.userInfo().username}`;
+    return crypto.createHash("sha256").update(seed).digest();
+}
+function encrypt(text) {
+    const key = deriveKey();
+    const iv = crypto.randomBytes(16);
+    const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+    let encrypted = cipher.update(text, "utf8", "hex");
+    encrypted += cipher.final("hex");
+    return iv.toString("hex") + ":" + encrypted;
+}
+function decrypt(data) {
+    const key = deriveKey();
+    const [ivHex, encrypted] = data.split(":");
+    if (!ivHex || !encrypted)
+        return data; // Not encrypted, return as-is (migration)
+    try {
+        const iv = Buffer.from(ivHex, "hex");
+        const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+        let decrypted = decipher.update(encrypted, "hex", "utf8");
+        decrypted += decipher.final("utf8");
+        return decrypted;
+    }
+    catch (_a) {
+        // Decryption failed — likely a plaintext value from before encryption was added.
+        // Return as-is for backward compatibility (will be re-encrypted on next write).
+        return data;
+    }
+}
+/**
+ * Secure wrapper around localStorage that encrypts sensitive values (tokens).
+ * Non-sensitive values pass through unchanged for easy debugging.
+ * Transparently migrates plaintext tokens on first read.
+ */
+export const secureStorage = {
+    getItem(key) {
+        const raw = localStorage.getItem(key);
+        if (raw === null)
+            return null;
+        if (SENSITIVE_KEYS.has(key)) {
+            const decrypted = decrypt(raw);
+            // If the raw value was plaintext (migration), re-encrypt it
+            if (raw === decrypted && !raw.includes(":")) {
+                secureStorage.setItem(key, decrypted);
+            }
+            return decrypted;
+        }
+        return raw;
+    },
+    setItem(key, value) {
+        if (SENSITIVE_KEYS.has(key)) {
+            localStorage.setItem(key, encrypt(value));
+        }
+        else {
+            localStorage.setItem(key, value);
+        }
+    },
+    removeItem(key) {
+        localStorage.removeItem(key);
+    },
+};

package/lib/helpers/tokenPayload.js

@@ -0,0 +1,21 @@
+import { secureStorage } from "./secureStorage.js";
+import { decodeToken } from "../api/decodeToken.js";
+/**
+ * Returns the decoded JWT payload from the stored token, or null if unavailable.
+ */
+export function getTokenPayload() {
+    var _a;
+    const token = secureStorage.getItem("token");
+    if (!token)
+        return null;
+    const decoded = decodeToken(token);
+    return (_a = decoded === null || decoded === void 0 ? void 0 : decoded.payload) !== null && _a !== void 0 ? _a : null;
+}
+/**
+ * Returns true if the currently stored token belongs to a superuser.
+ * Checks `payload.type === "superuser"`.
+ */
+export function isSuperUser() {
+    const payload = getTokenPayload();
+    return (payload === null || payload === void 0 ? void 0 : payload.type) === "superuser";
+}

package/lib/helpers/updateNotifier.js

@@ -0,0 +1,49 @@
+import { execSync } from "child_process";
+import chalk from "chalk";
+import { localStorage } from "./localStorage.js";
+const PKG_NAME = "@tolinax/ayoune-cli";
+const CHECK_INTERVAL_MS = 4 * 60 * 60 * 1000; // 4 hours
+/**
+ * Non-blocking update check. Compares installed version against npm registry.
+ * Caches the result to avoid hammering npm on every invocation.
+ * Prints a notice to stderr if a newer version is available.
+ */
+export function checkForUpdates(currentVersion) {
+    try {
+        // Skip in CI environments
+        if (process.env.CI || process.env.AYOUNE_NO_UPDATE_CHECK)
+            return;
+        // Throttle: only check every CHECK_INTERVAL_MS
+        const lastCheck = localStorage.getItem("updateCheckTimestamp");
+        if (lastCheck && Date.now() - parseInt(lastCheck, 10) < CHECK_INTERVAL_MS) {
+            // Still show cached notice if there was one
+            const cached = localStorage.getItem("updateCheckLatest");
+            if (cached && cached !== currentVersion) {
+                printUpdateNotice(currentVersion, cached);
+            }
+            return;
+        }
+        // Run npm view in background-ish (sync but with short timeout)
+        const latest = execSync(`npm view ${PKG_NAME} version 2>/dev/null`, {
+            encoding: "utf-8",
+            timeout: 5000,
+        }).trim();
+        localStorage.setItem("updateCheckTimestamp", String(Date.now()));
+        localStorage.setItem("updateCheckLatest", latest);
+        if (latest && latest !== currentVersion) {
+            printUpdateNotice(currentVersion, latest);
+        }
+    }
+    catch (_a) {
+        // Silently ignore — network issues, npm not available, etc.
+    }
+}
+function printUpdateNotice(current, latest) {
+    const msg = [
+        "",
+        chalk.yellow(`  Update available: ${chalk.dim(current)} → ${chalk.green.bold(latest)}`),
+        chalk.dim(`  Run ${chalk.white("npm install -g @tolinax/ayoune-cli")} to update`),
+        "",
+    ].join("\n");
+    process.stderr.write(msg);
+}

package/lib/models/getModuleFromCollection.js

@@ -1,7 +1,10 @@
 import _ from "lodash";
 import { modelsAndRights } from "../../data/modelsAndRights.js";
 const getModuleFromCollection = (collection) => {
-    const m = _.find(modelsAndRights, (el) => el.plural.toLowerCase() === collection);
+    const m = _.find(modelsAndRights, (el) => el.plural.toLowerCase() === collection.toLowerCase());
+    if (!m) {
+        throw new Error(`Unknown collection: "${collection}". Use "ay modules" to browse available collections.`);
+    }
     return m;
 };
 export { getModuleFromCollection };

package/lib/operations/handleCopySingleOperation.js

@@ -12,11 +12,19 @@ export async function handleCopySingleOperation(module, collection, id, opts) {
         responseFormat: opts.responseFormat,
         verbosity: opts.verbosity,
     });
+    // In dry-run mode, apiCallHandler returns null — skip post-copy logic
+    if (res == null) {
+        spinner.success({ text: `Copied entry ${id} in ${collection} (dry-run)` });
+        spinner.stop();
+        return { data: null, content: null, result: null, meta: {} };
+    }
     let { plainResult, result, meta, content } = handleResponseFormatOptions({ ...opts }, res);
+    const newId = (result === null || result === void 0 ? void 0 : result._id) || "unknown";
     spinner.success({
-        text: `Copied entry ${id} in ${collection}: New ID [${result._id}]`,
+        text: `Copied entry ${id} in ${collection}: New ID [${newId}]`,
     });
     spinner.stop();
-    localStorage.setItem("lastId", result._id);
+    if (result === null || result === void 0 ? void 0 : result._id)
+        localStorage.setItem("lastId", result._id);
     return { data: plainResult, content, result, meta };
 }

package/lib/operations/handleCreateSingleOperation.js

@@ -3,17 +3,20 @@ import { apiCallHandler } from "../api/apiCallHandler.js";
 import { spinner } from "../../index.js";
 import { handleResponseFormatOptions } from "../helpers/handleResponseFormatOptions.js";
 import { localStorage } from "../helpers/localStorage.js";
+import { getContextCreateFields } from "../helpers/contextInjector.js";
 export async function handleCreateSingleOperation(module, collection, name, opts) {
     var _a;
     spinner.start({
         text: `Creating entry in [${collection}]`,
         color: "magenta",
     });
+    const contextFields = getContextCreateFields(collection);
     let res = await apiCallHandler(module, collection.toLowerCase(), "post", {
         name,
         title: name,
         subject: name,
         summary: name,
+        ...contextFields,
     }, {
         responseFormat: opts.responseFormat,
         verbosity: opts.verbosity,

package/lib/operations/handleDescribeSingleOperation.js

@@ -2,6 +2,9 @@
 import { apiCallHandler } from "../api/apiCallHandler.js";
 import { spinner } from "../../index.js";
 import { formatDocument } from "../helpers/formatDocument.js";
+import { handleResponseFormatOptions } from "../helpers/handleResponseFormatOptions.js";
+import { EXIT_GENERAL_ERROR } from "../exitCodes.js";
+import { cliError } from "../helpers/cliError.js";
 export async function handleDescribeSingleOperation(module, collection, id, opts) {
     spinner.start({
         text: `Getting entry in [${collection}]`,
@@ -15,6 +18,26 @@ export async function handleDescribeSingleOperation(module, collection, id, opts
     });
     spinner.stop();
     const payload = res === null || res === void 0 ? void 0 : res.payload;
+    // Sub-resource extraction: ay describe tasks <id> comments
+    if (opts === null || opts === void 0 ? void 0 : opts.subResource) {
+        const subData = payload === null || payload === void 0 ? void 0 : payload[opts.subResource];
+        if (subData === undefined) {
+            const arrayFields = Object.keys(payload || {}).filter((k) => Array.isArray(payload[k]));
+            const hint = arrayFields.length > 0
+                ? `Available array fields: ${arrayFields.join(", ")}`
+                : "No array fields found in this document.";
+            cliError(`Sub-resource "${opts.subResource}" not found in ${collection}. ${hint}`, EXIT_GENERAL_ERROR);
+        }
+        const subRes = { payload: subData, meta: { total: Array.isArray(subData) ? subData.length : 1 } };
+        const formatted = handleResponseFormatOptions(opts, subRes);
+        return { data: res, content: formatted.content, result: formatted.result, meta: formatted.meta };
+    }
+    // Format options passthrough: --jq, -r json/table/csv, --columns
+    if ((opts === null || opts === void 0 ? void 0 : opts.jq) || (opts === null || opts === void 0 ? void 0 : opts.columns) || ((opts === null || opts === void 0 ? void 0 : opts.responseFormat) && opts.responseFormat !== "yaml")) {
+        const formatted = handleResponseFormatOptions(opts, { payload, meta: res === null || res === void 0 ? void 0 : res.meta });
+        return { data: res, content: formatted.content, result: formatted.result, meta: formatted.meta };
+    }
+    // Default: formatted YAML describe box
     if (!opts.quiet) {
         console.log(formatDocument(payload, { module, collection, id }));
     }

package/lib/operations/handleGetOperation.js

@@ -1,21 +1,27 @@
 // Operation handling functions
 import { apiCallHandler } from "../api/apiCallHandler.js";
 import { spinner } from "../../index.js";
-import { handleResponseFormatOptions } from "../helpers/handleResponseFormatOptions.js";
+import { handleResponseFormatOptions, getApiResponseFormat } from "../helpers/handleResponseFormatOptions.js";
+import { sanitizeFields } from "../helpers/sanitizeFields.js";
+import { getContextFilterParams } from "../helpers/contextInjector.js";
 export async function handleGetOperation(module, collection, opts) {
     var _a, _b, _c, _d, _e, _f;
     spinner.start({
         text: `Getting entries in [${collection}]`,
         color: "magenta",
     });
+    // Validate field names to prevent MongoDB injection
+    const fields = opts.fields ? sanitizeFields(opts.fields) : undefined;
+    const contextParams = getContextFilterParams(collection);
     let res = await apiCallHandler(module, collection.toLowerCase(), "get", null, {
         page: opts.page,
-        responseFormat: opts.responseFormat,
+        responseFormat: getApiResponseFormat(opts.responseFormat),
         limit: opts.limit,
         from: opts.from,
-        fields: opts.fields,
+        fields,
         hideMeta: opts.hideMeta,
         verbosity: opts.verbosity,
+        ...contextParams,
     });
     let { plainResult, result, meta, content } = handleResponseFormatOptions(opts, res);
     const totalEntries = (_b = (_a = meta === null || meta === void 0 ? void 0 : meta.pageInfo) === null || _a === void 0 ? void 0 : _a.totalEntries) !== null && _b !== void 0 ? _b : '?';

package/lib/operations/handleListOperation.js

@@ -1,21 +1,25 @@
 // Operation handling functions
 import { apiCallHandler } from "../api/apiCallHandler.js";
 import { spinner } from "../../index.js";
-import { handleResponseFormatOptions } from "../helpers/handleResponseFormatOptions.js";
+import { handleResponseFormatOptions, getApiResponseFormat } from "../helpers/handleResponseFormatOptions.js";
+import { getContextFilterParams, hasActiveContext } from "../helpers/contextInjector.js";
 async function fetchPage(module, collection, opts) {
+    const contextParams = getContextFilterParams(collection);
     return apiCallHandler(module, collection.toLowerCase(), "get", null, {
         page: opts.page,
-        responseFormat: opts.responseFormat,
+        responseFormat: getApiResponseFormat(opts.responseFormat),
         limit: opts.limit,
         from: opts.from,
         hideMeta: opts.hideMeta,
         verbosity: opts.verbosity,
+        ...contextParams,
     });
 }
 export async function handleListOperation(module, collection, opts) {
-    var _a, _b, _c, _d;
+    var _a, _b, _c, _d, _e, _f, _g, _h;
+    const scopeHint = hasActiveContext() ? " (scoped by context)" : "";
     spinner.start({
-        text: `Listing entries in [${collection}]`,
+        text: `Listing entries in [${collection}]${scopeHint}`,
         color: "magenta",
     });
     if (opts.all) {
@@ -28,7 +32,7 @@ export async function handleListOperation(module, collection, opts) {
             const pageOpts = { ...opts, page };
             const res = await fetchPage(module, collection, pageOpts);
             const payload = res.payload;
-            meta = res.meta;
+            meta = res.meta || {};
             totalPages = (_b = (_a = meta.pageInfo) === null || _a === void 0 ? void 0 : _a.totalPages) !== null && _b !== void 0 ? _b : 1;
             if (Array.isArray(payload)) {
                 allPayload = allPayload.concat(payload);
@@ -41,7 +45,7 @@ export async function handleListOperation(module, collection, opts) {
         // Build a synthetic response with all data
         const syntheticRes = {
             payload: allPayload,
-            meta: { ...meta, pageInfo: { ...meta.pageInfo, page: 1, totalPages: 1, totalEntries: allPayload.length } },
+            meta: { ...meta, pageInfo: { ...(meta.pageInfo || {}), page: 1, totalPages: 1, totalEntries: allPayload.length } },
         };
         const { plainResult, result, content } = handleResponseFormatOptions(opts, syntheticRes);
         spinner.success({ text: `Got all ${allPayload.length} entries from ${totalPages} pages` });
@@ -51,11 +55,11 @@ export async function handleListOperation(module, collection, opts) {
     // Single page fetch
     let res = await fetchPage(module, collection, opts);
     let { plainResult, result, meta, content } = handleResponseFormatOptions(opts, res);
-    const total = (_d = (_c = meta.pageInfo) === null || _c === void 0 ? void 0 : _c.totalEntries) !== null && _d !== void 0 ? _d : 0;
-    const count = Array.isArray(result) ? result.length : total;
+    const count = Array.isArray(result) ? result.length : 0;
+    const total = (_d = (_c = meta === null || meta === void 0 ? void 0 : meta.pageInfo) === null || _c === void 0 ? void 0 : _c.totalEntries) !== null && _d !== void 0 ? _d : count;
     spinner.success({
-        text: total > 0
-            ? `Got ${count} of ${total} entries : Page ${meta.pageInfo.page} of ${meta.pageInfo.totalPages}`
+        text: total > 0 || count > 0
+            ? `Got ${count} of ${total} entries : Page ${(_f = (_e = meta === null || meta === void 0 ? void 0 : meta.pageInfo) === null || _e === void 0 ? void 0 : _e.page) !== null && _f !== void 0 ? _f : 1} of ${(_h = (_g = meta === null || meta === void 0 ? void 0 : meta.pageInfo) === null || _g === void 0 ? void 0 : _g.totalPages) !== null && _h !== void 0 ? _h : '?'}`
             : `No entries found in [${collection}]`,
     });
     spinner.stop();

package/lib/prompts/promptModule.js

@@ -1,18 +1,21 @@
 // Prompt functions
 import inquirer from "inquirer";
 import { aYOUneModules } from "../../data/modules.js";
+import { isSuperUser } from "../helpers/tokenPayload.js";
 export async function promptModule() {
+    const su = isSuperUser();
+    const choices = aYOUneModules
+        .filter((el) => !el.superuserOnly || su)
+        .map((el) => ({
+        name: el.label,
+        value: el.module,
+    }));
     const { module } = await inquirer.prompt([
         {
             type: "list",
             name: "module",
             message: "Select a business module:",
-            choices: aYOUneModules.map((el) => {
-                return {
-                    name: el.label,
-                    value: el.module,
-                };
-            }),
+            choices,
         },
     ]);
     return module;