@trackunit/iris-app-sdk-vite 0.3.15 → 0.3.18

package/CHANGELOG.md

@@ -1,3 +1,27 @@
+## 0.3.18 (2026-04-27)
+
+### 🧱 Updated Dependencies
+
+- Updated iris-app-build-utilities to 1.15.18
+- Updated iris-app-api to 1.17.18
+- Updated iris-app to 1.18.19
+
+## 0.3.17 (2026-04-27)
+
+### 🧱 Updated Dependencies
+
+- Updated iris-app-build-utilities to 1.15.17
+- Updated iris-app-api to 1.17.17
+- Updated iris-app to 1.18.18
+
+## 0.3.16 (2026-04-27)
+
+### 🧱 Updated Dependencies
+
+- Updated iris-app-build-utilities to 1.15.16
+- Updated iris-app-api to 1.17.16
+- Updated iris-app to 1.18.17
+
 ## 0.3.15 (2026-04-24)
 
 ### 🧱 Updated Dependencies

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@trackunit/iris-app-sdk-vite",
-  "version": "0.3.15",
+  "version": "0.3.18",
   "license": "SEE LICENSE IN LICENSE.txt",
   "repository": "https://github.com/Trackunit/manager",
   "executors": "./executors.json",
@@ -10,8 +10,8 @@
   "dependencies": {
     "rxjs": "7.8.1",
     "win-ca": "^3.5.1",
-    "@trackunit/iris-app-build-utilities": "1.15.15",
-    "@trackunit/iris-app-api": "1.17.15",
+    "@trackunit/iris-app-build-utilities": "1.15.18",
+    "@trackunit/iris-app-api": "1.17.18",
     "tslib": "^2.6.2",
     "vite": "7.3.1",
     "@module-federation/vite": "1.11.0",
@@ -21,7 +21,10 @@
     "rollup-plugin-visualizer": "5.12.0",
     "@tailwindcss/postcss": "^4.1.18",
     "@vitejs/plugin-react-swc": "^4.2.3",
-    "@nx/devkit": "22.6.5"
+    "@nx/devkit": "22.6.5",
+    "@trackunit/iris-app": "1.18.19",
+    "cross-keychain": "^1.1.0",
+    "jwt-decode": "^3.1.2"
   },
   "types": "./src/index.d.ts",
   "main": "./src/index.js",

package/src/executors/serve/executor.js

@@ -3,12 +3,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.default = serveExecutor;
 const tslib_1 = require("tslib");
 const rxjs_for_await_1 = require("@nx/devkit/src/utils/rxjs-for-await");
+const iris_app_1 = require("@trackunit/iris-app");
 const iris_app_build_utilities_1 = require("@trackunit/iris-app-build-utilities");
 const fs_1 = require("fs");
 const path_1 = require("path");
 const rxjs_1 = require("rxjs");
 const op = tslib_1.__importStar(require("rxjs/operators"));
 require("win-ca");
+const checkCustomFields_1 = require("../utils/checkCustomFields");
 const defaultViteConfig_1 = require("../utils/defaultViteConfig");
 /**
  * Serve executor for serving Iris Apps with Vite.
@@ -19,6 +21,7 @@ const defaultViteConfig_1 = require("../utils/defaultViteConfig");
  */
 async function* serveExecutor(options, context) {
     await (0, iris_app_build_utilities_1.checkPackageVersion)(false);
+    const settings = (0, iris_app_1.getSettings)();
     const skipTypeChecking = options.skipTypeChecking ?? false;
     // eslint-disable-next-line @trackunit/no-typescript-assertion, @typescript-eslint/no-non-null-assertion
     const projectRoot = context.projectsConfigurations.projects[context.projectName].root;
@@ -30,6 +33,13 @@ async function* serveExecutor(options, context) {
     });
     // Now we can safely import the manifest (it uses @trackunit/* imports)
     const irisAppManifest = (await Promise.resolve(`${manifestPath}`).then(s => tslib_1.__importStar(require(s)))).default;
+    const checkCustomFieldsResult = await (0, checkCustomFields_1.checkCustomFields)(irisAppManifest, settings);
+    if (checkCustomFieldsResult === "out-of-sync") {
+        throw new Error("Custom fields are out of sync with the latest approved manifest, please submit and get this version approved before you continue developing the app.");
+    }
+    if (checkCustomFieldsResult === "not-submitted") {
+        throw new Error("Custom fields are not submitted, please submit and get this version approved before you continue developing the app.");
+    }
     const serversideResult = await (0, iris_app_build_utilities_1.spawnServersideExtensions)(irisAppManifest, context.root);
     try {
         // Get default config (internally imports @trackunit/iris-app-vite-plugin)

package/src/executors/utils/accessTokenCache.js

@@ -0,0 +1,111 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCachedAccessToken = void 0;
+const tslib_1 = require("tslib");
+const iris_app_1 = require("@trackunit/iris-app");
+const cross_keychain_1 = require("cross-keychain");
+const jwt_decode_1 = tslib_1.__importDefault(require("jwt-decode"));
+const SERVICE = "trackunit-iris-app-sdk";
+const SKEW_MS = 60000;
+/**
+ * Returns an access token, preferring a cached keychain entry when it is still
+ * valid. Falls through to the interactive device-code login when the cache is
+ * missing, expired, or unreadable, then persists the fresh token.
+ *
+ * CI paths (TU_TOKEN / TU_CLIENT_ID_*) bypass the cache entirely.
+ */
+const getCachedAccessToken = async (settings) => {
+    if (isCiEnvironment(settings.env)) {
+        return unwrapTokenData(await (0, iris_app_1.getAccessToken)(settings.env));
+    }
+    // on mac you can delete it using security delete-generic-password -s "trackunit-iris-app-sdk" -a "iris-app-serve-access-token-LOCAL"
+    const account = `iris-app-serve-access-token-${settings.env}`;
+    const cached = await safeReadToken(account);
+    if (cached && cached.expires_at - SKEW_MS > Date.now()) {
+        // eslint-disable-next-line no-console
+        console.log("🔑 Using cached access token from system keychain.");
+        return {
+            access_token: cached.access_token,
+            token_type: cached.token_type,
+            scope: cached.scope,
+            id_token: cached.id_token,
+            expires_in: Math.max(0, Math.floor((cached.expires_at - Date.now()) / 1000)),
+        };
+    }
+    const fresh = unwrapTokenData(await (0, iris_app_1.getAccessToken)(settings.env));
+    await safeStoreToken(account, {
+        access_token: fresh.access_token,
+        token_type: fresh.token_type,
+        scope: fresh.scope,
+        id_token: fresh.id_token,
+        expires_at: computeExpiresAt(fresh),
+    });
+    return fresh;
+};
+exports.getCachedAccessToken = getCachedAccessToken;
+const isCiEnvironment = (env) => Boolean(process.env.TU_TOKEN) || Boolean(process.env[`TU_CLIENT_ID_${env}`]);
+const unwrapTokenData = (tokenData) => {
+    if (!("access_token" in tokenData)) {
+        if ("error" in tokenData && tokenData.error === "expired_token") {
+            throw new Error("Authentication attempt expired");
+        }
+        const description = "error_description" in tokenData ? ` ${tokenData.error_description}` : "";
+        const errorName = "error" in tokenData ? tokenData.error : "unknown";
+        throw new Error(`Failed to get access token: ${errorName}${description}`);
+    }
+    return tokenData;
+};
+const computeExpiresAt = (token) => {
+    try {
+        const decoded = (0, jwt_decode_1.default)(token.access_token);
+        if (decoded !== null && typeof decoded === "object" && "exp" in decoded && typeof decoded.exp === "number") {
+            return decoded.exp * 1000;
+        }
+    }
+    catch {
+        // JWT decode failed — fall through to expires_in
+    }
+    return Date.now() + token.expires_in * 1000;
+};
+const safeReadToken = async (account) => {
+    try {
+        const raw = await (0, cross_keychain_1.getPassword)(SERVICE, account);
+        if (!raw) {
+            return undefined;
+        }
+        const parsed = JSON.parse(raw);
+        if (!isValidCachedPayload(parsed)) {
+            return undefined;
+        }
+        return parsed;
+    }
+    catch (error) {
+        const reason = error instanceof Error ? error.message : String(error);
+        // eslint-disable-next-line no-console
+        console.warn(`⚠️  Could not read cached token from system keychain: ${reason}. Falling back to interactive login.`);
+        return undefined;
+    }
+};
+const safeStoreToken = async (account, payload) => {
+    try {
+        await (0, cross_keychain_1.setPassword)(SERVICE, account, JSON.stringify(payload));
+    }
+    catch (error) {
+        const reason = error instanceof Error ? error.message : String(error);
+        // eslint-disable-next-line no-console
+        console.warn(`⚠️  Could not cache access token in system keychain: ${reason}. Token will not be persisted.`);
+    }
+};
+const isValidCachedPayload = (value) => value !== null &&
+    typeof value === "object" &&
+    "access_token" in value &&
+    typeof value.access_token === "string" &&
+    "expires_at" in value &&
+    typeof value.expires_at === "number" &&
+    "token_type" in value &&
+    typeof value.token_type === "string" &&
+    "scope" in value &&
+    typeof value.scope === "string" &&
+    "id_token" in value &&
+    typeof value.id_token === "string";
+//# sourceMappingURL=accessTokenCache.js.map

package/src/executors/utils/checkCustomFields.js

@@ -0,0 +1,88 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkCustomFields = void 0;
+const accessTokenCache_1 = require("./accessTokenCache");
+const deepEqual_1 = require("./deepEqual");
+/**
+ * Checks if the custom field definitions are in sync with the latest approved manifest.
+ *
+ * @param irisAppManifest - The iris app manifest.
+ */
+const checkCustomFields = async (irisAppManifest, settings) => {
+    const localFields = irisAppManifest.customFieldDefinitions ?? [];
+    if (localFields.length === 0) {
+        return "in-sync";
+    }
+    // eslint-disable-next-line no-console
+    console.log("This app is using custom fields, fetching the latest approved manifest to validate that the local custom field definitions are in sync.");
+    const tokenData = await (0, accessTokenCache_1.getCachedAccessToken)(settings);
+    const latestApprovedManifestIfAny = await fetchLatestApprovedManifest(irisAppManifest.moduleFederationName, tokenData.access_token, settings);
+    if (!latestApprovedManifestIfAny) {
+        return "not-submitted";
+    }
+    const approvedFields = latestApprovedManifestIfAny.customFieldDefinitions ?? [];
+    // eslint-disable-next-line no-console
+    console.log(`Latest approved manifest for ${irisAppManifest.moduleFederationName} has ${approvedFields.length} custom field definition(s).`);
+    if (hasCustomFieldDrift(localFields, approvedFields)) {
+        return "out-of-sync";
+    }
+    return "in-sync";
+};
+exports.checkCustomFields = checkCustomFields;
+const stripTranslations = (field) => {
+    const { translations, ...rest } = field;
+    return rest;
+};
+/**
+ * Returns true when the local and approved custom field sets differ.
+ * The comparison is symmetric: added, removed, and modified fields are all detected.
+ * Translations are excluded from the comparison.
+ */
+const hasCustomFieldDrift = (localFields, approvedFields) => {
+    if (localFields.length !== approvedFields.length) {
+        return true;
+    }
+    return localFields.some(local => {
+        const approved = approvedFields.find(a => a.key === local.key);
+        if (!approved) {
+            return true;
+        }
+        return !(0, deepEqual_1.deepEqual)(stripTranslations(local), stripTranslations(approved));
+    });
+};
+const LATEST_APPROVED_MANIFEST_QUERY = `query LatestApprovedManifest($irisAppId: String!) {
+  manifest(irisAppId: $irisAppId)
+}`;
+/**
+ * Fetches the latest approved public manifest for the given iris app id from the
+ * internal GraphQL endpoint. Returns null if the app is not subscribed on the
+ * caller's account or does not have an approved version yet.
+ *
+ * @param {string} irisAppId The iris app id, typically the manifest's moduleFederationName.
+ * @param {string} accessToken The Trackunit access token to authenticate the request.
+ * @param {Settings} settings The Iris App SDK settings.
+ * @returns {Promise<PublicIrisAppManifest | null>} The latest approved manifest or null.
+ */
+async function fetchLatestApprovedManifest(irisAppId, accessToken, settings) {
+    const response = await fetch(settings.graphqlInternalUrl.toString(), {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${accessToken}`,
+        },
+        body: JSON.stringify({
+            operationName: "LatestApprovedManifest",
+            query: LATEST_APPROVED_MANIFEST_QUERY,
+            variables: { irisAppId },
+        }),
+    });
+    if (!response.ok) {
+        throw new Error(`Failed to fetch latest approved manifest: ${response.status} ${response.statusText} ${await response.text()}`);
+    }
+    const body = await response.json();
+    if (body.errors && body.errors.length > 0) {
+        throw new Error(`GraphQL error fetching latest approved manifest: ${body.errors.map(e => e.message).join(", ")}`);
+    }
+    return body.data?.manifest ?? null;
+}
+//# sourceMappingURL=checkCustomFields.js.map

package/src/executors/utils/deepEqual.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deepEqual = void 0;
+/**
+ * Deeply compares two values for equality.
+ *
+ * @param a - The first value to compare.
+ * @param b - The second value to compare.
+ * @returns {boolean} - true if the values are equal, false otherwise.
+ */
+const deepEqual = (a, b) => {
+    if (a === b) {
+        return true;
+    }
+    if (a === null || b === null || typeof a !== "object" || typeof b !== "object") {
+        return false;
+    }
+    if (Array.isArray(a) !== Array.isArray(b)) {
+        return false;
+    }
+    if (Array.isArray(a) && Array.isArray(b)) {
+        if (a.length !== b.length) {
+            return false;
+        }
+        return a.every((item, i) => (0, exports.deepEqual)(item, b[i]));
+    }
+    // eslint-disable-next-line @trackunit/no-typescript-assertion
+    const aObj = a;
+    // eslint-disable-next-line @trackunit/no-typescript-assertion
+    const bObj = b;
+    const aKeys = Object.keys(aObj);
+    const bKeys = Object.keys(bObj);
+    if (aKeys.length !== bKeys.length) {
+        return false;
+    }
+    return aKeys.every(key => (0, exports.deepEqual)(aObj[key], bObj[key]));
+};
+exports.deepEqual = deepEqual;
+//# sourceMappingURL=deepEqual.js.map