@usesocial/cli 0.2.0 → 0.2.1

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @usesocial/cli
 
+## 0.2.1
+
+### Patch Changes
+
+- Improve account connection progress output and hosted auth resilience.
+
 ## 0.2.0
 
 ### Minor Changes

package/README.md

@@ -188,9 +188,10 @@ jq -r '.items[].id' /tmp/hiring-posts.json \
 1. Asks what access to grant the agent. Read and Write are both selected by
    default; clear Write in the prompt to grant read-only access.
 2. Asks for your email address.
-3. Shows you a verification code and approval URL, then tries to open that URL
-   in your browser.
-4. Waits until you approve the session in the browser.
+3. Sends a magic link to that email with the device approval screen already
+   attached.
+4. Waits until you click the magic link and approve the CLI session in the
+   browser.
 5. Confirms billing checkout in the terminal when a seat is needed.
 6. Stores the returned token in your OS keyring, falling back to
    `~/.social/credentials.json` (mode `0600`) when no keyring is available.

package/bin/social.mjs

@@ -1,17 +1,10 @@
 #!/usr/bin/env node
-import { existsSync } from "node:fs";
 import { dirname, join } from "node:path";
-import { loadEnvFile } from "node:process";
 import { fileURLToPath, pathToFileURL } from "node:url";
 
 const packageRoot = dirname(dirname(fileURLToPath(import.meta.url)));
-const localEnvPath = join(packageRoot, "..", "..", ".env.staging");
 const entryURL = pathToFileURL(join(packageRoot, "dist", "index.mjs")).href;
 
-if (existsSync(localEnvPath)) {
-  loadEnvFile(localEnvPath);
-}
-
 import(entryURL).catch((error) => {
   console.error(error);
   process.exit(1);

package/dist/index.mjs

@@ -17920,17 +17920,12 @@ const LEADING_AT_PATTERN$1 = /^@+/;
 const LINKEDIN_PROFILE_HOST_PATTERN = /(^|\.)linkedin\.com$/i;
 const isInteractiveTerminal$1 = (deps) => deps.isInteractiveTerminal?.() ?? process.stdout.isTTY === true;
 const openURL = async (deps, url) => {
-	const log = deps.log ?? console.error;
-	if (!(isInteractiveTerminal$1(deps) && deps.openURL)) {
-		log(url);
-		return {
-			opened: false,
-			url
-		};
-	}
-	const handoff = await Promise.resolve(deps.openURL(url));
-	if (!handoff.opened) log(url);
-	return handoff;
+	(deps.log ?? console.error)(`Opening ${url}`);
+	if (!(isInteractiveTerminal$1(deps) && deps.openURL)) return {
+		opened: false,
+		url
+	};
+	return await Promise.resolve(deps.openURL(url));
 };
 const pollForSeat$2 = async (deps) => {
 	const intervalMs = deps.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS;
@@ -18084,12 +18079,9 @@ const connectURLFor = async (deps, reconnectProfileId) => {
 };
 const isInteractiveTerminal = (deps) => deps.isInteractiveTerminal?.() ?? process.stdout.isTTY === true;
 const openOrPrint = async (deps, url) => {
-	const log = deps.log ?? console.error;
-	if (!(isInteractiveTerminal(deps) && deps.openBrowser)) {
-		log(url);
-		return;
-	}
-	if (await deps.openBrowser(url) === false) log(url);
+	(deps.log ?? console.error)(`Opening ${url}`);
+	if (!(isInteractiveTerminal(deps) && deps.openBrowser)) return;
+	await deps.openBrowser(url);
 };
 const pollForAccount = async (deps, matches) => {
 	const sleep = deps.sleep ?? defaultSleep;
@@ -20775,7 +20767,7 @@ const env = createEnv({
 	}
 });
 const SERVICE_NAME = "social-cli";
-const VERSION = "0.2.0";
+const VERSION = "0.2.1";
 const apiURL = (path) => createAbsoluteURL(env.SOCIAL_API_URL, path);
 //#endregion
 //#region src/lib/bearer.ts
@@ -21131,6 +21123,9 @@ const writeStdoutBuffer = (buffer) => {
 const writeStdout = (value) => {
 	writeStdoutBuffer(Buffer.from(`${value}\n`));
 };
+const printLine = (value) => {
+	writeStdout(value);
+};
 const printData = (value) => {
 	writeStdout(JSON.stringify(value));
 };
@@ -27067,96 +27062,21 @@ const accessPhase = async (ctx) => {
 	};
 };
 //#endregion
-//#region src/lib/browser.ts
-const WSL_VERSION = /microsoft|wsl/i;
-const BROWSER_TARGET_TIMEOUT_MS = 5e3;
-const LOCAL_HOSTS = new Set([
-	"localhost",
-	"127.0.0.1",
-	"::1"
-]);
-const displayURL = (url) => {
-	try {
-		const parsed = new URL(url);
-		parsed.searchParams.delete("token");
-		parsed.hash = "";
-		return parsed.toString();
-	} catch {
-		return url;
-	}
-};
-const hintFor = (url) => LOCAL_HOSTS.has(url.hostname) ? "Start the web app or local worker, or set SOCIAL_API_URL to your deployed social API." : "Check SOCIAL_API_URL and your connection, then try again.";
-const assertBrowserTargetReachable = async (url) => {
-	let parsed;
-	try {
-		parsed = new URL(url);
-	} catch {
-		return;
-	}
-	if (parsed.protocol !== "http:" && parsed.protocol !== "https:") return;
-	if (!LOCAL_HOSTS.has(parsed.hostname)) return;
-	const controller = new AbortController();
-	const timeout = setTimeout(() => controller.abort(), BROWSER_TARGET_TIMEOUT_MS);
-	const target = parsed.origin;
-	try {
-		const response = await fetch(target, {
-			method: "GET",
-			redirect: "manual",
-			signal: controller.signal
-		});
-		if (response.status >= 400) throw new Error(`social is reachable at ${displayURL(target)}, but it returned ${response.status}. Try again in a moment.`);
-	} catch (error) {
-		if (error instanceof Error && error.message.startsWith("social is reachable")) throw error;
-		throw new Error(`Can't reach ${displayURL(target)}. ${hintFor(parsed)}`);
-	} finally {
-		clearTimeout(timeout);
-	}
-};
-const runCommand = async (command) => await new Promise((resolve) => {
-	const [file, ...args] = command;
-	if (!file) {
-		resolve(false);
-		return;
-	}
-	const proc = spawn(file, args, { stdio: "ignore" });
-	proc.once("error", () => resolve(false));
-	proc.once("exit", (code) => resolve(code === 0));
-});
-const isWSL = async () => {
-	if (env.WSL_DISTRO_NAME || env.WSL_INTEROP) return true;
-	const version = await readFile("/proc/version", "utf8").catch(() => "");
-	return WSL_VERSION.test(version);
-};
-const openBrowser = async (url) => {
-	await assertBrowserTargetReachable(url);
-	if (process.platform === "darwin") return await runCommand(["open", url]);
-	if (process.platform === "win32") return await runCommand([
-		"cmd",
-		"/c",
-		"start",
-		url
-	]);
-	if (await isWSL()) return await runCommand(["wslview", url]) || await runCommand([
-		"powershell.exe",
-		"-NoProfile",
-		"-Command",
-		"Start-Process",
-		url
-	]);
-	return await runCommand(["xdg-open", url]);
-};
-//#endregion
 //#region src/login/phases/0.sign-in.ts
 const CLIENT_ID = "social-cli";
 const DEVICE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
+const MAGIC_LINK_PATH = "/api/auth/sign-in/magic-link";
 const TERMS_URL = new URL(siteConfig.links.terms, siteConfig.publicWebURL).toString();
+const LOGIN_SUCCESS_MESSAGE = "Logged in! 🎉";
+const NEXT_COMMANDS_MESSAGE = "Now run `social account connect linkedin` or `social account connect x`.";
 const formatUserCode = (code) => `${code.slice(0, 4)}-${code.slice(4)}`;
 const isRecord$2 = (value) => typeof value === "object" && value !== null;
-const isAuthErrorResponse = (data) => isRecord$2(data) && (typeof data.error === "string" || typeof data.error_description === "string");
+const isAuthErrorResponse = (data) => isRecord$2(data) && (typeof data.error === "string" || typeof data.error_description === "string" || typeof data.message === "string");
 const isDeviceCodeResponse = (data) => isRecord$2(data) && typeof data.device_code === "string" && typeof data.user_code === "string" && typeof data.verification_uri === "string" && typeof data.verification_uri_complete === "string" && typeof data.expires_in === "number" && (data.interval === void 0 || typeof data.interval === "number");
 const isDeviceTokenResponse = (data) => isRecord$2(data) && typeof data.access_token === "string" && (data.token_type === void 0 || typeof data.token_type === "string") && (data.expires_in === void 0 || typeof data.expires_in === "number") && (data.scope === void 0 || typeof data.scope === "string");
+const isMagicLinkResponse = (data) => isRecord$2(data) && data.status === true;
 const authErrorMessage = (fallback, response, data) => {
-	if (data?.error_description || data?.error) return data.error_description ?? data.error ?? fallback;
+	if (data?.error_description || data?.error || data?.message) return data.error_description ?? data.error ?? data.message ?? fallback;
 	const status = [response.status, response.statusText].filter(Boolean).join(" ");
 	return status ? `${fallback}: ${status}` : fallback;
 };
@@ -27196,30 +27116,60 @@ const pollDeviceToken = async (deviceCode) => {
 	}
 	throw new Error("Device sign-in expired before approval.");
 };
-const verificationURLFor = (url, email, webBaseURL = process.env.SOCIAL_WEB_URL) => {
+const magicLinkURLFor = (webBaseURL = env.SOCIAL_WEB_URL) => createAbsoluteURL(webBaseURL, MAGIC_LINK_PATH);
+const deviceCallbackURLFor = (deviceCode, email) => {
+	let parsed;
 	try {
-		const parsed = new URL(url);
-		const userCode = parsed.searchParams.get("user_code");
-		if (userCode) parsed.searchParams.set("user_code", formatUserCode(userCode));
-		if (webBaseURL) try {
-			const base = new URL(webBaseURL);
-			parsed.protocol = base.protocol;
-			parsed.host = base.host;
-			parsed.username = "";
-			parsed.password = "";
-		} catch {}
-		parsed.searchParams.set("email", email);
-		return parsed.toString();
+		parsed = new URL(deviceCode.verification_uri_complete);
 	} catch {
-		return url;
+		parsed = new URL("/device", "https://social.local");
+	}
+	parsed.searchParams.set("user_code", formatUserCode(deviceCode.user_code));
+	parsed.searchParams.set("email", email);
+	return `${parsed.pathname}${parsed.search}`;
+};
+const sendMagicLinkSignIn = async (email, callbackURL, deps = {}) => {
+	const response = await (deps.fetch ?? fetch)(magicLinkURLFor(deps.webBaseURL), {
+		method: "POST",
+		headers: {
+			"content-type": "application/json",
+			"x-social-surface": "cli"
+		},
+		body: JSON.stringify({
+			email,
+			callbackURL
+		})
+	});
+	const data = await response.json().catch(() => void 0);
+	if (!(response.ok && isMagicLinkResponse(data))) {
+		const error = isAuthErrorResponse(data) ? data : void 0;
+		throw new Error(authErrorMessage("Could not send sign-in email", response, error));
+	}
+};
+const waitForDeviceToken = async (ctx, deviceCode) => {
+	const spinner = ctx.ui.spinner();
+	const message = "Waiting for magic link approval";
+	spinner.start(message);
+	const clearTick = spinner.withElapsed(message);
+	try {
+		const token = await pollDeviceToken(deviceCode);
+		const tokenExpiresAt = token.expires_in ? Date.now() + token.expires_in * 1e3 : void 0;
+		await writeCredentials({
+			accessToken: token.access_token,
+			tokenType: token.token_type,
+			expiresAt: tokenExpiresAt,
+			scope: token.scope
+		});
+		clearTick();
+		spinner.stop(LOGIN_SUCCESS_MESSAGE);
+		ctx.ui.info(NEXT_COMMANDS_MESSAGE);
+		return token;
+	} catch (error) {
+		clearTick();
+		spinner.error(message);
+		throw error;
 	}
 };
-const onboardingLegalNotice = (termsURL = TERMS_URL) => `By signing up and connecting accounts, you accept the terms and conditions and use this software at your own risk.\nRead the terms: ${termsURL}`;
-const resolveEmail = async (ctx) => await ctx.ui.text({
-	message: "Email",
-	placeholder: "you@example.com",
-	validate: (value) => value?.includes("@") ? void 0 : "Enter an email address."
-});
 const signInPhase = async (ctx) => {
 	const email = await resolveEmail(ctx);
 	if (!email) return {
@@ -27229,27 +27179,25 @@ const signInPhase = async (ctx) => {
 	};
 	const deviceCode = await createDeviceCode(ctx.args.scope ?? "read");
 	const expiresAt = new Date(Date.now() + deviceCode.expires_in * 1e3).toISOString();
-	const verificationURL = verificationURLFor(deviceCode.verification_uri_complete, email);
+	const callbackURL = deviceCallbackURLFor(deviceCode, email);
 	const userCode = formatUserCode(deviceCode.user_code);
-	ctx.ui.note(`Code: ${userCode}\nURL: ${verificationURL}\n\n${onboardingLegalNotice()}`, `Sign in as ${email}`);
-	await openBrowser(verificationURL);
-	const token = await ctx.ui.spinElapsed("Waiting for browser approval", () => pollDeviceToken(deviceCode), "Device approved");
-	const tokenExpiresAt = token.expires_in ? Date.now() + token.expires_in * 1e3 : void 0;
-	await writeCredentials({
-		accessToken: token.access_token,
-		tokenType: token.token_type,
-		expiresAt: tokenExpiresAt,
-		scope: token.scope
-	});
+	await ctx.ui.spin("Sending sign-in email", () => sendMagicLinkSignIn(email, callbackURL), "Magic link sent");
+	ctx.ui.note(`Code: ${userCode}\nEmail: ${email}\n\nClick the magic link in your inbox to approve this CLI session.\n\n${onboardingLegalNotice()}`, "Check your email");
 	return {
 		status: "done",
 		data: {
 			email,
 			expiresAt,
-			scope: token.scope
+			scope: (await waitForDeviceToken(ctx, deviceCode)).scope
 		}
 	};
 };
+const onboardingLegalNotice = (termsURL = TERMS_URL) => `By signing up and connecting accounts, you accept the terms and conditions and use this software at your own risk.\nRead the terms: ${termsURL}`;
+const resolveEmail = async (ctx) => await ctx.ui.text({
+	message: "Email",
+	placeholder: "you@example.com",
+	validate: (value) => value?.includes("@") ? void 0 : "Enter an email address."
+});
 //#endregion
 //#region src/login/phases/1.scope.ts
 const DEFAULT_SCOPE_ALIAS = "read,write";
@@ -27268,6 +27216,85 @@ const scopePhase = async (ctx) => {
 		data: await ctx.client.cli.session.upsert({ scopeAlias })
 	};
 };
+//#endregion
+//#region src/lib/browser.ts
+const WSL_VERSION = /microsoft|wsl/i;
+const BROWSER_TARGET_TIMEOUT_MS = 5e3;
+const LOCAL_HOSTS = new Set([
+	"localhost",
+	"127.0.0.1",
+	"::1"
+]);
+const displayURL = (url) => {
+	try {
+		const parsed = new URL(url);
+		parsed.searchParams.delete("token");
+		parsed.hash = "";
+		return parsed.toString();
+	} catch {
+		return url;
+	}
+};
+const hintFor = (url) => LOCAL_HOSTS.has(url.hostname) ? "Start the web app or local worker, or set SOCIAL_API_URL to your deployed social API." : "Check SOCIAL_API_URL and your connection, then try again.";
+const assertBrowserTargetReachable = async (url) => {
+	let parsed;
+	try {
+		parsed = new URL(url);
+	} catch {
+		return;
+	}
+	if (parsed.protocol !== "http:" && parsed.protocol !== "https:") return;
+	if (!LOCAL_HOSTS.has(parsed.hostname)) return;
+	const controller = new AbortController();
+	const timeout = setTimeout(() => controller.abort(), BROWSER_TARGET_TIMEOUT_MS);
+	const target = parsed.origin;
+	try {
+		const response = await fetch(target, {
+			method: "GET",
+			redirect: "manual",
+			signal: controller.signal
+		});
+		if (response.status >= 400) throw new Error(`social is reachable at ${displayURL(target)}, but it returned ${response.status}. Try again in a moment.`);
+	} catch (error) {
+		if (error instanceof Error && error.message.startsWith("social is reachable")) throw error;
+		throw new Error(`Can't reach ${displayURL(target)}. ${hintFor(parsed)}`);
+	} finally {
+		clearTimeout(timeout);
+	}
+};
+const runCommand = async (command) => await new Promise((resolve) => {
+	const [file, ...args] = command;
+	if (!file) {
+		resolve(false);
+		return;
+	}
+	const proc = spawn(file, args, { stdio: "ignore" });
+	proc.once("error", () => resolve(false));
+	proc.once("exit", (code) => resolve(code === 0));
+});
+const isWSL = async () => {
+	if (env.WSL_DISTRO_NAME || env.WSL_INTEROP) return true;
+	const version = await readFile("/proc/version", "utf8").catch(() => "");
+	return WSL_VERSION.test(version);
+};
+const openBrowser = async (url) => {
+	await assertBrowserTargetReachable(url);
+	if (process.platform === "darwin") return await runCommand(["open", url]);
+	if (process.platform === "win32") return await runCommand([
+		"cmd",
+		"/c",
+		"start",
+		url
+	]);
+	if (await isWSL()) return await runCommand(["wslview", url]) || await runCommand([
+		"powershell.exe",
+		"-NoProfile",
+		"-Command",
+		"Start-Process",
+		url
+	]);
+	return await runCommand(["xdg-open", url]);
+};
 const SEAT_CHECKOUT_RETURN_PATH = "/setup/billing/done";
 const SEAT_POLL_INTERVAL_MS = 2e3;
 const SEAT_POLL_TIMEOUT_MS = 1800 * 1e3;
@@ -27710,11 +27737,7 @@ const LifecycleAccountOutput = object({
 	connectedAt: string().optional(),
 	lastSeenAt: string().optional()
 }).passthrough();
-const AccountConnectOutput = object({
-	platform: _enum(["linkedin", "x"]),
-	status: literal("connected"),
-	account: LifecycleAccountOutput
-});
+const AccountConnectOutput = string();
 const AccountDisconnectOutput = object({
 	platform: _enum(["linkedin", "x"]),
 	account: LifecycleAccountOutput,
@@ -27789,20 +27812,38 @@ const writeOutput = async (deps, value) => {
 	}
 	printData(value);
 };
+const writeText = (deps, value) => {
+	if (deps.writeText) {
+		deps.writeText(value);
+		return;
+	}
+	printLine(value);
+};
 const platformLabel = (platform) => platform === "x" ? "X" : "LinkedIn";
+const lifecycleConnectContract = {
+	capability: "write",
+	auth: writeAuthContract,
+	mutates: true,
+	outputSchema: AccountConnectOutput,
+	responseShaping: { supported: false },
+	idempotency: "non-idempotent",
+	confirmation: false
+};
+const handleFor = (account) => account.handle.startsWith("@") ? account.handle : `@${account.handle}`;
+const lifecycleDepsWithTextLogs = (deps) => ({
+	...deps,
+	log: (message) => writeText(deps, message)
+});
+const runConnectOutput = async (deps, connect) => {
+	writeText(deps, "Handshaking auth...");
+	writeText(deps, `${handleFor((await connect(lifecycleDepsWithTextLogs(deps))).account)} connected!`);
+};
 const createConnectPlatformCommand = (platform, run) => defineCommand({
 	meta: commandMeta({
 		name: platform,
 		description: `Connect a ${platformLabel(platform)} account.`,
 		capability: "write",
-		contract: {
-			capability: "write",
-			auth: writeAuthContract,
-			mutates: true,
-			outputSchema: AccountConnectOutput,
-			idempotency: "non-idempotent",
-			confirmation: false
-		},
+		contract: lifecycleConnectContract,
 		mutates: true
 	}),
 	run: async () => {
@@ -27814,14 +27855,7 @@ const createAccountPlatformCommand = (platform, description, run, options = {})
 		name: platform,
 		description,
 		capability: "write",
-		contract: options.contract ?? {
-			capability: "write",
-			auth: writeAuthContract,
-			mutates: true,
-			outputSchema: AccountConnectOutput,
-			idempotency: "non-idempotent",
-			confirmation: false
-		},
+		contract: options.contract ?? lifecycleConnectContract,
 		mutates: true
 	}),
 	args: { account: options.accountArg ?? accountArg },
@@ -27848,10 +27882,10 @@ const createAccountCommand = (deps) => {
 			},
 			subCommands: {
 				linkedin: createConnectPlatformCommand("linkedin", async () => {
-					await writeOutput(deps, await connectLinkedinAccount(deps));
+					await runConnectOutput(deps, connectLinkedinAccount);
 				}),
 				x: createConnectPlatformCommand("x", async () => {
-					await writeOutput(deps, await connectXAccount(deps));
+					await runConnectOutput(deps, connectXAccount);
 				})
 			}
 		}),
@@ -27862,10 +27896,10 @@ const createAccountCommand = (deps) => {
 			},
 			subCommands: {
 				linkedin: createAccountPlatformCommand("linkedin", "Reconnect a LinkedIn account.", async (args) => {
-					await writeOutput(deps, await reconnectLinkedinAccount(deps, String(args.account)));
+					await runConnectOutput(deps, (connectDeps) => reconnectLinkedinAccount(connectDeps, String(args.account)));
 				}, { accountArg: linkedinReconnectAccountArg }),
 				x: createAccountPlatformCommand("x", "Reconnect an X account.", async (args) => {
-					await writeOutput(deps, await reconnectXAccount(deps, { account: String(args.account) }));
+					await runConnectOutput(deps, (connectDeps) => reconnectXAccount(connectDeps, { account: String(args.account) }));
 				}, { accountArg: xAccountArg })
 			}
 		}),

package/package.json

@@ -11,7 +11,7 @@
     "access": "public"
   },
   "private": false,
-  "version": "0.2.0",
+  "version": "0.2.1",
   "type": "module",
   "engines": {
     "node": ">=22.5.0"