@vercel/sandbox 1.1.4 → 1.1.5

package/.turbo/turbo-build.log

@@ -1,4 +1,4 @@
 
-> @vercel/sandbox@1.1.4 build /home/runner/work/sandbox-sdk/sandbox-sdk/packages/vercel-sandbox
+> @vercel/sandbox@1.1.5 build /home/runner/work/sandbox-sdk/sandbox-sdk/packages/vercel-sandbox
 > tsc
 

package/.turbo/turbo-test.log

@@ -1,18 +1,24 @@
 
-> @vercel/sandbox@1.1.4 test /home/runner/work/sandbox-sdk/sandbox-sdk/packages/vercel-sandbox
+> @vercel/sandbox@1.1.5 test /home/runner/work/sandbox-sdk/sandbox-sdk/packages/vercel-sandbox
 > vitest run
 
 
  RUN  v3.2.1 /home/runner/work/sandbox-sdk/sandbox-sdk/packages/vercel-sandbox
 
- ✓ src/utils/jwt-expiry.test.ts (10 tests) 21ms
+ ✓ src/utils/dev-credentials.test.ts (7 tests) 572ms
+   ✓ signInAndGetToken > times out after provided timeout  548ms
+ ✓ src/auth/infer-scope.test.ts (9 tests) 79ms
+ ✓ src/utils/jwt-expiry.test.ts (10 tests) 33ms
+ ✓ src/api-client/api-client.test.ts (5 tests) 100ms
  ↓ src/sandbox.test.ts (4 tests | 4 skipped)
- ✓ src/utils/normalizePath.test.ts (6 tests) 8ms
+ ✓ src/utils/normalizePath.test.ts (6 tests) 18ms
  ↓ src/command.test.ts (5 tests | 5 skipped)
- ✓ src/utils/types.test.js (1 test) 16ms
+ ✓ src/auth/linked-project.test.ts (6 tests) 47ms
+ ✓ src/utils/get-credentials.test.ts (2 tests) 31ms
+ ✓ src/utils/types.test.js (1 test) 6ms
 
- Test Files  3 passed | 2 skipped (5)
-      Tests  17 passed | 9 skipped (26)
-   Start at  19:22:27
-   Duration  5.68s (transform 592ms, setup 184ms, collect 1.83s, tests 45ms, environment 12ms, prepare 1.26s)
+ Test Files  8 passed | 2 skipped (10)
+      Tests  46 passed | 9 skipped (55)
+   Start at  07:58:13
+   Duration  12.88s (transform 1.06s, setup 296ms, collect 3.68s, tests 886ms, environment 6ms, prepare 2.95s)
 

package/.turbo/turbo-typecheck.log

@@ -1,4 +1,4 @@
 
-> @vercel/sandbox@1.1.4 typecheck /home/runner/work/sandbox-sdk/sandbox-sdk/packages/vercel-sandbox
+> @vercel/sandbox@1.1.5 typecheck /home/runner/work/sandbox-sdk/sandbox-sdk/packages/vercel-sandbox
 > tsc --noEmit
 

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # @vercel/sandbox
 
+## 1.1.5
+
+### Patch Changes
+
+- prompt to login on local machines to make it seamless to use ([#185](https://github.com/vercel/sandbox-sdk/pull/185))
+
 ## 1.1.4
 
 ### Patch Changes

package/__mocks__/picocolors.ts

@@ -0,0 +1,13 @@
+/**
+ * Mock implementation of picocolors for testing purposes
+ * Each color function wraps the input string with HTML-like tags
+ * e.g., red('text') => '<red>text</red>'
+ */
+export default new Proxy(
+  {},
+  {
+    get(_, prop: string) {
+      return (str: string) => `<${prop}>${str}</${prop}>`;
+    },
+  },
+);

package/dist/api-client/with-retry.js

@@ -5,7 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.withRetry = withRetry;
 const api_error_1 = require("./api-error");
-const promises_1 = require("timers/promises");
+const promises_1 = require("node:timers/promises");
 const async_retry_1 = __importDefault(require("async-retry"));
 /**
  * Wraps a fetch function with retry logic. The retry logic will retry

package/dist/api-client/with-retry.js.map

@@ -1 +1 @@
-{"version":3,"file":"with-retry.js","sourceRoot":"","sources":["../../src/api-client/with-retry.ts"],"names":[],"mappings":";;;;;AAkBA,8BAwGC;AAzHD,2CAAuC;AACvC,8CAA6C;AAC7C,8DAAgC;AAOhC;;;;;;;GAOG;AACH,SAAgB,SAAS,CACvB,QAA4D;IAE5D,OAAO,KAAK,EACV,GAAiB,EACjB,OAA+C,EAAE,EACjD,EAAE;QACF;;;WAGG;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAC7B;YACE,UAAU,EAAE,EAAE;YACd,OAAO,EAAE,CAAC;YACV,MAAM,EAAE,CAAC;YACT,aAAa,EAAE,EAAE;SAClB,EACD,IAAI,CAAC,KAAK,CACX,CAAC;QAEF,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,SAAS,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;gBACtC,IAAI,CAAC,OAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;gBAC3B,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;oBACrC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,OAAO,CAAC,MAAM,IAAA,qBAAK,EAAC,KAAK,EAAE,IAAI,EAAE,EAAE;gBACjC,IAAI,CAAC;oBACH,IAAI,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;wBACzB,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;oBAClE,CAAC;oBACD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;oBAE3C;;;;;;uBAMG;oBACH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;wBAC5B,MAAM,UAAU,GAAG,QAAQ,CACzB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,EACzC,EAAE,CACH,CAAC;wBAEF,IAAI,UAAU,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;4BACrC,IAAI,UAAU,GAAG,SAAS,CAAC,aAAa,EAAE,CAAC;gCACzC,OAAO,QAAQ,CAAC;4BAClB,CAAC;4BAED,MAAM,IAAA,qBAAU,EAAC,UAAU,GAAG,GAAG,CAAC,CAAC;wBACrC,CAAC;wBAED,MAAM,IAAI,oBAAQ,CAAC,QAAQ,CAAC,CAAC;oBAC/B,CAAC;oBAED;;;uBAGG;oBACH,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;wBACpD,MAAM,IAAI,oBAAQ,CAAC,QAAQ,CAAC,CAAC;oBAC/B,CAAC;oBAED,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf;;;uBAGG;oBACH,IAAI,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;wBACxB,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;oBACrB,CAAC;oBAED;;;uBAGG;oBACH,IAAI,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;wBACzB,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;oBAClE,CAAC;oBAED,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC,EAAE,SAAS,CAAC,CAAa,CAAC;QAC7B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf;;;;eAIG;YACH,IAAI,KAAK,YAAY,oBAAQ,EAAE,CAAC;gBAC9B,OAAO,KAAK,CAAC,QAAQ,CAAC;YACxB,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,OAAO,CACL,KAAK,KAAK,SAAS;QACnB,KAAK,KAAK,IAAI;QACb,KAAe,CAAC,IAAI,KAAK,YAAY,CACvC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"with-retry.js","sourceRoot":"","sources":["../../src/api-client/with-retry.ts"],"names":[],"mappings":";;;;;AAkBA,8BAwGC;AAzHD,2CAAuC;AACvC,mDAAkD;AAClD,8DAAgC;AAOhC;;;;;;;GAOG;AACH,SAAgB,SAAS,CACvB,QAA4D;IAE5D,OAAO,KAAK,EACV,GAAiB,EACjB,OAA+C,EAAE,EACjD,EAAE;QACF;;;WAGG;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAC7B;YACE,UAAU,EAAE,EAAE;YACd,OAAO,EAAE,CAAC;YACV,MAAM,EAAE,CAAC;YACT,aAAa,EAAE,EAAE;SAClB,EACD,IAAI,CAAC,KAAK,CACX,CAAC;QAEF,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,SAAS,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;gBACtC,IAAI,CAAC,OAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;gBAC3B,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;oBACrC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,CAAC;gBACtC,CAAC;YACH,CAAC,CAAC;QACJ,CAAC;QAED,IAAI,CAAC;YACH,OAAO,CAAC,MAAM,IAAA,qBAAK,EAAC,KAAK,EAAE,IAAI,EAAE,EAAE;gBACjC,IAAI,CAAC;oBACH,IAAI,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;wBACzB,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;oBAClE,CAAC;oBACD,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;oBAE3C;;;;;;uBAMG;oBACH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;wBAC5B,MAAM,UAAU,GAAG,QAAQ,CACzB,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,IAAI,EAAE,EACzC,EAAE,CACH,CAAC;wBAEF,IAAI,UAAU,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;4BACrC,IAAI,UAAU,GAAG,SAAS,CAAC,aAAa,EAAE,CAAC;gCACzC,OAAO,QAAQ,CAAC;4BAClB,CAAC;4BAED,MAAM,IAAA,qBAAU,EAAC,UAAU,GAAG,GAAG,CAAC,CAAC;wBACrC,CAAC;wBAED,MAAM,IAAI,oBAAQ,CAAC,QAAQ,CAAC,CAAC;oBAC/B,CAAC;oBAED;;;uBAGG;oBACH,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;wBACpD,MAAM,IAAI,oBAAQ,CAAC,QAAQ,CAAC,CAAC;oBAC/B,CAAC;oBAED,OAAO,QAAQ,CAAC;gBAClB,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf;;;uBAGG;oBACH,IAAI,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;wBACxB,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC;oBACrB,CAAC;oBAED;;;uBAGG;oBACH,IAAI,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC;wBACzB,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;oBAClE,CAAC;oBAED,MAAM,KAAK,CAAC;gBACd,CAAC;YACH,CAAC,EAAE,SAAS,CAAC,CAAa,CAAC;QAC7B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf;;;;eAIG;YACH,IAAI,KAAK,YAAY,oBAAQ,EAAE,CAAC;gBAC9B,OAAO,KAAK,CAAC,QAAQ,CAAC;YACxB,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,OAAO,CACL,KAAK,KAAK,SAAS;QACnB,KAAK,KAAK,IAAI;QACb,KAAe,CAAC,IAAI,KAAK,YAAY,CACvC,CAAC;AACJ,CAAC"}

package/dist/auth/api.d.ts

@@ -0,0 +1,6 @@
+export declare function fetchApi(opts: {
+    token: string;
+    endpoint: string;
+    method?: string;
+    body?: string;
+}): Promise<unknown>;

package/dist/auth/api.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchApi = fetchApi;
+const error_1 = require("./error");
+async function fetchApi(opts) {
+    const x = await fetch(`https://api.vercel.com${opts.endpoint}`, {
+        method: opts.method,
+        body: opts.body,
+        headers: {
+            Authorization: `Bearer ${opts.token}`,
+            "Content-Type": "application/json",
+        },
+    });
+    if (!x.ok) {
+        let message = await x.text();
+        try {
+            const { error } = JSON.parse(message);
+            message = `${error.code.toUpperCase()}: ${error.message}`;
+        }
+        catch { }
+        throw new error_1.NotOk({
+            responseText: message,
+            statusCode: x.status,
+        });
+    }
+    return (await x.json());
+}
+//# sourceMappingURL=api.js.map

package/dist/auth/api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api.js","sourceRoot":"","sources":["../../src/auth/api.ts"],"names":[],"mappings":";;AAEA,4BA4BC;AA9BD,mCAAgC;AAEzB,KAAK,UAAU,QAAQ,CAAC,IAK9B;IACC,MAAM,CAAC,GAAG,MAAM,KAAK,CAAC,yBAAyB,IAAI,CAAC,QAAQ,EAAE,EAAE;QAC9D,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE;YACrC,cAAc,EAAE,kBAAkB;SACnC;KACF,CAAC,CAAC;IACH,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;QACV,IAAI,OAAO,GAAG,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;QAE7B,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACtC,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC;QAC5D,CAAC;QAAC,MAAM,CAAC,CAAA,CAAC;QAEV,MAAM,IAAI,aAAK,CAAC;YACd,YAAY,EAAE,OAAO;YACrB,UAAU,EAAE,CAAC,CAAC,MAAM;SACrB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAY,CAAC;AACrC,CAAC"}

package/dist/auth/error.d.ts

@@ -0,0 +1,11 @@
+export declare class NotOk extends Error {
+    name: string;
+    response: {
+        statusCode: number;
+        responseText: string;
+    };
+    constructor(response: {
+        statusCode: number;
+        responseText: string;
+    });
+}

package/dist/auth/error.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NotOk = void 0;
+class NotOk extends Error {
+    constructor(response) {
+        super(`HTTP ${response.statusCode}: ${response.responseText}`);
+        this.name = "NotOk";
+        this.response = response;
+    }
+}
+exports.NotOk = NotOk;
+//# sourceMappingURL=error.js.map

package/dist/auth/error.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error.js","sourceRoot":"","sources":["../../src/auth/error.ts"],"names":[],"mappings":";;;AAAA,MAAa,KAAM,SAAQ,KAAK;IAG9B,YAAY,QAAsD;QAChE,KAAK,CAAC,QAAQ,QAAQ,CAAC,UAAU,KAAK,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC;QAHjE,SAAI,GAAG,OAAO,CAAC;QAIb,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;CACF;AAPD,sBAOC"}

package/dist/auth/file.d.ts

@@ -0,0 +1,22 @@
+import { z } from "zod";
+declare const AuthFile: z.ZodObject<{
+    token: z.ZodOptional<z.ZodString>;
+    refreshToken: z.ZodOptional<z.ZodString>;
+    expiresAt: z.ZodOptional<z.ZodEffects<z.ZodNumber, Date, number>>;
+}, "strip", z.ZodTypeAny, {
+    expiresAt?: Date | undefined;
+    token?: string | undefined;
+    refreshToken?: string | undefined;
+}, {
+    expiresAt?: number | undefined;
+    token?: string | undefined;
+    refreshToken?: string | undefined;
+}>;
+type AuthFile = z.infer<typeof AuthFile>;
+export declare const getAuth: () => {
+    expiresAt?: Date | undefined;
+    token?: string | undefined;
+    refreshToken?: string | undefined;
+} | null;
+export declare function updateAuthConfig(config: AuthFile): void;
+export {};

package/dist/auth/file.js

@@ -0,0 +1,66 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getAuth = void 0;
+exports.updateAuthConfig = updateAuthConfig;
+const node_path_1 = __importDefault(require("node:path"));
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_os_1 = require("node:os");
+const xdg_app_paths_1 = __importDefault(require("xdg-app-paths"));
+const zod_1 = require("zod");
+const zod_2 = require("./zod");
+const ZodDate = zod_1.z.number().transform((seconds) => new Date(seconds * 1000));
+const AuthFile = zod_1.z.object({
+    token: zod_1.z.string().min(1).optional(),
+    refreshToken: zod_1.z.string().min(1).optional(),
+    expiresAt: ZodDate.optional(),
+});
+const StoredAuthFile = zod_2.json.pipe(AuthFile);
+// Returns whether a directory exists
+const isDirectory = (path) => {
+    try {
+        return node_fs_1.default.lstatSync(path).isDirectory();
+    }
+    catch (_) {
+        // We don't care which kind of error occured, it isn't a directory anyway.
+        return false;
+    }
+};
+// Returns in which directory the config should be present
+const getGlobalPathConfig = () => {
+    const vercelDirectories = (0, xdg_app_paths_1.default)("com.vercel.cli").dataDirs();
+    const possibleConfigPaths = [
+        ...vercelDirectories, // latest vercel directory
+        node_path_1.default.join((0, node_os_1.homedir)(), ".now"), // legacy config in user's home directory
+        ...(0, xdg_app_paths_1.default)("now").dataDirs(), // legacy XDG directory
+    ];
+    // The customPath flag is the preferred location,
+    // followed by the vercel directory,
+    // followed by the now directory.
+    // If none of those exist, use the vercel directory.
+    return (possibleConfigPaths.find((configPath) => isDirectory(configPath)) ||
+        vercelDirectories[0]);
+};
+const getAuth = () => {
+    try {
+        const pathname = node_path_1.default.join(getGlobalPathConfig(), "auth.json");
+        return StoredAuthFile.parse(node_fs_1.default.readFileSync(pathname, "utf8"));
+    }
+    catch {
+        return null;
+    }
+};
+exports.getAuth = getAuth;
+function updateAuthConfig(config) {
+    const pathname = node_path_1.default.join(getGlobalPathConfig(), "auth.json");
+    node_fs_1.default.mkdirSync(node_path_1.default.dirname(pathname), { recursive: true });
+    const content = {
+        token: config.token,
+        expiresAt: config.expiresAt && Math.round(config.expiresAt.getTime() / 1000),
+        refreshToken: config.refreshToken,
+    };
+    node_fs_1.default.writeFileSync(pathname, JSON.stringify(content) + "\n");
+}
+//# sourceMappingURL=file.js.map

package/dist/auth/file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file.js","sourceRoot":"","sources":["../../src/auth/file.ts"],"names":[],"mappings":";;;;;;AA0DA,4CAUC;AApED,0DAA6B;AAC7B,sDAAyB;AACzB,qCAAkC;AAClC,kEAAwC;AACxC,6BAAwB;AACxB,+BAA6B;AAE7B,MAAM,OAAO,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC;AAE5E,MAAM,QAAQ,GAAG,OAAC,CAAC,MAAM,CAAC;IACxB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IACnC,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1C,SAAS,EAAE,OAAO,CAAC,QAAQ,EAAE;CAC9B,CAAC,CAAC;AAEH,MAAM,cAAc,GAAG,UAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAI3C,qCAAqC;AACrC,MAAM,WAAW,GAAG,CAAC,IAAY,EAAW,EAAE;IAC5C,IAAI,CAAC;QACH,OAAO,iBAAE,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IAC1C,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,0EAA0E;QAC1E,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC,CAAC;AAEF,0DAA0D;AAC1D,MAAM,mBAAmB,GAAG,GAAW,EAAE;IACvC,MAAM,iBAAiB,GAAG,IAAA,uBAAW,EAAC,gBAAgB,CAAC,CAAC,QAAQ,EAAE,CAAC;IAEnE,MAAM,mBAAmB,GAAG;QAC1B,GAAG,iBAAiB,EAAE,0BAA0B;QAChD,mBAAI,CAAC,IAAI,CAAC,IAAA,iBAAO,GAAE,EAAE,MAAM,CAAC,EAAE,yCAAyC;QACvE,GAAG,IAAA,uBAAW,EAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,EAAE,uBAAuB;KAC1D,CAAC;IAEF,iDAAiD;IACjD,oCAAoC;IACpC,iCAAiC;IACjC,oDAAoD;IACpD,OAAO,CACL,mBAAmB,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QACjE,iBAAiB,CAAC,CAAC,CAAC,CACrB,CAAC;AACJ,CAAC,CAAC;AAEK,MAAM,OAAO,GAAG,GAAG,EAAE;IAC1B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,WAAW,CAAC,CAAC;QAC/D,OAAO,cAAc,CAAC,KAAK,CAAC,iBAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC,CAAC;AAPW,QAAA,OAAO,WAOlB;AAEF,SAAgB,gBAAgB,CAAC,MAAgB;IAC/C,MAAM,QAAQ,GAAG,mBAAI,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,WAAW,CAAC,CAAC;IAC/D,iBAAE,CAAC,SAAS,CAAC,mBAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG;QACd,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,SAAS,EACP,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;QACnE,YAAY,EAAE,MAAM,CAAC,YAAY;KACC,CAAC;IACrC,iBAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC;AAC7D,CAAC"}

package/dist/auth/index.d.ts

@@ -0,0 +1,6 @@
+export * from "./file";
+export type * from "./file";
+export * from "./oauth";
+export type * from "./oauth";
+export { pollForToken } from "./poll-for-token";
+export { inferScope, selectTeam } from "./project";

package/dist/auth/index.js

@@ -0,0 +1,27 @@
+"use strict";
+// This file can also be imported as `@vercel/sandbox/dist/auth`, which is completely fine.
+// The only valid importer of this would be the CLI as we share the same codebase.
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.selectTeam = exports.inferScope = exports.pollForToken = void 0;
+__exportStar(require("./file"), exports);
+__exportStar(require("./oauth"), exports);
+var poll_for_token_1 = require("./poll-for-token");
+Object.defineProperty(exports, "pollForToken", { enumerable: true, get: function () { return poll_for_token_1.pollForToken; } });
+var project_1 = require("./project");
+Object.defineProperty(exports, "inferScope", { enumerable: true, get: function () { return project_1.inferScope; } });
+Object.defineProperty(exports, "selectTeam", { enumerable: true, get: function () { return project_1.selectTeam; } });
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";AAAA,2FAA2F;AAC3F,kFAAkF;;;;;;;;;;;;;;;;;AAElF,yCAAuB;AAEvB,0CAAwB;AAExB,mDAAgD;AAAvC,8GAAA,YAAY,OAAA;AACrB,qCAAmD;AAA1C,qGAAA,UAAU,OAAA;AAAE,qGAAA,UAAU,OAAA"}

package/dist/auth/linked-project.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Reads the linked project configuration from `.vercel/project.json`.
+ *
+ * @param cwd - The directory to search for `.vercel/project.json`.
+ * @returns The linked project's `projectId` and `teamId`, or `null` if not found.
+ */
+export declare function readLinkedProject(cwd: string): Promise<{
+    projectId: string;
+    teamId: string;
+} | null>;

package/dist/auth/linked-project.js

@@ -0,0 +1,69 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readLinkedProject = readLinkedProject;
+const zod_1 = require("zod");
+const fs = __importStar(require("node:fs/promises"));
+const path = __importStar(require("node:path"));
+const zod_2 = require("./zod");
+const LinkedProjectSchema = zod_2.json.pipe(zod_1.z.object({
+    projectId: zod_1.z.string(),
+    orgId: zod_1.z.string(),
+}));
+/**
+ * Reads the linked project configuration from `.vercel/project.json`.
+ *
+ * @param cwd - The directory to search for `.vercel/project.json`.
+ * @returns The linked project's `projectId` and `teamId`, or `null` if not found.
+ */
+async function readLinkedProject(cwd) {
+    const projectJsonPath = path.join(cwd, ".vercel", "project.json");
+    let content;
+    try {
+        content = await fs.readFile(projectJsonPath, "utf-8");
+    }
+    catch {
+        return null;
+    }
+    const parsed = LinkedProjectSchema.safeParse(content);
+    if (!parsed.success) {
+        return null;
+    }
+    return {
+        projectId: parsed.data.projectId,
+        teamId: parsed.data.orgId,
+    };
+}
+//# sourceMappingURL=linked-project.js.map

package/dist/auth/linked-project.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"linked-project.js","sourceRoot":"","sources":["../../src/auth/linked-project.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA,8CAqBC;AAvCD,6BAAwB;AACxB,qDAAuC;AACvC,gDAAkC;AAClC,+BAA6B;AAE7B,MAAM,mBAAmB,GAAG,UAAI,CAAC,IAAI,CACnC,OAAC,CAAC,MAAM,CAAC;IACP,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;CAClB,CAAC,CACH,CAAC;AAEF;;;;;GAKG;AACI,KAAK,UAAU,iBAAiB,CACrC,GAAW;IAEX,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;IAElE,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACtD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS;QAChC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;KAC1B,CAAC;AACJ,CAAC"}

package/dist/auth/oauth.d.ts

@@ -0,0 +1,131 @@
+import { z } from "zod";
+declare const IntrospectionResponse: z.ZodUnion<[z.ZodObject<{
+    active: z.ZodLiteral<true>;
+    client_id: z.ZodString;
+    session_id: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    active: true;
+    client_id: string;
+    session_id: string;
+}, {
+    active: true;
+    client_id: string;
+    session_id: string;
+}>, z.ZodObject<{
+    active: z.ZodLiteral<false>;
+}, "strip", z.ZodTypeAny, {
+    active: false;
+}, {
+    active: false;
+}>]>;
+export declare function OAuth(): Promise<{
+    /**
+     * Perform the Device Authorization Request
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.1
+     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.2
+     */
+    deviceAuthorizationRequest(): Promise<DeviceAuthorizationRequest>;
+    /**
+     * Perform the Device Access Token Request
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.4
+     */
+    deviceAccessTokenRequest(device_code: string): Promise<[Error] | [null, Response]>;
+    /**
+     * Process the Token request Response
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
+     */
+    processTokenResponse(response: Response): Promise<[OAuthError] | [null, TokenSet]>;
+    /**
+     * Perform a Token Revocation Request.
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
+     * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.2
+     */
+    revokeToken(token: string): Promise<OAuthError | void>;
+    /**
+     * Perform Refresh Token Request.
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
+     */
+    refreshToken(token: string): Promise<TokenSet>;
+    /**
+     * Perform Token Introspection Request.
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc7662#section-2.1
+     */
+    introspectToken(token: string): Promise<z.infer<typeof IntrospectionResponse>>;
+}>;
+export type OAuth = Awaited<ReturnType<typeof OAuth>>;
+declare const TokenSet: z.ZodObject<{
+    /** The access token issued by the authorization server. */
+    access_token: z.ZodString;
+    /** The type of the token issued */
+    token_type: z.ZodLiteral<"Bearer">;
+    /** The lifetime in seconds of the access token. */
+    expires_in: z.ZodNumber;
+    /** The refresh token, which can be used to obtain new access tokens. */
+    refresh_token: z.ZodOptional<z.ZodString>;
+    /** The scope of the access token. */
+    scope: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    expires_in: number;
+    access_token: string;
+    token_type: "Bearer";
+    refresh_token?: string | undefined;
+    scope?: string | undefined;
+}, {
+    expires_in: number;
+    access_token: string;
+    token_type: "Bearer";
+    refresh_token?: string | undefined;
+    scope?: string | undefined;
+}>;
+type TokenSet = z.infer<typeof TokenSet>;
+declare const OAuthErrorResponse: z.ZodObject<{
+    error: z.ZodEnum<["invalid_request", "invalid_client", "invalid_grant", "unauthorized_client", "unsupported_grant_type", "invalid_scope", "server_error", "authorization_pending", "slow_down", "access_denied", "expired_token", "unsupported_token_type"]>;
+    error_description: z.ZodOptional<z.ZodString>;
+    error_uri: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    error: "invalid_request" | "invalid_client" | "invalid_grant" | "unauthorized_client" | "unsupported_grant_type" | "invalid_scope" | "server_error" | "authorization_pending" | "slow_down" | "access_denied" | "expired_token" | "unsupported_token_type";
+    error_description?: string | undefined;
+    error_uri?: string | undefined;
+}, {
+    error: "invalid_request" | "invalid_client" | "invalid_grant" | "unauthorized_client" | "unsupported_grant_type" | "invalid_scope" | "server_error" | "authorization_pending" | "slow_down" | "access_denied" | "expired_token" | "unsupported_token_type";
+    error_description?: string | undefined;
+    error_uri?: string | undefined;
+}>;
+type OAuthErrorResponse = z.infer<typeof OAuthErrorResponse>;
+declare class OAuthError extends Error {
+    name: string;
+    code: OAuthErrorResponse["error"];
+    cause: Error;
+    constructor(message: string, response: unknown);
+}
+export declare function isOAuthError(error: unknown): error is OAuthError;
+export interface DeviceAuthorizationRequest {
+    /** The device verification code. */
+    device_code: string;
+    /** The end-user verification code. */
+    user_code: string;
+    /**
+     * The minimum amount of time in seconds that the client
+     * SHOULD wait between polling requests to the token endpoint.
+     */
+    interval: number;
+    /** The end-user verification URI on the authorization server. */
+    verification_uri: string;
+    /**
+     * The end-user verification URI on the authorization server,
+     * including the `user_code`, without redirection.
+     */
+    verification_uri_complete: string;
+    /**
+     * The absolute lifetime of the `device_code` and `user_code`.
+     * Calculated from `expires_in`.
+     */
+    expiresAt: number;
+}
+export {};