@vercel/sandbox 1.1.4 → 1.1.6

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";AAAA,2FAA2F;AAC3F,kFAAkF;;;;;;;;;;;;;;;;;AAElF,yCAAuB;AAEvB,0CAAwB;AAExB,mDAAgD;AAAvC,8GAAA,YAAY,OAAA;AACrB,qCAAmD;AAA1C,qGAAA,UAAU,OAAA;AAAE,qGAAA,UAAU,OAAA"}

package/dist/auth/linked-project.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Reads the linked project configuration from `.vercel/project.json`.
+ *
+ * @param cwd - The directory to search for `.vercel/project.json`.
+ * @returns The linked project's `projectId` and `teamId`, or `null` if not found.
+ */
+export declare function readLinkedProject(cwd: string): Promise<{
+    projectId: string;
+    teamId: string;
+} | null>;

package/dist/auth/linked-project.js

@@ -0,0 +1,69 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readLinkedProject = readLinkedProject;
+const zod_1 = require("zod");
+const fs = __importStar(require("node:fs/promises"));
+const path = __importStar(require("node:path"));
+const zod_2 = require("./zod");
+const LinkedProjectSchema = zod_2.json.pipe(zod_1.z.object({
+    projectId: zod_1.z.string(),
+    orgId: zod_1.z.string(),
+}));
+/**
+ * Reads the linked project configuration from `.vercel/project.json`.
+ *
+ * @param cwd - The directory to search for `.vercel/project.json`.
+ * @returns The linked project's `projectId` and `teamId`, or `null` if not found.
+ */
+async function readLinkedProject(cwd) {
+    const projectJsonPath = path.join(cwd, ".vercel", "project.json");
+    let content;
+    try {
+        content = await fs.readFile(projectJsonPath, "utf-8");
+    }
+    catch {
+        return null;
+    }
+    const parsed = LinkedProjectSchema.safeParse(content);
+    if (!parsed.success) {
+        return null;
+    }
+    return {
+        projectId: parsed.data.projectId,
+        teamId: parsed.data.orgId,
+    };
+}
+//# sourceMappingURL=linked-project.js.map

package/dist/auth/linked-project.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"linked-project.js","sourceRoot":"","sources":["../../src/auth/linked-project.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA,8CAqBC;AAvCD,6BAAwB;AACxB,qDAAuC;AACvC,gDAAkC;AAClC,+BAA6B;AAE7B,MAAM,mBAAmB,GAAG,UAAI,CAAC,IAAI,CACnC,OAAC,CAAC,MAAM,CAAC;IACP,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;CAClB,CAAC,CACH,CAAC;AAEF;;;;;GAKG;AACI,KAAK,UAAU,iBAAiB,CACrC,GAAW;IAEX,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;IAElE,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IACtD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS;QAChC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;KAC1B,CAAC;AACJ,CAAC"}

package/dist/auth/oauth.d.ts

@@ -0,0 +1,131 @@
+import { z } from "zod";
+declare const IntrospectionResponse: z.ZodUnion<[z.ZodObject<{
+    active: z.ZodLiteral<true>;
+    client_id: z.ZodString;
+    session_id: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    active: true;
+    client_id: string;
+    session_id: string;
+}, {
+    active: true;
+    client_id: string;
+    session_id: string;
+}>, z.ZodObject<{
+    active: z.ZodLiteral<false>;
+}, "strip", z.ZodTypeAny, {
+    active: false;
+}, {
+    active: false;
+}>]>;
+export declare function OAuth(): Promise<{
+    /**
+     * Perform the Device Authorization Request
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.1
+     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.2
+     */
+    deviceAuthorizationRequest(): Promise<DeviceAuthorizationRequest>;
+    /**
+     * Perform the Device Access Token Request
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.4
+     */
+    deviceAccessTokenRequest(device_code: string): Promise<[Error] | [null, Response]>;
+    /**
+     * Process the Token request Response
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
+     */
+    processTokenResponse(response: Response): Promise<[OAuthError] | [null, TokenSet]>;
+    /**
+     * Perform a Token Revocation Request.
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
+     * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.2
+     */
+    revokeToken(token: string): Promise<OAuthError | void>;
+    /**
+     * Perform Refresh Token Request.
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
+     */
+    refreshToken(token: string): Promise<TokenSet>;
+    /**
+     * Perform Token Introspection Request.
+     *
+     * @see https://datatracker.ietf.org/doc/html/rfc7662#section-2.1
+     */
+    introspectToken(token: string): Promise<z.infer<typeof IntrospectionResponse>>;
+}>;
+export type OAuth = Awaited<ReturnType<typeof OAuth>>;
+declare const TokenSet: z.ZodObject<{
+    /** The access token issued by the authorization server. */
+    access_token: z.ZodString;
+    /** The type of the token issued */
+    token_type: z.ZodLiteral<"Bearer">;
+    /** The lifetime in seconds of the access token. */
+    expires_in: z.ZodNumber;
+    /** The refresh token, which can be used to obtain new access tokens. */
+    refresh_token: z.ZodOptional<z.ZodString>;
+    /** The scope of the access token. */
+    scope: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    expires_in: number;
+    access_token: string;
+    token_type: "Bearer";
+    refresh_token?: string | undefined;
+    scope?: string | undefined;
+}, {
+    expires_in: number;
+    access_token: string;
+    token_type: "Bearer";
+    refresh_token?: string | undefined;
+    scope?: string | undefined;
+}>;
+type TokenSet = z.infer<typeof TokenSet>;
+declare const OAuthErrorResponse: z.ZodObject<{
+    error: z.ZodEnum<["invalid_request", "invalid_client", "invalid_grant", "unauthorized_client", "unsupported_grant_type", "invalid_scope", "server_error", "authorization_pending", "slow_down", "access_denied", "expired_token", "unsupported_token_type"]>;
+    error_description: z.ZodOptional<z.ZodString>;
+    error_uri: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    error: "invalid_request" | "invalid_client" | "invalid_grant" | "unauthorized_client" | "unsupported_grant_type" | "invalid_scope" | "server_error" | "authorization_pending" | "slow_down" | "access_denied" | "expired_token" | "unsupported_token_type";
+    error_description?: string | undefined;
+    error_uri?: string | undefined;
+}, {
+    error: "invalid_request" | "invalid_client" | "invalid_grant" | "unauthorized_client" | "unsupported_grant_type" | "invalid_scope" | "server_error" | "authorization_pending" | "slow_down" | "access_denied" | "expired_token" | "unsupported_token_type";
+    error_description?: string | undefined;
+    error_uri?: string | undefined;
+}>;
+type OAuthErrorResponse = z.infer<typeof OAuthErrorResponse>;
+declare class OAuthError extends Error {
+    name: string;
+    code: OAuthErrorResponse["error"];
+    cause: Error;
+    constructor(message: string, response: unknown);
+}
+export declare function isOAuthError(error: unknown): error is OAuthError;
+export interface DeviceAuthorizationRequest {
+    /** The device verification code. */
+    device_code: string;
+    /** The end-user verification code. */
+    user_code: string;
+    /**
+     * The minimum amount of time in seconds that the client
+     * SHOULD wait between polling requests to the token endpoint.
+     */
+    interval: number;
+    /** The end-user verification URI on the authorization server. */
+    verification_uri: string;
+    /**
+     * The end-user verification URI on the authorization server,
+     * including the `user_code`, without redirection.
+     */
+    verification_uri_complete: string;
+    /**
+     * The absolute lifetime of the `device_code` and `user_code`.
+     * Calculated from `expires_in`.
+     */
+    expiresAt: number;
+}
+export {};

package/dist/auth/oauth.js

@@ -0,0 +1,269 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuth = OAuth;
+exports.isOAuthError = isOAuthError;
+const os_1 = __importDefault(require("os"));
+const zod_1 = require("zod");
+const version_1 = require("../version");
+const USER_AGENT = `${os_1.default.hostname()} @ vercel/sandbox/${version_1.VERSION} node-${process.version} ${os_1.default.platform()} (${os_1.default.arch()})`;
+const ISSUER = new URL("https://vercel.com");
+const CLIENT_ID = "cl_HYyOPBNtFMfHhaUn9L4QPfTZz6TP47bp";
+const AuthorizationServerMetadata = zod_1.z.object({
+    issuer: zod_1.z.string().url(),
+    device_authorization_endpoint: zod_1.z.string().url(),
+    token_endpoint: zod_1.z.string().url(),
+    revocation_endpoint: zod_1.z.string().url(),
+    jwks_uri: zod_1.z.string().url(),
+    introspection_endpoint: zod_1.z.string().url(),
+});
+let _as;
+const DeviceAuthorization = zod_1.z.object({
+    device_code: zod_1.z.string(),
+    user_code: zod_1.z.string(),
+    verification_uri: zod_1.z.string().url(),
+    verification_uri_complete: zod_1.z.string().url(),
+    expires_in: zod_1.z.number(),
+    interval: zod_1.z.number(),
+});
+const IntrospectionResponse = zod_1.z
+    .object({
+    active: zod_1.z.literal(true),
+    client_id: zod_1.z.string(),
+    session_id: zod_1.z.string(),
+})
+    .or(zod_1.z.object({ active: zod_1.z.literal(false) }));
+/**
+ * Returns the Authorization Server Metadata
+ *
+ * @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
+ * @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse
+ */
+async function authorizationServerMetadata() {
+    if (_as)
+        return _as;
+    const response = await fetch(new URL(".well-known/openid-configuration", ISSUER), {
+        headers: { "Content-Type": "application/json", "user-agent": USER_AGENT },
+    });
+    _as = AuthorizationServerMetadata.parse(await response.json());
+    return _as;
+}
+async function OAuth() {
+    const as = await authorizationServerMetadata();
+    return {
+        /**
+         * Perform the Device Authorization Request
+         *
+         * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.1
+         * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.2
+         */
+        async deviceAuthorizationRequest() {
+            const response = await fetch(as.device_authorization_endpoint, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded",
+                    "user-agent": USER_AGENT,
+                },
+                body: new URLSearchParams({
+                    client_id: CLIENT_ID,
+                    scope: "openid offline_access",
+                }),
+            });
+            const json = await response.json();
+            const parsed = DeviceAuthorization.safeParse(json);
+            if (!parsed.success) {
+                throw new OAuthError(`Failed to parse device authorization response: ${parsed.error.message}`, json);
+            }
+            return {
+                device_code: parsed.data.device_code,
+                user_code: parsed.data.user_code,
+                verification_uri: parsed.data.verification_uri,
+                verification_uri_complete: parsed.data.verification_uri_complete,
+                expiresAt: Date.now() + parsed.data.expires_in * 1000,
+                interval: parsed.data.interval,
+            };
+        },
+        /**
+         * Perform the Device Access Token Request
+         *
+         * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.4
+         */
+        async deviceAccessTokenRequest(device_code) {
+            try {
+                return [
+                    null,
+                    await fetch(as.token_endpoint, {
+                        method: "POST",
+                        headers: {
+                            "Content-Type": "application/x-www-form-urlencoded",
+                            "user-agent": USER_AGENT,
+                        },
+                        body: new URLSearchParams({
+                            client_id: CLIENT_ID,
+                            grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+                            device_code,
+                        }),
+                        signal: AbortSignal.timeout(10 * 1000),
+                    }),
+                ];
+            }
+            catch (error) {
+                if (error instanceof Error)
+                    return [error];
+                return [
+                    new Error("An unknown error occurred. See the logs for details.", {
+                        cause: error,
+                    }),
+                ];
+            }
+        },
+        /**
+         * Process the Token request Response
+         *
+         * @see https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
+         */
+        async processTokenResponse(response) {
+            const json = await response.json();
+            const processed = TokenSet.safeParse(json);
+            if (!processed.success) {
+                return [
+                    new OAuthError(`Failed to parse token response: ${processed.error.message}`, json),
+                ];
+            }
+            return [null, processed.data];
+        },
+        /**
+         * Perform a Token Revocation Request.
+         *
+         * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
+         * @see https://datatracker.ietf.org/doc/html/rfc7009#section-2.2
+         */
+        async revokeToken(token) {
+            const response = await fetch(as.revocation_endpoint, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded",
+                    "user-agent": USER_AGENT,
+                },
+                body: new URLSearchParams({ token, client_id: CLIENT_ID }),
+            });
+            if (response.ok)
+                return;
+            const json = await response.json();
+            return new OAuthError("Revocation request failed", json);
+        },
+        /**
+         * Perform Refresh Token Request.
+         *
+         * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
+         */
+        async refreshToken(token) {
+            const response = await fetch(as.token_endpoint, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded",
+                    "user-agent": USER_AGENT,
+                },
+                body: new URLSearchParams({
+                    client_id: CLIENT_ID,
+                    grant_type: "refresh_token",
+                    refresh_token: token,
+                }),
+            });
+            const [tokensError, tokenSet] = await this.processTokenResponse(response);
+            if (tokensError)
+                throw tokensError;
+            return tokenSet;
+        },
+        /**
+         * Perform Token Introspection Request.
+         *
+         * @see https://datatracker.ietf.org/doc/html/rfc7662#section-2.1
+         */
+        async introspectToken(token) {
+            const response = await fetch(as.introspection_endpoint, {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded",
+                    "user-agent": USER_AGENT,
+                },
+                body: new URLSearchParams({ token }),
+            });
+            const json = await response.json();
+            const processed = IntrospectionResponse.safeParse(json);
+            if (!processed.success) {
+                throw new OAuthError(`Failed to parse introspection response: ${processed.error.message}`, json);
+            }
+            return processed.data;
+        },
+    };
+}
+const TokenSet = zod_1.z.object({
+    /** The access token issued by the authorization server. */
+    access_token: zod_1.z.string(),
+    /** The type of the token issued */
+    token_type: zod_1.z.literal("Bearer"),
+    /** The lifetime in seconds of the access token. */
+    expires_in: zod_1.z.number(),
+    /** The refresh token, which can be used to obtain new access tokens. */
+    refresh_token: zod_1.z.string().optional(),
+    /** The scope of the access token. */
+    scope: zod_1.z.string().optional(),
+});
+const OAuthErrorResponse = zod_1.z.object({
+    error: zod_1.z.enum([
+        "invalid_request",
+        "invalid_client",
+        "invalid_grant",
+        "unauthorized_client",
+        "unsupported_grant_type",
+        "invalid_scope",
+        "server_error",
+        // Device Authorization Response Errors
+        "authorization_pending",
+        "slow_down",
+        "access_denied",
+        "expired_token",
+        // Revocation Response Errors
+        "unsupported_token_type",
+    ]),
+    error_description: zod_1.z.string().optional(),
+    error_uri: zod_1.z.string().optional(),
+});
+function processOAuthErrorResponse(json) {
+    try {
+        return OAuthErrorResponse.parse(json);
+    }
+    catch (error) {
+        if (error instanceof zod_1.z.ZodError) {
+            return new TypeError(`Invalid OAuth error response: ${error.message}`);
+        }
+        return new TypeError("Failed to parse OAuth error response");
+    }
+}
+class OAuthError extends Error {
+    constructor(message, response) {
+        super(message);
+        this.name = "OAuthError";
+        const error = processOAuthErrorResponse(response);
+        if (error instanceof TypeError) {
+            const message = `Unexpected server response: ${JSON.stringify(response)}`;
+            this.cause = new Error(message, { cause: error });
+            this.code = "server_error";
+            return;
+        }
+        let cause = error.error;
+        if (error.error_description)
+            cause += `: ${error.error_description}`;
+        if (error.error_uri)
+            cause += ` (${error.error_uri})`;
+        this.cause = new Error(cause);
+        this.code = error.error;
+    }
+}
+function isOAuthError(error) {
+    return error instanceof OAuthError;
+}
+//# sourceMappingURL=oauth.js.map

package/dist/auth/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":";;;;;AA2DA,sBA0KC;AA6ED,oCAEC;AApTD,4CAAoB;AACpB,6BAAwB;AACxB,wCAAqC;AAErC,MAAM,UAAU,GAAG,GAAG,YAAE,CAAC,QAAQ,EAAE,qBAAqB,iBAAO,SAC7D,OAAO,CAAC,OACV,IAAI,YAAE,CAAC,QAAQ,EAAE,KAAK,YAAE,CAAC,IAAI,EAAE,GAAG,CAAC;AAEnC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,CAAC;AAC7C,MAAM,SAAS,GAAG,qCAAqC,CAAC;AAExD,MAAM,2BAA2B,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACxB,6BAA6B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAC/C,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAChC,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAC1B,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;CACzC,CAAC,CAAC;AAEH,IAAI,GAAgC,CAAC;AAErC,MAAM,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IACnC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE;IACvB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAClC,yBAAyB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAC3C,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;IACtB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;CACrB,CAAC,CAAC;AAEH,MAAM,qBAAqB,GAAG,OAAC;KAC5B,MAAM,CAAC;IACN,MAAM,EAAE,OAAC,CAAC,OAAO,CAAC,IAAI,CAAC;IACvB,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE;IACrB,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;CACvB,CAAC;KACD,EAAE,CAAC,OAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;AAE9C;;;;;GAKG;AACH,KAAK,UAAU,2BAA2B;IACxC,IAAI,GAAG;QAAE,OAAO,GAAG,CAAC;IAEpB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAC1B,IAAI,GAAG,CAAC,kCAAkC,EAAE,MAAM,CAAC,EACnD;QACE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,YAAY,EAAE,UAAU,EAAE;KAC1E,CACF,CAAC;IAEF,GAAG,GAAG,2BAA2B,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC/D,OAAO,GAAG,CAAC;AACb,CAAC;AAEM,KAAK,UAAU,KAAK;IACzB,MAAM,EAAE,GAAG,MAAM,2BAA2B,EAAE,CAAC;IAC/C,OAAO;QACL;;;;;WAKG;QACH,KAAK,CAAC,0BAA0B;YAC9B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,EAAE,CAAC,6BAA6B,EAAE;gBAC7D,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,YAAY,EAAE,UAAU;iBACzB;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,SAAS,EAAE,SAAS;oBACpB,KAAK,EAAE,uBAAuB;iBAC/B,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAEnD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,UAAU,CAClB,kDAAkD,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,EACxE,IAAI,CACL,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW;gBACpC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS;gBAChC,gBAAgB,EAAE,MAAM,CAAC,IAAI,CAAC,gBAAgB;gBAC9C,yBAAyB,EAAE,MAAM,CAAC,IAAI,CAAC,yBAAyB;gBAChE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI;gBACrD,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ;aAC/B,CAAC;QACJ,CAAC;QACD;;;;WAIG;QACH,KAAK,CAAC,wBAAwB,CAC5B,WAAmB;YAEnB,IAAI,CAAC;gBACH,OAAO;oBACL,IAAI;oBACJ,MAAM,KAAK,CAAC,EAAE,CAAC,cAAc,EAAE;wBAC7B,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE;4BACP,cAAc,EAAE,mCAAmC;4BACnD,YAAY,EAAE,UAAU;yBACzB;wBACD,IAAI,EAAE,IAAI,eAAe,CAAC;4BACxB,SAAS,EAAE,SAAS;4BACpB,UAAU,EAAE,8CAA8C;4BAC1D,WAAW;yBACZ,CAAC;wBACF,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,EAAE,GAAG,IAAI,CAAC;qBACvC,CAAC;iBACH,CAAC;YACJ,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,KAAK,YAAY,KAAK;oBAAE,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC3C,OAAO;oBACL,IAAI,KAAK,CAAC,sDAAsD,EAAE;wBAChE,KAAK,EAAE,KAAK;qBACb,CAAC;iBACH,CAAC;YACJ,CAAC;QACH,CAAC;QACD;;;;WAIG;QACH,KAAK,CAAC,oBAAoB,CACxB,QAAkB;YAElB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAE3C,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,OAAO;oBACL,IAAI,UAAU,CACZ,mCAAmC,SAAS,CAAC,KAAK,CAAC,OAAO,EAAE,EAC5D,IAAI,CACL;iBACF,CAAC;YACJ,CAAC;YAED,OAAO,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QACD;;;;;WAKG;QACH,KAAK,CAAC,WAAW,CAAC,KAAa;YAC7B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,EAAE,CAAC,mBAAmB,EAAE;gBACnD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,YAAY,EAAE,UAAU;iBACzB;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;aAC3D,CAAC,CAAC;YAEH,IAAI,QAAQ,CAAC,EAAE;gBAAE,OAAO;YACxB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEnC,OAAO,IAAI,UAAU,CAAC,2BAA2B,EAAE,IAAI,CAAC,CAAC;QAC3D,CAAC;QACD;;;;WAIG;QACH,KAAK,CAAC,YAAY,CAAC,KAAa;YAC9B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,EAAE,CAAC,cAAc,EAAE;gBAC9C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,YAAY,EAAE,UAAU;iBACzB;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,SAAS,EAAE,SAAS;oBACpB,UAAU,EAAE,eAAe;oBAC3B,aAAa,EAAE,KAAK;iBACrB,CAAC;aACH,CAAC,CAAC;YAEH,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;YAC1E,IAAI,WAAW;gBAAE,MAAM,WAAW,CAAC;YACnC,OAAO,QAAQ,CAAC;QAClB,CAAC;QACD;;;;WAIG;QACH,KAAK,CAAC,eAAe,CACnB,KAAa;YAEb,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,EAAE,CAAC,sBAAsB,EAAE;gBACtD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,YAAY,EAAE,UAAU;iBACzB;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC,EAAE,KAAK,EAAE,CAAC;aACrC,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,SAAS,GAAG,qBAAqB,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACxD,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;gBACvB,MAAM,IAAI,UAAU,CAClB,2CAA2C,SAAS,CAAC,KAAK,CAAC,OAAO,EAAE,EACpE,IAAI,CACL,CAAC;YACJ,CAAC;YAED,OAAO,SAAS,CAAC,IAAI,CAAC;QACxB,CAAC;KACF,CAAC;AACJ,CAAC;AAID,MAAM,QAAQ,GAAG,OAAC,CAAC,MAAM,CAAC;IACxB,2DAA2D;IAC3D,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;IACxB,mCAAmC;IACnC,UAAU,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IAC/B,mDAAmD;IACnD,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE;IACtB,wEAAwE;IACxE,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,qCAAqC;IACrC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7B,CAAC,CAAC;AAIH,MAAM,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,KAAK,EAAE,OAAC,CAAC,IAAI,CAAC;QACZ,iBAAiB;QACjB,gBAAgB;QAChB,eAAe;QACf,qBAAqB;QACrB,wBAAwB;QACxB,eAAe;QACf,cAAc;QACd,uCAAuC;QACvC,uBAAuB;QACvB,WAAW;QACX,eAAe;QACf,eAAe;QACf,6BAA6B;QAC7B,wBAAwB;KACzB,CAAC;IACF,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAIH,SAAS,yBAAyB,CAChC,IAAa;IAEb,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,OAAC,CAAC,QAAQ,EAAE,CAAC;YAChC,OAAO,IAAI,SAAS,CAAC,iCAAiC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,SAAS,CAAC,sCAAsC,CAAC,CAAC;IAC/D,CAAC;AACH,CAAC;AAED,MAAM,UAAW,SAAQ,KAAK;IAI5B,YAAY,OAAe,EAAE,QAAiB;QAC5C,KAAK,CAAC,OAAO,CAAC,CAAC;QAJjB,SAAI,GAAG,YAAY,CAAC;QAKlB,MAAM,KAAK,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;QAClD,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;YAC/B,MAAM,OAAO,GAAG,+BAA+B,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;YAClD,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,IAAI,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC;QACxB,IAAI,KAAK,CAAC,iBAAiB;YAAE,KAAK,IAAI,KAAK,KAAK,CAAC,iBAAiB,EAAE,CAAC;QACrE,IAAI,KAAK,CAAC,SAAS;YAAE,KAAK,IAAI,KAAK,KAAK,CAAC,SAAS,GAAG,CAAC;QAEtD,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC;QAC9B,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC;IAC1B,CAAC;CACF;AAED,SAAgB,YAAY,CAAC,KAAc;IACzC,OAAO,KAAK,YAAY,UAAU,CAAC;AACrC,CAAC"}

package/dist/auth/poll-for-token.d.ts

@@ -0,0 +1,20 @@
+import { DeviceAuthorizationRequest, OAuth } from "./oauth";
+export type PollTokenItem = {
+    _tag: "Timeout";
+    newInterval: number;
+} | {
+    _tag: "SlowDown";
+    newInterval: number;
+} | {
+    _tag: "Error";
+    error: Error;
+} | {
+    _tag: "Response";
+    response: {
+        text(): Promise<string>;
+    };
+};
+export declare function pollForToken({ request, oauth, }: {
+    request: DeviceAuthorizationRequest;
+    oauth: OAuth;
+}): AsyncGenerator<PollTokenItem, void, void>;

package/dist/auth/poll-for-token.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.pollForToken = pollForToken;
+const promises_1 = require("node:timers/promises");
+const file_1 = require("./file");
+const oauth_1 = require("./oauth");
+async function* pollForToken({ request, oauth, }) {
+    const controller = new AbortController();
+    try {
+        let intervalMs = request.interval * 1000;
+        while (Date.now() < request.expiresAt) {
+            const [tokenResponseError, tokenResponse] = await oauth.deviceAccessTokenRequest(request.device_code);
+            if (tokenResponseError) {
+                // 2x backoff on connection timeouts per spec https://datatracker.ietf.org/doc/html/rfc8628#section-3.5
+                if (tokenResponseError.message.includes("timeout")) {
+                    intervalMs *= 2;
+                    yield { _tag: "Timeout", newInterval: intervalMs };
+                    await (0, promises_1.setTimeout)(intervalMs, { signal: controller.signal });
+                    continue;
+                }
+                yield { _tag: "Error", error: tokenResponseError };
+                return;
+            }
+            yield {
+                _tag: "Response",
+                response: tokenResponse.clone(),
+            };
+            const [tokensError, tokens] = await oauth.processTokenResponse(tokenResponse);
+            if ((0, oauth_1.isOAuthError)(tokensError)) {
+                const { code } = tokensError;
+                switch (code) {
+                    case "authorization_pending":
+                        await (0, promises_1.setTimeout)(intervalMs, { signal: controller.signal });
+                        continue;
+                    case "slow_down":
+                        intervalMs += 5 * 1000;
+                        yield { _tag: "SlowDown", newInterval: intervalMs };
+                        await (0, promises_1.setTimeout)(intervalMs, { signal: controller.signal });
+                        continue;
+                    default:
+                        yield { _tag: "Error", error: tokensError.cause };
+                        return;
+                }
+            }
+            if (tokensError) {
+                yield { _tag: "Error", error: tokensError };
+                return;
+            }
+            (0, file_1.updateAuthConfig)({
+                token: tokens.access_token,
+                expiresAt: new Date(Date.now() + tokens.expires_in * 1000),
+                refreshToken: tokens.refresh_token,
+            });
+            return;
+        }
+        yield {
+            _tag: "Error",
+            error: new Error("Timed out waiting for authentication. Please try again."),
+        };
+        return;
+    }
+    finally {
+        controller.abort();
+    }
+}
+//# sourceMappingURL=poll-for-token.js.map

package/dist/auth/poll-for-token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"poll-for-token.js","sourceRoot":"","sources":["../../src/auth/poll-for-token.ts"],"names":[],"mappings":";;AAaA,oCA2EC;AAxFD,mDAAkD;AAClD,iCAA0C;AAC1C,mCAA0E;AAWnE,KAAK,SAAS,CAAC,CAAC,YAAY,CAAC,EAClC,OAAO,EACP,KAAK,GAIN;IACC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,IAAI,CAAC;QACH,IAAI,UAAU,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;QACzC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;YACtC,MAAM,CAAC,kBAAkB,EAAE,aAAa,CAAC,GACvC,MAAM,KAAK,CAAC,wBAAwB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAE5D,IAAI,kBAAkB,EAAE,CAAC;gBACvB,uGAAuG;gBACvG,IAAI,kBAAkB,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;oBACnD,UAAU,IAAI,CAAC,CAAC;oBAChB,MAAM,EAAE,IAAI,EAAE,SAAkB,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;oBAC5D,MAAM,IAAA,qBAAU,EAAC,UAAU,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;oBAC5D,SAAS;gBACX,CAAC;gBACD,MAAM,EAAE,IAAI,EAAE,OAAgB,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC;gBAC5D,OAAO;YACT,CAAC;YAED,MAAM;gBACJ,IAAI,EAAE,UAAmB;gBACzB,QAAQ,EAAE,aAAa,CAAC,KAAK,EAAiC;aAC/D,CAAC;YAEF,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,GACzB,MAAM,KAAK,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAC;YAElD,IAAI,IAAA,oBAAY,EAAC,WAAW,CAAC,EAAE,CAAC;gBAC9B,MAAM,EAAE,IAAI,EAAE,GAAG,WAAW,CAAC;gBAC7B,QAAQ,IAAI,EAAE,CAAC;oBACb,KAAK,uBAAuB;wBAC1B,MAAM,IAAA,qBAAU,EAAC,UAAU,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;wBAC5D,SAAS;oBACX,KAAK,WAAW;wBACd,UAAU,IAAI,CAAC,GAAG,IAAI,CAAC;wBACvB,MAAM,EAAE,IAAI,EAAE,UAAmB,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;wBAC7D,MAAM,IAAA,qBAAU,EAAC,UAAU,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;wBAC5D,SAAS;oBACX;wBACE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC;wBAClD,OAAO;gBACX,CAAC;YACH,CAAC;YAED,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;gBAC5C,OAAO;YACT,CAAC;YAED,IAAA,uBAAgB,EAAC;gBACf,KAAK,EAAE,MAAM,CAAC,YAAY;gBAC1B,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;gBAC1D,YAAY,EAAE,MAAM,CAAC,aAAa;aACnC,CAAC,CAAC;YAEH,OAAO;QACT,CAAC;QAED,MAAM;YACJ,IAAI,EAAE,OAAgB;YACtB,KAAK,EAAE,IAAI,KAAK,CACd,yDAAyD,CAC1D;SACF,CAAC;QACF,OAAO;IACT,CAAC;YAAS,CAAC;QACT,UAAU,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;AACH,CAAC"}

package/dist/auth/project.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Resolves the team and project scope for sandbox operations.
+ *
+ * First checks for a locally linked project in `.vercel/project.json`.
+ * If found, uses the `projectId` and `orgId` from there.
+ *
+ * Otherwise, if `teamId` is not provided, selects the first available team for the account.
+ * Ensures a default project exists within the team, creating it if necessary.
+ *
+ * @param opts.token - Vercel API authentication token.
+ * @param opts.teamId - Optional team slug. If omitted, the first team is selected.
+ * @param opts.cwd - Optional directory to search for `.vercel/project.json`. Defaults to `process.cwd()`.
+ * @returns The resolved scope with `projectId`, `teamId`, and whether the project was `created`.
+ *
+ * @throws {NotOk} If the API returns an error other than 404 when checking the project.
+ * @throws {ZodError} If no teams exist for the account.
+ *
+ * @example
+ * ```ts
+ * const scope = await inferScope({ token: "vercel_..." });
+ * // => { projectId: "vercel-sandbox-default-project", teamId: "my-team", created: false }
+ * ```
+ */
+export declare function inferScope(opts: {
+    token: string;
+    teamId?: string;
+    cwd?: string;
+}): Promise<{
+    projectId: string;
+    teamId: string;
+    created: boolean;
+}>;
+/**
+ * Selects a team for the current token by querying the Teams API and
+ * returning the slug of the first team in the result set.
+ *
+ * @param token - Authentication token used to call the Vercel API.
+ * @returns A promise that resolves to the first team's slug.
+ */
+export declare function selectTeam(token: string): Promise<string>;