@verentis/cli 0.2.8 → 0.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -28,15 +28,17 @@ Point `VERENTIS_UPDATE_REGISTRY` at a mirror if you install from a private regis
28
28
  ## Sign in
29
29
 
30
30
  ```bash
31
- verentis login --api-url https://api.verentis.dev
31
+ verentis login
32
32
  ```
33
33
 
34
- With no credential flags this starts a **device sign-in**: open the printed URL in any browser (works over SSH), confirm the code, done. Non-interactive alternatives:
34
+ The CLI targets **production** (`https://api.verentis.io`) by default third-party developers need no
35
+ extra configuration. With no credential flags this starts a **device sign-in**: open the printed URL in any
36
+ browser (works over SSH), confirm the code, done. Non-interactive alternatives:
35
37
 
36
38
  ```bash
37
- verentis login --api-url … --api-key vrt_xxx # CI / scripts (create one with `verentis apikey create`)
38
- verentis login --api-url … --token <identity token>
39
- # VERENTIS_API_URL / VERENTIS_API_KEY / VERENTIS_TOKEN env vars also work
39
+ verentis login --api-key vrt_xxx # CI / scripts (create one with `verentis apikey create`)
40
+ verentis login --token <identity token>
41
+ # VERENTIS_API_KEY / VERENTIS_TOKEN env vars also work
40
42
  ```
41
43
 
42
44
  A device sign-in also stores a **refresh token**, so you stay signed in: when the 1-hour identity token
package/dist/index.js CHANGED
@@ -1,7 +1,6 @@
1
1
  #!/usr/bin/env node
2
- import { Command } from 'commander';
2
+ import { Command, Option } from 'commander';
3
3
  import { mkdir, stat, writeFile, readFile, readdir, realpath, mkdtemp, rm, glob } from 'fs/promises';
4
- import { Agent } from 'https';
5
4
  import { tmpdir, homedir } from 'os';
6
5
  import { resolve, basename, dirname, posix, join, isAbsolute, extname, relative, sep } from 'path';
7
6
  import { spawn, spawnSync } from 'child_process';
@@ -13,13 +12,16 @@ import { pipeline } from 'stream/promises';
13
12
  import * as tar from 'tar';
14
13
  import { fileURLToPath } from 'url';
15
14
 
16
- var insecureAgent = new Agent({ rejectUnauthorized: false });
17
15
  function insecureFetchOptions(insecure) {
18
- return insecure ? { dispatcher: insecureAgent } : {};
16
+ if (insecure) {
17
+ process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
18
+ }
19
+ return {};
19
20
  }
20
21
  var configDir = () => process.env.VERENTIS_CONFIG_DIR ?? join(homedir(), ".verentis");
21
22
  var configPath = () => join(configDir(), "config.json");
22
23
  var keysDir = () => join(configDir(), "keys");
24
+ var PRODUCTION_API_URL = "https://api.verentis.io";
23
25
  async function loadConfig() {
24
26
  try {
25
27
  return JSON.parse(await readFile(configPath(), "utf8"));
@@ -32,10 +34,7 @@ async function saveConfig(config) {
32
34
  await writeFile(configPath(), JSON.stringify(config, null, 2) + "\n", { mode: 384 });
33
35
  }
34
36
  function requireApiUrl(config) {
35
- const url = process.env.VERENTIS_API_URL ?? config.apiUrl;
36
- if (!url) {
37
- throw new Error("No API URL configured. Run `verentis login --api-url <url>` first (or set VERENTIS_API_URL).");
38
- }
37
+ const url = process.env.VERENTIS_API_URL ?? config.apiUrl ?? PRODUCTION_API_URL;
39
38
  return url.replace(/\/+$/, "");
40
39
  }
41
40
 
@@ -1992,22 +1991,20 @@ function registerKeygen(program2) {
1992
1991
  console.log(`Revoked key ${kid}.`);
1993
1992
  });
1994
1993
  }
1995
-
1996
- // src/commands/login.ts
1997
1994
  function registerLogin(program2) {
1998
- program2.command("login").description("Sign in to Verentis (browser device flow by default; --api-key/--token for non-interactive use)").option("--api-url <url>", "Verentis API gateway URL").option("--api-key <key>", "Verentis API key (vrt_...)").option("--token <token>", "Verentis identity token (exchanged per request for scoped access tokens)").option("--sealing-key <key>", "the platform's base64 X25519 sealing PUBLIC key (used by `pack --encrypt`)").option("--insecure", "skip TLS certificate verification (for local dev with self-signed certs)").action(async (options) => {
1995
+ program2.command("login").description("Sign in to Verentis (browser device flow by default; --api-key/--token for non-interactive use)").addOption(new Option("--api-url <url>", "Verentis API gateway URL (defaults to production)").hideHelp()).option("--api-key <key>", "Verentis API key (vrt_...)").option("--token <token>", "Verentis identity token (exchanged per request for scoped access tokens)").option("--sealing-key <key>", "the platform's base64 X25519 sealing PUBLIC key (used by `pack --encrypt`)").option("--insecure", "skip TLS certificate verification (for local dev with self-signed certs)").action(async (options) => {
1999
1996
  const config = await loadConfig();
2000
1997
  if (options.apiUrl) config.apiUrl = options.apiUrl;
2001
1998
  if (options.sealingKey) config.sealingPublicKey = options.sealingKey;
2002
1999
  if (options.insecure !== void 0) config.insecure = options.insecure;
2003
- if (!config.apiUrl) throw new Error("An API URL is required. Pass --api-url <url>.");
2000
+ const apiUrl = (options.apiUrl ?? process.env.VERENTIS_API_URL ?? config.apiUrl ?? PRODUCTION_API_URL).replace(/\/+$/, "");
2004
2001
  if (options.apiKey) {
2005
2002
  if (!options.apiKey.startsWith("vrt_")) throw new Error('API keys start with "vrt_".');
2006
2003
  config.apiKey = options.apiKey;
2007
2004
  delete config.identityToken;
2008
2005
  delete config.refreshToken;
2009
2006
  await saveConfig(config);
2010
- console.log(`Configuration saved (API key @ ${config.apiUrl}).`);
2007
+ console.log(`Configuration saved (API key @ ${apiUrl}).`);
2011
2008
  return;
2012
2009
  }
2013
2010
  if (options.token) {
@@ -2015,10 +2012,9 @@ function registerLogin(program2) {
2015
2012
  delete config.apiKey;
2016
2013
  delete config.refreshToken;
2017
2014
  await saveConfig(config);
2018
- console.log(`Configuration saved (identity token @ ${config.apiUrl}).`);
2015
+ console.log(`Configuration saved (identity token @ ${apiUrl}).`);
2019
2016
  return;
2020
2017
  }
2021
- const apiUrl = config.apiUrl.replace(/\/+$/, "");
2022
2018
  const insecure = config.insecure;
2023
2019
  const authorization = await startDeviceAuthorization(apiUrl, insecure);
2024
2020
  console.log("To sign in, open this URL in a browser:");
@@ -2035,7 +2031,7 @@ function registerLogin(program2) {
2035
2031
  delete config.apiKey;
2036
2032
  await saveConfig(config);
2037
2033
  const claims = decodeJwtPayload(identity.idToken);
2038
- console.log(`Signed in as ${claims?.name ?? claims?.email ?? claims?.sub ?? "unknown"} @ ${config.apiUrl}.`);
2034
+ console.log(`Signed in as ${claims?.name ?? claims?.email ?? claims?.sub ?? "unknown"} @ ${apiUrl}.`);
2039
2035
  if (!claims?.account_id) {
2040
2036
  console.log("Note: no unambiguous account context \u2014 admin commands may need --account <id>.");
2041
2037
  }