@verentis/cli 0.2.9 → 0.2.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -28,15 +28,17 @@ Point `VERENTIS_UPDATE_REGISTRY` at a mirror if you install from a private regis
28
28
  ## Sign in
29
29
 
30
30
  ```bash
31
- verentis login --api-url https://api.verentis.dev
31
+ verentis login
32
32
  ```
33
33
 
34
- With no credential flags this starts a **device sign-in**: open the printed URL in any browser (works over SSH), confirm the code, done. Non-interactive alternatives:
34
+ The CLI targets **production** (`https://api.verentis.io`) by default third-party developers need no
35
+ extra configuration. With no credential flags this starts a **device sign-in**: open the printed URL in any
36
+ browser (works over SSH), confirm the code, done. Non-interactive alternatives:
35
37
 
36
38
  ```bash
37
- verentis login --api-url … --api-key vrt_xxx # CI / scripts (create one with `verentis apikey create`)
38
- verentis login --api-url … --token <identity token>
39
- # VERENTIS_API_URL / VERENTIS_API_KEY / VERENTIS_TOKEN env vars also work
39
+ verentis login --api-key vrt_xxx # CI / scripts (create one with `verentis apikey create`)
40
+ verentis login --token <identity token>
41
+ # VERENTIS_API_KEY / VERENTIS_TOKEN env vars also work
40
42
  ```
41
43
 
42
44
  A device sign-in also stores a **refresh token**, so you stay signed in: when the 1-hour identity token
package/dist/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- import { Command } from 'commander';
2
+ import { Command, Option } from 'commander';
3
3
  import { mkdir, stat, writeFile, readFile, readdir, realpath, mkdtemp, rm, glob } from 'fs/promises';
4
4
  import { tmpdir, homedir } from 'os';
5
5
  import { resolve, basename, dirname, posix, join, isAbsolute, extname, relative, sep } from 'path';
@@ -21,6 +21,7 @@ function insecureFetchOptions(insecure) {
21
21
  var configDir = () => process.env.VERENTIS_CONFIG_DIR ?? join(homedir(), ".verentis");
22
22
  var configPath = () => join(configDir(), "config.json");
23
23
  var keysDir = () => join(configDir(), "keys");
24
+ var PRODUCTION_API_URL = "https://api.verentis.io";
24
25
  async function loadConfig() {
25
26
  try {
26
27
  return JSON.parse(await readFile(configPath(), "utf8"));
@@ -33,10 +34,7 @@ async function saveConfig(config) {
33
34
  await writeFile(configPath(), JSON.stringify(config, null, 2) + "\n", { mode: 384 });
34
35
  }
35
36
  function requireApiUrl(config) {
36
- const url = process.env.VERENTIS_API_URL ?? config.apiUrl;
37
- if (!url) {
38
- throw new Error("No API URL configured. Run `verentis login --api-url <url>` first (or set VERENTIS_API_URL).");
39
- }
37
+ const url = process.env.VERENTIS_API_URL ?? config.apiUrl ?? PRODUCTION_API_URL;
40
38
  return url.replace(/\/+$/, "");
41
39
  }
42
40
 
@@ -1993,22 +1991,20 @@ function registerKeygen(program2) {
1993
1991
  console.log(`Revoked key ${kid}.`);
1994
1992
  });
1995
1993
  }
1996
-
1997
- // src/commands/login.ts
1998
1994
  function registerLogin(program2) {
1999
- program2.command("login").description("Sign in to Verentis (browser device flow by default; --api-key/--token for non-interactive use)").option("--api-url <url>", "Verentis API gateway URL").option("--api-key <key>", "Verentis API key (vrt_...)").option("--token <token>", "Verentis identity token (exchanged per request for scoped access tokens)").option("--sealing-key <key>", "the platform's base64 X25519 sealing PUBLIC key (used by `pack --encrypt`)").option("--insecure", "skip TLS certificate verification (for local dev with self-signed certs)").action(async (options) => {
1995
+ program2.command("login").description("Sign in to Verentis (browser device flow by default; --api-key/--token for non-interactive use)").addOption(new Option("--api-url <url>", "Verentis API gateway URL (defaults to production)").hideHelp()).option("--api-key <key>", "Verentis API key (vrt_...)").option("--token <token>", "Verentis identity token (exchanged per request for scoped access tokens)").option("--sealing-key <key>", "the platform's base64 X25519 sealing PUBLIC key (used by `pack --encrypt`)").option("--insecure", "skip TLS certificate verification (for local dev with self-signed certs)").action(async (options) => {
2000
1996
  const config = await loadConfig();
2001
1997
  if (options.apiUrl) config.apiUrl = options.apiUrl;
2002
1998
  if (options.sealingKey) config.sealingPublicKey = options.sealingKey;
2003
1999
  if (options.insecure !== void 0) config.insecure = options.insecure;
2004
- if (!config.apiUrl) throw new Error("An API URL is required. Pass --api-url <url>.");
2000
+ const apiUrl = (options.apiUrl ?? process.env.VERENTIS_API_URL ?? config.apiUrl ?? PRODUCTION_API_URL).replace(/\/+$/, "");
2005
2001
  if (options.apiKey) {
2006
2002
  if (!options.apiKey.startsWith("vrt_")) throw new Error('API keys start with "vrt_".');
2007
2003
  config.apiKey = options.apiKey;
2008
2004
  delete config.identityToken;
2009
2005
  delete config.refreshToken;
2010
2006
  await saveConfig(config);
2011
- console.log(`Configuration saved (API key @ ${config.apiUrl}).`);
2007
+ console.log(`Configuration saved (API key @ ${apiUrl}).`);
2012
2008
  return;
2013
2009
  }
2014
2010
  if (options.token) {
@@ -2016,10 +2012,9 @@ function registerLogin(program2) {
2016
2012
  delete config.apiKey;
2017
2013
  delete config.refreshToken;
2018
2014
  await saveConfig(config);
2019
- console.log(`Configuration saved (identity token @ ${config.apiUrl}).`);
2015
+ console.log(`Configuration saved (identity token @ ${apiUrl}).`);
2020
2016
  return;
2021
2017
  }
2022
- const apiUrl = config.apiUrl.replace(/\/+$/, "");
2023
2018
  const insecure = config.insecure;
2024
2019
  const authorization = await startDeviceAuthorization(apiUrl, insecure);
2025
2020
  console.log("To sign in, open this URL in a browser:");
@@ -2036,7 +2031,7 @@ function registerLogin(program2) {
2036
2031
  delete config.apiKey;
2037
2032
  await saveConfig(config);
2038
2033
  const claims = decodeJwtPayload(identity.idToken);
2039
- console.log(`Signed in as ${claims?.name ?? claims?.email ?? claims?.sub ?? "unknown"} @ ${config.apiUrl}.`);
2034
+ console.log(`Signed in as ${claims?.name ?? claims?.email ?? claims?.sub ?? "unknown"} @ ${apiUrl}.`);
2040
2035
  if (!claims?.account_id) {
2041
2036
  console.log("Note: no unambiguous account context \u2014 admin commands may need --account <id>.");
2042
2037
  }